VIR Vulnerability Intelligence Relay

Package impact

java Maven / org.apache.tomcat:tomcat-catalina

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-43512 critical 9.8 9.8 16d ago Apache Tomcat - Digest authenticator will authenticate any unknown user susedebianjavaapache
CVE-2026-41293 critical 9.8 9.8 16d ago Apache Tomcat - HTTP/2 request headers not validated susedebianjavaapache
CVE-2025-55754 critical 9.6 9.6 10d ago Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences redhatsusedebianjava+1
CVE-2026-43515 critical 9.1 9.1 16d ago Apache Tomcat - Security constraints not correctly applied susedebianjavaapache
CVE-2017-5648 critical 9.1 9.1 9y ago Exposure of Resource to Wrong Sphere in Apache Tomcat susedebianjavaapache
CVE-2016-5388 high 8.1 8.1 10y ago Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted cli… suseredhatdebianjava+2
CVE-2025-46701 high 8.0 10d ago Apache Tomcat - CGI security constraint bypass archredhatsusedebian+1
CVE-2025-55668 high 8.0 10d ago Session Fixation vulnerability in Apache Tomcat via rewrite valve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Old… redhatsusedebianjava
CVE-2025-31651 high 8.0 6mo ago Apache Tomcat Rewrite rule bypass rockylinuxredhatsusedebian+1
CVE-2025-52520 high 8.0 9mo ago Important: tomcat security update redhatrockylinuxsusedebian+1
CVE-2025-48988 high 8.0 9mo ago Apache Tomcat - DoS in multipart upload archredhatrockylinuxsuse+2
CVE-2025-49125 high 8.0 9mo ago Important: tomcat security update archredhatrockylinuxsuse+2
CVE-2024-56337 high 8.0 11mo ago Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability redhatrockylinuxsusedebian+1
CVE-2023-46589 high 8.0 2y ago Apache Tomcat Improper Input Validation vulnerability redhatrockylinuxsusedebian+1
CVE-2020-9484 high 8.0 6y ago Potential remote code execution in Apache Tomcat archsusedebianjava
CVE-2026-43513 high 7.5 7.5 16d ago Apache Tomcat: LockOutRealm treats user names as case-sensitive susedebianjavaapache
CVE-2026-41284 high 7.5 7.5 16d ago Apache Tomcat: Unbounded read in WebDAV LOCK and PROPFIND handling susedebianjavaapache
CVE-2025-55752 high 7.5 7.5 6mo ago Important: tomcat security update rockylinuxredhatsusedebian+2
CVE-2017-12616 high 7.5 7.5 9y ago Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat susejavaapache
CVE-2026-42498 high 7.3 7.3 16d ago Apache Tomcat - WebSocket authentication header exposure susedebianjavaapache
CVE-2026-43514 low 3.7 3.7 16d ago Apache Tomcat - AJP secret compared in non-constant time susedebianjavaapache
CVE-2024-54677 low 2.5 2y ago Apache Tomcat Uncontrolled Resource Consumption vulnerability susedebianjava
CVE-2016-8735 unknown 1.5 4y ago Apache Tomcat Improper Access Control vulnerability susedebianjava
CVE-2026-25854 unknown 2mo ago Apache Tomcat has an Open Redirect vulnerability susedebianjava
CVE-2025-66614 unknown 3mo ago Apache Tomcat - Client certificate verification bypass susedebianjava
CVE-2025-49124 unknown 1y ago Apache Tomcat installer for Windows has an untrusted search path vulnerability susedebianjava