How should we interpret CVSS severity scores?

CVSS estimates technical severity, but it does not automatically equal business risk. Prioritize using context like internet exposure, asset criticality, known exploitation, and whether compensating controls exist. A Medium CVSS on an exposed production system can be more urgent than a Critical on an isolated non-production host.

Vulnerability Database

Q: What is a Vulnerability (CVE) and why does it matter?

A security vulnerability is a weakness in software, hardware, or configuration that can be exploited to compromise confidentiality, integrity, or availability. Many vulnerabilities are tracked as CVEs (Common Vulnerabilities and Exposures), which provide a standardized identifier so teams can coordinate patching, mitigation, and risk assessment across tools and vendors.

Q: What's the difference between a vulnerability, an exploit, and a zero-day?

A vulnerability is the underlying weakness. An exploit is the method or code used to take advantage of it. A zero-day is a vulnerability that is unknown to the vendor or has no publicly available fix when attackers begin using it. Risk increases sharply when exploitation becomes reliable or widespread.

Q: Why do vulnerabilities keep reappearing in our environment?

Recurring findings usually come from incomplete asset discovery, inconsistent patch management, inherited images, and configuration drift. In modern environments, you also need to watch the software supply chain: dependencies, containers, build pipelines, and third-party services can reintroduce the same weakness even after you patch a single host.

Q: How do we prioritize remediation without burning out the team?

Use a repeatable triage model: focus first on externally exposed assets, high-value systems (identity, VPN, email, production), vulnerabilities with known exploits, and issues that enable remote code execution or privilege escalation. Then enforce patch SLAs and track progress so remediation is steady, not reactive.

Q: How can SynScan help reduce vulnerability risk over time?

SynScan combines attack surface monitoring and continuous security auditing to keep your inventory current, flag high-impact vulnerabilities early, and help you turn raw findings into a practical remediation plan.

352,427

Total vulnerabilities in the database

Vulnerabilities for products matching "tomcat"

Found 2 matching products. Filters apply to all results.

