| Bug | trixie | forky | sid | Description |
|---|
| CVE-2026-34500 | vulnerable | vulnerable | vulnerable | CLIENT_CERT authentication does not fail as expected for some scenario ... |
| CVE-2026-34487 | vulnerable | vulnerable | vulnerable | Insertion of Sensitive Information into Log File vulnerability in the ... |
| CVE-2026-34483 | vulnerable | vulnerable | vulnerable | Improper Encoding or Escaping of Output vulnerability in the JsonAcces ... |
| CVE-2026-32990 | vulnerable | vulnerable | vulnerable | Improper Input Validation vulnerability in Apache Tomcat due to an inc ... |
| CVE-2026-29146 | vulnerable | vulnerable | vulnerable | Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor wit ... |
| CVE-2026-29145 | vulnerable | vulnerable | vulnerable | CLIENT_CERT authentication does not fail as expected for some scenario ... |
| CVE-2026-29129 | vulnerable | vulnerable | vulnerable | Configured cipher preference order not preserved vulnerability in Apac ... |
| CVE-2026-25854 | vulnerable | vulnerable | vulnerable | Occasional URL redirection to untrusted Site ('Open Redirect') vulnera ... |
| CVE-2026-24880 | vulnerable | vulnerable | vulnerable | Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response S ... |
| CVE-2026-24734 | vulnerable (no DSA, postponed) | fixed | fixed | Improper Input Validation vulnerability in Apache Tomcat Native, Apach ... |
| Bug | Description |
|---|
| CVE-2026-34486 | Missing Encryption of Sensitive Data vulnerability in Apache Tomcat du ... |
| CVE-2026-24733 | Improper Input Validation vulnerability in Apache Tomcat. Tomcat did ... |
| CVE-2025-66614 | Improper Input Validation vulnerability. This issue affects Apache To ... |
| CVE-2025-61795 | Improper Resource Shutdown or Release vulnerability in Apache Tomcat. ... |
| CVE-2025-55754 | Improper Neutralization of Escape, Meta, or Control Sequences vulnerab ... |
| CVE-2025-55752 | Relative Path Traversal vulnerability in Apache Tomcat. The fix for b ... |
| CVE-2025-55668 | Session Fixation vulnerability in Apache Tomcat via rewrite valve. Th ... |
| CVE-2025-53506 | Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an ... |
| CVE-2025-52520 | For some unlikely configurations of multipart upload, an Integer Overf ... |
| CVE-2025-49125 | Authentication Bypass Using an Alternate Path or Channel vulnerability ... |
| CVE-2025-49124 | Untrusted Search Path vulnerability in Apache Tomcat installer for Win ... |
| CVE-2025-48989 | Improper Resource Shutdown or Release vulnerability in Apache Tomcat m ... |
| CVE-2025-48988 | Allocation of Resources Without Limits or Throttling vulnerability in ... |
| CVE-2025-48976 | Allocation of resources for multipart headers with insufficient limits ... |
| CVE-2025-46701 | Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's ... |
| CVE-2025-31651 | Improper Neutralization of Escape, Meta, or Control Sequences vulnerab ... |
| CVE-2025-31650 | Improper Input Validation vulnerability in Apache Tomcat. Incorrect er ... |