Skip to main content

Tomcat

255 CVEs product

Monthly

CVE-2026-59084 CRITICAL Act Now

Cluster-communication confidentiality and integrity in Apache Tomcat can be undermined because the secure-configuration requirements for the EncryptInterceptor were never clearly documented, leaving operators liable to deploy the cluster session-replication channel insecurely. The flaw affects Tomcat 7.0.100-7.0.109, 8.5.38-8.5.100, 9.0.13-9.0.119, 10.1.0-M1-10.1.56 and 11.0.0-M1-11.0.23, and is fixed in 9.0.120, 10.1.57 and 11.0.24. It carries a CVSS 9.1 (C:H/I:H) but SSVC records exploitation as none, no public exploit identified at time of analysis, and the root cause is a documentation weakness (CWE-1059) rather than a code defect.

Information Disclosure Apache Tomcat Apache Tomcat
NVD VulDB
CVSS 3.1
9.1
EPSS
0.2%
CVE-2026-59083 CRITICAL Act Now

Security constraint bypass in Apache Tomcat (8.5.0-8.5.100, 9.0.0.M1-9.0.119, 10.1.0-M1-10.1.56, 11.0.0-M1-11.0.23) lets remote attackers reach protected resources by abusing improperly handled hex URL encoding in the RewriteValve, defeating URL-pattern security constraints. Because the flaw resides in the rewrite valve, only deployments that use the RewriteValve together with security constraints are exposed, but where present an unauthenticated attacker (per CVSS PR:N) can access or manipulate resources meant to be restricted. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; EPSS data was not provided.

Authentication Bypass Apache Tomcat Apache Tomcat
NVD VulDB
CVSS 3.1
9.1
EPSS
0.2%
CVE-2026-49833 Maven MEDIUM PATCH GHSA This Month

Path traversal via the COAR Notify / Linked Data Notifications (LDN) service in DSpace 8.0-8.3 and 9.0-9.2 allows an authenticated DSpace administrator to reference arbitrary filesystem paths as LDN inbound-pattern templates, causing those files to be read and interpreted as Apache Velocity templates. While no public exploit or active exploitation has been identified, the vulnerability was demonstrated as part of a proven attack chain in which an administrator stages a malicious Velocity payload in a predictable file location and triggers its execution, enabling either sensitive file disclosure or arbitrary Java code execution via Velocity template injection. No special conditions (KEV, public PoC) are confirmed at time of analysis.

Java Path Traversal Tomcat Apache
NVD GitHub
CVSS 3.1
5.5
CVE-2026-49830 Maven MEDIUM PATCH GHSA This Month

Local file inclusion in DSpace's OAI-ORE Ingestion Crosswalk allows a collection administrator to expose arbitrary server-side files as ingested bitstreams by supplying or triggering a malicious ORE XML document referencing file:/// URIs. Versions 7.x through 7.6.6, 8.0-8.3, and 9.0-9.2 are confirmed affected; fixed releases (7.6.7, 8.4, 9.3, 10.0) are available per the GitHub security advisory. No public exploit and no CISA KEV listing exist at time of analysis; the CVSS score of 4.4 reflects meaningful constraints on exploitation (high privileges, high complexity).

Privilege Escalation Tomcat
NVD GitHub
CVSS 3.1
4.4
CVE-2026-49831 Maven MEDIUM PATCH GHSA This Month

Path traversal in DSpace's Curation Task reporter parameter exposes authenticated Collection, Community, and Site Administrators to file write operations at arbitrary server-side paths writable by the DSpace/Tomcat OS user. Affected are DSpace versions through 7.6.6, 8.0-8.3, and 9.0-9.2, where the attack surface widened when web UI access was granted to admin roles beyond CLI-only system administrators. No public exploit or CISA KEV listing exists; the vendor-assigned CVSS 3.1 score of 5.5 (PR:H, A:H) correctly reflects that high-privilege credentials are required but the availability impact from overwriting configuration or binary files can be severe.

Java Path Traversal Denial Of Service Tomcat
NVD GitHub
CVSS 3.1
5.5
CVE-2026-49832 Maven HIGH PATCH GHSA This Week

Remote code execution in DSpace 8.0-8.3 and 9.0-9.2 allows an authenticated administrator to execute arbitrary Java via Velocity templates used to render COAR Notify/LDN messages, using reflection to escape the templating sandbox. Exploitation requires valid DSpace administrator credentials and is most impactful when chained with the related LDN path-traversal flaw (GHSA-9qm4-rh6w-pq5x). No public exploit identified at time of analysis, and CVSS is 8.0 (High).

Path Traversal Code Injection Tomcat RCE Java
NVD GitHub
CVSS 3.1
8.0
CVE-2026-34151 Maven HIGH PATCH GHSA This Week

Path traversal in XWiki running on Jetty 12+ lets remote users read arbitrary files the Jetty process can access by sending doubly URL-encoded '../' sequences to the skin resource endpoint (e.g. /xwiki/bin/skin/..%252f/..). Depending on how deep the webapp sits below root, this exposes both in-webapp secrets such as WEB-INF/xwiki.cfg and Hibernate configuration, and out-of-webapp OS files like /etc/passwd. No public exploit or active exploitation is tracked, but the vendor advisory (GHSA-qj4x-9g63-25g6) itself publishes working request URLs, so weaponization is trivial.

Atlassian Information Disclosure Tomcat Docker
NVD GitHub
CVE-2026-55957 HIGH This Week

Authentication bypass in Apache Tomcat (7.0.0-7.0.109, 8.5.0-8.5.100, 9.0.0.M1-9.0.100, 10.1.0-M1-10.1.36, 11.0.0-M1-11.0.4) lets remote attackers authenticate without supplying the correct password when the JNDIRealm is configured to validate credentials via GSSAPI bind. The flaw (CWE-304, Missing Critical Step in Authentication) means the realm accepts a bind as successful even when the password verification step is effectively skipped. There is no public exploit identified at time of analysis, EPSS risk is low (0.21%, 12th percentile), and it is not listed in CISA KEV.

Information Disclosure Tomcat Apache Apache Tomcat
NVD VulDB HeroDevs
CVSS 3.1
7.3
EPSS
0.2%
CVE-2026-55956 MEDIUM This Month

Improper Authorization (CWE-285) in Apache Tomcat's default servlet allows HTTP method-based and method-omission security constraints to be silently bypassed across all major supported Tomcat branches from 7.0.x through 11.0.x. An attacker can perform HTTP operations - such as PUT or DELETE - that the web.xml security constraint configuration was intended to restrict, potentially enabling unauthorized file upload, modification, or deletion on the default servlet's served content. No active exploitation has been confirmed (not in CISA KEV) and no CVSS score has been published at time of analysis, but the broad version range and ubiquitous deployment footprint of Tomcat make prompt patching a priority.

Authentication Bypass Tomcat Apache Apache Tomcat
NVD VulDB HeroDevs
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-55955 MEDIUM This Month

Replay attack vulnerability in Apache Tomcat's cluster EncryptionInterceptor allows a network-adjacent attacker to retransmit previously captured encrypted inter-node cluster messages, causing receiving nodes to accept and process them as legitimate - potentially corrupting distributed session state or triggering unintended cluster actions. All major supported branches are affected: 11.0.0-M1 through 11.0.22, 10.1.0-M1 through 10.1.55, 9.0.13 through 9.0.18, plus end-of-life branches 8.5.38-8.5.100 and 7.0.100-7.0.109. No public exploit or CISA KEV listing has been identified at time of analysis; however, the breadth of affected versions across all active and legacy branches elevates organizational exposure, particularly for environments running EOL 8.5.x or 7.x with no available patch.

Authentication Bypass Tomcat Apache Apache Tomcat
NVD VulDB HeroDevs
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-55276 CRITICAL PATCH Act Now

Incomplete security-constraint logging in Apache Tomcat (8.5.0-8.5.100, 9.0.0.M1-9.0.118, 10.1.0-M1-10.1.55, 11.0.0-M1-11.0.22) omits special roles and empty authorization constraints when the effective web.xml is written to the log, giving administrators an inaccurate view of the deployed access-control configuration. There is no public exploit identified at time of analysis, EPSS is low (0.17%, 7th percentile), and CISA SSVC marks exploitation status as none, despite the inflated 9.1 CVSS published by Apache. The practical effect is misleading audit/diagnostic output rather than direct attacker compromise.

Information Disclosure Tomcat Apache Apache Tomcat
NVD VulDB HeroDevs
CVSS 3.1
9.1
EPSS
0.2%
CVE-2026-53434 CRITICAL Act Now

Improper handling of a Certificate Revocation List (CRL) error condition in Apache Tomcat's FFM-based (Foreign Function & Memory / OpenSSL) connector allows revoked client certificates to be accepted during mutual TLS authentication, defeating revocation checking. The flaw affects Tomcat 9.0.83-9.0.118, 10.1.0-M7-10.1.55, and 11.0.0-M1-11.0.22 when a CRL is configured on the FFM connector, letting an attacker holding a revoked-but-otherwise-valid client certificate reach protected resources. There is no public exploit identified at time of analysis and the issue is not on CISA KEV, though the CVSS base score is 9.1 (CWE-390).