You can search for specific versions with /product/tomcat/1.2.3

apache / tomcat

8879 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2026-41284	High	May 12, 2026 5/12/26	>= 4.0.0 <= 7.0.109 >= 8.5.0 <= 8.5.100 >= 9.0.0 < 9.0.118 >= 10.0.0 <= 10.0.27 >= 10.1.0 < 10.1.55 >= 11.0.0 < 11.0.22
CVE-2026-41293	Critical	May 12, 2026 5/12/26	>= 8.5.0 <= 8.5.100 >= 9.0.0 < 9.0.118 >= 10.0.0 <= 10.0.27 >= 10.1.0 < 10.1.55 >= 11.0.0 < 11.0.22
CVE-2026-42498	High	May 12, 2026 5/12/26	>= 7.0.0 <= 7.0.109 >= 8.5.0 <= 8.5.100 >= 9.0.0 < 9.0.118 >= 10.1.0 < 10.1.55 >= 11.0.0 < 11.0.22
CVE-2026-43512	Critical	May 12, 2026 5/12/26	>= 7.0.0 <= 7.0.109 >= 8.5.0 <= 8.5.100 >= 9.0.0 < 9.0.118 >= 10.1.0 < 10.1.55 >= 11.0.0 < 11.0.22
CVE-2026-43513	High	May 12, 2026 5/12/26	>= 7.0.0 <= 7.0.109 >= 8.5.0 <= 8.5.100 >= 9.0.0 < 9.0.118 >= 10.1.0 < 10.1.55 >= 11.0.0 < 11.0.22
CVE-2026-43514	Low	May 12, 2026 5/12/26	>= 7.0.0 <= 7.0.109 >= 8.5.0 <= 8.5.100 >= 9.0.0 < 9.0.118 >= 10.1.0 < 10.1.55 >= 11.0.0 < 11.0.22
CVE-2026-43515	Critical	May 12, 2026 5/12/26	>= 7.0.0 <= 7.0.109 >= 8.5.0 <= 8.5.100 >= 9.0.0 < 9.0.118 >= 10.1.0 < 10.1.55 >= 11.0.0 < 11.0.22
CVE-2026-34483	High	April 9, 2026 4/9/26	>= 9.0.40 < 9.0.117 >= 10.1.0 < 10.1.54 >= 11.0.0 < 11.0.21
CVE-2026-34486	High	April 9, 2026 4/9/26	== 9.0.116 == 10.1.53 == 11.0.20
CVE-2026-34487	High	April 9, 2026 4/9/26	>= 9.0.13 < 9.0.117 >= 10.1.0 < 10.1.54 >= 11.0.0 < 11.0.21
CVE-2026-34500	Medium	April 9, 2026 4/9/26	>= 9.0.92 < 9.0.117 >= 10.1.22 < 10.1.54 >= 11.0.1 < 11.0.21 == 11.0.0-milestone14 == 11.0.0-milestone15 == 11.0.0-milestone16 == 11.0.0-milestone17 == 11.0.0-milestone18 == 11.0.0-milestone19 == 11.0.0-milestone20 == 11.0.0-milestone21 == 11.0.0-milestone22 == 11.0.0-milestone23 == 11.0.0-milestone24 == 11.0.0-milestone25 == 11.0.0-milestone26
CVE-2026-24880	High	April 9, 2026 4/9/26	>= 9.0.0 < 9.0.116 >= 10.1.0 < 10.1.53 >= 11.0.0 < 11.0.20
CVE-2026-25854	Medium	April 9, 2026 4/9/26	>= 9.0.1 < 9.0.116 >= 10.1.0 < 10.1.53 >= 11.0.0 < 11.0.20 == 9.0.0-milestone23 == 9.0.0-milestone24 == 9.0.0-milestone25 == 9.0.0-milestone26 == 9.0.0-milestone27
CVE-2026-29129	High	April 9, 2026 4/9/26	>= 9.0.114 < 9.0.116 >= 10.1.51 < 10.1.53 >= 11.0.16 < 11.0.20
CVE-2026-29145	Critical	April 9, 2026 4/9/26	>= 9.0.83 < 9.0.116 >= 10.1.1 < 10.1.53 >= 11.0.0 < 11.0.20 == 10.1.0 == 10.1.0-milestone10 == 10.1.0-milestone11 == 10.1.0-milestone12 == 10.1.0-milestone13 == 10.1.0-milestone14 == 10.1.0-milestone15 == 10.1.0-milestone16 == 10.1.0-milestone17 == 10.1.0-milestone18 == 10.1.0-milestone19 == 10.1.0-milestone20 == 10.1.0-milestone7 == 10.1.0-milestone8 == 10.1.0-milestone9
CVE-2026-29146	High	April 9, 2026 4/9/26	>= 7.0.100 <= 7.0.109 >= 8.5.38 <= 8.5.100 >= 9.0.13 < 9.0.116 >= 10.0.0 < 10.1.53 >= 11.0.0 < 11.0.20
CVE-2026-32990	Medium	April 9, 2026 4/9/26	>= 9.0.113 < 9.0.116 >= 10.1.50 < 10.1.53 >= 11.0.15 < 11.0.20
