Package impact

Maven / org.apache.tomcat.embed:tomcat-embed-core

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Published	Description	Impact
CVE-2026-43512	critical	9.8	9.8	16d ago	Apache Tomcat - Digest authenticator will authenticate any unknown user
CVE-2026-41293	critical	9.8	9.8	16d ago	Apache Tomcat - HTTP/2 request headers not validated
CVE-2017-5651	critical	9.8	9.8	9y ago	In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, …
CVE-2025-55754	critical	9.6	9.6	9d ago	Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences	+1
CVE-2026-43515	critical	9.1	9.1	16d ago	Apache Tomcat - Security constraints not correctly applied
CVE-2017-5648	critical	9.1	9.1	9y ago	While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use th…
CVE-2023-44487	high	7.5	9.0	3y ago	Important: nodejs:20 security update	+6
CVE-2025-46701	high	—	8.0	9d ago	Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to th…	+1
CVE-2026-29129	high	—	8.0	2mo ago	Apache Tomcat: Configured cipher preference order not preserved
CVE-2026-24880	high	—	8.0	2mo ago	Apache Tomcat has an HTTP Request/Response Smuggling vulnerability
CVE-2025-31651	high	—	8.0	6mo ago	Important: tomcat security update	+1
CVE-2025-53506	high	—	8.0	9mo ago	Important: tomcat security update	+1
CVE-2025-48988	high	—	8.0	9mo ago	Important: tomcat security update	+2
CVE-2025-49125	high	—	8.0	9mo ago	Important: tomcat security update	+2
CVE-2025-52520	high	—	8.0	9mo ago	Important: tomcat security update	+1
CVE-2024-56337	high	—	8.0	11mo ago	Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability	+1
CVE-2025-31650	high	—	8.0	11mo ago	Important: tomcat security update	+2
CVE-2024-34750	high	—	8.0	2y ago	Important: tomcat security update	+1
CVE-2024-24549	high	—	8.0	2y ago	Important: tomcat security and bug fix update	+1
CVE-2023-46589	high	—	8.0	2y ago	Important: tomcat security update	+1
CVE-2021-24122	high	—	8.0	5y ago	When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to …
CVE-2019-0199	high	—	8.0	6y ago	Apache Tomcat Denial of Service vulnerability
CVE-2020-9484	high	—	8.0	6y ago	Potential remote code execution in Apache Tomcat
CVE-2018-8037	high	—	8.0	8y ago	Important: pki-deps:10.6 security update
CVE-2018-8034	high	—	8.0	8y ago	Important: pki-deps:10.6 security update
CVE-2018-8014	high	—	8.0	8y ago	Important: pki-deps:10.6 security update
CVE-2018-11784	high	—	8.0	8y ago	Important: pki-deps:10.6 security update
CVE-2026-43513	high	7.5	7.5	16d ago	Apache Tomcat: LockOutRealm treats user names as case-sensitive
CVE-2026-41284	high	7.5	7.5	16d ago	Apache Tomcat: Unbounded read in WebDAV LOCK and PROPFIND handling
CVE-2025-55752	high	7.5	7.5	6mo ago	Important: tomcat security update	+2
CVE-2025-48989	high	7.5	7.5	9mo ago	Important: tomcat security update	+2
CVE-2026-42498	high	7.3	7.3	16d ago	Apache Tomcat - WebSocket authentication header exposure
CVE-2026-43514	low	3.7	3.7	16d ago	Apache Tomcat - AJP secret compared in non-constant time