Package impact
MAVEN / org.apache.tomcat.embed:tomcat-embed-core
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-43512 | critical | 9.8 | 9.8 | 16d ago | Apache Tomcat - Digest authenticator will authenticate any unknown user | |
| CVE-2026-41293 | critical | 9.8 | 9.8 | 16d ago | Apache Tomcat - HTTP/2 request headers not validated | |
| CVE-2025-55754 | critical | 9.6 | 9.6 | 10d ago | Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences | |
| CVE-2026-43515 | critical | 9.1 | 9.1 | 16d ago | Apache Tomcat - Security constraints not correctly applied | |
| CVE-2025-61795 | medium | 5.3 | 5.3 | 7mo ago | Apache Tomcat Vulnerable to Improper Resource Shutdown or Release | |
| CVE-2026-43514 | low | 3.7 | 3.7 | 16d ago | Apache Tomcat - AJP secret compared in non-constant time |