Information Disclosure Tomcat Apache Apache Tomcat
NVD VulDB
CVSS 3.1
9.1
EPSS
0.2%
CVE-2026-53404 HIGH PATCH This Week

Access-control bypass in Apache Tomcat's RewriteValve (versions 8.5.0-8.5.100, 9.0.0.M1-9.0.118, 10.1.0-M1-10.1.55, and 11.0.0-M1-11.0.22) arises because once the first condition in an OR (`[OR]`) chain matched, subsequent non-OR conditions were never evaluated. Where operators rely on chained rewrite conditions to gate or restrict requests, an attacker can satisfy only the first condition and have later guard conditions silently skipped, leading to information disclosure or unintended request routing. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; Apache has released fixes in 11.0.23, 10.1.56, and 9.0.119.

Information Disclosure Tomcat Apache Apache Tomcat
NVD VulDB
CVSS 3.1
7.3
EPSS
0.2%
CVE-2026-50229 MEDIUM POC PATCH This Month

Reflected XSS in Apache Tomcat's bundled 'number guess' example application exposes users of that demo page to script injection across all major Tomcat release lines from 7.0 through 11.0. The flaw resides in a sample JSP/servlet, not the core Tomcat runtime, meaning exploitation depends entirely on the example application being deployed and accessible - a configuration that violates standard production hardening guidance. No public exploit code or active exploitation has been identified at time of analysis; no CVSS vector was assigned by the reporter.

XSS Tomcat Apache Apache Tomcat
NVD VulDB HeroDevs
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-52465 Maven HIGH PATCH GHSA This Week

Arbitrary file write in GeoServer's Master Password Dump web page allows an authenticated administrator to write attacker-controlled content to any absolute filesystem path the GeoServer process can write to, including JSP files in a Tomcat webapps directory. Because GeoServer enforces no maximum master password length, an admin can embed malicious JSP code into the master password and dump it to an executable location, escalating to remote code execution on the host. No public exploit identified at time of analysis and the issue is not in CISA KEV.

Microsoft Atlassian RCE Denial Of Service Tomcat +1
NVD GitHub
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-45292 Maven MEDIUM PATCH GHSA This Month

Unbounded memory allocation and CPU exhaustion in OpenTelemetry Java SDK's baggage propagation allows remote unauthenticated attackers to degrade or deny service by sending oversized baggage headers. Affected components - W3CBaggagePropagator, JaegerPropagator, and OtTracePropagator - all lacked enforcement of the W3C Baggage specification's recommended size and entry limits, causing character-by-character parsing of arbitrarily large inputs. A distinctive amplification risk exists: baggage is automatically re-injected into all outgoing requests, meaning a single malicious inbound payload can fan out DoS effects to downstream services that never directly received the original request. No public exploit identified at time of analysis, and the CVE is not listed in CISA KEV.

Tomcat Java Denial Of Service
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-45083 Maven CRITICAL PATCH GHSA Act Now

Unauthenticated Solr streaming expression injection in Goobi viewer Core (versions 4.8.0 through 26.04) allows remote attackers to fully read, modify, or delete the backend Solr index by posting arbitrary expressions to the `/api/v1/index/stream` endpoint. No public exploit identified at time of analysis, but the vulnerability is trivially exploitable with CVSS 9.8 and bypasses access-condition protections such as moving walls and licence restrictions. EPSS is currently low (0.04%) reflecting the niche audience rather than technical difficulty.

Authentication Bypass Apache Tomcat
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-44257 CRITICAL PATCH Act Now

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, efw.file.FileManager.unZip writes zip entries to disk using new File(baseDir, zipEntry.getName()) with no canonical-path check. An entry name such as ../../../pwned.jsp escapes the intended extraction directory and lands anywhere the Tomcat process can write - including the servlet context root. Combined with the framework's multipart /uploadServlet and an event that calls file.saveUploadFiles + FileManager.unZip, a remote attacker with no credentials drops a JSP webshell and executes arbitrary commands as the Tomcat user. This vulnerability is fixed in 4.08.010.

Canonical Command Injection Tomcat
NVD GitHub
CVSS 4.0
9.3
EPSS
0.2%
CVE-2026-43515 Maven CRITICAL PATCH GHSA Act Now

Improper Authorization vulnerability when multiple method constraints define an HTTP method for the same extension in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Users are recommended to upgrade to version 11.0.22, 10.1.55 or 9.0.118 which fix the issue.

Authentication Bypass Apache Tomcat Suse Red Hat
NVD VulDB HeroDevs
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-43514 Maven LOW PATCH Monitor

Timing side-channel in Apache Tomcat's AJP secret comparison exposes the shared AJP connector secret to remote, unauthenticated attackers capable of making precise network timing measurements. The vulnerability, tracked as CWE-208 (Observable Timing Discrepancy), affects all major Tomcat branches from 7.0.0 through current releases prior to the fixed versions, and could allow an attacker to recover the AJP shared secret through repeated probing. No public exploit code exists at time of analysis, EPSS is 0.02%, and CISA SSVC rates exploitation as none - making real-world risk low despite the network-accessible attack vector.

Information Disclosure Apache Tomcat Apache Tomcat
NVD VulDB HeroDevs
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-43513 Maven HIGH PATCH GHSA This Week

Improper Handling of Case Sensitivity vulnerability in LockOutRealm in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Older unsupported versions may also be affected. Users are recommended to upgrade to version 11.0.22, 10.1.55 or 9.0.118 which fix the issue.

Apache Tomcat Information Disclosure Suse
NVD VulDB HeroDevs
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-43512 Maven CRITICAL PATCH GHSA Act Now

DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from before 7.0.0. Older unsupported versions any also be affect Users are recommended to upgrade to version 11.0.22, 10.1.55 or 9.0.118 which fix the issue.

Authentication Bypass Apache Tomcat Suse Red Hat
NVD VulDB HeroDevs
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-41293 Maven CRITICAL PATCH GHSA Act Now

Improper Input Validation vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 10.0.0-M1 through 10.0.27. Older, end of support versions may also be affected. Users are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.

Apache Tomcat Information Disclosure Suse Red Hat
NVD VulDB HeroDevs
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-42498 Maven HIGH PATCH GHSA This Week

Information disclosure in Apache Tomcat versions 7.0.83 through 11.0.21 exposes HTTP authentication headers to unintended hosts during WebSocket authentication handshakes, enabling credential leakage to third-party endpoints. The flaw carries a CVSS 7.3 score with partial confidentiality, integrity, and availability impact, and no public exploit identified at time of analysis. EPSS probability is very low (0.03%) but SSVC marks the issue as automatable, indicating that scripted exploitation is feasible if attacker positioning is achieved.

Information Disclosure Apache Tomcat Apache Tomcat Red Hat
NVD VulDB HeroDevs
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-41284 Maven HIGH PATCH GHSA This Week

Denial of service in Apache Tomcat 9.x, 10.1.x, and 11.0.x allows remote unauthenticated attackers to exhaust server resources due to missing limits or throttling on a resource allocation path (CWE-770). Affected versions span 11.0.0-M1 through 11.0.21, 10.1.0-M1 through 10.1.54, and 9.0.0.M1 through 9.0.117, with older unsupported branches also implicated per the EUVD entry. No public exploit identified at time of analysis, and the EPSS score is very low (0.02%, 5th percentile), but the SSVC framework flags the issue as automatable with partial technical impact.

Denial Of Service Apache Tomcat Apache Tomcat
NVD HeroDevs VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-41258 Maven CRITICAL PATCH GHSA Act Now

Server-side template injection in OpenMRS Core allows authenticated users with 'Manage Concepts' privilege to execute arbitrary Java code by injecting malicious Apache Velocity templates into concept reference range criteria fields. The vulnerability stems from unsafe VelocityEngine initialization without sandbox restrictions (no SecureUberspector), enabling unrestricted Java reflection. Exploitation persists across all facility users whenever observations are validated against the compromised concept, creating a persistent remote code execution vector. Fixed in versions 2.7.9 and 2.8.6 via migration from Velocity to sandboxed Spring Expression Language (SpEL) with SimpleEvaluationContext. No active exploitation confirmed (not in CISA KEV), but proof-of-concept details available from researcher advisory at machinespirits.com.

Apache Tomcat Java RCE Privilege Escalation +1
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-40076 Maven CRITICAL GHSA Act Now

Path traversal (Zip Slip) vulnerability in OpenMRS Core ≤ 2.7.8 and 2.8.0-2.8.5 allows authenticated administrators to achieve remote code execution by uploading a malicious .omod module archive to the REST API endpoint POST /openmrs/ws/rest/v1/module. Attackers can write arbitrary JSP files to the Tomcat webroot via crafted ZIP entries containing directory traversal sequences (e.g., web/module/../../../../malicious.jsp), which bypass incomplete path validation in WebModuleUtil.startModule(). The vulnerability also bypasses the module.allow_web_admin security control, as the REST API does not enforce this restriction despite Legacy UI being protected. No vendor-released patch identified at time of analysis for either affected version range.

Java Path Traversal Tomcat RCE
NVD GitHub
CVSS 4.0
9.4
EPSS
0.4%
CVE-2026-40075 Maven HIGH PATCH GHSA This Week

Path traversal in OpenMRS Core's ModuleResourcesServlet allows unauthenticated attackers to read arbitrary files from the server filesystem, including sensitive configuration files and system files like /etc/passwd. The vulnerability exists in versions ≤ 2.7.8 and 2.8.0-2.8.5, with exploitation requiring Apache Tomcat < 8.5.31 where path parameter bypass protections are absent. Fix available in version 2.8.6 for the 2.8.x branch; no patch released for 2.7.x series at time of analysis. CVSS 7.5 (High) reflects network-accessible unauthenticated exploitation with high confidentiality impact.

