VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
35 advisories across 32 monitored vendors.
CVE‑2026‑6276 is a vulnerability in libcurl that may result in unintended disclosure of cookies across hosts under specific conditions involving reuse of HTTP request handles without properly resetting previously configured custom Host headers.This vulnerability arises from improper handling of custom Host headers in libcurl across multiple HTTP requests. When a custom Host header is set in an initial request and the same request handle is reused for a subsequent request without resetting the header, libcurl may retain stale host context. Under such conditions, cookies associated with the original host may be unintentionally included in requests to a different host, leading to unintended cross‑host cookie disclosure.Commvault has evaluated this vulnerability and determined that it does not affect Commvault product in supported configurations.
CVE‑2026‑7168 is a vulnerability in libcurl that may result in unintended disclosure of proxy authorization headers under specific conditions involving HTTP proxy usage with Digest authentication.This vulnerability occurs when libcurl incorrectly reuses proxy authentication data across requests.Successful exploitation requires the use of libcurl with an HTTP proxy configured for Digest authentication, reuse of the same libcurl handle across multiple requests, and a change in proxy configuration between requests. Under these conditions, libcurl may incorrectly reuse proxy authentication state, resulting in the unintended forwarding of the Proxy-Authorization header from one proxy (proxyA) to another (proxyB).Commvault has evaluated this vulnerability and determined that it does not affect Commvault product in supported configurations.
Impact Assessment for CVE-2025-15467 and CVE-2024-5535 (OpenSSL)
OTP Invalidation Missing Upon Regeneration
MongoBleed: MongoDB Memory Disclosure Vulnerability (CVE-2025-14847)
Stored Cross-Site Scripting Vulnerability
A security vulnerability has been identified that allows remote attackers to perform unauthorized file system access through a path traversal issue. The vulnerability may lead to remote code execution.CVSS Score: 8.7 High Commvault Software The following versions are impacted. Versions that are not listed are either out of support or unaffected. To view version support lifecyle, see Platform Release Schedule and Lifecycles. Product Platforms Affected Versions Resolved Version Status Commvault Linux, Windows 11.32.0 - 11.32.101 11.32.102 Resolved Commvault Linux, Windows 11.36.0 - 11.36.59 11.36.60 Resolved
A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk.CVSS Score: 6.9 Medium Commvault Software The following versions are impacted. Versions that are not listed are either out of support or unaffected. To view version support lifecyle, see Platform Release Schedule and Lifecycles. Product Platforms Affected Versions Resolved Version Status Commvault Linux, Windows 11.32.0 - 11.32.101 11.32.102 Resolved Commvault Linux, Windows 11.36.0 - 11.36.59 11.36.60 Resolved
Argument Injection Vulnerability in CommServe
Vulnerability in Initial Administrator Login Process
Tomcat Denial of Service Vulnerabilities
Handling Report Export Functionality
Authorization Schema Access Controls
Vulnerability in Commvault Command Center Installation
CVE.Org link: CVE-2025-3928 Save as PDF A vulnerability has been identified and remediated in all supported versions of the Commvault software. Webservers can be compromised through bad actors creating and executing webshells. Exploiting this vulnerability requires a bad actor to have authenticated user credentials within the Commvault Software environment. Unauthenticated access is not exploitable. For software customers, this means your environment must be: (i) accessible via the internet, (ii) compromised through an unrelated avenue, and (iii) accessed leveraging legitimate user credentials.
Save as PDF A security vulnerability has been identified in the CommServe and Web Server installation that allows a remote SQL Injection attack without authentication. Other installations in the same system are not compromised by this vulnerability.CVSS Score: 5.5
Apache Tomcat Remote Code Execution (CVE-2025-24813) Vulnerability
Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability
Curl advisory
DLL Injection Vulnerability in the Software Installation Path