Org.apache.tomcat

191 tracked vulnerabilities.

CVE-2026-24733
Apache Tomcat 9.0.0-11.0.14 - Auth Bypass
Feb 17, 2026
EPSS 0.00
CVE-2025-66614
Apache Tomcat 11.0.0-M1-11.0.14 - DoS
Feb 17, 2026
EPSS 0.00
CVE-2025-61795 MEDIUM
Apache Tomcat < 8.5.100 - Improper Resource Release
Oct 27, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-55754 CRITICAL
Apache Tomcat - Info Disclosure
Oct 27, 2025
CVSS 9.6
EPSS 0.00
CVE-2025-55752 HIGH
Apache Tomcat - Path Traversal
Oct 27, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-55668 MEDIUM
Apache Tomcat <11.0.7, <10.1.41, <9.0.105 - Session Fixation
Aug 13, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-48989 HIGH
Apache Tomcat <11.0.10, 10.1.44, 9.0.108 - Improper Resource Shutdown
Aug 13, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-53506 HIGH
Apache Tomcat <11.0.9, <10.1.43, <9.0.107 - Uncontrolled Resource C...
Jul 10, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-52520 HIGH
Apache Tomcat < 9.0.107 - Integer Overflow
Jul 10, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-52434 HIGH
Apache Tomcat < 9.0.107 - Race Condition
Jul 10, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-49125 HIGH
Apache Tomcat < 9.0.106 - Authentication Bypass
Jun 16, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-49124 HIGH
Apache Tomcat < 9.0.106 - Untrusted Search Path
Jun 16, 2025
CVSS 8.4
EPSS 0.00
CVE-2025-48988 HIGH
Apache Tomcat <11.0.7 - Allocation of Resources Without Limits or T...
Jun 16, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-46701 HIGH
Apache Tomcat <11.0.6 - Security Constraint Bypass
May 29, 2025
CVSS 7.3
EPSS 0.00
CVE-2025-31651 CRITICAL
Apache Tomcat <11.0.5 - SSRF
Apr 28, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-31650 HIGH
Apache Tomcat <9.0.103 - DoS
Apr 28, 2025
CVSS 7.5
EPSS 0.20
CVE-2025-24813 CRITICALKEVNUCLEI
Tomcat Partial PUT Java Deserialization
Mar 10, 2025
CVSS 9.8
EPSS 0.94
CVE-2024-56337 CRITICAL
Apache Tomcat < 9.0.98 - TOCTOU Race Condition
Dec 20, 2024
CVSS 9.8
EPSS 0.10
CVE-2024-54677 MEDIUM
Apache Tomcat < 9.0.98 - Denial of Service
Dec 17, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-50379 CRITICAL
Apache Tomcat < 9.0.98 - TOCTOU Race Condition
Dec 17, 2024
CVSS 9.8
EPSS 0.87
CVE-2024-52318 MEDIUM
Apache Tomcat <11.0.1-9.0.97 - Memory Corruption
Nov 18, 2024
CVSS 6.1
EPSS 0.12
CVE-2024-52317 MEDIUM
Apache Tomcat <11.0.0-M26,<10.1.30,<9.0.95 - Memory Corruption
Nov 18, 2024
CVSS 6.5
EPSS 0.17
CVE-2024-52316 CRITICAL
Apache Tomcat - Unchecked Error Condition
Nov 18, 2024
CVSS 9.8
EPSS 0.02
CVE-2024-38286 HIGH
Apache Tomcat <11.0.0-M21 - Allocation of Resources Without Limits ...
Nov 07, 2024
CVSS 8.6
EPSS 0.00
CVE-2024-34750 HIGH
Apache Tomcat < 9.0.90 - Improper Exception Handling
Jul 03, 2024
CVSS 7.5
EPSS 0.17
Products
tomcat 143 tomcat-catalina 29 tomcat-coyote 20 tomcat-util 5 tomcat-jasper 3 tomcat-juli 1 tomcat-servlet-api 1 jasper 1 tomcat-websocket 1 jsp-api 1 servlet-api 1 tomcat-catalina-jmx-remote 1 tomcat-embed-core 1
Quick Filters
Critical CVEs With Exploits In CISA KEV