Search CVE reports

Toggle filters

1 – 10 of 92 results

CVE-2026-43514

Medium priority
Vulnerable

(Observable Timing Discrepancy vulnerabilitywhen comparing AJP secret i ...)

6 affected packages

tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat6 Not in release Not in release Not in release
tomcat7 Not in release Not in release Not in release Vulnerable
tomcat8 Not in release Not in release Not in release Vulnerable
tomcat9 Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
tomcat10 Vulnerable Vulnerable Not in release
tomcat11 Vulnerable Not in release Not in release
Show less packages

CVE-2026-43513

Medium priority
Vulnerable

(Improper Handling of Case Sensitivity vulnerability in LockOutRealm in ...)

6 affected packages

tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat6 Not in release Not in release Not in release
tomcat7 Not in release Not in release Not in release Vulnerable
tomcat8 Not in release Not in release Not in release Vulnerable
tomcat9 Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
tomcat10 Vulnerable Vulnerable Not in release
tomcat11 Vulnerable Not in release Not in release
Show less packages

CVE-2026-43515

Medium priority
Vulnerable

Improper Authorization vulnerability when multiple method constraints define an HTTP method for the same extension in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54,...

6 affected packages

tomcat10, tomcat11, tomcat9, tomcat6, tomcat7, tomcat8

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat10 Vulnerable Vulnerable Not in release
tomcat11 Vulnerable Not in release Not in release
tomcat9 Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
tomcat6 Not in release Not in release Not in release
tomcat7 Not in release Not in release Not in release Vulnerable
tomcat8 Not in release Not in release Not in release Vulnerable
Show less packages

CVE-2026-43512

Medium priority
Vulnerable

DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117,...

6 affected packages

tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat6 Not in release Not in release Not in release
tomcat7 Not in release Not in release Not in release Vulnerable
tomcat8 Not in release Not in release Not in release Vulnerable
tomcat9 Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
tomcat10 Vulnerable Vulnerable Not in release
tomcat11 Vulnerable Not in release Not in release
Show less packages

CVE-2026-42498

Medium priority
Vulnerable

Exposure of HTTP Authentication Header to unexpected hosts during WebSocket authentication vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from...

6 affected packages

tomcat11, tomcat7, tomcat8, tomcat9, tomcat6, tomcat10

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat11 Vulnerable Not in release Not in release
tomcat7 Not in release Not in release Not in release Not affected
tomcat8 Not in release Not in release Not in release Not affected
tomcat9 Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
tomcat6 Not in release Not in release Not in release
tomcat10 Vulnerable Vulnerable Not in release
Show less packages

CVE-2026-41293

Medium priority
Vulnerable

Improper Input Validation vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 10.0.0-M1 through 10.0.27. Older, end...

6 affected packages

tomcat10, tomcat11, tomcat6, tomcat7, tomcat8, tomcat9

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat10 Vulnerable Vulnerable Not in release
tomcat11 Vulnerable Not in release Not in release
tomcat6 Not in release Not in release Not in release
tomcat7 Not in release Not in release Not in release Not affected
tomcat8 Not in release Not in release Not in release Not affected
tomcat9 Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2026-41284

Medium priority
Vulnerable

Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117. Older,...

6 affected packages

tomcat7, tomcat8, tomcat6, tomcat10, tomcat11, tomcat9

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat7 Not in release Not in release Not in release Not affected
tomcat8 Not in release Not in release Not in release Not affected
tomcat6 Not in release Not in release Not in release
tomcat10 Vulnerable Vulnerable Not in release
tomcat11 Vulnerable Not in release Not in release
tomcat9 Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2026-34500

Medium priority
Vulnerable

CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M14 through 11.0.20, from 10.1.22 through 10.1.53,...

6 affected packages

tomcat6, tomcat7, tomcat8, tomcat10, tomcat11, tomcat9

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat6 Not in release Not in release Not in release
tomcat7 Not in release Not in release Not in release Not affected
tomcat8 Not in release Not in release Not in release Not affected
tomcat10 Vulnerable Not affected Not in release
tomcat11 Vulnerable Not in release Not in release
tomcat9 Vulnerable Not affected Not affected Not affected Not affected
Show less packages

CVE-2026-34487

Medium priority
Vulnerable

Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernetes bearer token. This issue affects Apache Tomcat: from 11.0.0-M1 through...

6 affected packages

tomcat6, tomcat7, tomcat8, tomcat10, tomcat11, tomcat9

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat6 Not in release Not in release Not in release
tomcat7 Not in release Not in release Not in release Not affected
tomcat8 Not in release Not in release Not in release Not affected
tomcat10 Vulnerable Vulnerable Not in release
tomcat11 Vulnerable Not in release Not in release
tomcat9 Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2026-34486

Medium priority
Vulnerable

Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are...

6 affected packages

tomcat6, tomcat7, tomcat8, tomcat10, tomcat11, tomcat9

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
tomcat6 Not in release Not in release Not in release
tomcat7 Not in release Not in release Not in release Not affected
tomcat8 Not in release Not in release Not in release Vulnerable
tomcat10 Not affected Not affected Not in release
tomcat11 Not affected Not in release Not in release
tomcat9 Not affected Not affected Not affected Not affected Not affected
Show less packages
  1. Previous page
  2. 1
  3. 2
  4. 3
  5. 4
  6. 5
  7. Next page
Export to JSON