VIR Vulnerability Intelligence Relay

Package impact

java Maven / org.apache.tomcat.embed:tomcat-embed-core

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-43512 critical 9.8 9.8 16d ago Apache Tomcat - Digest authenticator will authenticate any unknown user susedebianjavaapache
CVE-2026-41293 critical 9.8 9.8 16d ago Apache Tomcat - HTTP/2 request headers not validated susedebianjavaapache
CVE-2017-5651 critical 9.8 9.8 9y ago In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, … susedebianjavaapache
CVE-2025-55754 critical 9.6 9.6 9d ago Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences redhatsusedebianjava+1
CVE-2026-43515 critical 9.1 9.1 16d ago Apache Tomcat - Security constraints not correctly applied susedebianjavaapache
CVE-2017-5648 critical 9.1 9.1 9y ago While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use th… susedebianjavaapache
CVE-2025-24813 medium 7.0 1y ago Moderate: tomcat security update redhatrockylinuxsusedebian+1
CVE-2020-1938 medium 7.0 6y ago Apache Tomcat treats Apache JServ Protocol (AJP) connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploit… suserockylinuxdebianjava
CVE-2024-50379 medium 5.5 11mo ago Moderate: tomcat security update redhatrockylinuxsusedebian+1
CVE-2023-42795 medium 5.5 2y ago Moderate: tomcat security update redhatsusedebianjava
CVE-2023-41080 medium 5.5 2y ago Moderate: tomcat security update redhatsusedebianjava
CVE-2023-45648 medium 5.5 2y ago Moderate: tomcat security update redhatsusedebianjava
CVE-2023-28709 medium 5.5 3y ago Moderate: tomcat security and bug fix update redhatsusedebianjava
CVE-2023-24998 medium 5.5 3y ago Moderate: tomcat security and bug fix update redhatarchsusedebian+1
CVE-2020-1935 medium 5.5 6y ago In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as va… rockylinuxdebianjava
CVE-2025-61795 medium 5.3 5.3 7mo ago Apache Tomcat Vulnerable to Improper Resource Shutdown or Release susedebianjavaapache
CVE-2014-0095 medium 5.0 12y ago Denial of service in Apache Tomcat javaapache