CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

59979 matches found

NVD•added 2026/05/12 4:16 p.m.•6 views

CVE-2026-43512

DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from before 7.0.0. Older unsupported...

9.8CVSS0.00139EPSS

Exploits0References2

OSV•added 2026/05/12 4:16 p.m.•3 views

DEBIAN-CVE-2026-41293

Improper Input Validation vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 10.0.0-M1 through 10.0.27. Older, end of support versions may also be affected. Users are recommended to...

9.8CVSS5.7AI score0.00253EPSS

Exploits0References1

OSV•added 2026/05/12 4:16 p.m.•1 views

DEBIAN-CVE-2026-43512

9.8CVSS5.7AI score0.00139EPSS

Exploits0References1

NVD•added 2026/05/12 4:16 p.m.•4 views

CVE-2026-41293

9.8CVSS0.00253EPSS

Exploits0References2

NVD•added 2026/05/12 4:16 p.m.•4 views

CVE-2026-42498

Exposure of HTTP Authentication Header to unexpected hosts during WebSocket authentication vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.2 through 9.0.117, from 8.5.24 through 8.5.100, from 7.0.83 through...

7.3CVSS0.0005EPSS

Exploits0References2

OSV•added 2026/05/12 4:16 p.m.•2 views

DEBIAN-CVE-2026-41284

Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117. Older, unsupported versions may also be affected. Users are recommended to upgrade ...

7.5CVSS5.7AI score0.00066EPSS

Exploits0References1

UbuntuCve•added 2026/05/12 4:16 p.m.•7 views

CVE-2026-41293

9.8CVSS5.7AI score0.00253EPSS

Exploits0References1

UbuntuCve•added 2026/05/12 4:16 p.m.•3 views

CVE-2026-43512

9.8CVSS5.7AI score0.00139EPSS

Exploits0References2

OSV•added 2026/05/12 4:16 p.m.•2 views

UBUNTU-CVE-2026-41293

9.8CVSS5.7AI score0.00253EPSS

Exploits0References2

Cvelist•added 2026/05/12 3:33 p.m.•48 views

CVE-2026-43515 Apache Tomcat: Security constraints not correctly applied

Improper Authorization vulnerability when multiple method constraints define an HTTP method for the same extension in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from...

0.00095EPSS

Exploits0References1

Vulnrichment•added 2026/05/12 3:33 p.m.•6 views

CVE-2026-43515 Apache Tomcat: Security constraints not correctly applied

5.8AI score0.00095EPSS

Exploits0References1

Debian CVE•added 2026/05/12 3:33 p.m.•4 views

CVE-2026-43515

9.1CVSS5.8AI score0.00095EPSS

Exploits0

Cvelist•added 2026/05/12 3:32 p.m.•31 views

CVE-2026-43514 Apache Tomcat: AJP secret compared in non-constant time

Observable Timing Discrepancy vulnerability when comparing AJP secret in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Older unsupported versio...

0.001EPSS

Exploits0References1

Debian CVE•added 2026/05/12 3:32 p.m.•6 views

CVE-2026-43514

3.7CVSS5.7AI score0.001EPSS

Exploits0

Vulnrichment•added 2026/05/12 3:32 p.m.•4 views

CVE-2026-43514 Apache Tomcat: AJP secret compared in non-constant time

5.7AI score0.001EPSS

Exploits0References1

CVE•added 2026/05/12 3:32 p.m.•16 views

CVE-2026-43514

CVE-2026-43514 describes an observable timing discrepancy in comparing the AJP secret in Apache Tomcat. Affected are Tomcat 11.0.0-M1 through 11.0.21, 10.1.0-M1 through 10.1.54, 9.0.0.M1 through 9.0.117, 8.5.0 through 8.5.100, and 7.0.0 through 7.0.109 (older unsupported versions may also be affe...

3.7CVSS5.7AI score0.001EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/05/12 3:26 p.m.•8 views

CVE-2026-43513 Apache Tomcat: LockOutRealm treats user names as case-sensitive

Improper Handling of Case Sensitivity vulnerability in LockOutRealm in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Older unsupported versions...

5.7AI score0.00082EPSS

Exploits0References1

Debian CVE•added 2026/05/12 3:26 p.m.•5 views

CVE-2026-43513

7.5CVSS5.7AI score0.00082EPSS

Exploits0

CVE•added 2026/05/12 3:26 p.m.•16 views

CVE-2026-43513

CVE-2026-43513 : Apache Tomcat has an improper handling of case sensitivity in LockOutRealm. Affects Tomcat 11.0.0-M1 through 11.0.21, 10.1.0-M1 through 10.1.54, 9.0.0.M1 through 9.0.117, 8.5.0 through 8.5.100, and 7.0.0 through 7.0.109 (older unsupported versions may also be affected). Upgrading...

7.5CVSS5.7AI score0.00082EPSS

Exploits0References2Affected Software1

CVE•added 2026/05/12 3:24 p.m.•28 views

CVE-2026-43512

CVE-2026-43512 describes an authentication bypass in the Digest authenticator of Apache Tomcat. Affected are Tomcat 11.0.0-M1 to 11.0.21, 10.1.0-M1 to 10.1.54, 9.0.0.M1 to 9.0.117, 8.5.0 to 8.5.100, and older/pre-7.0.0 versions. The issue is fixed in Tomcat 11.0.22, 10.1.55, and 9.0.118. Multiple...

9.8CVSS5.8AI score0.00139EPSS

Exploits0References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by