Where
AND
-Infinity
0

Trending

Last week
Last month
Last year

Apache TomcatApache Tomcat: LockOutRealm treats user names as case-sensitive

Risk 46
Severity
7.5
First published (updated )
CVE-2026-43513

Apache TomcatApache Tomcat: WebSocket authentication header exposure

Risk 54
Severity
7.3
First published (updated )
CVE-2026-42498

Apache TomcatApache Tomcat: Unbounded read in WebDAV LOCK and PROPFIND handling

Risk 46
Severity
7.5
First published (updated )
CVE-2026-41284

Apache TomcatApache Tomcat: Cloud membership for clustering component exposed the Kubernetes bearer token

Risk 46
Severity
7.5
First published (updated )
CVE-2026-34487

Apache TomcatApache Tomcat: Fix for CVE-2026-29146 allowed bypass of EncryptInterceptor

Risk 46
Severity
7.5
First published (updated )
CVE-2026-34486
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache TomcatApache Tomcat: Incomplete escaping of JSON access logs

Risk 46
Severity
7.5
First published (updated )
CVE-2026-34483

Apache TomcatApache Tomcat: EncryptInterceptor vulnerable to padding oracle attack by default

Risk 46
Severity
7.5
First published (updated )
CVE-2026-29146

Apache TomcatApache Tomcat: TLS cipher order is not preserved

Risk 46
Severity
7.5
First published (updated )
CVE-2026-29129

Apache TomcatApache Tomcat: Request smuggling via invalid chunk extension

Risk 46
Severity
7.5
First published (updated )
CVE-2026-24880

Apache Tomcat NativeInput Validation

Risk 33
Severity
7
First published (updated )
REDHAT-BUG-2440426
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache TomcatApache Tomcat Native, Apache Tomcat: OCSP revocation bypass

Risk 31
Severity
7.5
EPSS
0.02%
First published (updated )
CVE-2026-24734

Apache TomcatPath Traversal

Risk 33
Severity
7
First published (updated )
REDHAT-BUG-2406591

Apache TomcatApache Tomcat: Directory traversal via rewrite with possible RCE if PUT is enabled

Risk 76
Severity
7.5
First published (updated )
CVE-2025-55752

Apache TomcatApache Tomcat: h2 DoS - Made You Reset

Risk 48
Severity
7.5
First published (updated )
CVE-2025-48989

maven/org.apache.tomcat.embed:tomcat-embed-coreApache Tomcat: Security constraint bypass for pre/post-resources

Risk 46
Severity
7.5
First published (updated )
CVE-2025-49125
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

maven/org.apache.tomcat.embed:tomcat-embed-coreApache Tomcat: FileUpload large number of parts with headers DoS

Risk 46
Severity
7.5
First published (updated )
CVE-2025-48988

Apache TomcatInput Validation

Risk 33
Severity
7
First published (updated )
REDHAT-BUG-2362783

Apache TomcatApache Tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame

Risk 65
Severity
7.5
Exploited
First published (updated )
CVE-2025-31650

Apache TomcatApache Tomcat: HTTP request smuggling via malformed trailer headers

Risk 47
Severity
7.5
First published (updated )
CVE-2023-46589

redhat/tomcatApache Tomcat: FileUpload: DoS due to accumulation of temporary files on Windows

Risk 46
Severity
7.5
First published (updated )
CVE-2023-42794
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache Tomcat- Rapid Reset HTTP/2 vulnerability

Risk 65
Severity
7.5
Exploited
Zeroday
First published (updated )
CVE-2023-44487

Apache TomcatLocal privilege escalation with FileStore

Risk 66
Severity
7
First published (updated )
CVE-2022-23181

Apache TomcatDoS via memory leak with WebSocket connections

Risk 46
Severity
7.5
First published (updated )
CVE-2021-42340

redhat/tomcatApache Tomcat DoS with unexpected TLS packet

Risk 46
Severity
7.5
First published (updated )
CVE-2021-41079

Apache TomcatIncomplete fix for CVE-2020-9484

Risk 66
Severity
7
First published (updated )
CVE-2021-25329
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache TomcatApache Tomcat h2c request mix-up

Risk 46
Severity
7.5
First published (updated )
CVE-2021-25122

Apache TomcatApache Tomcat: Request header mix-up between HTTP/2 streams

Risk 46
Severity
7.5
First published (updated )
CVE-2020-17527

Apache TomcatLast updated 24 June 2025

Risk 46
Severity
7.5
First published (updated )
CVE-2020-13935

Apache TomcatNull Pointer Dereference

Risk 46
Severity
7.5
First published (updated )
CVE-2020-13934

Apache TomcatUser-writeable configuration file /usr/lib/tmpfiles.d/tomcat.conf allows for escalation of priviliges

Risk 73
Severity
7.8
First published (updated )
CVE-2020-8022
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203