CRITICAL9.8CVE-2025-24813⚠ KEVApache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT from 0, < 10.1.34-0+deb12u2
CRITICAL9.8CVE-2025-24813⚠ KEVApache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT from 0, < 10.1.34-0+deb12u2
from 0, < 10.1.6-1+deb12u1
CRITICAL9.8CVE-2026-43512Apache Tomcat - Digest authenticator will authenticate any unknown user from 0
CRITICAL9.8CVE-2026-41293Apache Tomcat - HTTP/2 request headers not validated from 0
CRITICAL9.8CVE-2025-31651Apache Tomcat: Bypass of rules in Rewrite Valve from 0, < 10.1.40-1
CRITICAL9.8CVE-2024-56337Apache Tomcat: RCE due to TOCTOU issue in JSP compilation - CVE-2024-50379 mitigation was incomplete from 0, < 10.1.34-0+deb12u1
CRITICAL9.8CVE-2024-50379Apache Tomcat: RCE due to TOCTOU issue in JSP compilation from 0, < 10.1.34-0+deb12u1
CRITICAL9.8CVE-2024-52316Apache Tomcat: Authentication bypass when using Jakarta Authentication API from 0, < 10.1.34-0+deb12u1
CRITICAL9.6CVE-2025-55754Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences from 0, < 10.1.52-1~deb12u1
CRITICAL9.1CVE-2026-43515Apache Tomcat - Security constraints not correctly applied from 0
CRITICAL9.1CVE-2026-29145Apache Tomcat: CLIENT_CERT authentication does not fail as expected from 0
CRITICAL9.1CVE-2025-66614Apache Tomcat: Client certificate verification bypass due to virtual host mapping from 0, < 10.1.52-1~deb12u1
from 0, < 10.1.34-0+deb12u1
HIGH7.5CVE-2026-43513Apache Tomcat: LockOutRealm treats user names as case-sensitive from 0
HIGH7.5CVE-2026-41284Apache Tomcat: Unbounded read in WebDAV LOCK and PROPFIND handling from 0
HIGH7.5CVE-2026-34483Apache Tomcat has an Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve from 0
HIGH7.5CVE-2026-34487Apache Tomcat: Cloud membership for clustering component exposed the Kubernetes bearer token from 0
HIGH7.5CVE-2026-29146Apache Tomcat: Padding Oracle vulnerability in EncryptInterceptor from 0
HIGH7.5CVE-2026-24880Apache Tomcat has an HTTP Request/Response Smuggling vulnerability from 0
HIGH7.5CVE-2026-29129Apache Tomcat: Configured cipher preference order not preserved from 0
HIGH7.5CVE-2026-24734Apache Tomcat Native, Apache Tomcat: OCSP revocation bypass from 0, < 10.1.52-1~deb12u1
HIGH7.5CVE-2025-55752Apache Tomcat Vulnerable to Relative Path Traversal from 0, < 10.1.52-1~deb12u1
HIGH7.5CVE-2025-48989Apache Tomcat Improper Resource Shutdown or Release vulnerability from 0, < 10.1.52-1~deb12u1
HIGH7.5CVE-2025-53506Apache Tomcat: DoS via excessive h2 streams at connection start from 0, < 10.1.52-1~deb12u1
HIGH7.5CVE-2025-52520Apache Tomcat: DoS via integer overflow in multipart file upload from 0, < 10.1.52-1~deb12u1
HIGH7.5CVE-2025-49125Apache Tomcat: Security constraint bypass for pre/post-resources from 0, < 10.1.52-1~deb12u1
HIGH7.5CVE-2025-48988Apache Tomcat: FileUpload large number of parts with headers DoS from 0, < 10.1.52-1~deb12u1
HIGH7.5CVE-2025-48976Apache Commons FileUpload, Apache Commons FileUpload: FileUpload DoS via part headers from 0, < 10.1.52-1~deb12u1
HIGH7.5CVE-2025-31650Apache Tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame from 0, < 10.1.40-1
from 0, < 10.1.34-0+deb12u1
from 0, < 10.1.34-0+deb12u1
from 0, < 10.1.6-1+deb12u2
HIGH7.5CVE-2023-46589Apache Tomcat: HTTP request smuggling via malformed trailer headers from 0, < 10.1.6-1+deb12u2
HIGH7.5CVE-2023-46589Apache Tomcat: HTTP request smuggling via malformed trailer headers from 0, < 10.1.6-1+deb12u2
HIGH7.5CVE-2023-28709Apache Tomcat: Fix for CVE-2023-24998 is incomplete from 0, < 10.1.6-1+deb12u1
HIGH7.5CVE-2023-28709Apache Tomcat: Fix for CVE-2023-24998 is incomplete from 0, < 10.1.6-1+deb12u1
from 0, < 10.1.10-1
from 0, < 10.1.5-1
HIGH7.3CVE-2026-42498Apache Tomcat - WebSocket authentication header exposure from 0
HIGH7.3CVE-2025-46701Apache Tomcat: Security constraint bypass for CGI scripts from 0, < 10.1.52-1~deb12u1
HIGH7.3CVE-2025-46701Apache Tomcat: Security constraint bypass for CGI scripts from 0, < 10.1.52-1~deb12u1
MEDIUM6.5CVE-2026-34500Apache Tomcat: CLIENT_CERT authentication does not fail as expected from 0
MEDIUM6.5CVE-2025-55668Apache Tomcat: session fixation via rewrite valve from 0, < 10.1.52-1~deb12u1
MEDIUM6.5CVE-2024-52317Apache Tomcat: Request/response mix-up with HTTP/2 from 0, < 10.1.31-1
MEDIUM6.3CVE-2024-23672Apache Tomcat: WebSocket DoS with incomplete closing handshake from 0, < 10.1.6-1+deb12u2
MEDIUM6.1CVE-2026-25854Apache Tomcat has an Open Redirect vulnerability from 0
MEDIUM6.1CVE-2024-52318Apache Tomcat: Incorrect JSP tag recycling leads to XSS from 0, < 10.1.33-1
MEDIUM6.1CVE-2023-41080Apache Tomcat: Open redirect with FORM authentication from 0, < 10.1.6-1+deb12u1
MEDIUM5.3CVE-2026-32990Apache Tomcat has an Improper Input Validation vulnerability from 0
MEDIUM5.3CVE-2025-61795Apache Tomcat Vulnerable to Improper Resource Shutdown or Release from 0, < 10.1.52-1~deb12u1
MEDIUM5.3CVE-2024-54677Apache Tomcat Uncontrolled Resource Consumption vulnerability from 0, < 10.1.34-0+deb12u1
MEDIUM5.3CVE-2023-45648Apache Tomcat: Trailer header parsing too lenient from 0, < 10.1.6-1+deb12u1
MEDIUM5.3CVE-2023-42795Apache Tomcat: Failure during request clean-up leads to sensitive data leaking to subsequent requests from 0, < 10.1.6-1+deb12u1
MEDIUM4.3CVE-2023-28708Apache Tomcat: JSESSIONID Cookie missing secure attribute in some configurations from 0, < 10.1.6-1
LOW3.7CVE-2026-43514Apache Tomcat - AJP secret compared in non-constant time from 0
LOW3.7CVE-2026-24733Apache Tomcat: Security constraint bypass with HTTP/0.9 from 0, < 10.1.52-1~deb12u1