Package impact

Maven / org.apache.tomcat.embed:tomcat-embed-core

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Published	Description	Impact
CVE-2026-43512	critical	9.8	9.8	16d ago	Apache Tomcat - Digest authenticator will authenticate any unknown user
CVE-2026-41293	critical	9.8	9.8	16d ago	Apache Tomcat - HTTP/2 request headers not validated
CVE-2017-5651	critical	9.8	9.8	9y ago	Expected Behavior Violation in Apache Tomcat
CVE-2025-55754	critical	9.6	9.6	10d ago	Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences	+1
CVE-2026-43515	critical	9.1	9.1	16d ago	Apache Tomcat - Security constraints not correctly applied
CVE-2017-5648	critical	9.1	9.1	9y ago	Exposure of Resource to Wrong Sphere in Apache Tomcat
CVE-2023-44487	high	7.5	9.0	3y ago	HTTP/2 Stream Cancellation Attack	+11
CVE-2025-46701	high	—	8.0	10d ago	Apache Tomcat - CGI security constraint bypass	+1
CVE-2026-24880	high	—	8.0	2mo ago	Apache Tomcat has an HTTP Request/Response Smuggling vulnerability
CVE-2026-29129	high	—	8.0	2mo ago	Apache Tomcat: Configured cipher preference order not preserved
CVE-2025-31651	high	—	8.0	6mo ago	Apache Tomcat Rewrite rule bypass	+1
CVE-2025-49125	high	—	8.0	9mo ago	Apache Tomcat - Security constraint bypass for pre/post-resources	+2
CVE-2025-48988	high	—	8.0	9mo ago	Apache Tomcat - DoS in multipart upload	+2
CVE-2025-53506	high	—	8.0	9mo ago	Important: tomcat security update	+1
CVE-2025-52520	high	—	8.0	9mo ago	Apache Tomcat Catalina is vulnerable to DoS attack through bypassing of size limits	+1
CVE-2024-56337	high	—	8.0	11mo ago	Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability	+1
CVE-2025-31650	high	—	8.0	11mo ago	Apache Tomcat Denial of Service via invalid HTTP priority header	+2
CVE-2024-34750	high	—	8.0	2y ago	Apache Tomcat - Denial of Service	+1
CVE-2024-24549	high	—	8.0	2y ago	Apache Tomcat Denial of Service due to improper input validation vulnerability for HTTP/2 requests	+1
CVE-2023-46589	high	—	8.0	2y ago	Apache Tomcat Improper Input Validation vulnerability	+1
CVE-2021-24122	high	—	8.0	5y ago	Information Disclosure in Apache Tomcat
CVE-2019-0199	high	—	8.0	6y ago	Apache Tomcat Denial of Service vulnerability
CVE-2020-9484	high	—	8.0	6y ago	Potential remote code execution in Apache Tomcat
CVE-2018-8037	high	—	8.0	8y ago	Apache Tomcat Race Condition vulnerability
CVE-2018-8034	high	—	8.0	8y ago	The host name verification missing in Apache Tomcat
CVE-2018-8014	high	—	8.0	8y ago	The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins
CVE-2018-11784	high	—	8.0	8y ago	Apache Tomcat Open Redirect vulnerability
CVE-2026-43513	high	7.5	7.5	16d ago	Apache Tomcat: LockOutRealm treats user names as case-sensitive
CVE-2026-41284	high	7.5	7.5	16d ago	Apache Tomcat: Unbounded read in WebDAV LOCK and PROPFIND handling
CVE-2025-55752	high	7.5	7.5	6mo ago	Apache Tomcat Vulnerable to Relative Path Traversal	+2
CVE-2025-48989	high	7.5	7.5	9mo ago	Apache Tomcat Improper Resource Shutdown or Release vulnerability	+2
CVE-2026-42498	high	7.3	7.3	16d ago	Apache Tomcat - WebSocket authentication header exposure
CVE-2026-43514	low	3.7	3.7	16d ago	Apache Tomcat - AJP secret compared in non-constant time
CVE-2017-12617	unknown	—	1.5	4y ago	Unrestricted Upload of File with Dangerous Type Apache Tomcat
CVE-2017-12615	unknown	—	1.5	8y ago	When running Apache Tomcat on Windows with HTTP PUTs enabled it was possible to upload a JSP file to the server
CVE-2026-34487	unknown	—	—	2mo ago	Apache Tomcat vulnerable to Insertion of Sensitive Information into Log File
CVE-2026-34483	unknown	—	—	2mo ago	Apache Tomcat has an Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve
CVE-2026-25854	unknown	—	—	2mo ago	Apache Tomcat has an Open Redirect vulnerability
CVE-2026-32990	unknown	—	—	2mo ago	Apache Tomcat has an Improper Input Validation vulnerability
CVE-2026-24734	unknown	—	—	3mo ago	Apache Tomcat has an Improper Input Validation vulnerability
CVE-2026-24733	unknown	—	—	3mo ago	Apache Tomcat - Security constraint bypass with HTTP/0.9
CVE-2025-66614	unknown	—	—	3mo ago	Apache Tomcat - Client certificate verification bypass
CVE-2025-49124	unknown	—	—	1y ago	Apache Tomcat installer for Windows has an untrusted search path vulnerability
CVE-2024-52317	unknown	—	—	2y ago	Apache Tomcat Request and/or response mix-up
CVE-2024-21733	unknown	—	—	2y ago	Apache Tomcat vulnerable to Generation of Error Message Containing Sensitive Information
CVE-2023-34981	unknown	—	—	3y ago	Apache Tomcat vulnerable to information leak
CVE-2022-45143	unknown	—	—	3y ago	Apache Tomcat improperly escapes input from JsonErrorReportValve
CVE-2022-42252	unknown	—	—	4y ago	Apache Tomcat may reject request containing invalid Content-Length header
CVE-2008-1947	unknown	—	—	4y ago	Apache Tomcat Cross-site scripting (XSS) vulnerability
CVE-2021-25122	unknown	—	—	5y ago	Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
CVE-2021-25329	unknown	—	—	5y ago	Potential remote code execution in Apache Tomcat
CVE-2019-17569	unknown	—	—	6y ago	Potential HTTP request smuggling in Apache Tomcat
CVE-2019-12418	unknown	—	—	7y ago	Insufficiently Protected Credentials in Apache Tomcat
CVE-2019-17563	unknown	—	—	7y ago	In Apache Tomcat, when using FORM authentication there was a narrow window where an attacker could perform a session fixation attack
CVE-2019-10072	unknown	—	—	7y ago	Improper Locking in Apache Tomcat
CVE-2019-0221	unknown	—	—	7y ago	Cross-site scripting in Apache Tomcat
CVE-2019-0232	unknown	—	—	7y ago	Apache Tomcat OS Command Injection vulnerability
CVE-2018-1336	unknown	—	—	8y ago	In Apache Tomcat there is an improper handing of overflow in the UTF-8 decoder
CVE-2018-1305	unknown	—	—	8y ago	Apache Tomcat information exposure vulnerability
CVE-2018-1304	unknown	—	—	8y ago	Apache Tomcat unauthorized access vulnerability