Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-53404 |
|
Vulnerability in apache (CVE-2026-53404)
vulnerability in apache (CVE-2026-53404). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55955 |
|
Authentication Bypass in apache (CVE-2026-55955)
authentication bypass in apache (CVE-2026-55955). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-53434 |
|
Vulnerability in apache (CVE-2026-53434)
vulnerability in apache (CVE-2026-53434). Confidential information can be exposed externally.
|
| CVE-2026-55956 |
|
Vulnerability in apache (CVE-2026-55956)
vulnerability in apache (CVE-2026-55956). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55276 |
|
Vulnerability in apache (CVE-2026-55276)
vulnerability in apache (CVE-2026-55276). Confidential information can be exposed externally.
|
| CVE-2026-55957 |
|
Vulnerability in apache (CVE-2026-55957)
vulnerability in apache (CVE-2026-55957). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50229 |
|
Vulnerability in apache (CVE-2026-50229)
vulnerability in apache (CVE-2026-50229). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44257 |
|
Command Injection in tomcat (CVE-2026-44257)
command injection in tomcat (CVE-2026-44257). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.08.010` or later.
|
| CVE-2026-43515 |
|
Vulnerability in tomcat (CVE-2026-43515)
vulnerability in tomcat (CVE-2026-43515). Confidential information can be exposed externally. Mitigation: upgrade to `10.1.55, 11.0.22, 9.0.118` or later.
|
| CVE-2026-43513 |
|
Vulnerability in tomcat (CVE-2026-43513)
vulnerability in tomcat (CVE-2026-43513). Confidential information can be exposed externally. Mitigation: upgrade to `10.1.55, 11.0.22, 9.0.118` or later.
|
| CVE-2026-43514 |
|
Vulnerability in tomcat (CVE-2026-43514)
vulnerability in tomcat (CVE-2026-43514). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `10.1.55, 11.0.22, 9.0.118` or later.
|
| CVE-2026-41293 |
|
Vulnerability in tomcat (CVE-2026-41293)
vulnerability in tomcat (CVE-2026-41293). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `10.1.55, 11.0.22, 9.0.118` or later.
|
| CVE-2026-42498 |
|
Information Disclosure in tomcat (CVE-2026-42498)
vulnerability in tomcat (CVE-2026-42498). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `10.1.55, 11.0.22, 9.0.118` or later.
|
| CVE-2026-43512 |
|
Authentication Bypass in tomcat (CVE-2026-43512)
authentication bypass in tomcat (CVE-2026-43512). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `10.1.55, 11.0.22, 9.0.118` or later.
|
| CVE-2026-41284 |
|
Vulnerability in tomcat (CVE-2026-41284)
vulnerability in tomcat (CVE-2026-41284). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `10.1.55, 11.0.22, 9.0.118` or later.
|
| CVE-2026-40075 |
|
Path Traversal in org.openmrs.web:openmrs-web (CVE-2026-40075)
path traversal in org.openmrs.web:openmrs-web (CVE-2026-40075). Confidential information can be exposed externally. Exploitable via ``ModuleResourcesServlet``. Mitigation: upgrade to `2.8.6` or later.
|
| CVE-2026-34486 |
|
Vulnerability in tomcat (CVE-2026-34486)
vulnerability in tomcat (CVE-2026-34486). Confidential information can be exposed externally. Mitigation: upgrade to `9.0.117, 10.1.54, 11.0.21` or later.
|
| CVE-2026-29146 |
|
Vulnerability in apache (CVE-2026-29146)
vulnerability in apache (CVE-2026-29146). Confidential information can be exposed externally.
|
| CVE-2016-20026 |
|
Vulnerability in apache (CVE-2016-20026)
vulnerability in apache (CVE-2016-20026). Successful exploitation can lead to full system takeover.
|
| CVE-2026-24734 |
|
Vulnerability in apache (CVE-2026-24734)
vulnerability in apache (CVE-2026-24734). Data can be tampered with by attackers.
|
| CVE-2025-61795 |
|
Vulnerability in org.apache.tomcat:tomcat (CVE-2025-61795)
vulnerability in org.apache.tomcat:tomcat (CVE-2025-61795). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.0.110, 10.1.47, 11.0.12` or later.
|
| CVE-2025-55754 |
|
Vulnerability in org.apache.tomcat:tomcat (CVE-2025-55754)
vulnerability in org.apache.tomcat:tomcat (CVE-2025-55754). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.0.109, 10.1.45, 11.0.11` or later.
|
| CVE-2025-55752 |
|
Vulnerability in org.apache.tomcat:tomcat (CVE-2025-55752)
vulnerability in org.apache.tomcat:tomcat (CVE-2025-55752). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.0.109, 10.1.45, 11.0.11` or later.
|
| CVE-2025-48989 |
|
Vulnerability in org.apache.tomcat:tomcat-coyote (CVE-2025-48989)
vulnerability in org.apache.tomcat:tomcat-coyote (CVE-2025-48989). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.0.108` or later.
