| CVE-2026-43512 |
critical |
9.8 |
9.8 |
|
|
|
17d ago |
Apache Tomcat - Digest authenticator will authenticate any unknown user |
| CVE-2026-41293 |
critical |
9.8 |
9.8 |
|
|
|
17d ago |
Apache Tomcat - HTTP/2 request headers not validated |
| CVE-2025-55754 |
critical |
9.6 |
9.6 |
|
|
|
11d ago |
Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences |
| CVE-2026-29145 |
critical |
— |
9.5 |
|
|
|
2mo ago |
Apache Tomcat: CLIENT_CERT authentication does not fail as expected |
| CVE-2026-43515 |
critical |
9.1 |
9.1 |
|
|
|
17d ago |
Apache Tomcat - Security constraints not correctly applied |
| CVE-2026-29129 |
high |
— |
8.0 |
|
|
|
2mo ago |
Apache Tomcat: Configured cipher preference order not preserved |
| CVE-2020-13934 |
high |
— |
8.0 |
|
|
|
4y ago |
Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Tomcat |
| CVE-2026-43513 |
high |
7.5 |
7.5 |
|
|
|
17d ago |
Apache Tomcat: LockOutRealm treats user names as case-sensitive |
| CVE-2026-41284 |
high |
7.5 |
7.5 |
|
|
|
17d ago |
Apache Tomcat: Unbounded read in WebDAV LOCK and PROPFIND handling |
| CVE-2025-55752 |
high |
7.5 |
7.5 |
|
|
|
6mo ago |
Apache Tomcat Vulnerable to Relative Path Traversal |
| CVE-2026-42498 |
high |
7.3 |
7.3 |
|
|
|
17d ago |
Apache Tomcat - WebSocket authentication header exposure |
| CVE-2025-61795 |
medium |
5.3 |
5.3 |
|
|
|
7mo ago |
Apache Tomcat Vulnerable to Improper Resource Shutdown or Release |