Java Path Traversal Apache Tomcat
NVD GitHub VulDB
CVSS 4.0
8.2
EPSS
0.1%
CVE-2026-34500 Maven MEDIUM PATCH This Month

CLIENT_CERT authentication bypass in Apache Tomcat allows unauthenticated remote attackers to bypass certificate-based authentication when soft fail is disabled and Foreign Function Memory (FFM) is enabled, affecting Tomcat 9.0.92-9.0.116, 10.1.22-10.1.53, and 11.0.0-M14-11.0.20. The vulnerability has a CVSS score of 6.5 with high confidentiality impact and partial integrity impact; however, the EPSS score of 0.04% (11th percentile) indicates very low real-world exploitation probability, and no public exploit code or confirmed active exploitation has been identified.

Apache Tomcat Authentication Bypass Red Hat Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-34487 Maven HIGH PATCH GHSA This Week

Apache Tomcat's cloud membership clustering component logs Kubernetes bearer tokens in plaintext, enabling unauthenticated remote attackers to extract authentication credentials from log files. Affects Tomcat 9.0.13-9.0.116, 10.1.0-M1-10.1.53, and 11.0.0-M1-11.0.20. CVSS 7.5 (High) reflects confidentiality impact; no public exploit identified at time of analysis. Exploitation requires network access to log files or log aggregation systems, potentially enabling privilege escalation within Kubernetes clusters.

Apache Kubernetes Tomcat Information Disclosure Red Hat +1
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-34486 Maven HIGH POC PATCH GHSA This Week

Encryption bypass in Apache Tomcat 11.0.20, 10.1.53, and 9.0.116 allows unauthenticated remote attackers to circumvent the EncryptInterceptor component, exposing sensitive data in cleartext. The vulnerability stems from an incomplete fix for CVE-2026-29146, enabling network-accessible adversaries to access confidential information without authentication. CVSS 7.5 (High severity) reflects network-based exploitation with low complexity and high confidentiality impact. No public exploit identified at time of analysis; low observed exploitation activity (EPSS <1%).

Apache Information Disclosure Tomcat Apache Tomcat
NVD VulDB HeroDevs
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-34483 Maven HIGH PATCH GHSA This Week

Information disclosure in Apache Tomcat's JsonAccessLogValve allows unauthenticated remote attackers to retrieve sensitive data due to improper output encoding. Affects Tomcat versions 11.0.0-M1 through 11.0.20, 10.1.0-M1 through 10.1.53, and 9.0.40 through 9.0.116. The vulnerability enables high-impact confidentiality breaches through network-accessible attack vectors with low complexity and no user interaction required. No public exploit identified at time of analysis. Low observed exploitation activity (EPSS 0.02%).

Apache Information Disclosure Tomcat Red Hat Suse
NVD VulDB HeroDevs
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-32990 Maven MEDIUM PATCH This Month

Improper input validation in Apache Tomcat allows remote unauthenticated attackers to obtain sensitive information via an incomplete fix of the prior CVE-2025-66614 vulnerability. Affected versions include Tomcat 11.0.15-11.0.19, 10.1.50-10.1.52, and 9.0.113-9.0.115. The CVSS score of 5.3 reflects low confidentiality impact with no integrity or availability impact, and the 0.04% EPSS score indicates minimal real-world exploitation probability at time of analysis with no public exploit code or KEV status confirmed.

Apache Information Disclosure Tomcat Red Hat Suse
NVD VulDB HeroDevs
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-29146 Maven HIGH POC PATCH GHSA This Week

Padding oracle attack in Apache Tomcat EncryptInterceptor leaks encrypted session data confidentiality across versions 7.0.100-7.0.109, 8.5.38-8.5.100, 9.0.13-9.0.115, 10.0.0-M1-10.1.52, and 11.0.0-M1-11.0.18 when default configuration is deployed. Unauthenticated remote attackers exploit oracle responses to decrypt sensitive information without authentication (CVSS:3.1 AV:N/AC:L/PR:N). CWE-209 (information exposure through error messages) enables cryptographic side-channel extraction. No public exploit identified at time of analysis; low observed exploitation activity (EPSS 0.02%).

Apache Oracle Information Disclosure Tomcat Apache Tomcat
NVD VulDB HeroDevs GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-29145 Maven CRITICAL PATCH GHSA Act Now

Authentication bypass in Apache Tomcat 9.x through 11.x and Tomcat Native 1.1.23-2.0.13 allows unauthenticated remote attackers to bypass CLIENT_CERT authentication when soft-fail is disabled, achieving unauthorized access to confidentiality- and integrity-sensitive resources. Exploitation requires no user interaction or privileges (CVSS:3.1 PR:N/UI:N). The flaw affects CLIENT_CERT authentication logic, permitting access under conditions where authentication should fail. No public exploit identified at time of analysis; low observed exploitation activity (EPSS 0.04%).

Apache Tomcat Authentication Bypass Red Hat Suse
NVD VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-29129 Maven HIGH PATCH GHSA This Week

Cipher preference order enforcement failure in Apache Tomcat 9.0.114-9.0.115, 10.1.51-10.1.52, and 11.0.16-11.0.18 allows unauthenticated remote attackers to force selection of weaker cryptographic ciphers during TLS negotiation, enabling potential decryption of confidential data transmitted over HTTPS connections. The vulnerability stems from improper preservation of administrator-configured cipher suite priority, potentially exposing sensitive session data, credentials, or application content. No public exploit identified at time of analysis. CVSS 7.5 (High) reflects network-accessible confidentiality impact requiring no privileges.

Apache Information Disclosure Tomcat Red Hat Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-25854 Maven MEDIUM PATCH This Month

Open redirect vulnerability in Apache Tomcat's LoadBalancerDrainingValve allows unauthenticated remote attackers to redirect users to untrusted sites via crafted URLs. Affects Tomcat 11.0.0-M1 through 11.0.18, 10.1.0-M1 through 10.1.52, 9.0.0.M23 through 9.0.115, and 8.5.30 through 8.5.100. The vulnerability requires user interaction (clicking a malicious link) and has low real-world exploitation probability (EPSS 0.01%), with no public exploit code or confirmed active exploitation identified at the time of analysis.

Apache Open Redirect Tomcat Red Hat Suse
NVD VulDB HeroDevs
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-24880 Maven HIGH PATCH GHSA This Week

HTTP request smuggling in Apache Tomcat 7.x through 11.x permits unauthenticated remote attackers to manipulate request routing and bypass security controls via malformed chunk extension processing. Exploitation enables header injection, cache poisoning, and request routing manipulation without code execution. Affects Tomcat 7.0.0-7.0.109, 8.5.0-8.5.100, 9.0.0.M1-9.0.115, 10.1.0-M1-10.1.52, and 11.0.0-M1-11.0.18. No public exploit identified at time of analysis. Low observed exploitation activity (EPSS 0.02%).

Apache Information Disclosure Request Smuggling Tomcat Red Hat +1
NVD VulDB HeroDevs
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-33439 Maven CRITICAL POC PATCH GHSA Act Now

Remote code execution in OpenIdentityPlatform OpenAM 16.0.5 and earlier allows unauthenticated attackers to execute arbitrary OS commands via unsafe Java deserialization of the jato.clientSession HTTP parameter. This bypass exploits an unpatched deserialization sink in JATO's ClientSession.deserializeAttributes() that was overlooked when CVE-2021-35464 was mitigated. Attackers can target any JATO ViewBean endpoint with <jato:form> tags (commonly found in password reset pages) using a PriorityQue

Deserialization RCE Java Apache Tomcat +3
NVD GitHub
CVSS 4.0
9.3
EPSS
0.1%
CVE-2026-28228 HIGH PATCH This Week

Server-side template injection in OpenOlat e-learning platform versions prior to 19.1.31, 20.1.18, and 20.2.5 enables authenticated users with Author role to execute arbitrary operating system commands via crafted Velocity directives in reminder email templates. Exploitation requires low-privilege authentication (PR:L) but is network-accessible (AV:N) with low complexity (AC:L), achieving full system compromise (C:H/I:H/A:H). The vulnerability leverages Java reflection through Velocity templates to instantiate ProcessBuilder and execute commands with Tomcat process privileges, often root in containerized environments. EPSS data not provided; no CISA KEV status confirmed; publicly available exploit code exists per GitHub security advisory disclosure.

Java Tomcat Ssti Code Injection
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2016-20026 CRITICAL POC Act Now

Critical hardcoded credentials vulnerability in ZKTeco ZKBioSecurity 3.0's bundled Apache Tomcat server that allows unauthenticated remote attackers to upload malicious WAR files and execute arbitrary code with SYSTEM privileges. Multiple public exploits are available (Exploit-DB, Packet Storm), making this a high-risk vulnerability for organizations using this biometric security management software.

RCE Tomcat Apache Authentication Bypass
NVD Exploit-DB VulDB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-11165 CRITICAL Act Now

Sandbox escape in dotCMS Velocity scripting engine (VTools) allows authenticated users to execute arbitrary SQL. CVSS 9.9 with scope change — affects one of the largest Java CMS platforms.

