Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
šŸ”„ Daily Hot!
šŸ’ŖšŸ½ CPE Enhanced Advisories
šŸ•¶ Shadow Exploits
šŸ•µšŸ¼ Vulners CPE
šŸ” Security news
šŸ’» Exploit updates
šŸ“‘ Blogs review
šŸ§ Linux vulnerabilities
šŸž Bugbounty
šŸ¤– AI High Score
šŸ“° CVE Feed
show all

24 matches found

Tenable Nessus
Tenable Nessusā€¢added 2026/06/08 12:0 a.m.ā€¢11 views

TencentOS Server 4: tomcat (TSSA-2026:0337)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0337 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

9.1CVSS7.3AI score0.00548EPSS
Exploits0References3
Snyk
Snykā€¢added 2026/05/12 5:22 p.m.ā€¢5 views

Exposure of Private Personal Information to an Unauthorized Actor

Overview Affected versions of this package are vulnerable to Exposure of Private Personal Information to an Unauthorized Actor in WebSocket client during authentication. An attacker can obtain sensitive HTTP authentication headers by initiating a WebSocket handshake with a malicious host...

7.3CVSS5.8AI score0.00548EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusā€¢added 2026/04/10 12:0 a.m.ā€¢13 views

Linux Distros Unpatched Vulnerability : CVE-2026-34486

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue...

7.5CVSS7.3AI score0.03645EPSS
Exploits5References3
Snyk
Snykā€¢added 2026/04/08 9:0 p.m.ā€¢3 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication in processOCSPRequest, which is part of the the CLIENTCERT authentication process. In some "edge cases", an attacker can trigger a soft-fail of OCSP checks when soft-fail is disabled. Remediation Upgrade...

8.3CVSS5.8AI score0.00469EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusā€¢added 2026/02/18 12:0 a.m.ā€¢14 views

Apache Tomcat 9.0.83 < 9.0.115

The version of Tomcat installed on the remote host is prior to 9.0.115. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat9.0.115security-9 advisory. - Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder,...

7.5CVSS6.6AI score0.00218EPSS
Exploits0References2
Snyk
Snykā€¢added 2026/02/16 10:0 p.m.ā€¢3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization when using an OCSP responder. OCSP response verification and freshness checks can be bypassed, allowing certificate revocation to be bypassed. Remediation Upgrade org.apache.tomcat:tomcat-coyote-ffm to version...

8.7CVSS5.5AI score0.00218EPSS
Exploits0References2
OSV
OSVā€¢added 2026/01/14 1:17 p.m.ā€¢2 views

SUSE-SU-2026:20084-1 Security update for tomcat

This update for tomcat fixes the following issues: - Update to Tomcat 9.0.111 - Security fixes: - CVE-2025-55752: directory traversal via rewrite with possible RCE if PUT is enabled bsc1252753. - CVE-2025-55754: improper neutralization of Escape, Meta, or Control Sequences vulnerability in Apache...

9.6CVSS7.2AI score0.73974EPSS
Exploits4References7
Tenable Nessus
Tenable Nessusā€¢added 2025/10/28 12:0 a.m.ā€¢3 views

Apache Tomcat 9.0.40 < 9.0.109 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 9.0.109. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.109security-9 advisory. - Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. Tomcat...

9.6CVSS6.9AI score0.09244EPSS
Exploits0References4
Tenable Nessus
Tenable Nessusā€¢added 2025/04/01 12:0 a.m.ā€¢21 views

Amazon Linux 2 : tomcat (ALASTOMCAT9-2025-016)

The version of tomcat installed on the remote host is prior to 9.0.102-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2TOMCAT9-2025-016 advisory. Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious...

10CVSS9AI score0.99945EPSS
Exploits45References4
Tenable Nessus
Tenable Nessusā€¢added 2025/01/24 12:0 a.m.ā€¢36 views

Amazon Linux 2 : tomcat (ALASTOMCAT9-2025-015)

The version of tomcat installed on the remote host is prior to 9.0.98-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2TOMCAT9-2025-015 advisory. Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE...

9.8CVSS7.2AI score0.4176EPSS
Exploits13References10
Tenable Nessus
Tenable Nessusā€¢added 2023/10/18 12:0 a.m.ā€¢51 views

Amazon Linux 2 : tomcat (ALASTOMCAT9-2023-010)

The version of tomcat installed on the remote host is prior to 9.0.81-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2TOMCAT9-2023-010 advisory. Incomplete Cleanup vulnerability in Apache Tomcat. When recycling various internal objects in Apache Tomcat from...