CVE-2025-66614	Medium	February 17, 2026 2/17/26	>= 9.0.1 < 9.0.113 >= 10.1.1 < 10.1.50 >= 11.0.1 < 11.0.15 == 9.0.0-milestone1 == 9.0.0-milestone10 == 9.0.0-milestone11 == 9.0.0-milestone12 == 9.0.0-milestone13 == 9.0.0-milestone14 == 9.0.0-milestone15 == 9.0.0-milestone16 == 9.0.0-milestone17 == 9.0.0-milestone18 == 9.0.0-milestone19 == 9.0.0-milestone2 == 9.0.0-milestone20 == 9.0.0-milestone21 == 9.0.0-milestone22 == 9.0.0-milestone23 == 9.0.0-milestone24 == 9.0.0-milestone25 == 9.0.0-milestone26 == 9.0.0-milestone27 == 9.0.0-milestone3 == 9.0.0-milestone4 == 9.0.0-milestone5 == 9.0.0-milestone6 == 9.0.0-milestone7 == 9.0.0-milestone8 == 9.0.0-milestone9 == 10.1.0-milestone1 == 10.1.0-milestone10 == 10.1.0-milestone11 == 10.1.0-milestone12 == 10.1.0-milestone13 == 10.1.0-milestone14 == 10.1.0-milestone15 == 10.1.0-milestone16 == 10.1.0-milestone17 == 10.1.0-milestone18 == 10.1.0-milestone19 == 10.1.0-milestone2 == 10.1.0-milestone20 == 10.1.0-milestone3 == 10.1.0-milestone4 == 10.1.0-milestone5 == 10.1.0-milestone6 == 10.1.0-milestone7 == 10.1.0-milestone8 == 10.1.0-milestone9 == 11.0.0-milestone1 == 11.0.0-milestone10 == 11.0.0-milestone11 == 11.0.0-milestone12 == 11.0.0-milestone13 == 11.0.0-milestone14 == 11.0.0-milestone15 == 11.0.0-milestone16 == 11.0.0-milestone17 == 11.0.0-milestone18 == 11.0.0-milestone19 == 11.0.0-milestone2 == 11.0.0-milestone20 == 11.0.0-milestone21 == 11.0.0-milestone22 == 11.0.0-milestone23 == 11.0.0-milestone24 == 11.0.0-milestone25 == 11.0.0-milestone26 == 11.0.0-milestone3 == 11.0.0-milestone4 == 11.0.0-milestone5 == 11.0.0-milestone6 == 11.0.0-milestone7 == 11.0.0-milestone8 == 11.0.0-milestone9
CVE-2026-24733	Low	February 17, 2026 2/17/26	>= 9.0.1 < 9.0.113 >= 10.1.1 < 10.1.50 >= 11.0.1 < 11.0.15 == 9.0.0-milestone1 == 9.0.0-milestone10 == 9.0.0-milestone11 == 9.0.0-milestone12 == 9.0.0-milestone13 == 9.0.0-milestone14 == 9.0.0-milestone15 == 9.0.0-milestone16 == 9.0.0-milestone17 == 9.0.0-milestone18 == 9.0.0-milestone19 == 9.0.0-milestone2 == 9.0.0-milestone20 == 9.0.0-milestone21 == 9.0.0-milestone22 == 9.0.0-milestone23 == 9.0.0-milestone24 == 9.0.0-milestone25 == 9.0.0-milestone26 == 9.0.0-milestone27 == 9.0.0-milestone3 == 9.0.0-milestone4 == 9.0.0-milestone5 == 9.0.0-milestone6 == 9.0.0-milestone7 == 9.0.0-milestone8 == 9.0.0-milestone9 == 10.0.0-milestone1 == 10.0.0-milestone10 == 10.0.0-milestone2 == 10.0.0-milestone3 == 10.0.0-milestone4 == 10.0.0-milestone5 == 10.0.0-milestone6 == 10.0.0-milestone7 == 10.0.0-milestone8 == 10.0.0-milestone9 == 11.0.0-milestone1 == 11.0.0-milestone10 == 11.0.0-milestone11 == 11.0.0-milestone12 == 11.0.0-milestone13 == 11.0.0-milestone14 == 11.0.0-milestone15 == 11.0.0-milestone16 == 11.0.0-milestone17 == 11.0.0-milestone18 == 11.0.0-milestone19 == 11.0.0-milestone2 == 11.0.0-milestone20 == 11.0.0-milestone21 == 11.0.0-milestone22 == 11.0.0-milestone23 == 11.0.0-milestone24 == 11.0.0-milestone25 == 11.0.0-milestone26 == 11.0.0-milestone3 == 11.0.0-milestone4 == 11.0.0-milestone5 == 11.0.0-milestone6 == 11.0.0-milestone7 == 11.0.0-milestone8 == 11.0.0-milestone9
CVE-2026-24734	High	February 17, 2026 2/17/26	>= 9.0.83 < 9.0.115 >= 10.1.1 < 10.1.52 >= 11.0.1 < 11.0.18 == 10.1.0-milestone1 == 10.1.0-milestone10 == 10.1.0-milestone11 == 10.1.0-milestone12 == 10.1.0-milestone13 == 10.1.0-milestone14 == 10.1.0-milestone15 == 10.1.0-milestone16 == 10.1.0-milestone17 == 10.1.0-milestone18 == 10.1.0-milestone19 == 10.1.0-milestone2 == 10.1.0-milestone20 == 10.1.0-milestone3 == 10.1.0-milestone4 == 10.1.0-milestone5 == 10.1.0-milestone6 == 10.1.0-milestone7 == 10.1.0-milestone8 == 10.1.0-milestone9 == 11.0.0-milestone1 == 11.0.0-milestone10 == 11.0.0-milestone11 == 11.0.0-milestone12 == 11.0.0-milestone13 == 11.0.0-milestone14 == 11.0.0-milestone15 == 11.0.0-milestone16 == 11.0.0-milestone17 == 11.0.0-milestone18 == 11.0.0-milestone19 == 11.0.0-milestone2 == 11.0.0-milestone20 == 11.0.0-milestone21 == 11.0.0-milestone22 == 11.0.0-milestone23 == 11.0.0-milestone24 == 11.0.0-milestone25 == 11.0.0-milestone26 == 11.0.0-milestone3 == 11.0.0-milestone4 == 11.0.0-milestone5 == 11.0.0-milestone6 == 11.0.0-milestone7 == 11.0.0-milestone8 == 11.0.0-milestone9
CVE-2025-61795	Low	October 27, 2025 10/27/25	>= 8.5.0 <= 8.5.100 >= 9.0.0 < 9.0.110 >= 10.0.0 < 10.0.27 >= 10.1.0 < 10.1.47 >= 11.0.0 < 11.0.12
CVE-2025-55754	Low	October 27, 2025 10/27/25	>= 8.5.60 <= 8.5.100 >= 9.0.40 < 9.0.109 >= 10.0.0 < 10.0.27 >= 10.1.0 < 10.1.45 >= 11.0.0 < 11.0.11
CVE-2025-55752	High	October 27, 2025 10/27/25	>= 8.5.6 <= 8.5.100 >= 9.0.1 < 9.0.109 >= 10.0.0 < 10.0.27 >= 10.1.0 < 10.1.45 >= 11.0.0 < 11.0.11 == 9.0.0 == 9.0.0-milestone11 == 9.0.0-milestone12 == 9.0.0-milestone13 == 9.0.0-milestone14 == 9.0.0-milestone15 == 9.0.0-milestone16 == 9.0.0-milestone17 == 9.0.0-milestone18 == 9.0.0-milestone19 == 9.0.0-milestone20 == 9.0.0-milestone21 == 9.0.0-milestone22 == 9.0.0-milestone23 == 9.0.0-milestone24 == 9.0.0-milestone25 == 9.0.0-milestone26 == 9.0.0-milestone27
CVE-2025-55668	Medium	August 13, 2025 8/13/25	== 9.0.0-milestone1 == 9.0.0-milestone10 == 9.0.0-milestone11 == 9.0.0-milestone12 == 9.0.0-milestone13 == 9.0.0-milestone14 == 9.0.0-milestone15 == 9.0.0-milestone16 == 9.0.0-milestone17 == 9.0.0-milestone18 == 9.0.0-milestone19 == 9.0.0-milestone2 == 9.0.0-milestone20 == 9.0.0-milestone21 == 9.0.0-milestone22 == 9.0.0-milestone23 == 9.0.0-milestone24 == 9.0.0-milestone25 >= 10.0.0 < 10.1.42 >= 11.0.0 < 11.0.8 == 9.0.0-milestone9 == 9.0.0-milestone26 == 9.0.0-milestone27 == 9.0.0-milestone3 == 9.0.0-milestone4 == 9.0.0-milestone5 == 9.0.0-milestone6 == 9.0.0-milestone7 == 9.0.0-milestone8 >= 9.0.1 < 9.0.106
CVE-2025-48989	High	August 13, 2025 8/13/25	== 9.0.0-milestone1 == 9.0.0-milestone10 == 9.0.0-milestone11 == 9.0.0-milestone12 == 9.0.0-milestone13 == 9.0.0-milestone14 == 9.0.0-milestone15 == 9.0.0-milestone16 == 9.0.0-milestone17 == 9.0.0-milestone18 == 9.0.0-milestone19 == 9.0.0-milestone2 == 9.0.0-milestone20 == 9.0.0-milestone21 == 9.0.0-milestone22 == 9.0.0-milestone23 == 9.0.0-milestone24 == 9.0.0-milestone25 >= 10.0.0 < 10.1.44 >= 11.0.0 < 11.0.10 == 9.0.0-milestone9 == 9.0.0-milestone26 == 9.0.0-milestone27 == 9.0.0-milestone3 == 9.0.0-milestone4 == 9.0.0-milestone5 == 9.0.0-milestone6 == 9.0.0-milestone7 == 9.0.0-milestone8 >= 9.0.1 < 9.0.108
CVE-2025-53506	High	July 10, 2025 7/10/25	>= 10.1.0 <= 10.1.42 >= 11.0.0 <= 11.0.8 >= 9.0.0 <= 9.0.106
