CRITICAL9.8CVE-2026-43512Apache Tomcat - Digest authenticator will authenticate any unknown user from 0
CRITICAL9.8CVE-2026-41293Apache Tomcat - HTTP/2 request headers not validated from 0
CRITICAL9.8CVE-2025-31651Apache Tomcat: Bypass of rules in Rewrite Valve from 0, < 11.0.6-1
CRITICAL9.6CVE-2025-55754Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences from 0, < 11.0.15-1~deb13u1
CRITICAL9.1CVE-2026-43515Apache Tomcat - Security constraints not correctly applied from 0
CRITICAL9.1CVE-2026-29145Apache Tomcat: CLIENT_CERT authentication does not fail as expected from 0
CRITICAL9.1CVE-2025-66614Apache Tomcat: Client certificate verification bypass due to virtual host mapping from 0, < 11.0.15-1~deb13u1
HIGH7.5CVE-2026-41284Apache Tomcat: Unbounded read in WebDAV LOCK and PROPFIND handling from 0
HIGH7.5CVE-2026-43513Apache Tomcat: LockOutRealm treats user names as case-sensitive from 0
HIGH7.5CVE-2026-34487Apache Tomcat: Cloud membership for clustering component exposed the Kubernetes bearer token from 0
HIGH7.5CVE-2026-34483Apache Tomcat has an Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve from 0
HIGH7.5CVE-2026-24880Apache Tomcat has an HTTP Request/Response Smuggling vulnerability from 0
HIGH7.5CVE-2026-29129Apache Tomcat: Configured cipher preference order not preserved from 0
HIGH7.5CVE-2026-29146Apache Tomcat: Padding Oracle vulnerability in EncryptInterceptor from 0
HIGH7.5CVE-2026-24734Apache Tomcat Native, Apache Tomcat: OCSP revocation bypass from 0
HIGH7.5CVE-2025-55752Apache Tomcat Vulnerable to Relative Path Traversal from 0, < 11.0.15-1~deb13u1
HIGH7.5CVE-2025-48989Apache Tomcat Improper Resource Shutdown or Release vulnerability from 0, < 11.0.15-1~deb13u1
HIGH7.5CVE-2025-53506Apache Tomcat: DoS via excessive h2 streams at connection start from 0, < 11.0.15-1~deb13u1
HIGH7.5CVE-2025-52520Apache Tomcat: DoS via integer overflow in multipart file upload from 0, < 11.0.15-1~deb13u1
HIGH7.5CVE-2025-49125Apache Tomcat: Security constraint bypass for pre/post-resources from 0, < 11.0.15-1~deb13u1
HIGH7.5CVE-2025-48976Apache Commons FileUpload, Apache Commons FileUpload: FileUpload DoS via part headers from 0, < 11.0.15-1~deb13u1
HIGH7.5CVE-2025-48988Apache Tomcat: FileUpload large number of parts with headers DoS from 0, < 11.0.15-1~deb13u1
HIGH7.5CVE-2025-31650Apache Tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame from 0, < 11.0.6-1
HIGH7.3CVE-2026-42498Apache Tomcat - WebSocket authentication header exposure from 0
HIGH7.3CVE-2025-46701Apache Tomcat: Security constraint bypass for CGI scripts from 0, < 11.0.15-1~deb13u1
HIGH7.3CVE-2025-46701Apache Tomcat: Security constraint bypass for CGI scripts from 0, < 11.0.15-1~deb13u1
MEDIUM6.5CVE-2026-34500Apache Tomcat: CLIENT_CERT authentication does not fail as expected from 0
MEDIUM6.5CVE-2025-55668Apache Tomcat: session fixation via rewrite valve from 0, < 11.0.15-1~deb13u1
MEDIUM6.1CVE-2026-25854Apache Tomcat has an Open Redirect vulnerability from 0
MEDIUM5.3CVE-2026-32990Apache Tomcat has an Improper Input Validation vulnerability from 0
MEDIUM5.3CVE-2025-61795Apache Tomcat Vulnerable to Improper Resource Shutdown or Release from 0, < 11.0.15-1~deb13u1
LOW3.7CVE-2026-43514Apache Tomcat - AJP secret compared in non-constant time from 0
LOW3.7CVE-2026-24733Apache Tomcat: Security constraint bypass with HTTP/0.9 from 0, < 11.0.15-1~deb13u1