| CVE-2009-3555 |
critical |
9.8 |
10.0 |
|
|
|
17y ago |
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9… |
| CVE-2026-43512 |
critical |
9.8 |
9.8 |
|
|
|
24d ago |
DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, fr… |
| CVE-2026-41293 |
critical |
9.8 |
9.8 |
|
|
|
24d ago |
Improper Input Validation vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 10.0.0… |
| CVE-2025-55754 |
critical |
9.6 |
9.6 |
|
|
|
17d ago |
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Win… |
| CVE-2026-29145 |
critical |
— |
9.5 |
|
|
|
2mo ago |
CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native. This issue affects Apache Tomcat: from 11.0.0… |
| CVE-2026-43515 |
critical |
9.1 |
9.1 |
|
|
|
24d ago |
Improper Authorization vulnerability when multiple method constraints define an HTTP method for the same extension in Apache Tomcat.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21,… |
| CVE-2026-43514 |
low |
3.7 |
3.7 |
|
|
|
24d ago |
Observable Timing Discrepancy vulnerability when comparing AJP secret in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M… |
| CVE-2010-1157 |
low |
— |
3.6 |
|
|
|
16y ago |
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat |
| CVE-2013-2071 |
low |
— |
2.6 |
|
|
|
13y ago |
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat |
| CVE-2024-54677 |
low |
— |
2.5 |
|
|
|
2y ago |
Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.… |
| CVE-2011-2204 |
low |
— |
1.9 |
|
|
|
15y ago |
Insertion of Sensitive Information into Log File in Apache Tomcat |
| CVE-2010-3718 |
low |
— |
1.2 |
|
|
|
16y ago |
Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat |
