| Bug | Description |
|---|
| CVE-2026-43515 | Improper Authorization vulnerability when multiple method constraints ... |
| CVE-2026-43514 | Observable Timing Discrepancy vulnerabilitywhen comparing AJP secret i ... |
| CVE-2026-43513 | Improper Handling of Case Sensitivity vulnerability in LockOutRealm in ... |
| CVE-2026-43512 | DEPRECATED: Authentication Bypass Issues vulnerability in digest authe ... |
| CVE-2026-42498 | Exposure of HTTP Authentication Header to unexpected hosts during WebS ... |
| CVE-2026-41293 | Improper Input Validation vulnerability in Apache Tomcat. This issue ... |
| CVE-2026-41284 | Allocation of Resources Without Limits or Throttling vulnerability in ... |
| CVE-2026-34500 | CLIENT_CERT authentication does not fail as expected for some scenario ... |
| CVE-2026-34487 | Insertion of Sensitive Information into Log File vulnerability in the ... |
| CVE-2026-34486 | Missing Encryption of Sensitive Data vulnerability in Apache Tomcat du ... |
| CVE-2026-34483 | Improper Encoding or Escaping of Output vulnerability in the JsonAcces ... |
| CVE-2026-32990 | Improper Input Validation vulnerability in Apache Tomcat due to an inc ... |
| CVE-2026-29146 | Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor wit ... |
| CVE-2026-29145 | CLIENT_CERT authentication does not fail as expected for some scenario ... |
| CVE-2026-29129 | Configured cipher preference order not preserved vulnerability in Apac ... |
| CVE-2026-25854 | Occasional URL redirection to untrusted Site ('Open Redirect') vulnera ... |
| CVE-2026-24880 | Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response S ... |
| CVE-2026-24734 | Improper Input Validation vulnerability in Apache Tomcat Native, Apach ... |
| CVE-2026-24733 | Improper Input Validation vulnerability in Apache Tomcat. Tomcat did ... |
| CVE-2025-66614 | Improper Input Validation vulnerability. This issue affects Apache To ... |
| CVE-2025-61795 | Improper Resource Shutdown or Release vulnerability in Apache Tomcat. ... |
| CVE-2025-55754 | Improper Neutralization of Escape, Meta, or Control Sequences vulnerab ... |
| CVE-2025-55752 | Relative Path Traversal vulnerability in Apache Tomcat. The fix for b ... |
| CVE-2025-55668 | Session Fixation vulnerability in Apache Tomcat via rewrite valve. Th ... |
| CVE-2025-53506 | Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an ... |
| CVE-2025-52520 | For some unlikely configurations of multipart upload, an Integer Overf ... |
| CVE-2025-49125 | Authentication Bypass Using an Alternate Path or Channel vulnerability ... |
| CVE-2025-49124 | Untrusted Search Path vulnerability in Apache Tomcat installer for Win ... |
| CVE-2025-48989 | Improper Resource Shutdown or Release vulnerability in Apache Tomcat m ... |
| CVE-2025-48988 | Allocation of Resources Without Limits or Throttling vulnerability in ... |
| CVE-2025-48976 | Allocation of resources for multipart headers with insufficient limits ... |
| CVE-2025-46701 | Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's ... |
| CVE-2025-31651 | Improper Neutralization of Escape, Meta, or Control Sequences vulnerab ... |
| CVE-2025-31650 | Improper Input Validation vulnerability in Apache Tomcat. Incorrect er ... |