Tomcat Java Dotcms
NVD
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-24734 Maven HIGH PATCH This Week

Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. [CVSS 7.5 HIGH]

Apache Tomcat Tomcat Native Authentication Bypass
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-24733 Maven LOW PATCH Monitor

Improper Input Validation vulnerability in Apache Tomcat. Tomcat did not limit HTTP/0.9 requests to the GET method. [CVSS 3.7 LOW]

Apache Tomcat
NVD HeroDevs VulDB
CVSS 3.1
3.7
EPSS
0.2%
CVE-2025-66614 Maven CRITICAL PATCH Act Now

Input validation vulnerability in Apache Tomcat affecting versions 11.0.0-M1 through 11.0.14, 10.1.0-M1 through 10.1.34, and 9.0.0.M1 through 9.0.98. Critical severity issue in one of the most widely deployed Java application servers.

Apache Tomcat Red Hat Suse
NVD HeroDevs VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2025-63690 CRITICAL POC Act Now

In pig-mesh Pig versions 3.8.2 and below, when setting up scheduled tasks in the Quartz management function under the system management module, it is possible to execute any Java class with a. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Java Tomcat Pig
NVD GitHub
CVSS 3.1
9.1
EPSS
1.3%
CVE-2025-61795 Maven MEDIUM PATCH CISA This Month

Denial of service in Apache Tomcat occurs when multipart upload errors leave temporary disk files uncleaned, allowing attackers to exhaust disk space faster than garbage collection reclaims it. Affected versions 8.5.0-8.5.100 (EOL), 9.0.0-M1-9.0.109, 10.1.0-M1-10.1.46, and 11.0.0-M1-11.0.11 require authenticated access (PR:L) and high attack complexity, making real-world exploitation limited despite the medium CVSS score.

Apache Tomcat Information Disclosure Red Hat Suse
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-55754 Maven CRITICAL PATCH CISA Act Now

ANSI escape sequence injection in Apache Tomcat log messages enables console manipulation and social engineering attacks against administrators on Windows systems. Attackers can craft malicious URLs that inject escape sequences into Tomcat logs, potentially manipulating console output and clipboard contents to trick administrators into executing attacker-controlled commands. This affects Tomcat 9.0.40-9.0.108, 10.1.0-M1-10.1.44, and 11.0.0-M1-11.0.10, with highest risk when Tomcat runs in ANSI-capable Windows consoles. Despite the 9.6 CVSS score, real-world risk is lower as exploitation requires user interaction (administrator viewing logs in console), scope change indicating console compromise beyond Tomcat process, and specific Windows deployment configuration. No active exploitation confirmed (not in CISA KEV), and EPSS data not available at time of analysis.

Microsoft Apache Tomcat Code Injection Red Hat +1
NVD
CVSS 3.1
9.6
EPSS
0.1%
CVE-2025-55752 Maven HIGH POC PATCH CISA This Week

Path traversal in Apache Tomcat versions 9.x through 11.x allows authenticated attackers to bypass security constraints protecting /WEB-INF/ and /META-INF/ directories when URL rewriting rules manipulate query parameters. Successful exploitation combined with enabled PUT requests enables remote code execution through malicious file upload. Apache Security Team confirms publicly available exploit code exists. The vulnerability stems from a regression in the fix for bug 60013, where URL normalization occurs before decoding, creating an exploitable window in specific rewrite configurations.

Apache Tomcat Path Traversal RCE Red Hat +1
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-41242 Maven MEDIUM POC PATCH This Month

Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when deployed on a non-compliant Servlet container. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Tomcat Java Path Traversal Apache Spring +1
NVD GitHub
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-55668 Maven MEDIUM PATCH This Month

Session Fixation vulnerability in Apache Tomcat via rewrite valve.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Information Disclosure Session Fixation Apache Red Hat +1
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-48989 Maven HIGH PATCH CISA This Week

Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Information Disclosure Apache
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-53506 Maven HIGH PATCH This Week

A remote code execution vulnerability (CVSS 7.5). High severity vulnerability requiring prompt remediation.

Apache Tomcat Denial Of Service Java Red Hat +1
NVD HeroDevs GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-52520 Maven HIGH PATCH This Week

CVE-2025-52520 is an integer overflow vulnerability in Apache Tomcat's multipart upload handling that allows unauthenticated remote attackers to bypass size limits and trigger denial of service. The vulnerability affects Tomcat versions 11.0.0-M1 through 11.0.8, 10.1.0-M1 through 10.1.42, 9.0.0.M1 through 9.0.106, and EOL version 8.5.0 through 8.5.100, requiring only network access with no authentication. With a CVSS score of 7.5 (High severity) and an attack vector rated as Network/Low complexity, this represents a significant availability risk for unpatched deployments.

Apache Tomcat Integer Overflow Java Denial Of Service +2
NVD HeroDevs GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-52434 Maven HIGH PATCH This Week

Apache Tomcat contains a race condition vulnerability in the APR/Native connector that can be triggered during concurrent HTTP/2 connection handling, particularly when clients initiate connection closes. The vulnerability affects Tomcat 9.0.0.M1 through 9.0.106 (and EOL versions 8.5.0-8.5.100), allowing remote unauthenticated attackers to cause denial of service through improper synchronization of shared resources. With a CVSS score of 7.5 and network-accessible attack vector requiring no authentication, this represents a high-severity availability impact, though no active public exploitation has been confirmed.

Apache Race Condition Tomcat Java Denial Of Service +2
NVD HeroDevs GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-49125 Maven HIGH PATCH This Week

CVE-2025-49125 is an authentication bypass vulnerability in Apache Tomcat affecting versions 8.5.0-8.5.100, 9.0.0-9.0.105, 10.1.0-10.1.41, and 11.0.0-11.0.7. The vulnerability allows unauthenticated remote attackers to access PreResources or PostResources mounted outside the web application root via alternate path traversal, bypassing security constraints configured for the intended resource path. With a CVSS score of 7.5 and high confidentiality impact, this represents a critical authentication mechanism failure that requires immediate patching.

Apache Tomcat Authentication Bypass Java Red Hat +1
NVD HeroDevs GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-49124 Maven HIGH PATCH This Week

A security vulnerability in Apache Tomcat installer for Windows (CVSS 8.4). High severity vulnerability requiring prompt remediation.

Microsoft Apache Tomcat Windows Privilege Escalation +1
NVD HeroDevs GitHub
CVSS 3.1
8.4
EPSS
0.1%
CVE-2025-48988 Maven HIGH PATCH This Week

A remote code execution vulnerability in Apache Tomcat (CVSS 7.5). High severity vulnerability requiring prompt remediation.

Apache Tomcat Denial Of Service Java Red Hat +1
NVD HeroDevs GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-46701 Maven HIGH PATCH This Month

Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Authentication Bypass Tomcat Red Hat Suse
NVD HeroDevs
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-31651 Maven CRITICAL PATCH Act Now

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Authentication Bypass Tomcat Red Hat Suse
NVD HeroDevs
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-31650 Maven HIGH POC PATCH THREAT Act Now

Improper Input Validation vulnerability in Apache Tomcat. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 20.3%.

Apache Tomcat Denial Of Service Red Hat Suse
NVD Exploit-DB HeroDevs
CVSS 3.1
7.5
EPSS
20.3%
CVE-2024-8510 MEDIUM This Month

N-central is vulnerable to a path traversal that allows unintended access to the Apache Tomcat WEB-INF directory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache Path Traversal N Central
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-56337 Maven CRITICAL PATCH Act Now

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache Java Information Disclosure Bootstrap Os
NVD
CVSS 3.1
9.8
EPSS
8.9%
CVE-2024-54677 Maven MEDIUM PATCH This Month

Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache Denial Of Service Bootstrap Os
NVD
CVSS 3.1
5.3
EPSS
2.0%
CVE-2024-50379 Maven CRITICAL PATCH Act Now

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache Information Disclosure Bootstrap Os
NVD
CVSS 3.1
9.8
EPSS
44.3%
CVE-2024-52318 Maven MEDIUM PATCH This Month

Incorrect object recycling and reuse vulnerability in Apache Tomcat.0.0, 10.1.31, 9.0.96. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache Information Disclosure
NVD
CVSS 3.1
6.1
EPSS
1.7%
CVE-2024-52317 Maven MEDIUM PATCH This Month

Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2024-52316 Maven CRITICAL PATCH Act Now

Unchecked Error Condition vulnerability in Apache Tomcat. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache Authentication Bypass Debian Linux
NVD
CVSS 3.1
9.8
EPSS
6.3%
CVE-2024-38286 Maven HIGH PATCH This Week

Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache Denial Of Service Ontap Tools
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2024-22029 HIGH This Week

Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Tomcat Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-46544 MEDIUM This Month

Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing mod_jk configuration which may lead to information disclosure. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Tomcat Apache Information Disclosure Denial Of Service +3
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-38816 Maven HIGH POC PATCH THREAT This Week

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Path Traversal Java
NVD
CVSS 3.1
7.5
EPSS
14.7%
CVE-2024-34750 Maven HIGH PATCH This Week

Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache Denial Of Service Ontap Tools
NVD
CVSS 3.1
7.5
EPSS
4.6%
CVE-2024-24749 Maven HIGH PATCH This Week

GeoServer is an open source server that allows users to share and edit geospatial data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Tomcat Path Traversal Apache Microsoft Geoserver
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-5246 HIGH This Week

NETGEAR ProSAFE Network Management System Tomcat Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Tomcat RCE Apache Netgear Prosafe Network Management Software 300
NVD
CVSS 3.1
8.8
EPSS
31.3%
CVE-2024-2632 HIGH This Week

