|
1
|
9.1
-
|
CRITICAL
Network
|
Insufficient Technical Documentation vulnerability in Apache Tomcat since the requirements to securely configure the EncryptInterceptor were not clearly documented.
This issue affects Apache Tomcat:…
Update
|
CWE-1059
Insufficient Technical Documentation
|
CVE-2026-59084
|
cpe:2.3:a:apache:tomcat:*:*
|
7.0.100 8.5.38 9.0.13 10.1.0 11.0.0
|
7.0.109 8.5.100 9.0.119 10.1.56 11.0.23
|
|
|
2026-07-15 01:57
2026-07-14
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2
|
9.1
-
|
CRITICAL
Network
|
Improper Handling of URL Encoding (Hex Encoding) vulnerability in Apache Tomcat's rewrite valve allowed security constraint bypass for some configurations.
This issue affects Apache Tomcat: from 11.…
Update
|
CWE-177
Improper Handling of URL Encoding (Hex Encoding)
|
CVE-2026-59083
|
cpe:2.3:a:apache:tomcat:*:*
|
8.5.0 9.0.0 10.1.0 11.0.0
|
8.0.0 8.5.100 9.0.119 10.1.56 11.0.23
|
|
|
2026-07-15 01:57
2026-07-14
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3
|
7.3
-
|
HIGH
Network
|
Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to authenticate binds using GSSAPI allowed attackers to authenticate without provided the corr…
|
CWE-304
Missing Critical Step in Authentication
|
CVE-2026-55957
|
cpe:2.3:a:apache:tomcat:*:*
|
10.1.0 11.0.0
|
|
|
9.0.101 10.1.37 11.0.5
|
2026-07-3 04:01
2026-06-30
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4
|
6.5
-
|
MEDIUM
Network
|
Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint.
Thi…
|
CWE-285
Improper Authorization
|
CVE-2026-55956
|
cpe:2.3:a:apache:tomcat:*:*
|
10.1.0 11.0.0
|
|
|
9.0.119 10.1.56 11.0.23
|
2026-07-3 04:03
2026-06-30
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5
|
6.5
-
|
MEDIUM
Network
|
Improper Authentication vulnerability in Apache Tomcat allowed a replay attack against the EncryptionInterceptor in the cluster component.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11…
|
CWE-287
Improper Authentication
|
CVE-2026-55955
|
cpe:2.3:a:apache:tomcat:*:*
|
10.1.0 11.0.0
|
|
|
9.0.19 10.1.56 11.0.23
|
2026-07-3 04:04
2026-06-30
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6
|
9.1
-
|
CRITICAL
Network
|
Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat meant that special roles and empty authorisation constraints were not included when the effective web.xml was logged.
This…
|
CWE-670
Always-Incorrect Control Flow Implementation
|
CVE-2026-55276
|
cpe:2.3:a:apache:tomcat:*:*
|
10.1.0 11.0.0
|
|
|
9.0.119 10.1.56 11.0.23
|
2026-07-3 04:05
2026-06-30
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
7
|
9.1
-
|
CRITICAL
Network
|
Detection of Error Condition Without Action vulnerability in Apache Tomcat when configuring CRLs for a FFM based connector.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.…
|
CWE-390
Detection of Error Condition Without Action
|
CVE-2026-53434
|
cpe:2.3:a:apache:tomcat:*:*
|
9.0.83 10.1.0 11.0.0
|
|
|
9.0.119 10.1.56 11.0.23
|
2026-07-3 04:06
2026-06-30
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
8
|
7.3
-
|
HIGH
Network
|
Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat's rewrite valve meant that if the first condition in an OR chain matched, subsequent non-OR conditions were skipped.
This …
|
CWE-670
Always-Incorrect Control Flow Implementation
|
CVE-2026-53404
|
cpe:2.3:a:apache:tomcat:*:*
|
8.5.0 9.0.0 10.1.0 11.0.0
|
8.5.100
|
|
9.0.119 10.1.56 11.0.23
|
2026-07-3 04:22
2026-06-30
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
9
|
6.1
-
|
MEDIUM
Network
|
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in the number guess example for Apache Tomcat.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11…
|
CWE-80
Basic XSS
|
CVE-2026-50229
|
cpe:2.3:a:apache:tomcat:*:*
|
8.5.0 9.0.0 10.1.0 11.0.0
|
7.0.109 8.5.100
|
|
9.0.119 10.1.56 11.0.23
|
2026-07-3 04:24
2026-06-30
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
10
|
9.1
-
|
CRITICAL
Network
|
Improper Authorization vulnerability when multiple method constraints define an HTTP method for the same extension in Apache Tomcat.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21,…
|
CWE-285
Improper Authorization
|
CVE-2026-43515
|
cpe:2.3:a:apache:tomcat:*:*
|
7.0.0 8.5.0 9.0.0 10.1.0 11.0.0
|
7.0.109 8.5.100
|
|
9.0.118 10.1.55 11.0.22
|
2026-05-16 00:52
2026-05-13
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|