VIR Vulnerability Intelligence Relay

Package impact

java Maven / org.apache.tomcat.embed:tomcat-embed-core

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-43512 critical 9.8 9.8 16d ago Apache Tomcat - Digest authenticator will authenticate any unknown user susedebianjavaapache
CVE-2026-41293 critical 9.8 9.8 16d ago Apache Tomcat - HTTP/2 request headers not validated susedebianjavaapache
CVE-2017-5651 critical 9.8 9.8 9y ago Expected Behavior Violation in Apache Tomcat susedebianjavaapache
CVE-2025-55754 critical 9.6 9.6 10d ago Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences redhatsusedebianjava+1
CVE-2026-43515 critical 9.1 9.1 16d ago Apache Tomcat - Security constraints not correctly applied susedebianjavaapache
CVE-2017-5648 critical 9.1 9.1 9y ago Exposure of Resource to Wrong Sphere in Apache Tomcat susedebianjavaapache
CVE-2026-43514 low 3.7 3.7 16d ago Apache Tomcat - AJP secret compared in non-constant time susedebianjavaapache
CVE-2017-12617 unknown 1.5 4y ago Unrestricted Upload of File with Dangerous Type Apache Tomcat susejava
CVE-2017-12615 unknown 1.5 8y ago When running Apache Tomcat on Windows with HTTP PUTs enabled it was possible to upload a JSP file to the server susejava
CVE-2026-34487 unknown 2mo ago Apache Tomcat vulnerable to Insertion of Sensitive Information into Log File susedebianjavagcp
CVE-2026-34483 unknown 2mo ago Apache Tomcat has an Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve susedebianjava
CVE-2026-25854 unknown 2mo ago Apache Tomcat has an Open Redirect vulnerability susedebianjava
CVE-2026-32990 unknown 2mo ago Apache Tomcat has an Improper Input Validation vulnerability debianjava
CVE-2026-24734 unknown 3mo ago Apache Tomcat has an Improper Input Validation vulnerability susedebianjavagcp
CVE-2026-24733 unknown 3mo ago Apache Tomcat - Security constraint bypass with HTTP/0.9 susedebianjava
CVE-2025-66614 unknown 3mo ago Apache Tomcat - Client certificate verification bypass susedebianjava
CVE-2025-49124 unknown 1y ago Apache Tomcat installer for Windows has an untrusted search path vulnerability susedebianjava
CVE-2024-52317 unknown 2y ago Apache Tomcat Request and/or response mix-up susedebianjava
CVE-2024-21733 unknown 2y ago Apache Tomcat vulnerable to Generation of Error Message Containing Sensitive Information susedebianjava
CVE-2023-34981 unknown 3y ago Apache Tomcat vulnerable to information leak susedebianjava
CVE-2022-45143 unknown 3y ago Apache Tomcat improperly escapes input from JsonErrorReportValve susedebianjava
CVE-2022-42252 unknown 4y ago Apache Tomcat may reject request containing invalid Content-Length header susedebianjava
CVE-2008-1947 unknown 4y ago Apache Tomcat Cross-site scripting (XSS) vulnerability java
CVE-2021-25122 unknown 5y ago Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat susedebianjava
CVE-2021-25329 unknown 5y ago Potential remote code execution in Apache Tomcat susedebianjava
CVE-2019-17569 unknown 6y ago Potential HTTP request smuggling in Apache Tomcat debianjava
CVE-2019-12418 unknown 7y ago Insufficiently Protected Credentials in Apache Tomcat susedebianjava
CVE-2019-17563 unknown 7y ago In Apache Tomcat, when using FORM authentication there was a narrow window where an attacker could perform a session fixation attack susedebianjava
CVE-2019-10072 unknown 7y ago Improper Locking in Apache Tomcat susedebianjava
CVE-2019-0221 unknown 7y ago Cross-site scripting in Apache Tomcat susedebianjava
CVE-2019-0232 unknown 7y ago Apache Tomcat OS Command Injection vulnerability debianjava
CVE-2018-1336 unknown 8y ago In Apache Tomcat there is an improper handing of overflow in the UTF-8 decoder susedebianjava
CVE-2018-1305 unknown 8y ago Apache Tomcat information exposure vulnerability susedebianjava
CVE-2018-1304 unknown 8y ago Apache Tomcat unauthorized access vulnerability susedebianjava