A Information Exposure Vulnerability has been found on Meta4 HR. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-24549 Maven HIGH PATCH This Week

Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache Denial Of Service Debian Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
23.1%
CVE-2024-23672 Maven MEDIUM PATCH This Month

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Tomcat Apache Denial Of Service Debian Linux Fedora
NVD
CVSS 3.1
6.3
EPSS
2.3%
CVE-2024-21733 Maven MEDIUM PATCH This Month

Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Tomcat Apache Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
14.3%
CVE-2023-49694 HIGH POC This Week

A low-privileged OS user with access to a Windows host where NETGEAR ProSAFE Network Management System is installed can create arbitrary JSP files in a Tomcat web application directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Tomcat Netgear Microsoft Authentication Bypass Prosafe Network Management System
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-46589 Maven HIGH POC PATCH This Week

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tomcat Apache Information Disclosure Request Smuggling
NVD
CVSS 3.1
7.5
EPSS
2.7%
CVE-2023-47246 CRITICAL POC KEV THREAT Act Now

In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tomcat RCE Path Traversal Sysaid
NVD
CVSS 3.1
9.8
EPSS
98.9%
CVE-2023-45648 Maven MEDIUM POC PATCH This Month

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache Information Disclosure Debian Linux
NVD
CVSS 3.1
5.3
EPSS
5.8%
CVE-2023-42795 Maven MEDIUM PATCH This Month

Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache Information Disclosure Debian Linux
NVD
CVSS 3.1
5.3
EPSS
2.2%
CVE-2023-42794 Maven MEDIUM PATCH This Month

Incomplete Cleanup vulnerability in Apache Tomcat. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Tomcat Apache Denial Of Service Microsoft
NVD
CVSS 3.1
5.9
EPSS
1.9%
CVE-2023-4886 MEDIUM This Month

A sensitive information exposure vulnerability was found in foreman. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Tomcat Information Disclosure Foreman Satellite
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2023-4760 CRITICAL POC PATCH Act Now

In Eclipse RAP versions from 3.0.0 up to and including 3.25.0, Remote Code Execution is possible on Windows when using the FileUpload component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Tomcat RCE Path Traversal Microsoft Remote Application Platform
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-41081 HIGH This Week

Important: Authentication Bypass CVE-2023-41081 The mod_jk component of Apache Tomcat Connectors in some circumstances, such as when a configuration included "JkOptions +ForwardDirectories" but the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache Authentication Bypass Tomcat Connectors
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-41080 Maven MEDIUM PATCH This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Tomcat Apache Open Redirect Debian Linux
NVD
CVSS 3.1
6.1
EPSS
6.0%
CVE-2023-20232 MEDIUM PATCH This Month

A vulnerability in the Tomcat implementation for Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to cause a web cache poisoning attack on an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Tomcat Cisco Information Disclosure Unified Contact Center Express
NVD
CVSS 3.1
5.3
EPSS
0.4%
EPSS 0% CVSS 9.1
CRITICAL Act Now

Cluster-communication confidentiality and integrity in Apache Tomcat can be undermined because the secure-configuration requirements for the EncryptInterceptor were never clearly documented, leaving operators liable to deploy the cluster session-replication channel insecurely. The flaw affects Tomcat 7.0.100-7.0.109, 8.5.38-8.5.100, 9.0.13-9.0.119, 10.1.0-M1-10.1.56 and 11.0.0-M1-11.0.23, and is fixed in 9.0.120, 10.1.57 and 11.0.24. It carries a CVSS 9.1 (C:H/I:H) but SSVC records exploitation as none, no public exploit identified at time of analysis, and the root cause is a documentation weakness (CWE-1059) rather than a code defect.

Information Disclosure Apache Tomcat +1
NVD VulDB
EPSS 0% CVSS 9.1
CRITICAL Act Now

Security constraint bypass in Apache Tomcat (8.5.0-8.5.100, 9.0.0.M1-9.0.119, 10.1.0-M1-10.1.56, 11.0.0-M1-11.0.23) lets remote attackers reach protected resources by abusing improperly handled hex URL encoding in the RewriteValve, defeating URL-pattern security constraints. Because the flaw resides in the rewrite valve, only deployments that use the RewriteValve together with security constraints are exposed, but where present an unauthenticated attacker (per CVSS PR:N) can access or manipulate resources meant to be restricted. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; EPSS data was not provided.

Authentication Bypass Apache Tomcat +1
NVD VulDB
CVSS 5.5
MEDIUM PATCH This Month

Path traversal via the COAR Notify / Linked Data Notifications (LDN) service in DSpace 8.0-8.3 and 9.0-9.2 allows an authenticated DSpace administrator to reference arbitrary filesystem paths as LDN inbound-pattern templates, causing those files to be read and interpreted as Apache Velocity templates. While no public exploit or active exploitation has been identified, the vulnerability was demonstrated as part of a proven attack chain in which an administrator stages a malicious Velocity payload in a predictable file location and triggers its execution, enabling either sensitive file disclosure or arbitrary Java code execution via Velocity template injection. No special conditions (KEV, public PoC) are confirmed at time of analysis.

Java Path Traversal Tomcat +1
NVD GitHub
CVSS 4.4
MEDIUM PATCH This Month

Local file inclusion in DSpace's OAI-ORE Ingestion Crosswalk allows a collection administrator to expose arbitrary server-side files as ingested bitstreams by supplying or triggering a malicious ORE XML document referencing file:/// URIs. Versions 7.x through 7.6.6, 8.0-8.3, and 9.0-9.2 are confirmed affected; fixed releases (7.6.7, 8.4, 9.3, 10.0) are available per the GitHub security advisory. No public exploit and no CISA KEV listing exist at time of analysis; the CVSS score of 4.4 reflects meaningful constraints on exploitation (high privileges, high complexity).

Privilege Escalation Tomcat
NVD GitHub
CVSS 5.5
MEDIUM PATCH This Month

Path traversal in DSpace's Curation Task reporter parameter exposes authenticated Collection, Community, and Site Administrators to file write operations at arbitrary server-side paths writable by the DSpace/Tomcat OS user. Affected are DSpace versions through 7.6.6, 8.0-8.3, and 9.0-9.2, where the attack surface widened when web UI access was granted to admin roles beyond CLI-only system administrators. No public exploit or CISA KEV listing exists; the vendor-assigned CVSS 3.1 score of 5.5 (PR:H, A:H) correctly reflects that high-privilege credentials are required but the availability impact from overwriting configuration or binary files can be severe.

Java Path Traversal Denial Of Service +1
NVD GitHub
CVSS 8.0
HIGH PATCH This Week

Remote code execution in DSpace 8.0-8.3 and 9.0-9.2 allows an authenticated administrator to execute arbitrary Java via Velocity templates used to render COAR Notify/LDN messages, using reflection to escape the templating sandbox. Exploitation requires valid DSpace administrator credentials and is most impactful when chained with the related LDN path-traversal flaw (GHSA-9qm4-rh6w-pq5x). No public exploit identified at time of analysis, and CVSS is 8.0 (High).

Path Traversal Code Injection Tomcat +2
NVD GitHub
HIGH PATCH This Week

Path traversal in XWiki running on Jetty 12+ lets remote users read arbitrary files the Jetty process can access by sending doubly URL-encoded '../' sequences to the skin resource endpoint (e.g. /xwiki/bin/skin/..%252f/..). Depending on how deep the webapp sits below root, this exposes both in-webapp secrets such as WEB-INF/xwiki.cfg and Hibernate configuration, and out-of-webapp OS files like /etc/passwd. No public exploit or active exploitation is tracked, but the vendor advisory (GHSA-qj4x-9g63-25g6) itself publishes working request URLs, so weaponization is trivial.

Atlassian Information Disclosure Tomcat +1
NVD GitHub
EPSS 0% CVSS 7.3
HIGH This Week

Authentication bypass in Apache Tomcat (7.0.0-7.0.109, 8.5.0-8.5.100, 9.0.0.M1-9.0.100, 10.1.0-M1-10.1.36, 11.0.0-M1-11.0.4) lets remote attackers authenticate without supplying the correct password when the JNDIRealm is configured to validate credentials via GSSAPI bind. The flaw (CWE-304, Missing Critical Step in Authentication) means the realm accepts a bind as successful even when the password verification step is effectively skipped. There is no public exploit identified at time of analysis, EPSS risk is low (0.21%, 12th percentile), and it is not listed in CISA KEV.

Information Disclosure Tomcat Apache +1
NVD VulDB HeroDevs
EPSS 0% CVSS 6.5
MEDIUM This Month

Improper Authorization (CWE-285) in Apache Tomcat's default servlet allows HTTP method-based and method-omission security constraints to be silently bypassed across all major supported Tomcat branches from 7.0.x through 11.0.x. An attacker can perform HTTP operations - such as PUT or DELETE - that the web.xml security constraint configuration was intended to restrict, potentially enabling unauthorized file upload, modification, or deletion on the default servlet's served content. No active exploitation has been confirmed (not in CISA KEV) and no CVSS score has been published at time of analysis, but the broad version range and ubiquitous deployment footprint of Tomcat make prompt patching a priority.