CVE-2025-52520	High	July 10, 2025 7/10/25	>= 9.0.0 < 9.0.107 >= 10.1.0 < 10.1.43 >= 11.0.0 < 11.0.9
CVE-2025-52434	Medium	July 10, 2025 7/10/25	>= 9.0.0 < 9.0.107
CVE-2025-49125	Medium	June 16, 2025 6/16/25	>= 10.1.0 < 10.1.42 >= 11.0.0 < 11.0.8 >= 9.0.0 < 9.0.106
CVE-2025-49124	Medium	June 16, 2025 6/16/25	>= 10.1.0 < 10.1.42 >= 11.0.0 < 11.0.8 >= 9.0.23 < 9.0.106
CVE-2025-48988	High	June 16, 2025 6/16/25	>= 10.1.0 < 10.1.42 >= 11.0.0 < 11.0.8 >= 9.0.0 < 9.0.106
CVE-2025-46701	Low	May 29, 2025 5/29/25	>= 10.1.0 < 10.1.41 >= 11.0.0 < 11.0.7 >= 9.0.0 < 9.0.105
CVE-2025-31651	Low	April 28, 2025 4/28/25	>= 10.1.0 < 10.1.40 >= 11.0.0 < 11.0.6 >= 9.0.0 < 9.0.104
CVE-2025-31650	Medium	April 28, 2025 4/28/25	== 11.0.0-milestone2 == 11.0.0-milestone4 == 11.0.0-milestone3 == 11.0.0-milestone5 == 11.0.0-milestone7 == 11.0.0-milestone8 == 11.0.0-milestone10 == 11.0.0-milestone11 == 11.0.0-milestone12 == 11.0.0-milestone13 == 11.0.0-milestone14 == 11.0.0-milestone15 == 11.0.0-milestone16 == 11.0.0-milestone17 == 11.0.0-milestone18 == 11.0.0-milestone19 == 11.0.0-milestone6 == 11.0.0-milestone9 >= 9.0.76 < 9.0.104 >= 10.1.10 < 10.1.40 == 11.0.0-milestone20 == 11.0.0-milestone21 == 11.0.0-milestone22 == 11.0.0-milestone23 == 11.0.0-milestone24 == 11.0.0-milestone25 >= 11.0.1 < 11.0.6
CVE-2025-24813	Critical	March 10, 2025 3/10/25	== 10.1.0-milestone3 == 10.1.0-milestone4 == 10.1.0-milestone5 == 10.1.0-milestone1 == 10.1.0-milestone2 == 10.1.0-milestone7 == 10.1.0-milestone8 == 10.1.0-milestone9 == 10.1.0-milestone6 == 10.1.0-milestone10 == 10.1.0-milestone11 == 10.1.0-milestone12 == 10.1.0-milestone13 == 10.1.0-milestone14 == 10.1.0-milestone16 == 10.1.0-milestone15 == 10.1.0-milestone17 == 11.0.0-milestone1 == 11.0.0-milestone2 == 11.0.0-milestone4 == 11.0.0-milestone3 == 11.0.0-milestone5 == 11.0.0-milestone7 == 11.0.0-milestone8 == 11.0.0-milestone9 == 11.0.0-milestone10 == 11.0.0-milestone6 == 10.1.0-milestone20 == 10.1.0-milestone19 == 10.1.0-milestone18 == 11.0.0-milestone11 == 11.0.0-milestone12 == 11.0.0-milestone13 == 11.0.0-milestone14 == 11.0.0-milestone15 == 11.0.0-milestone16 == 11.0.0-milestone17 == 11.0.0-milestone18 == 11.0.0-milestone19 == 11.0.0-milestone20 >= 10.1.1 < 10.1.35 >= 11.0.1 < 11.0.3 == 11.0.0-milestone21 == 11.0.0-milestone22 == 11.0.0-milestone23 == 11.0.0-milestone24 == 11.0.0-milestone25 < 9.0.99
CVE-2024-56337	High	December 20, 2024 12/20/24	>= 10.1.0 < 10.1.34 >= 11.0.0 < 11.0.2 >= 9.0.0 < 9.0.98
CVE-2024-50379	High	December 17, 2024 12/17/24	>= 10.1.0 < 10.1.34 >= 11.0.0 < 11.0.2 >= 9.0.0 < 9.0.98
CVE-2024-54677	Low	December 17, 2024 12/17/24	>= 10.1.0 < 10.1.34 >= 11.0.0 < 11.0.2 >= 9.0.0 < 9.0.98
CVE-2024-52318	Medium	November 18, 2024 11/18/24	== 10.1.31 == 11.0.0 == 9.0.96
CVE-2024-52316	Critical	November 18, 2024 11/18/24	== 11.0.0-milestone1 == 11.0.0-milestone2 == 11.0.0-milestone4 == 11.0.0-milestone3 == 11.0.0-milestone5 == 11.0.0-milestone7 == 11.0.0-milestone10 == 11.0.0-milestone11 == 11.0.0-milestone12 == 11.0.0-milestone13 == 11.0.0-milestone14 == 11.0.0-milestone15 == 11.0.0-milestone16 == 11.0.0-milestone17 == 11.0.0-milestone18 == 11.0.0-milestone6 == 11.0.0-milestone8 == 11.0.0-milestone9 >= 9.0.0 < 9.0.96 >= 10.1.0 < 10.1.31 == 11.0.0-milestone19 == 11.0.0-milestone20 == 11.0.0-milestone21 == 11.0.0-milestone22 == 11.0.0-milestone23 == 11.0.0-milestone24 == 11.0.0-milestone25 == 11.0.0-milestone26
