CVE-2026-43512
- EPSS 1.23%
- Veröffentlicht 12.05.2026 15:24:02
- Zuletzt bearbeitet 15.05.2026 15:54:37
DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5...
CVE-2026-41293
- EPSS 1.34%
- Veröffentlicht 12.05.2026 15:19:35
- Zuletzt bearbeitet 15.05.2026 15:57:18
Improper Input Validation vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 10.0.0-M1 through 10.0.27. Older, end of support versions...
CVE-2026-42498
- EPSS 0.55%
- Veröffentlicht 12.05.2026 15:17:56
- Zuletzt bearbeitet 14.05.2026 18:51:59
Exposure of HTTP Authentication Header to unexpected hosts during WebSocket authentication vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.2 through 9.0.117, ...
CVE-2026-41284
- EPSS 0.78%
- Veröffentlicht 12.05.2026 15:14:45
- Zuletzt bearbeitet 14.05.2026 18:59:48
Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117. Older, unsupported versions may als...
CVE-2026-40075
- EPSS 0.56%
- Veröffentlicht 05.05.2026 22:16:00
- Zuletzt bearbeitet 12.05.2026 16:18:14
OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the `/openmrs/moduleResources/{moduleid}` endpoint is vulnerable to a path traversal attack. The ModuleResources...
CVE-2026-34486
- EPSS 15.83%
- Veröffentlicht 09.04.2026 20:16:25
- Zuletzt bearbeitet 09.07.2026 13:17:00
Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to ve...
CVE-2026-34487
- EPSS 0.45%
- Veröffentlicht 09.04.2026 20:16:25
- Zuletzt bearbeitet 14.04.2026 12:44:45
Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernetes bearer token. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 th...
CVE-2026-34500
- EPSS 0.47%
- Veröffentlicht 09.04.2026 20:16:25
- Zuletzt bearbeitet 14.04.2026 12:43:28
CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M14 through 11.0.20, from 10.1.22 through 10.1.53, from 9.0.92 through...
CVE-2026-24880
- EPSS 0.45%
- Veröffentlicht 09.04.2026 20:16:24
- Zuletzt bearbeitet 14.04.2026 20:02:48
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Apache Tomcat via invalid chunk extension. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0...
CVE-2026-25854
- EPSS 0.53%
- Veröffentlicht 09.04.2026 20:16:24
- Zuletzt bearbeitet 14.04.2026 14:01:07
Occasional URL redirection to untrusted Site ('Open Redirect') vulnerability in Apache Tomcat via the LoadBalancerDrainingValve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M23 through...