|
| CVE-2025-24813 KEV |
|
[KEV] Vulnerability in Apache tomcat (CVE-2025-24813)
vulnerability in Apache tomcat (CVE-2025-24813). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-44487 KEV |
|
[KEV] Vulnerability in Ietf golang.org/x/net (CVE-2023-44487)
vulnerability in Ietf golang.org/x/net (CVE-2023-44487). Risk of unauthorized operations or information disclosure. Exploitable via ``Channel``. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `0.17.0` or later.
|
| CVE-2016-8735 KEV |
|
[KEV] Vulnerability in Apache tomcat (CVE-2016-8735)
vulnerability in Apache tomcat (CVE-2016-8735). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2017-12617 KEV |
|
[KEV] Unrestricted File Upload in Apache tomcat (CVE-2017-12617)
vulnerability in Apache tomcat (CVE-2017-12617). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2017-12615 KEV |
|
[KEV] Unrestricted File Upload in Apache tomcat (CVE-2017-12615)
vulnerability in Apache tomcat (CVE-2017-12615). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2020-1938 KEV |
|
[KEV] Privilege Escalation in org.apache.tomcat.embed:tomcat-embed-core (CVE-2020-1938)
vulnerability in org.apache.tomcat.embed:tomcat-embed-core (CVE-2020-1938). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `7.0.100` or later.
|
| CVE-2017-13990 |
|
Information Disclosure in express (CVE-2017-13990)
vulnerability in express (CVE-2017-13990). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-12616 |
|
Information Disclosure in apache (CVE-2017-12616)
vulnerability in apache (CVE-2017-12616). Confidential information can be exposed externally.
|
| CVE-2014-9635 |
|
Vulnerability in tomcat (CVE-2014-9635)
vulnerability in tomcat (CVE-2014-9635). Risk of unauthorized operations or information disclosure. Exploitable via `Cookie header`.
|
| CVE-2014-9634 |
|
Vulnerability in tomcat (CVE-2014-9634)
vulnerability in tomcat (CVE-2014-9634). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-14105 |
|
Vulnerability in tomcat (CVE-2017-14105)
vulnerability in tomcat (CVE-2017-14105). Successful exploitation can lead to full system takeover.
|
| CVE-2017-7675 |
|
Path Traversal in apache (CVE-2017-7675)
path traversal in apache (CVE-2017-7675). Confidential information can be exposed externally.
|
| CVE-2017-7674 |
|
Vulnerability in apache (CVE-2017-7674)
vulnerability in apache (CVE-2017-7674). Risk of unauthorized operations or information disclosure.
|
| CVE-2016-6796 |
|
Vulnerability in apache (CVE-2016-6796)
vulnerability in apache (CVE-2016-6796). Data can be tampered with by attackers.
|
| CVE-2016-6817 |
|
Buffer Overflow in apache (CVE-2016-6817)
vulnerability in apache (CVE-2016-6817). Risk of unauthorized operations or information disclosure.
|
| CVE-2016-8745 |
|
Vulnerability in apache (CVE-2016-8745)
vulnerability in apache (CVE-2016-8745). Confidential information can be exposed externally.
|
| CVE-2016-6797 |
|
Authorization Flaw in apache (CVE-2016-6797)
vulnerability in apache (CVE-2016-6797). Confidential information can be exposed externally.
|
| CVE-2016-6794 |
|
Vulnerability in apache (CVE-2016-6794)
vulnerability in apache (CVE-2016-6794). Risk of unauthorized operations or information disclosure.
|
| CVE-2016-5018 |
|
Vulnerability in apache (CVE-2016-5018)
vulnerability in apache (CVE-2016-5018). Confidential information can be exposed externally.
|
| CVE-2016-0762 |
|
Vulnerability in apache (CVE-2016-0762)
vulnerability in apache (CVE-2016-0762). Confidential information can be exposed externally.
|
| CVE-2017-7683 |
|
Information Disclosure in apache (CVE-2017-7683)
vulnerability in apache (CVE-2017-7683). Confidential information can be exposed externally.
|
| CVE-2017-6712 |
|
OS Command Injection in tomcat (CVE-2017-6712)
OS command injection in tomcat (CVE-2017-6712). Successful exploitation can lead to full system takeover.
|
| CVE-2015-1778 |
|
Authentication Bypass in org.opendaylight.odlparent:opendaylight-karaf-resources (CVE-2015-1778)
authentication bypass in org.opendaylight.odlparent:opendaylight-karaf-resources (CVE-2015-1778). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.2.3-Helium-SR3` or later.
|
| CVE-2017-6683 |
|
OS Command Injection in tomcat (CVE-2017-6683)
OS command injection in tomcat (CVE-2017-6683). Successful exploitation can lead to full system takeover.
|
| CVE-2017-6682 |
|
OS Command Injection in tomcat (CVE-2017-6682)
OS command injection in tomcat (CVE-2017-6682). Successful exploitation can lead to full system takeover.
|
| CVE-2017-5664 |
|
Vulnerability in apache (CVE-2017-5664)
vulnerability in apache (CVE-2017-5664). Data can be tampered with by attackers.
|