VIR Vulnerability Intelligence Relay

Package impact

java Maven / org.apache.tomcat.embed:tomcat-embed-core

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-43512 critical 9.8 9.8 16d ago Apache Tomcat - Digest authenticator will authenticate any unknown user susedebianjavaapache
CVE-2026-41293 critical 9.8 9.8 16d ago Apache Tomcat - HTTP/2 request headers not validated susedebianjavaapache
CVE-2017-5651 critical 9.8 9.8 9y ago In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, … susedebianjavaapache
CVE-2025-55754 critical 9.6 9.6 9d ago Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences redhatsusedebianjava+1
CVE-2026-43515 critical 9.1 9.1 16d ago Apache Tomcat - Security constraints not correctly applied susedebianjavaapache
CVE-2017-5648 critical 9.1 9.1 9y ago Exposure of Resource to Wrong Sphere in Apache Tomcat susedebianjavaapache
CVE-2025-24813 medium 7.0 1y ago Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT redhatrockylinuxsusedebian+1
CVE-2020-1938 medium 7.0 6y ago Apache Tomcat treats Apache JServ Protocol (AJP) connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploit… suserockylinuxdebianjava
CVE-2024-50379 medium 5.5 11mo ago Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability redhatrockylinuxsusedebian+1
CVE-2023-45648 medium 5.5 2y ago Moderate: tomcat security update redhatsusedebianjava
CVE-2023-41080 medium 5.5 2y ago Moderate: tomcat security update redhatsusedebianjava
CVE-2023-42795 medium 5.5 2y ago Moderate: tomcat security update redhatsusedebianjava
CVE-2023-28709 medium 5.5 3y ago Moderate: tomcat security and bug fix update redhatsusedebianjava
CVE-2023-24998 medium 5.5 3y ago Moderate: tomcat security and bug fix update redhatarchsusedebian+1
CVE-2020-1935 medium 5.5 6y ago In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as va… rockylinuxdebianjava
CVE-2025-61795 medium 5.3 5.3 7mo ago Apache Tomcat Vulnerable to Improper Resource Shutdown or Release susedebianjavaapache
CVE-2014-0095 medium 5.0 12y ago Denial of service in Apache Tomcat javaapache
CVE-2026-43514 low 3.7 3.7 16d ago Apache Tomcat - AJP secret compared in non-constant time susedebianjavaapache
CVE-2026-32990 unknown 2mo ago Apache Tomcat has an Improper Input Validation vulnerability debianjava
CVE-2025-49124 unknown 1y ago Apache Tomcat installer for Windows has an untrusted search path vulnerability susedebianjava
CVE-2019-17569 unknown 6y ago Potential HTTP request smuggling in Apache Tomcat debianjava
CVE-2018-1304 unknown 8y ago Apache Tomcat unauthorized access vulnerability susedebianjava