| CVE-2009-3555 |
critical |
9.8 |
10.0 |
17y ago |
Apache Tomcat affected by vulnerability in TLS and SSL protocol |
+4 |
| CVE-2026-43512 |
critical |
9.8 |
9.8 |
16d ago |
Apache Tomcat - Digest authenticator will authenticate any unknown user |
|
| CVE-2026-41293 |
critical |
9.8 |
9.8 |
16d ago |
Apache Tomcat - HTTP/2 request headers not validated |
|
| CVE-2025-55754 |
critical |
9.6 |
9.6 |
10d ago |
Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences |
+1 |
| CVE-2026-29145 |
critical |
— |
9.5 |
2mo ago |
Apache Tomcat: CLIENT_CERT authentication does not fail as expected |
|
| CVE-2026-43515 |
critical |
9.1 |
9.1 |
16d ago |
Apache Tomcat - Security constraints not correctly applied |
|
| CVE-2016-0714 |
high |
8.8 |
8.8 |
10y ago |
Improper Access Control in Apache Tomcat |
|
| CVE-2015-5351 |
high |
8.8 |
8.8 |
10y ago |
Apache Tomcat allows remote attackers to bypass a CSRF protection mechanism by using a token |
+1 |
| CVE-2015-5346 |
high |
8.1 |
8.1 |
10y ago |
Improper Neutralization of Input During Web Page Generation in Apache Tomcat |
+1 |
| CVE-2026-29129 |
high |
— |
8.0 |
2mo ago |
Apache Tomcat: Configured cipher preference order not preserved |
|
| CVE-2021-42340 |
high |
— |
8.0 |
4y ago |
Missing Release of Resource after Effective Lifetime in Apache Tomcat |
|
| CVE-2020-13935 |
high |
— |
8.0 |
4y ago |
Infinite Loop in Apache Tomcat |
|
| CVE-2020-13934 |
high |
— |
8.0 |
4y ago |
Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Tomcat |
|
| CVE-2014-0230 |
high |
— |
7.8 |
11y ago |
Uncontrolled Resource Consumption in Apache Tomcat |
|
| CVE-2026-43513 |
high |
7.5 |
7.5 |
16d ago |
Apache Tomcat: LockOutRealm treats user names as case-sensitive |
|
| CVE-2026-41284 |
high |
7.5 |
7.5 |
16d ago |
Apache Tomcat: Unbounded read in WebDAV LOCK and PROPFIND handling |
|
| CVE-2026-34486 |
high |
7.5 |
7.5 |
2mo ago |
Apache Tomcat Missing Encryption of Sensitive Data vulnerability |
|
| CVE-2025-55752 |
high |
7.5 |
7.5 |
6mo ago |
Apache Tomcat Vulnerable to Relative Path Traversal |
+2 |
| CVE-2017-7675 |
high |
7.5 |
7.5 |
9y ago |
Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat |
|
| CVE-2016-6796 |
high |
7.5 |
7.5 |
9y ago |
Apache Tomcat vulnerable to SecurityManager bypass |
+3 |
| CVE-2016-6817 |
high |
7.5 |
7.5 |
9y ago |
Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Tomcat |
|
| CVE-2016-6797 |
high |
7.5 |
7.5 |
9y ago |
Incorrect Authorization in Apache Tomcat |
+3 |
| CVE-2017-5664 |
high |
7.5 |
7.5 |
9y ago |
Improper Handling of Exceptional Conditions in Apache Tomcat |
|
| CVE-2017-5650 |
high |
7.5 |
7.5 |
9y ago |
Improper Resource Shutdown or Release in Apache Tomcat |
|
| CVE-2017-5647 |
high |
7.5 |
7.5 |
9y ago |
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat |
|
| CVE-2014-0050 |
high |
— |
7.5 |
12y ago |
Commons FileUpload Denial of service vulnerability |
|
| CVE-2013-2185 |
high |
— |
7.5 |
13y ago |
Deserialization of Untrusted Data in Apache Tomcat |
|
| CVE-2011-3190 |
high |
— |
7.5 |
15y ago |
Apache Tomcat Allows Remote Attackers to Spoof AJP Requests |
|
| CVE-2026-42498 |
high |
7.3 |
7.3 |
16d ago |
Apache Tomcat - WebSocket authentication header exposure |
|
| CVE-2026-43514 |
low |
3.7 |
3.7 |
16d ago |
Apache Tomcat - AJP secret compared in non-constant time |
|
| CVE-2013-2071 |
low |
— |
2.6 |
13y ago |
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat |
|
| CVE-2010-1157 |
low |
— |
2.6 |
16y ago |
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat |
|
| CVE-2024-54677 |
low |
— |
2.5 |
2y ago |
Apache Tomcat Uncontrolled Resource Consumption vulnerability |
|
| CVE-2011-2204 |
low |
— |
1.9 |
15y ago |
Insertion of Sensitive Information into Log File in Apache Tomcat |
|
| CVE-2010-3718 |
low |
— |
1.2 |
16y ago |
Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat |
|