| CVE-2026-43512 |
critical |
9.8 |
9.8 |
16d ago |
Apache Tomcat - Digest authenticator will authenticate any unknown user |
|
| CVE-2026-41293 |
critical |
9.8 |
9.8 |
16d ago |
Apache Tomcat - HTTP/2 request headers not validated |
|
| CVE-2025-55754 |
critical |
9.6 |
9.6 |
9d ago |
Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences |
+1 |
| CVE-2026-43515 |
critical |
9.1 |
9.1 |
16d ago |
Apache Tomcat - Security constraints not correctly applied |
|
| CVE-2017-5648 |
critical |
9.1 |
9.1 |
9y ago |
Exposure of Resource to Wrong Sphere in Apache Tomcat |
|
| CVE-2025-24813 |
medium |
— |
7.0 |
1y ago |
Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT |
+1 |
| CVE-2024-50379 |
medium |
— |
5.5 |
11mo ago |
Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability |
+1 |
| CVE-2023-28708 |
medium |
— |
5.5 |
3y ago |
Apache Tomcat vulnerable to Unprotected Transport of Credentials |
|
| CVE-2025-61795 |
medium |
5.3 |
5.3 |
7mo ago |
Apache Tomcat Vulnerable to Improper Resource Shutdown or Release |
|
| CVE-2012-5886 |
medium |
— |
5.0 |
14y ago |
Improper Authentication in Apache Tomcat |
|
| CVE-2014-0119 |
medium |
— |
4.3 |
12y ago |
Missing XML Validation in Apache Tomcat |
|
| CVE-2014-0096 |
medium |
— |
4.3 |
12y ago |
Improper Input Validation in Apache Tomcat |
|
| CVE-2026-43514 |
low |
3.7 |
3.7 |
16d ago |
Apache Tomcat - AJP secret compared in non-constant time |
|
| CVE-2024-54677 |
low |
— |
2.5 |
2y ago |
Apache Tomcat Uncontrolled Resource Consumption vulnerability |
|