CVE-2024-52317	Medium	November 18, 2024 11/18/24	== 11.0.0-milestone23 == 11.0.0-milestone24 == 11.0.0-milestone25 == 11.0.0-milestone26 >= 10.1.27 < 10.1.31 >= 9.0.92 < 9.0.96
CVE-2024-38286	High	November 7, 2024 11/7/24	== 10.1.0-milestone3 == 10.1.0-milestone4 == 10.1.0-milestone5 == 10.1.0-milestone1 == 10.1.0-milestone2 == 10.1.0-milestone7 == 10.1.0-milestone10 == 10.1.0-milestone11 == 10.1.0-milestone12 == 10.1.0-milestone13 == 10.1.0-milestone14 == 10.1.0-milestone15 == 10.1.0-milestone16 == 10.1.0-milestone17 == 10.1.0-milestone6 == 10.1.0-milestone8 == 10.1.0-milestone9 == 11.0.0-milestone1 >= 10.1.1 < 10.1.25 >= 9.0.13 < 9.0.90 == 10.1.0-milestone18 == 10.1.0-milestone19 == 10.1.0-milestone20 == 11.0.0-milestone2 == 11.0.0-milestone3 == 11.0.0-milestone4 == 11.0.0-milestone5 == 11.0.0-milestone6 == 11.0.0-milestone7 == 11.0.0-milestone8 == 11.0.0-milestone9 == 11.0.0-milestone10 == 11.0.0-milestone11 == 11.0.0-milestone12 == 11.0.0-milestone13 == 11.0.0-milestone14 == 11.0.0-milestone15 == 11.0.0-milestone16 == 11.0.0-milestone17 == 11.0.0-milestone18 == 11.0.0-milestone19 == 11.0.0-milestone20
CVE-2024-34750	High	July 3, 2024 7/3/24	== 11.0.0-milestone1 == 11.0.0-milestone2 == 11.0.0-milestone4 == 11.0.0-milestone3 == 11.0.0-milestone5 == 11.0.0-milestone7 == 11.0.0-milestone10 == 11.0.0-milestone11 == 11.0.0-milestone12 == 11.0.0-milestone13 == 11.0.0-milestone14 == 11.0.0-milestone15 == 11.0.0-milestone16 == 11.0.0-milestone17 == 11.0.0-milestone18 == 11.0.0-milestone6 == 11.0.0-milestone8 == 11.0.0-milestone9 >= 9.0.0 < 9.0.90 >= 10.1.0 < 10.1.25 == 11.0.0-milestone19 == 11.0.0-milestone20
CVE-2024-24549	Medium	March 13, 2024 3/13/24	== 11.0.0-milestone1 == 11.0.0-milestone2 == 11.0.0-milestone4 == 11.0.0-milestone3 == 11.0.0-milestone5 == 11.0.0-milestone7 >= 8.5.0 < 8.5.99 >= 10.1.0 < 10.1.19 == 11.0.0-milestone10 == 11.0.0-milestone11 == 11.0.0-milestone12 == 11.0.0-milestone13 == 11.0.0-milestone14 == 11.0.0-milestone15 == 11.0.0-milestone16 == 11.0.0-milestone6 == 11.0.0-milestone8 == 11.0.0-milestone9 >= 9.0.0 < 9.0.86
CVE-2024-23672	Medium	March 13, 2024 3/13/24	== 11.0.0-milestone1 == 11.0.0-milestone2 == 11.0.0-milestone4 == 11.0.0-milestone3 == 11.0.0-milestone5 == 11.0.0-milestone7 >= 8.5.0 < 8.5.99 >= 10.1.0 < 10.1.19 == 11.0.0-milestone10 == 11.0.0-milestone11 == 11.0.0-milestone12 == 11.0.0-milestone13 == 11.0.0-milestone14 == 11.0.0-milestone15 == 11.0.0-milestone16 == 11.0.0-milestone6 == 11.0.0-milestone8 == 11.0.0-milestone9 >= 9.0.0 < 9.0.86
CVE-2024-21733	Medium	January 19, 2024 1/19/24	== 9.0.0-milestone11 == 9.0.0-milestone12 == 9.0.0-milestone13 == 9.0.0-milestone14 == 9.0.0-milestone15 == 9.0.0-milestone16 == 9.0.0-milestone17 == 9.0.0-milestone18 == 9.0.0-milestone19 == 9.0.0-milestone20 == 9.0.0-milestone21 == 9.0.0-milestone22 == 9.0.0-milestone23 == 9.0.0-milestone24 == 9.0.0-milestone25 == 9.0.0-milestone26 == 9.0.0-milestone27 >= 9.0.1 < 9.0.44 >= 8.5.7 < 8.5.64
