| CVE-2026-43512 |
critical |
9.8 |
9.8 |
16d ago |
Apache Tomcat - Digest authenticator will authenticate any unknown user |
|
| CVE-2026-41293 |
critical |
9.8 |
9.8 |
16d ago |
Apache Tomcat - HTTP/2 request headers not validated |
|
| CVE-2017-5651 |
critical |
9.8 |
9.8 |
9y ago |
Expected Behavior Violation in Apache Tomcat |
|
| CVE-2025-55754 |
critical |
9.6 |
9.6 |
10d ago |
Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences |
+1 |
| CVE-2026-43515 |
critical |
9.1 |
9.1 |
16d ago |
Apache Tomcat - Security constraints not correctly applied |
|
| CVE-2017-5648 |
critical |
9.1 |
9.1 |
9y ago |
Exposure of Resource to Wrong Sphere in Apache Tomcat |
|
| CVE-2023-44487 |
high |
7.5 |
9.0 |
3y ago |
Important: nodejs:20 security update |
+11 |
| CVE-2025-46701 |
high |
— |
8.0 |
10d ago |
Apache Tomcat - CGI security constraint bypass |
+1 |
| CVE-2026-24880 |
high |
— |
8.0 |
2mo ago |
Apache Tomcat has an HTTP Request/Response Smuggling vulnerability |
|
| CVE-2026-29129 |
high |
— |
8.0 |
2mo ago |
Apache Tomcat: Configured cipher preference order not preserved |
|
| CVE-2025-31651 |
high |
— |
8.0 |
6mo ago |
Apache Tomcat Rewrite rule bypass |
+1 |
| CVE-2025-52520 |
high |
— |
8.0 |
9mo ago |
Important: tomcat security update |
+1 |
| CVE-2025-49125 |
high |
— |
8.0 |
9mo ago |
Important: tomcat security update |
+2 |
| CVE-2025-48988 |
high |
— |
8.0 |
9mo ago |
Apache Tomcat - DoS in multipart upload |
+2 |
| CVE-2025-53506 |
high |
— |
8.0 |
9mo ago |
Important: tomcat security update |
+1 |
| CVE-2024-56337 |
high |
— |
8.0 |
11mo ago |
Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability |
+1 |
| CVE-2025-31650 |
high |
— |
8.0 |
11mo ago |
Apache Tomcat Denial of Service via invalid HTTP priority header |
+2 |
| CVE-2024-34750 |
high |
— |
8.0 |
2y ago |
Important: tomcat security update |
+1 |
| CVE-2024-24549 |
high |
— |
8.0 |
2y ago |
Apache Tomcat Denial of Service due to improper input validation vulnerability for HTTP/2 requests |
+1 |
| CVE-2023-46589 |
high |
— |
8.0 |
2y ago |
Apache Tomcat Improper Input Validation vulnerability |
+1 |
| CVE-2021-24122 |
high |
— |
8.0 |
5y ago |
Information Disclosure in Apache Tomcat |
|
| CVE-2019-0199 |
high |
— |
8.0 |
6y ago |
Apache Tomcat Denial of Service vulnerability |
|
| CVE-2020-9484 |
high |
— |
8.0 |
6y ago |
Potential remote code execution in Apache Tomcat |
|
| CVE-2018-8037 |
high |
— |
8.0 |
8y ago |
Apache Tomcat Race Condition vulnerability |
|
| CVE-2018-8034 |
high |
— |
8.0 |
8y ago |
The host name verification missing in Apache Tomcat |
|
| CVE-2018-8014 |
high |
— |
8.0 |
8y ago |
Important: pki-deps:10.6 security update |
|
| CVE-2018-11784 |
high |
— |
8.0 |
8y ago |
Apache Tomcat Open Redirect vulnerability |
|
| CVE-2026-43513 |
high |
7.5 |
7.5 |
16d ago |
Apache Tomcat: LockOutRealm treats user names as case-sensitive |
|
| CVE-2026-41284 |
high |
7.5 |
7.5 |
16d ago |
Apache Tomcat: Unbounded read in WebDAV LOCK and PROPFIND handling |
|
| CVE-2025-55752 |
high |
7.5 |
7.5 |
6mo ago |
Important: tomcat security update |
+2 |
| CVE-2025-48989 |
high |
7.5 |
7.5 |
9mo ago |
Apache Tomcat Improper Resource Shutdown or Release vulnerability |
+2 |
| CVE-2026-42498 |
high |
7.3 |
7.3 |
16d ago |
Apache Tomcat - WebSocket authentication header exposure |
|
| CVE-2026-43514 |
low |
3.7 |
3.7 |
16d ago |
Apache Tomcat - AJP secret compared in non-constant time |
|
| CVE-2026-32990 |
unknown |
— |
— |
2mo ago |
Apache Tomcat has an Improper Input Validation vulnerability |
|
| CVE-2026-25854 |
unknown |
— |
— |
2mo ago |
Apache Tomcat has an Open Redirect vulnerability |
|
| CVE-2025-66614 |
unknown |
— |
— |
3mo ago |
Apache Tomcat - Client certificate verification bypass |
|
| CVE-2025-49124 |
unknown |
— |
— |
1y ago |
Apache Tomcat installer for Windows has an untrusted search path vulnerability |
|
| CVE-2024-21733 |
unknown |
— |
— |
2y ago |
Apache Tomcat vulnerable to Generation of Error Message Containing Sensitive Information |
|
| CVE-2008-1947 |
unknown |
— |
— |
4y ago |
Apache Tomcat Cross-site scripting (XSS) vulnerability |
|
| CVE-2021-25122 |
unknown |
— |
— |
5y ago |
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat |
|
| CVE-2021-25329 |
unknown |
— |
— |
5y ago |
Potential remote code execution in Apache Tomcat |
|
| CVE-2019-17569 |
unknown |
— |
— |
6y ago |
Potential HTTP request smuggling in Apache Tomcat |
|
| CVE-2019-12418 |
unknown |
— |
— |
7y ago |
Insufficiently Protected Credentials in Apache Tomcat |
|
| CVE-2019-17563 |
unknown |
— |
— |
7y ago |
In Apache Tomcat, when using FORM authentication there was a narrow window where an attacker could perform a session fixation attack |
|
| CVE-2019-0221 |
unknown |
— |
— |
7y ago |
Cross-site scripting in Apache Tomcat |
|
| CVE-2019-0232 |
unknown |
— |
— |
7y ago |
Apache Tomcat OS Command Injection vulnerability |
|
| CVE-2018-1304 |
unknown |
— |
— |
8y ago |
Apache Tomcat unauthorized access vulnerability |
|