CVE-2026-43512 critical 9.8
9.8
16d ago
Apache Tomcat - Digest authenticator will authenticate any unknown user
suse debian java apache
CVE-2026-41293 critical 9.8
9.8
16d ago
Apache Tomcat - HTTP/2 request headers not validated
suse debian java apache
CVE-2017-5651 critical 9.8
9.8
9y ago
In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, …
suse debian java apache
CVE-2025-55754 critical 9.6
9.6
9d ago
Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences
redhat suse debian java +1
CVE-2026-43515 critical 9.1
9.1
16d ago
Apache Tomcat - Security constraints not correctly applied
suse debian java apache
CVE-2017-5648 critical 9.1
9.1
9y ago
Exposure of Resource to Wrong Sphere in Apache Tomcat
suse debian java apache
CVE-2023-44487 high 7.5
9.0
3y ago
Important: nodejs:20 security update
rockylinux redhat debian suse +11
CVE-2025-46701 high —
8.0
9d ago
Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to th…
arch redhat suse debian +1
CVE-2026-29129 high —
8.0
2mo ago
Apache Tomcat: Configured cipher preference order not preserved
suse debian java
CVE-2026-24880 high —
8.0
2mo ago
Apache Tomcat has an HTTP Request/Response Smuggling vulnerability
suse debian java
CVE-2025-31651 high —
8.0
6mo ago
Important: tomcat security update
rockylinux redhat suse debian +1
CVE-2025-53506 high —
8.0
9mo ago
Important: tomcat security update
redhat rockylinux suse debian +1
CVE-2025-48988 high —
8.0
9mo ago
Important: tomcat security update
arch redhat rockylinux suse +2
CVE-2025-49125 high —
8.0
9mo ago
Important: tomcat security update
arch redhat rockylinux suse +2
CVE-2025-52520 high —
8.0
9mo ago
Important: tomcat security update
redhat rockylinux suse debian +1
CVE-2024-56337 high —
8.0
11mo ago
Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
redhat rockylinux suse debian +1
CVE-2025-31650 high —
8.0
11mo ago
Apache Tomcat Denial of Service via invalid HTTP priority header
arch redhat rockylinux suse +2
CVE-2024-34750 high —
8.0
2y ago
Important: tomcat security update
redhat rockylinux suse debian +1
CVE-2024-24549 high —
8.0
2y ago
Apache Tomcat Denial of Service due to improper input validation vulnerability for HTTP/2 requests
redhat suse rockylinux debian +1
CVE-2023-46589 high —
8.0
2y ago
Important: tomcat security update
redhat rockylinux suse debian +1
CVE-2021-24122 high —
8.0
5y ago
Information Disclosure in Apache Tomcat
arch suse debian java
CVE-2019-0199 high —
8.0
6y ago
Apache Tomcat Denial of Service vulnerability
suse debian java
CVE-2020-9484 high —
8.0
6y ago
Potential remote code execution in Apache Tomcat
arch suse debian java
CVE-2018-8037 high —
8.0
8y ago
Apache Tomcat Race Condition vulnerability
suse rockylinux debian java
CVE-2018-8034 high —
8.0
8y ago
The host name verification missing in Apache Tomcat
suse rockylinux debian java
CVE-2018-8014 high —
8.0
8y ago
Important: pki-deps:10.6 security update
suse rockylinux debian java
CVE-2018-11784 high —
8.0
8y ago
Apache Tomcat Open Redirect vulnerability
suse rockylinux debian java
CVE-2026-43513 high 7.5
7.5
16d ago
Apache Tomcat: LockOutRealm treats user names as case-sensitive
suse debian java apache
CVE-2026-41284 high 7.5
7.5
16d ago
Apache Tomcat: Unbounded read in WebDAV LOCK and PROPFIND handling
suse debian java apache
CVE-2025-55752 high 7.5
7.5
6mo ago
Important: tomcat security update
rockylinux redhat suse debian +2
CVE-2025-48989 high 7.5
7.5
9mo ago
Important: tomcat security update
redhat rockylinux suse debian +2
CVE-2026-42498 high 7.3
7.3
16d ago
Apache Tomcat - WebSocket authentication header exposure
suse debian java apache
CVE-2026-43514 low 3.7
3.7
16d ago
Apache Tomcat - AJP secret compared in non-constant time
suse debian java apache