CVE-2023-46589	High	November 28, 2023 11/28/23	== 11.0.0-milestone1 == 11.0.0-milestone2 == 11.0.0-milestone4 == 11.0.0-milestone3 == 11.0.0-milestone5 == 11.0.0-milestone7 == 11.0.0-milestone8 == 11.0.0-milestone9 == 11.0.0-milestone10 == 11.0.0-milestone6 >= 10.1.0 < 10.1.16 >= 9.0.0 < 9.0.83 >= 8.5.0 < 8.5.96
CVE-2023-45648	Medium	October 10, 2023 10/10/23	== 9.0.0-milestone1 == 9.0.0-milestone10 == 9.0.0-milestone11 == 9.0.0-milestone12 == 9.0.0-milestone13 == 9.0.0-milestone14 == 9.0.0-milestone15 == 9.0.0-milestone16 == 9.0.0-milestone17 == 9.0.0-milestone18 == 9.0.0-milestone19 == 9.0.0-milestone2 == 9.0.0-milestone20 == 9.0.0-milestone21 == 9.0.0-milestone22 == 9.0.0-milestone23 == 9.0.0-milestone24 == 9.0.0-milestone25 == 9.0.0-milestone26 == 9.0.0-milestone27 == 9.0.0-milestone3 == 9.0.0-milestone4 == 9.0.0-milestone5 == 9.0.0-milestone6 == 9.0.0-milestone7 == 9.0.0-milestone8 == 9.0.0-milestone9 == 10.1.0-milestone3 == 10.1.0-milestone4 == 10.1.0-milestone5 == 10.1.0-milestone1 == 10.1.0-milestone2 == 10.1.0-milestone7 == 10.1.0-milestone8 == 10.1.0-milestone9 == 10.1.0-milestone6 == 10.1.0-milestone10 == 10.1.0-milestone11 == 10.1.0-milestone12 == 10.1.0-milestone13 == 10.1.0-milestone14 == 10.1.0-milestone16 == 10.1.0-milestone15 == 10.1.0-milestone17 == 11.0.0-milestone1 == 11.0.0-milestone2 == 11.0.0-milestone4 == 11.0.0-milestone3 == 11.0.0-milestone5 == 11.0.0-milestone7 == 11.0.0-milestone8 == 11.0.0-milestone9 == 11.0.0-milestone10 == 11.0.0-milestone6 >= 10.1.1 < 10.1.14 == 10.1.0-milestone20 == 10.1.0-milestone19 == 10.1.0-milestone18 >= 8.5.0 < 8.5.94 >= 9.0.1 < 9.0.81 == 11.0.0-milestone11
CVE-2023-42795	Medium	October 10, 2023 10/10/23	== 9.0.0-milestone1 == 9.0.0-milestone10 == 9.0.0-milestone11 == 9.0.0-milestone12 == 9.0.0-milestone13 == 9.0.0-milestone14 == 9.0.0-milestone15 == 9.0.0-milestone16 == 9.0.0-milestone17 == 9.0.0-milestone18 == 9.0.0-milestone19 == 9.0.0-milestone2 == 9.0.0-milestone20 == 9.0.0-milestone21 == 9.0.0-milestone22 == 9.0.0-milestone23 == 9.0.0-milestone24 == 9.0.0-milestone25 == 9.0.0-milestone26 == 9.0.0-milestone27 == 9.0.0-milestone3 == 9.0.0-milestone4 == 9.0.0-milestone5 == 9.0.0-milestone6 == 9.0.0-milestone7 == 9.0.0-milestone8 == 9.0.0-milestone9 == 10.1.0-milestone3 == 10.1.0-milestone4 == 10.1.0-milestone5 == 10.1.0-milestone1 == 10.1.0-milestone2 == 10.1.0-milestone7 == 10.1.0-milestone8 == 10.1.0-milestone9 == 10.1.0-milestone6 == 10.1.0-milestone10 == 10.1.0-milestone11 == 10.1.0-milestone12 == 10.1.0-milestone13 == 10.1.0-milestone14 == 10.1.0-milestone16 == 10.1.0-milestone15 == 10.1.0-milestone17 == 11.0.0-milestone1 == 11.0.0-milestone2 == 11.0.0-milestone4 == 11.0.0-milestone3 == 11.0.0-milestone5 == 11.0.0-milestone7 == 11.0.0-milestone8 == 11.0.0-milestone9 == 11.0.0-milestone10 == 11.0.0-milestone6 >= 10.1.1 < 10.1.14 == 10.1.0-milestone20 == 10.1.0-milestone19 == 10.1.0-milestone18 >= 8.5.0 < 8.5.94 >= 9.0.1 < 9.0.81 == 11.0.0-milestone11
CVE-2023-42794	Medium	October 10, 2023 10/10/23	>= 8.5.85 < 8.5.94 >= 9.0.70 < 9.0.81