Authentication Bypass Tomcat Apache +1
NVD VulDB HeroDevs
EPSS 0% CVSS 6.5
MEDIUM This Month

Replay attack vulnerability in Apache Tomcat's cluster EncryptionInterceptor allows a network-adjacent attacker to retransmit previously captured encrypted inter-node cluster messages, causing receiving nodes to accept and process them as legitimate - potentially corrupting distributed session state or triggering unintended cluster actions. All major supported branches are affected: 11.0.0-M1 through 11.0.22, 10.1.0-M1 through 10.1.55, 9.0.13 through 9.0.18, plus end-of-life branches 8.5.38-8.5.100 and 7.0.100-7.0.109. No public exploit or CISA KEV listing has been identified at time of analysis; however, the breadth of affected versions across all active and legacy branches elevates organizational exposure, particularly for environments running EOL 8.5.x or 7.x with no available patch.

Authentication Bypass Tomcat Apache +1
NVD VulDB HeroDevs
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Incomplete security-constraint logging in Apache Tomcat (8.5.0-8.5.100, 9.0.0.M1-9.0.118, 10.1.0-M1-10.1.55, 11.0.0-M1-11.0.22) omits special roles and empty authorization constraints when the effective web.xml is written to the log, giving administrators an inaccurate view of the deployed access-control configuration. There is no public exploit identified at time of analysis, EPSS is low (0.17%, 7th percentile), and CISA SSVC marks exploitation status as none, despite the inflated 9.1 CVSS published by Apache. The practical effect is misleading audit/diagnostic output rather than direct attacker compromise.

Information Disclosure Tomcat Apache +1
NVD VulDB HeroDevs
EPSS 0% CVSS 9.1
CRITICAL Act Now

Improper handling of a Certificate Revocation List (CRL) error condition in Apache Tomcat's FFM-based (Foreign Function & Memory / OpenSSL) connector allows revoked client certificates to be accepted during mutual TLS authentication, defeating revocation checking. The flaw affects Tomcat 9.0.83-9.0.118, 10.1.0-M7-10.1.55, and 11.0.0-M1-11.0.22 when a CRL is configured on the FFM connector, letting an attacker holding a revoked-but-otherwise-valid client certificate reach protected resources. There is no public exploit identified at time of analysis and the issue is not on CISA KEV, though the CVSS base score is 9.1 (CWE-390).

Information Disclosure Tomcat Apache +1
NVD VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Access-control bypass in Apache Tomcat's RewriteValve (versions 8.5.0-8.5.100, 9.0.0.M1-9.0.118, 10.1.0-M1-10.1.55, and 11.0.0-M1-11.0.22) arises because once the first condition in an OR (`[OR]`) chain matched, subsequent non-OR conditions were never evaluated. Where operators rely on chained rewrite conditions to gate or restrict requests, an attacker can satisfy only the first condition and have later guard conditions silently skipped, leading to information disclosure or unintended request routing. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; Apache has released fixes in 11.0.23, 10.1.56, and 9.0.119.

Information Disclosure Tomcat Apache +1
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM POC PATCH This Month

Reflected XSS in Apache Tomcat's bundled 'number guess' example application exposes users of that demo page to script injection across all major Tomcat release lines from 7.0 through 11.0. The flaw resides in a sample JSP/servlet, not the core Tomcat runtime, meaning exploitation depends entirely on the example application being deployed and accessible - a configuration that violates standard production hardening guidance. No public exploit code or active exploitation has been identified at time of analysis; no CVSS vector was assigned by the reporter.

XSS Tomcat Apache +1
NVD VulDB HeroDevs
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Arbitrary file write in GeoServer's Master Password Dump web page allows an authenticated administrator to write attacker-controlled content to any absolute filesystem path the GeoServer process can write to, including JSP files in a Tomcat webapps directory. Because GeoServer enforces no maximum master password length, an admin can embed malicious JSP code into the master password and dump it to an executable location, escalating to remote code execution on the host. No public exploit identified at time of analysis and the issue is not in CISA KEV.

Microsoft Atlassian RCE +3
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Unbounded memory allocation and CPU exhaustion in OpenTelemetry Java SDK's baggage propagation allows remote unauthenticated attackers to degrade or deny service by sending oversized baggage headers. Affected components - W3CBaggagePropagator, JaegerPropagator, and OtTracePropagator - all lacked enforcement of the W3C Baggage specification's recommended size and entry limits, causing character-by-character parsing of arbitrarily large inputs. A distinctive amplification risk exists: baggage is automatically re-injected into all outgoing requests, meaning a single malicious inbound payload can fan out DoS effects to downstream services that never directly received the original request. No public exploit identified at time of analysis, and the CVE is not listed in CISA KEV.

Tomcat Java Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Unauthenticated Solr streaming expression injection in Goobi viewer Core (versions 4.8.0 through 26.04) allows remote attackers to fully read, modify, or delete the backend Solr index by posting arbitrary expressions to the `/api/v1/index/stream` endpoint. No public exploit identified at time of analysis, but the vulnerability is trivially exploitable with CVSS 9.8 and bypasses access-condition protections such as moving walls and licence restrictions. EPSS is currently low (0.04%) reflecting the niche audience rather than technical difficulty.

Authentication Bypass Apache Tomcat
NVD GitHub
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, efw.file.FileManager.unZip writes zip entries to disk using new File(baseDir, zipEntry.getName()) with no canonical-path check. An entry name such as ../../../pwned.jsp escapes the intended extraction directory and lands anywhere the Tomcat process can write - including the servlet context root. Combined with the framework's multipart /uploadServlet and an event that calls file.saveUploadFiles + FileManager.unZip, a remote attacker with no credentials drops a JSP webshell and executes arbitrary commands as the Tomcat user. This vulnerability is fixed in 4.08.010.

Canonical Command Injection Tomcat
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Improper Authorization vulnerability when multiple method constraints define an HTTP method for the same extension in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Users are recommended to upgrade to version 11.0.22, 10.1.55 or 9.0.118 which fix the issue.

Authentication Bypass Apache Tomcat +2
NVD VulDB HeroDevs
EPSS 0% CVSS 3.7
LOW PATCH Monitor

Timing side-channel in Apache Tomcat's AJP secret comparison exposes the shared AJP connector secret to remote, unauthenticated attackers capable of making precise network timing measurements. The vulnerability, tracked as CWE-208 (Observable Timing Discrepancy), affects all major Tomcat branches from 7.0.0 through current releases prior to the fixed versions, and could allow an attacker to recover the AJP shared secret through repeated probing. No public exploit code exists at time of analysis, EPSS is 0.02%, and CISA SSVC rates exploitation as none - making real-world risk low despite the network-accessible attack vector.

Information Disclosure Apache Tomcat +1
NVD VulDB HeroDevs
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Improper Handling of Case Sensitivity vulnerability in LockOutRealm in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Older unsupported versions may also be affected. Users are recommended to upgrade to version 11.0.22, 10.1.55 or 9.0.118 which fix the issue.

Apache Tomcat Information Disclosure +1
NVD VulDB HeroDevs
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from before 7.0.0. Older unsupported versions any also be affect Users are recommended to upgrade to version 11.0.22, 10.1.55 or 9.0.118 which fix the issue.

Authentication Bypass Apache Tomcat +2
NVD VulDB HeroDevs
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Improper Input Validation vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 10.0.0-M1 through 10.0.27. Older, end of support versions may also be affected. Users are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.

Apache Tomcat Information Disclosure +2
NVD VulDB HeroDevs
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Information disclosure in Apache Tomcat versions 7.0.83 through 11.0.21 exposes HTTP authentication headers to unintended hosts during WebSocket authentication handshakes, enabling credential leakage to third-party endpoints. The flaw carries a CVSS 7.3 score with partial confidentiality, integrity, and availability impact, and no public exploit identified at time of analysis. EPSS probability is very low (0.03%) but SSVC marks the issue as automatable, indicating that scripted exploitation is feasible if attacker positioning is achieved.

Information Disclosure Apache Tomcat +2
NVD VulDB HeroDevs
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in Apache Tomcat 9.x, 10.1.x, and 11.0.x allows remote unauthenticated attackers to exhaust server resources due to missing limits or throttling on a resource allocation path (CWE-770). Affected versions span 11.0.0-M1 through 11.0.21, 10.1.0-M1 through 10.1.54, and 9.0.0.M1 through 9.0.117, with older unsupported branches also implicated per the EUVD entry. No public exploit identified at time of analysis, and the EPSS score is very low (0.02%, 5th percentile), but the SSVC framework flags the issue as automatable with partial technical impact.

Denial Of Service Apache Tomcat +1
NVD HeroDevs VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Server-side template injection in OpenMRS Core allows authenticated users with 'Manage Concepts' privilege to execute arbitrary Java code by injecting malicious Apache Velocity templates into concept reference range criteria fields. The vulnerability stems from unsafe VelocityEngine initialization without sandbox restrictions (no SecureUberspector), enabling unrestricted Java reflection. Exploitation persists across all facility users whenever observations are validated against the compromised concept, creating a persistent remote code execution vector. Fixed in versions 2.7.9 and 2.8.6 via migration from Velocity to sandboxed Spring Expression Language (SpEL) with SimpleEvaluationContext. No active exploitation confirmed (not in CISA KEV), but proof-of-concept details available from researcher advisory at machinespirits.com.

