org.apache.tomcat.embed:tomcat-embed-core vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-41284Highorg.apache.tomcat.embed:tomcat-embed-core: Apache Tomcat: Unbounded read in WebDAV LOCK and PROPFIND handlingCVE-2026-43512Criticalorg.apache.tomcat.embed:tomcat-embed-core: Apache Tomcat - Digest authenticator will authenticate any unknown userCVE-2026-43513Highorg.apache.tomcat.embed:tomcat-embed-core: Apache Tomcat: LockOutRealm treats user names as case-sensitiveCVE-2026-43515Criticalorg.apache.tomcat.embed:tomcat-embed-core: Apache Tomcat - Security constraints not correctly appliedCVE-2026-43514Loworg.apache.tomcat.embed:tomcat-embed-core: Apache Tomcat - AJP secret compared in non-constant timeCVE-2026-41293Criticalorg.apache.tomcat.embed:tomcat-embed-core: Apache Tomcat - HTTP/2 request headers not validatedCVE-2026-42498Highorg.apache.tomcat.embed:tomcat-embed-core: Apache Tomcat - WebSocket authentication header exposureCVE-2026-34483Highorg.apache.tomcat:tomcat-catalina: Apache Tomcat has an Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValveCVE-2026-32990Mediumorg.apache.tomcat:tomcat: Apache Tomcat has an Improper Input Validation vulnerabilityCVE-2026-25854Mediumorg.apache.tomcat:tomcat-catalina: Apache Tomcat has an Open Redirect vulnerabilityCVE-2026-29129Highorg.apache.tomcat:tomcat: Apache Tomcat: Configured cipher preference order not preservedCVE-2026-24880Highorg.apache.tomcat:tomcat-coyote: Apache Tomcat has an HTTP Request/Response Smuggling vulnerabilityCVE-2026-24734Highorg.apache.tomcat:tomcat-coyote: Apache Tomcat has an Improper Input Validation vulnerabilityCVE-2025-66614Mediumorg.apache.tomcat.embed:tomcat-embed-core: Apache Tomcat - Client certificate verification bypassCVE-2025-55754Loworg.apache.tomcat:tomcat: Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control SequencesCVE-2025-61795Loworg.apache.tomcat:tomcat: Apache Tomcat Vulnerable to Improper Resource Shutdown or ReleaseCVE-2025-55752Highorg.apache.tomcat:tomcat: Apache Tomcat Vulnerable to Relative Path TraversalCVE-2025-48989Highorg.apache.tomcat:tomcat-coyote: Apache Tomcat Improper Resource Shutdown or Release vulnerabilityCVE-2025-55668Mediumorg.apache.tomcat:tomcat-catalina: Apache Tomcat Session Fixation vulnerabilityCVE-2025-53506Highorg.apache.tomcat:tomcat-coyote: Apache Tomcat Coyote vulnerable to Denial of Service via excessive HTTP/2 streamsCVE-2025-52520Highorg.apache.tomcat:tomcat-catalina: Apache Tomcat Catalina is vulnerable to DoS attack through bypassing of size limitsCVE-2025-52434Mediumorg.apache.tomcat:tomcat-coyote: Apache Tomcat is vulnerable to resource exhaustion when using the APR/Native connectorCVE-2025-49124Mediumorg.apache.tomcat.embed:tomcat-embed-core: Apache Tomcat installer for Windows has an untrusted search path vulnerabilityCVE-2025-49125Mediumorg.apache.tomcat:tomcat-catalina: Apache Tomcat - Security constraint bypass for pre/post-resourcesCVE-2025-48988Highorg.apache.tomcat:tomcat-catalina: Apache Tomcat - DoS in multipart upload

Stop the waste.
Protect your environment with Kodem.