CVE-2026-43512 critical 9.8
9.8
16d ago
Apache Tomcat - Digest authenticator will authenticate any unknown user
suse debian java apache
CVE-2026-41293 critical 9.8
9.8
16d ago
Apache Tomcat - HTTP/2 request headers not validated
suse debian java apache
CVE-2017-5651 critical 9.8
9.8
9y ago
In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, …
suse debian java apache
CVE-2025-55754 critical 9.6
9.6
9d ago
Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences
redhat suse debian java +1
CVE-2026-43515 critical 9.1
9.1
16d ago
Apache Tomcat - Security constraints not correctly applied
suse debian java apache
CVE-2017-5648 critical 9.1
9.1
9y ago
While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use th…
suse debian java apache
CVE-2023-44487 high 7.5
9.0
3y ago
Important: nodejs:20 security update
rockylinux redhat debian suse +6
CVE-2025-46701 high —
8.0
9d ago
Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to th…
arch redhat suse debian +1
CVE-2026-29129 high —
8.0
2mo ago
Apache Tomcat: Configured cipher preference order not preserved
suse debian java
CVE-2026-24880 high —
8.0
2mo ago
Apache Tomcat has an HTTP Request/Response Smuggling vulnerability
suse debian java
CVE-2025-31651 high —
8.0
6mo ago
Important: tomcat security update
rockylinux redhat suse debian +1
CVE-2025-49125 high —
8.0
9mo ago
Important: tomcat security update
arch redhat rockylinux suse +2
CVE-2025-48988 high —
8.0
9mo ago
Important: tomcat security update
arch redhat rockylinux suse +2
CVE-2025-53506 high —
8.0
9mo ago
Important: tomcat security update
redhat rockylinux suse debian +1
CVE-2025-52520 high —
8.0
9mo ago
Important: tomcat security update
redhat rockylinux suse debian +1
CVE-2025-31650 high —
8.0
11mo ago
Important: tomcat security update
arch redhat rockylinux suse +2
CVE-2024-56337 high —
8.0
11mo ago
Important: tomcat security update
redhat rockylinux suse debian +1
CVE-2024-34750 high —
8.0
2y ago
Important: tomcat security update
redhat rockylinux suse debian +1
CVE-2024-24549 high —
8.0
2y ago
Important: tomcat security and bug fix update
redhat suse rockylinux debian +1
CVE-2023-46589 high —
8.0
2y ago
Important: tomcat security update
redhat rockylinux suse debian +1
CVE-2021-24122 high —
8.0
5y ago
When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to …
arch suse debian java
CVE-2019-0199 high —
8.0
6y ago
Apache Tomcat Denial of Service vulnerability
suse debian java
CVE-2020-9484 high —
8.0
6y ago
Potential remote code execution in Apache Tomcat
arch suse debian java
CVE-2018-8037 high —
8.0
8y ago
Important: pki-deps:10.6 security update
suse rockylinux debian java
CVE-2018-8034 high —
8.0
8y ago
Important: pki-deps:10.6 security update
suse rockylinux debian java
CVE-2018-8014 high —
8.0
8y ago
Important: pki-deps:10.6 security update
suse rockylinux debian java
CVE-2018-11784 high —
8.0
8y ago
Important: pki-deps:10.6 security update
suse rockylinux debian java
CVE-2026-43513 high 7.5
7.5
16d ago
Apache Tomcat: LockOutRealm treats user names as case-sensitive
suse debian java apache
CVE-2026-41284 high 7.5
7.5
16d ago
Apache Tomcat: Unbounded read in WebDAV LOCK and PROPFIND handling
suse debian java apache
CVE-2025-55752 high 7.5
7.5
6mo ago
Important: tomcat security update
rockylinux redhat suse debian +2
CVE-2025-48989 high 7.5
7.5
9mo ago
Important: tomcat security update
redhat rockylinux suse debian +2
CVE-2026-42498 high 7.3
7.3
16d ago
Apache Tomcat - WebSocket authentication header exposure
suse debian java apache
CVE-2025-24813 medium —
7.0
1y ago
Moderate: tomcat security update
redhat rockylinux suse debian +1
CVE-2020-1938 medium —
7.0
6y ago
Apache Tomcat treats Apache JServ Protocol (AJP) connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploit…
suse rockylinux debian java
CVE-2024-50379 medium —
5.5
11mo ago
Moderate: tomcat security update
redhat rockylinux suse debian +1
CVE-2023-42795 medium —
5.5
2y ago
Moderate: tomcat security update
redhat suse debian java
CVE-2023-41080 medium —
5.5
2y ago
Moderate: tomcat security update
redhat suse debian java
CVE-2023-45648 medium —
5.5
2y ago
Moderate: tomcat security update
redhat suse debian java
CVE-2023-24998 medium —
5.5
3y ago
Moderate: tomcat security and bug fix update
redhat arch suse debian +1
CVE-2023-28709 medium —
5.5
3y ago
Moderate: tomcat security and bug fix update
redhat suse debian java
CVE-2020-1935 medium —
5.5
6y ago
In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as va…
rockylinux debian java
CVE-2025-61795 medium 5.3
5.3
7mo ago
Apache Tomcat Vulnerable to Improper Resource Shutdown or Release
suse debian java apache
CVE-2014-0095 medium —
5.0
12y ago
Denial of service in Apache Tomcat
java apache