Apache Tomcat Java +3
NVD GitHub
EPSS 0% CVSS 9.4
CRITICAL Act Now

Path traversal (Zip Slip) vulnerability in OpenMRS Core ≤ 2.7.8 and 2.8.0-2.8.5 allows authenticated administrators to achieve remote code execution by uploading a malicious .omod module archive to the REST API endpoint POST /openmrs/ws/rest/v1/module. Attackers can write arbitrary JSP files to the Tomcat webroot via crafted ZIP entries containing directory traversal sequences (e.g., web/module/../../../../malicious.jsp), which bypass incomplete path validation in WebModuleUtil.startModule(). The vulnerability also bypasses the module.allow_web_admin security control, as the REST API does not enforce this restriction despite Legacy UI being protected. No vendor-released patch identified at time of analysis for either affected version range.

Java Path Traversal Tomcat +1
NVD GitHub
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Path traversal in OpenMRS Core's ModuleResourcesServlet allows unauthenticated attackers to read arbitrary files from the server filesystem, including sensitive configuration files and system files like /etc/passwd. The vulnerability exists in versions ≤ 2.7.8 and 2.8.0-2.8.5, with exploitation requiring Apache Tomcat < 8.5.31 where path parameter bypass protections are absent. Fix available in version 2.8.6 for the 2.8.x branch; no patch released for 2.7.x series at time of analysis. CVSS 7.5 (High) reflects network-accessible unauthenticated exploitation with high confidentiality impact.

Java Path Traversal Apache +1
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

CLIENT_CERT authentication bypass in Apache Tomcat allows unauthenticated remote attackers to bypass certificate-based authentication when soft fail is disabled and Foreign Function Memory (FFM) is enabled, affecting Tomcat 9.0.92-9.0.116, 10.1.22-10.1.53, and 11.0.0-M14-11.0.20. The vulnerability has a CVSS score of 6.5 with high confidentiality impact and partial integrity impact; however, the EPSS score of 0.04% (11th percentile) indicates very low real-world exploitation probability, and no public exploit code or confirmed active exploitation has been identified.

Apache Tomcat Authentication Bypass +2
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Apache Tomcat's cloud membership clustering component logs Kubernetes bearer tokens in plaintext, enabling unauthenticated remote attackers to extract authentication credentials from log files. Affects Tomcat 9.0.13-9.0.116, 10.1.0-M1-10.1.53, and 11.0.0-M1-11.0.20. CVSS 7.5 (High) reflects confidentiality impact; no public exploit identified at time of analysis. Exploitation requires network access to log files or log aggregation systems, potentially enabling privilege escalation within Kubernetes clusters.

Apache Kubernetes Tomcat +3
NVD VulDB
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Encryption bypass in Apache Tomcat 11.0.20, 10.1.53, and 9.0.116 allows unauthenticated remote attackers to circumvent the EncryptInterceptor component, exposing sensitive data in cleartext. The vulnerability stems from an incomplete fix for CVE-2026-29146, enabling network-accessible adversaries to access confidential information without authentication. CVSS 7.5 (High severity) reflects network-based exploitation with low complexity and high confidentiality impact. No public exploit identified at time of analysis; low observed exploitation activity (EPSS <1%).

Apache Information Disclosure Tomcat +1
NVD VulDB HeroDevs
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Information disclosure in Apache Tomcat's JsonAccessLogValve allows unauthenticated remote attackers to retrieve sensitive data due to improper output encoding. Affects Tomcat versions 11.0.0-M1 through 11.0.20, 10.1.0-M1 through 10.1.53, and 9.0.40 through 9.0.116. The vulnerability enables high-impact confidentiality breaches through network-accessible attack vectors with low complexity and no user interaction required. No public exploit identified at time of analysis. Low observed exploitation activity (EPSS 0.02%).

Apache Information Disclosure Tomcat +2
NVD VulDB HeroDevs
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Improper input validation in Apache Tomcat allows remote unauthenticated attackers to obtain sensitive information via an incomplete fix of the prior CVE-2025-66614 vulnerability. Affected versions include Tomcat 11.0.15-11.0.19, 10.1.50-10.1.52, and 9.0.113-9.0.115. The CVSS score of 5.3 reflects low confidentiality impact with no integrity or availability impact, and the 0.04% EPSS score indicates minimal real-world exploitation probability at time of analysis with no public exploit code or KEV status confirmed.

Apache Information Disclosure Tomcat +2
NVD VulDB HeroDevs
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Padding oracle attack in Apache Tomcat EncryptInterceptor leaks encrypted session data confidentiality across versions 7.0.100-7.0.109, 8.5.38-8.5.100, 9.0.13-9.0.115, 10.0.0-M1-10.1.52, and 11.0.0-M1-11.0.18 when default configuration is deployed. Unauthenticated remote attackers exploit oracle responses to decrypt sensitive information without authentication (CVSS:3.1 AV:N/AC:L/PR:N). CWE-209 (information exposure through error messages) enables cryptographic side-channel extraction. No public exploit identified at time of analysis; low observed exploitation activity (EPSS 0.02%).

Apache Oracle Information Disclosure +2
NVD VulDB HeroDevs GitHub
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Authentication bypass in Apache Tomcat 9.x through 11.x and Tomcat Native 1.1.23-2.0.13 allows unauthenticated remote attackers to bypass CLIENT_CERT authentication when soft-fail is disabled, achieving unauthorized access to confidentiality- and integrity-sensitive resources. Exploitation requires no user interaction or privileges (CVSS:3.1 PR:N/UI:N). The flaw affects CLIENT_CERT authentication logic, permitting access under conditions where authentication should fail. No public exploit identified at time of analysis; low observed exploitation activity (EPSS 0.04%).

Apache Tomcat Authentication Bypass +2
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Cipher preference order enforcement failure in Apache Tomcat 9.0.114-9.0.115, 10.1.51-10.1.52, and 11.0.16-11.0.18 allows unauthenticated remote attackers to force selection of weaker cryptographic ciphers during TLS negotiation, enabling potential decryption of confidential data transmitted over HTTPS connections. The vulnerability stems from improper preservation of administrator-configured cipher suite priority, potentially exposing sensitive session data, credentials, or application content. No public exploit identified at time of analysis. CVSS 7.5 (High) reflects network-accessible confidentiality impact requiring no privileges.

Apache Information Disclosure Tomcat +2
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Open redirect vulnerability in Apache Tomcat's LoadBalancerDrainingValve allows unauthenticated remote attackers to redirect users to untrusted sites via crafted URLs. Affects Tomcat 11.0.0-M1 through 11.0.18, 10.1.0-M1 through 10.1.52, 9.0.0.M23 through 9.0.115, and 8.5.30 through 8.5.100. The vulnerability requires user interaction (clicking a malicious link) and has low real-world exploitation probability (EPSS 0.01%), with no public exploit code or confirmed active exploitation identified at the time of analysis.

Apache Open Redirect Tomcat +2
NVD VulDB HeroDevs
EPSS 0% CVSS 7.5
HIGH PATCH This Week

HTTP request smuggling in Apache Tomcat 7.x through 11.x permits unauthenticated remote attackers to manipulate request routing and bypass security controls via malformed chunk extension processing. Exploitation enables header injection, cache poisoning, and request routing manipulation without code execution. Affects Tomcat 7.0.0-7.0.109, 8.5.0-8.5.100, 9.0.0.M1-9.0.115, 10.1.0-M1-10.1.52, and 11.0.0-M1-11.0.18. No public exploit identified at time of analysis. Low observed exploitation activity (EPSS 0.02%).

Apache Information Disclosure Request Smuggling +3
NVD VulDB HeroDevs
EPSS 0% CVSS 9.3
CRITICAL POC PATCH Act Now

Remote code execution in OpenIdentityPlatform OpenAM 16.0.5 and earlier allows unauthenticated attackers to execute arbitrary OS commands via unsafe Java deserialization of the jato.clientSession HTTP parameter. This bypass exploits an unpatched deserialization sink in JATO's ClientSession.deserializeAttributes() that was overlooked when CVE-2021-35464 was mitigated. Attackers can target any JATO ViewBean endpoint with <jato:form> tags (commonly found in password reset pages) using a PriorityQue

Deserialization RCE Java +5
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Server-side template injection in OpenOlat e-learning platform versions prior to 19.1.31, 20.1.18, and 20.2.5 enables authenticated users with Author role to execute arbitrary operating system commands via crafted Velocity directives in reminder email templates. Exploitation requires low-privilege authentication (PR:L) but is network-accessible (AV:N) with low complexity (AC:L), achieving full system compromise (C:H/I:H/A:H). The vulnerability leverages Java reflection through Velocity templates to instantiate ProcessBuilder and execute commands with Tomcat process privileges, often root in containerized environments. EPSS data not provided; no CISA KEV status confirmed; publicly available exploit code exists per GitHub security advisory disclosure.

Java Tomcat Ssti +1
NVD GitHub
EPSS 0% CVSS 9.3
CRITICAL POC Act Now

Critical hardcoded credentials vulnerability in ZKTeco ZKBioSecurity 3.0's bundled Apache Tomcat server that allows unauthenticated remote attackers to upload malicious WAR files and execute arbitrary code with SYSTEM privileges. Multiple public exploits are available (Exploit-DB, Packet Storm), making this a high-risk vulnerability for organizations using this biometric security management software.

RCE Tomcat Apache +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 9.9
CRITICAL Act Now

Sandbox escape in dotCMS Velocity scripting engine (VTools) allows authenticated users to execute arbitrary SQL. CVSS 9.9 with scope change — affects one of the largest Java CMS platforms.

