CVE-2026-43512 critical 9.8
9.8
16d ago
Apache Tomcat - Digest authenticator will authenticate any unknown user
suse debian java apache
CVE-2026-41293 critical 9.8
9.8
16d ago
Apache Tomcat - HTTP/2 request headers not validated
suse debian java apache
CVE-2025-55754 critical 9.6
9.6
10d ago
Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences
redhat suse debian java +1
CVE-2026-43515 critical 9.1
9.1
16d ago
Apache Tomcat - Security constraints not correctly applied
suse debian java apache
CVE-2017-5648 critical 9.1
9.1
9y ago
Exposure of Resource to Wrong Sphere in Apache Tomcat
suse debian java apache
CVE-2016-5388 high 8.1
8.1
10y ago
Improper Access Control in Apache Tomcat
suse redhat debian java +2
CVE-2025-46701 high —
8.0
10d ago
Apache Tomcat - CGI security constraint bypass
arch redhat suse debian +1
CVE-2025-55668 high —
8.0
10d ago
Session Fixation vulnerability in Apache Tomcat via rewrite valve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Old…
redhat suse debian java
CVE-2025-31651 high —
8.0
6mo ago
Apache Tomcat Rewrite rule bypass
rockylinux redhat suse debian +1
CVE-2025-52520 high —
8.0
9mo ago
Apache Tomcat Catalina is vulnerable to DoS attack through bypassing of size limits
redhat rockylinux suse debian +1
CVE-2025-48988 high —
8.0
9mo ago
Apache Tomcat - DoS in multipart upload
arch redhat rockylinux suse +2
CVE-2025-49125 high —
8.0
9mo ago
Apache Tomcat - Security constraint bypass for pre/post-resources
arch redhat rockylinux suse +2
CVE-2024-56337 high —
8.0
11mo ago
Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
redhat rockylinux suse debian +1
CVE-2023-46589 high —
8.0
2y ago
Apache Tomcat Improper Input Validation vulnerability
redhat rockylinux suse debian +1
CVE-2020-9484 high —
8.0
6y ago
Potential remote code execution in Apache Tomcat
arch suse debian java
CVE-2026-43513 high 7.5
7.5
16d ago
Apache Tomcat: LockOutRealm treats user names as case-sensitive
suse debian java apache
CVE-2026-41284 high 7.5
7.5
16d ago
Apache Tomcat: Unbounded read in WebDAV LOCK and PROPFIND handling
suse debian java apache
CVE-2025-55752 high 7.5
7.5
6mo ago
Apache Tomcat Vulnerable to Relative Path Traversal
rockylinux redhat suse debian +2
CVE-2017-12616 high 7.5
7.5
9y ago
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
suse java apache
CVE-2026-42498 high 7.3
7.3
16d ago
Apache Tomcat - WebSocket authentication header exposure
suse debian java apache
CVE-2017-12617 unknown —
1.5
4y ago
Unrestricted Upload of File with Dangerous Type Apache Tomcat
suse java
CVE-2016-8735 unknown —
1.5
4y ago
Apache Tomcat Improper Access Control vulnerability
suse debian java
CVE-2026-34483 unknown —
—
2mo ago
Apache Tomcat has an Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve
suse debian java
CVE-2026-34487 unknown —
—
2mo ago
Apache Tomcat vulnerable to Insertion of Sensitive Information into Log File
suse debian java gcp
CVE-2026-25854 unknown —
—
2mo ago
Apache Tomcat has an Open Redirect vulnerability
suse debian java
CVE-2026-24733 unknown —
—
3mo ago
Apache Tomcat - Security constraint bypass with HTTP/0.9
suse debian java
CVE-2025-66614 unknown —
—
3mo ago
Apache Tomcat - Client certificate verification bypass
suse debian java
CVE-2025-49124 unknown —
—
1y ago
Apache Tomcat installer for Windows has an untrusted search path vulnerability
suse debian java
CVE-2024-52316 unknown —
—
2y ago
Apache Tomcat - Authentication Bypass
suse debian java
CVE-2022-45143 unknown —
—
3y ago
Apache Tomcat improperly escapes input from JsonErrorReportValve
suse debian java