Where
AND
-Infinity
0

Trending

Last week
Last month
Last year

Versions

8.5.0
9
10.1.0
7
7.0.0
7
9.0.0
7
11.0.0
6
9.0.0-milestone1
5
9.0.0-milestone9
5
8.5.100
4
9.0.0-m1
4
9.0.0-m9
4
9.0.0-milestone10
4
9.0.0-milestone11
4
9.0.0-milestone12
4
9.0.0-milestone2
4
9.0.0-milestone3
4
9.0.0-milestone4
4
9.0.0-milestone5
4
9.0.0-milestone6
4
9.0.0-milestone7
4
9.0.0-milestone8
4
10.1.0-milestone10
3
10.1.0-milestone11
3
10.1.0-milestone12
3
10.1.0-milestone13
3
10.1.0-milestone14
3
10.1.0-milestone15
3
10.1.0-milestone16
3
10.1.0-milestone17
3
10.1.0-milestone18
3
10.1.0-milestone19
3
10.1.0-milestone20
3
10.1.0-milestone7
3
10.1.0-milestone8
3
10.1.0-milestone9
3
10.1.1
3
11.0.0-milestone1
3
11.0.0-milestone10
3
11.0.0-milestone11
3
11.0.0-milestone12
3
11.0.0-milestone13
3
11.0.0-milestone14
3
11.0.0-milestone15
3
11.0.0-milestone16
3
11.0.0-milestone17
3
11.0.0-milestone18
3
11.0.0-milestone19
3
11.0.0-milestone2
3
11.0.0-milestone20
3
11.0.0-milestone21
3
11.0.0-milestone22
3

Apache TomcatApache Tomcat: Security constraints not correctly applied

Risk 70
Severity
9.1
First published (updated )
CVE-2026-43515

Apache TomcatApache Tomcat: Digest authenticator will authenticate any unknown user

Risk 90
Severity
9.8
First published (updated )
CVE-2026-43512

Apache TomcatApache Tomcat: HTTP/2 request headers not validated

Risk 90
Severity
9.8
First published (updated )
CVE-2026-41293

Apache TomcatApache Tomcat, Apache Tomcat Native: OCSP checks sometimes soft-fail even when soft-fail is disabled

Risk 70
Severity
9.1
First published (updated )
CVE-2026-29145

Apache TomcatApache Tomcat: Client certificate verification bypass due to virtual host mapping

Risk 66
Severity
9.1
First published (updated )
CVE-2025-66614
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache TomcatApache Tomcat: console manipulation via escape sequences in log messages

Risk 86
Severity
9.7
First published (updated )
CVE-2025-55754

Apache TomcatApache Tomcat: Bypass of rules in Rewrite Valve

Risk 92
Severity
9.8
First published (updated )
CVE-2025-31651

Apache TomcatApache Tomcat Path Equivalence Vulnerability

Risk 90
Severity
10
Exploited
Zeroday
EPSS
0.04%
First published (updated )
CVE-2025-24813

Apache TomcatApache Tomcat: Authentication bypass when using Jakarta Authentication API

Risk 93
Severity
9.8
First published (updated )
CVE-2024-52316

Apache TomcatApache Tomcat Improper Privilege Management Vulnerability

Risk 99
Severity
9.8
Exploited
First published (updated )
CVE-2020-1938
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache TomcatOS Command Injection, Input Validation

Risk 89
Severity
9.8
First published (updated )
CVE-2019-0232

Apache TomcatRace Condition

Risk 70
Severity
9.1
First published (updated )
CVE-2018-8037

Apache TomcatLast updated 18 August 2025

Risk 90
Severity
9.8
First published (updated )
CVE-2018-8014

Apache TomcatIn Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors i…

Risk 88
Severity
9.8
First published (updated )
CVE-2017-5651

Apache TomcatWhile investigating bug 60718, it was noticed that some calls to application listeners in Apache Tom…

Risk 69
Severity
9.1
First published (updated )
CVE-2017-5648
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache TomcatApache Tomcat Remote Code Execution Vulnerability

Risk 99
Severity
9.8
Exploited
First published (updated )
CVE-2016-8735

Apache TomcatLast updated 18 August 2025

Risk 70
Severity
9.1
First published (updated )
CVE-2016-5018

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203