Tomcat Java Dotcms
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. [CVSS 7.5 HIGH]

Apache Tomcat Tomcat Native +1
NVD VulDB
EPSS 0% CVSS 3.7
LOW PATCH Monitor

Improper Input Validation vulnerability in Apache Tomcat. Tomcat did not limit HTTP/0.9 requests to the GET method. [CVSS 3.7 LOW]

Apache Tomcat
NVD HeroDevs VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Input validation vulnerability in Apache Tomcat affecting versions 11.0.0-M1 through 11.0.14, 10.1.0-M1 through 10.1.34, and 9.0.0.M1 through 9.0.98. Critical severity issue in one of the most widely deployed Java application servers.

Apache Tomcat Red Hat +1
NVD HeroDevs VulDB
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

In pig-mesh Pig versions 3.8.2 and below, when setting up scheduled tasks in the Quartz management function under the system management module, it is possible to execute any Java class with a. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Java Tomcat +1
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Denial of service in Apache Tomcat occurs when multipart upload errors leave temporary disk files uncleaned, allowing attackers to exhaust disk space faster than garbage collection reclaims it. Affected versions 8.5.0-8.5.100 (EOL), 9.0.0-M1-9.0.109, 10.1.0-M1-10.1.46, and 11.0.0-M1-11.0.11 require authenticated access (PR:L) and high attack complexity, making real-world exploitation limited despite the medium CVSS score.

Apache Tomcat Information Disclosure +2
NVD
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

ANSI escape sequence injection in Apache Tomcat log messages enables console manipulation and social engineering attacks against administrators on Windows systems. Attackers can craft malicious URLs that inject escape sequences into Tomcat logs, potentially manipulating console output and clipboard contents to trick administrators into executing attacker-controlled commands. This affects Tomcat 9.0.40-9.0.108, 10.1.0-M1-10.1.44, and 11.0.0-M1-11.0.10, with highest risk when Tomcat runs in ANSI-capable Windows consoles. Despite the 9.6 CVSS score, real-world risk is lower as exploitation requires user interaction (administrator viewing logs in console), scope change indicating console compromise beyond Tomcat process, and specific Windows deployment configuration. No active exploitation confirmed (not in CISA KEV), and EPSS data not available at time of analysis.

Microsoft Apache Tomcat +3
NVD
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Path traversal in Apache Tomcat versions 9.x through 11.x allows authenticated attackers to bypass security constraints protecting /WEB-INF/ and /META-INF/ directories when URL rewriting rules manipulate query parameters. Successful exploitation combined with enabled PUT requests enables remote code execution through malicious file upload. Apache Security Team confirms publicly available exploit code exists. The vulnerability stems from a regression in the fix for bug 60013, where URL normalization occurs before decoding, creating an exploitable window in specific rewrite configurations.

Apache Tomcat Path Traversal +3
NVD
EPSS 0% CVSS 5.9
MEDIUM POC PATCH This Month

Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when deployed on a non-compliant Servlet container. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Tomcat Java Path Traversal +3
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Session Fixation vulnerability in Apache Tomcat via rewrite valve.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Information Disclosure Session Fixation +3
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Information Disclosure Apache
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

A remote code execution vulnerability (CVSS 7.5). High severity vulnerability requiring prompt remediation.

Apache Tomcat Denial Of Service +3
NVD HeroDevs GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

CVE-2025-52520 is an integer overflow vulnerability in Apache Tomcat's multipart upload handling that allows unauthenticated remote attackers to bypass size limits and trigger denial of service. The vulnerability affects Tomcat versions 11.0.0-M1 through 11.0.8, 10.1.0-M1 through 10.1.42, 9.0.0.M1 through 9.0.106, and EOL version 8.5.0 through 8.5.100, requiring only network access with no authentication. With a CVSS score of 7.5 (High severity) and an attack vector rated as Network/Low complexity, this represents a significant availability risk for unpatched deployments.

Apache Tomcat Integer Overflow +4
NVD HeroDevs GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Apache Tomcat contains a race condition vulnerability in the APR/Native connector that can be triggered during concurrent HTTP/2 connection handling, particularly when clients initiate connection closes. The vulnerability affects Tomcat 9.0.0.M1 through 9.0.106 (and EOL versions 8.5.0-8.5.100), allowing remote unauthenticated attackers to cause denial of service through improper synchronization of shared resources. With a CVSS score of 7.5 and network-accessible attack vector requiring no authentication, this represents a high-severity availability impact, though no active public exploitation has been confirmed.

Apache Race Condition Tomcat +4
NVD HeroDevs GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

CVE-2025-49125 is an authentication bypass vulnerability in Apache Tomcat affecting versions 8.5.0-8.5.100, 9.0.0-9.0.105, 10.1.0-10.1.41, and 11.0.0-11.0.7. The vulnerability allows unauthenticated remote attackers to access PreResources or PostResources mounted outside the web application root via alternate path traversal, bypassing security constraints configured for the intended resource path. With a CVSS score of 7.5 and high confidentiality impact, this represents a critical authentication mechanism failure that requires immediate patching.

Apache Tomcat Authentication Bypass +3
NVD HeroDevs GitHub
EPSS 0% CVSS 8.4
HIGH PATCH This Week

A security vulnerability in Apache Tomcat installer for Windows (CVSS 8.4). High severity vulnerability requiring prompt remediation.

Microsoft Apache Tomcat +3
NVD HeroDevs GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

A remote code execution vulnerability in Apache Tomcat (CVSS 7.5). High severity vulnerability requiring prompt remediation.

Apache Tomcat Denial Of Service +3
NVD HeroDevs GitHub
EPSS 0% CVSS 7.3
HIGH PATCH This Month

Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Authentication Bypass Tomcat +2
NVD HeroDevs
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Authentication Bypass Tomcat +2
NVD HeroDevs
EPSS 20% CVSS 7.5
HIGH POC PATCH THREAT Act Now

Improper Input Validation vulnerability in Apache Tomcat. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 20.3%.

Apache Tomcat Denial Of Service +2
NVD Exploit-DB HeroDevs
EPSS 0% CVSS 5.3
MEDIUM This Month

N-central is vulnerable to a path traversal that allows unintended access to the Apache Tomcat WEB-INF directory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache Path Traversal +1
NVD
EPSS 9% CVSS 9.8
CRITICAL PATCH Act Now

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache Java +2
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache Denial Of Service +1
NVD
EPSS 44% CVSS 9.8
CRITICAL PATCH Act Now

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache Information Disclosure +1
NVD
EPSS 2% CVSS 6.1
MEDIUM PATCH This Month

Incorrect object recycling and reuse vulnerability in Apache Tomcat.0.0, 10.1.31, 9.0.96. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache Information Disclosure
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache Information Disclosure
NVD
EPSS 6% CVSS 9.8
CRITICAL PATCH Act Now

Unchecked Error Condition vulnerability in Apache Tomcat. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache Authentication Bypass +1
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache Denial Of Service +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Tomcat Privilege Escalation
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing mod_jk configuration which may lead to information disclosure. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Tomcat Apache +5
NVD
EPSS 15% CVSS 7.5
HIGH POC PATCH THREAT This Week

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Path Traversal Java
NVD
EPSS 5% CVSS 7.5
HIGH PATCH This Week

Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache Denial Of Service +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

GeoServer is an open source server that allows users to share and edit geospatial data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Tomcat Path Traversal Apache +2
NVD GitHub
EPSS 31% CVSS 8.8
HIGH This Week

NETGEAR ProSAFE Network Management System Tomcat Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Tomcat RCE Apache +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A Information Exposure Vulnerability has been found on Meta4 HR. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Information Disclosure
NVD
EPSS 23% CVSS 7.5
HIGH PATCH This Week

Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache Denial Of Service +2
NVD
EPSS 2% CVSS 6.3
MEDIUM PATCH This Month

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Tomcat Apache Denial Of Service +2
NVD
EPSS 14% CVSS 5.3
MEDIUM PATCH This Month

Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Tomcat Apache Information Disclosure
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

A low-privileged OS user with access to a Windows host where NETGEAR ProSAFE Network Management System is installed can create arbitrary JSP files in a Tomcat web application directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Tomcat Netgear Microsoft +2
NVD
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tomcat Apache Information Disclosure +1
NVD
EPSS 99% CVSS 9.8
CRITICAL POC KEV THREAT Act Now

In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tomcat RCE Path Traversal +1
NVD
EPSS 6% CVSS 5.3
MEDIUM POC PATCH This Month

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache Information Disclosure +1
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache Information Disclosure +1
NVD
EPSS 2% CVSS 5.9
MEDIUM PATCH This Month

Incomplete Cleanup vulnerability in Apache Tomcat. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Tomcat Apache Denial Of Service +1
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

A sensitive information exposure vulnerability was found in foreman. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Tomcat Information Disclosure Foreman +1
NVD
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

In Eclipse RAP versions from 3.0.0 up to and including 3.25.0, Remote Code Execution is possible on Windows when using the FileUpload component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Tomcat RCE Path Traversal +2
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

Important: Authentication Bypass CVE-2023-41081 The mod_jk component of Apache Tomcat Connectors in some circumstances, such as when a configuration included "JkOptions +ForwardDirectories" but the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache Authentication Bypass +1
NVD
EPSS 6% CVSS 6.1
MEDIUM PATCH This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Tomcat Apache Open Redirect +1
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

A vulnerability in the Tomcat implementation for Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to cause a web cache poisoning attack on an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Tomcat Cisco Information Disclosure +1
NVD
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy