Package impact
MAVEN / org.apache.tomcat:tomcat-catalina
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-43512 | critical | 9.8 | 9.8 | 16d ago | Apache Tomcat - Digest authenticator will authenticate any unknown user | |
| CVE-2026-41293 | critical | 9.8 | 9.8 | 16d ago | Apache Tomcat - HTTP/2 request headers not validated | |
| CVE-2025-55754 | critical | 9.6 | 9.6 | 9d ago | Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences | |
| CVE-2026-43515 | critical | 9.1 | 9.1 | 16d ago | Apache Tomcat - Security constraints not correctly applied | |
| CVE-2026-43514 | low | 3.7 | 3.7 | 16d ago | Apache Tomcat - AJP secret compared in non-constant time | |
| CVE-2024-54677 | low | — | 2.5 | 2y ago | Apache Tomcat Uncontrolled Resource Consumption vulnerability |