7.5CVSS7.3AI score0.99999EPSS
Exploits21References8
Vulnrichment
Vulnrichmentā€¢added 2022/02/22 10:55 p.m.ā€¢5 views

CVE-2022-23612 Directory Traversal in OpenMRS Startup Filter

OpenMRS is a patient-based medical record system focusing on giving providers a free customizable electronic medical record system. Affected versions are subject to arbitrary file exfiltration due to failure to sanitize request when satisfying GET requests for /images & /initfilter/scripts. This...

7.5CVSS7.6AI score0.01902EPSS
Exploits1References4
Positive Technologies
Positive Technologiesā€¢added 2022/02/22 12:0 a.m.ā€¢3 views

PT-2022-16127

Name of the Vulnerable Software and Affected Versions OpenMRS versions prior to 2.1.5 OpenMRS versions prior to 2.2.1 OpenMRS versions prior to 2.3.5 OpenMRS versions prior to 2.4.5 OpenMRS versions prior to 2.5.3 Description The issue affects OpenMRS, a patient-based medical record system, due t...

7.5CVSS7.2AI score0.01902EPSS
Exploits1References11
Atlassian
Atlassianā€¢added 2020/07/17 3:19 p.m.ā€¢73 views

Upgrade the bundled version of Apache Tomcat to 8.5.57

h3. Issue Summary The recently disclosed vulnerability regarding Apache Tomcat CVE-2020-13934|https://vulners.com/cve/CVE-2020-13934 affects the following versions: Apache Tomcat 8.x from 8.5.1 to 8.5.56 Apache Tomcat 9.x from 9.0.0.M5 to 9.0.36 Apache Tomcat 10.x from 10.0.0-M1 to 10.0.0-M6...

7.5CVSS7.5AI score0.87553EPSS
Exploits1
Atlassian
Atlassianā€¢added 2020/06/29 1:40 p.m.ā€¢280 views

Upgrade Tomcat to version 9.0.37

h3. Issue Summary The current version of Tomcat 9.0.33 bundled with Confluence at least up to Confluence version 7.6 is vulnerable to HTTP/2 Denial of Service CVE-2020-11996 https://tomcat.apache.org/security-8.htmlFixedinApacheTomcat9.0.36...

7.5CVSS0.9AI score0.87553EPSS
Exploits16Affected Software1
Atlassian
Atlassianā€¢added 2020/01/15 3:29 p.m.ā€¢103 views

Upgrade Tomcat to 8.5.50 to fix CVE-2019-17563 & CVE-2019-12418

h3. Issue Summary The recently disclosed vulnerabilities regarding Apache Tomcat CVE-2019-12418|https://vulners.com/cve/CVE-2019-12418 CVE-2019-17563|https://vulners.com/cve/CVE-2019-17563 Which affects the following versions: Apache Tomcat 8.x from 8.5.0 before 8.5.50 We should bundle a more...

7.5CVSS8AI score0.10687EPSS
Exploits0
Atlassian
Atlassianā€¢added 2018/08/01 9:33 a.m.ā€¢617 views

Upgrade to Tomcat 8.5.32 necessary

There are new vulnerabilities reported by apache: http://mail-archives.us.apache.org/modmbox/www-announce/201807.mbox/%3C20180722090435.GA60759%40minotaur.apache.org%3E http://mail-archives.us.apache.org/modmbox/www-announce/201807.mbox/%3C20180722090623.GA92700%40minotaur.apache.org%3E It is...

7.5CVSS1.6AI score0.94494EPSS
Exploits3Affected Software1
Atlassian
Atlassianā€¢added 2017/03/14 1:20 p.m.ā€¢23 views

Upgrade Tomcat to the latest available version 8.5.12

Current version of Tomcat 8.5.6 bundled with JIRA 7.3.x is vulnerable to https://tomcat.apache.org/security-8.htmlFixedinApacheTomcat8.5.9. Customer would like the Tomcat to be upgraded to the latest version available as their client is no longer willing to run JIRA without having the tomcat...

0.6AI score
Exploits0Affected Software1
Atlassian
Atlassianā€¢added 2016/02/19 12:4 a.m.ā€¢38 views

Upgrade Tomcat to the latest 8.0.x release

h3. Summary We are currently on 8.0.17 and have already been bitten by a bug in it: https://bz.apache.org/bugzilla/showbug.cgi?id=57476 We should upgrade to the latest to get the latest bugfixes. Also, there have been a number of recent CVEs involving Tomcat, most of which involve SecurityManager...

8.8CVSS7.2AI score0.1838EPSS
Exploits0
OSV
OSVā€¢added 2014/11/23 12:0 a.m.ā€¢36 views

DLA-91-1 tomcat6 - security update

Bulletin has no description...

5.8CVSS7.8AI score0.16833EPSS
Exploits6
Rows per page
Query Builder