org.apache.tomcat / tomcat

432 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2026-41284	High	May 12, 2026 5/12/26	< 9.0.118 >= 10.1.0-M1 < 10.1.55 >= 11.0.0-M1 < 11.0.22
CVE-2026-41293	Critical	May 12, 2026 5/12/26	< 9.0.118 >= 10.1.0-M1 < 10.1.55 >= 11.0.0-M1 < 11.0.22
CVE-2026-42498	High	May 12, 2026 5/12/26	< 9.0.118 >= 10.1.0-M1 < 10.1.55 >= 11.0.0-M1 < 11.0.22
CVE-2026-43512	Critical	May 12, 2026 5/12/26	< 9.0.118 >= 10.1.0-M1 < 10.1.55 >= 11.0.0-M1 < 11.0.22
CVE-2026-43513	High	May 12, 2026 5/12/26	< 9.0.118 >= 10.1.0-M1 < 10.1.55 >= 11.0.0-M1 < 11.0.22
CVE-2026-43514	Low	May 12, 2026 5/12/26	< 9.0.118 >= 10.1.0-M1 < 10.1.55 >= 11.0.0-M1 < 11.0.22
CVE-2026-43515	Critical	May 12, 2026 5/12/26	< 9.0.118 >= 10.1.0-M1 < 10.1.55 >= 11.0.0-M1 < 11.0.22
CVE-2026-34483	High	April 9, 2026 4/9/26	>= 9.0.40 < 9.0.116 >= 10.1.0-M1 < 10.1.54 >= 11.0.0-M1 < 11.0.21
CVE-2026-34486	High	April 9, 2026 4/9/26	== 11.0.20 >= 11.0.20 < 11.0.21 == 10.1.53 >= 10.1.53 < 10.1.54 == 9.0.116 >= 9.0.116 < 9.0.117
CVE-2026-34487	High	April 9, 2026 4/9/26	>= 9.0.13 < 9.0.117 >= 10.1.0-M1 < 10.1.54 >= 11.0.0-M1 < 11.0.21
CVE-2026-25854	Medium	April 9, 2026 4/9/26	>= 8.5.30 < 9.0.116 >= 10.1.0-M1 < 10.1.53 >= 11.0.0-M1 < 11.0.20
CVE-2026-29129	High	April 9, 2026 4/9/26	>= 9.0.114 < 9.0.116 >= 10.1.51 < 10.1.53 >= 11.0.16 < 11.0.20
CVE-2026-29145	Critical	April 9, 2026 4/9/26	>= 9.0.83 < 9.0.116 >= 10.1.0-M7 < 10.1.53 >= 11.0.0-M1 < 11.0.20
CVE-2026-29146	High	April 9, 2026 4/9/26	>= 9.0.13 < 9.0.116 >= 10.1.50 < 10.1.53 >= 11.0.0-M1 < 11.0.20 >= 8.5.38 <= 8.5.100 >= 7.0.100 <= 7.0.109
CVE-2026-32990	Medium	April 9, 2026 4/9/26	>= 9.0.113 < 9.0.116 >= 10.1.50 < 10.1.53 >= 11.0.15 < 11.0.20
CVE-2025-66614	Medium	February 17, 2026 2/17/26	>= 11.0.0-M1 < 11.0.15 >= 10.1.0-M1 < 10.1.50 < 9.0.113
CVE-2026-24733	Low	February 17, 2026 2/17/26	>= 11.0.0-M1 < 11.0.15 >= 10.1.0-M1 < 10.1.50 < 9.0.113
CVE-2025-61795	Low	October 27, 2025 10/27/25	>= 11.0.0-M1 < 11.0.12 >= 10.1.0-M1 < 10.1.47 >= 9.0.0.M1 < 9.0.110 >= 8.5.0 <= 8.5.100
CVE-2025-55754	Low	October 27, 2025 10/27/25	>= 11.0.0-M1 < 11.0.11 >= 10.1.0-M1 < 10.1.45 >= 8.5.60 <= 8.5.100 >= 9.0.40 < 9.0.109
CVE-2025-55752	High	October 27, 2025 10/27/25	>= 11.0.0-M1 < 11.0.11 >= 10.1.0-M1 < 10.1.45 >= 9.0.0-M11 < 9.0.109 >= 8.5.6 <= 8.5.100
CVE-2025-49124	Medium	June 16, 2025 6/16/25	>= 11.0.0-M1 < 11.0.8 >= 10.1.0 < 10.1.42 >= 9.0.23 < 9.0.106
CVE-2024-54677	Low	December 17, 2024 12/17/24	>= 11.0.0-M1 < 11.0.2 >= 10.1.0-M1 < 10.1.34 >= 9.0.0.M1 < 9.0.98
CVE-2024-52318	Medium	November 18, 2024 11/18/24	== 11.0.0 >= 11.0.0 < 11.0.1 == 10.1.31 >= 10.1.31 < 10.1.32 == 9.0.96 >= 9.0.96 < 9.0.97
CVE-2023-45648	Medium	October 10, 2023 10/10/23	>= 11.0.0-M1 < 11.0.0-M12 >= 10.1.0-M1 < 10.1.14 >= 9.0.0-M1 < 9.0.81 >= 8.5.0 < 8.5.94
CVE-2023-42795	Medium	October 10, 2023 10/10/23	>= 9.0.0-M1 < 9.0.81 >= 8.5.0 < 8.5.94 >= 11.0.0-M1 < 11.0.0-M12 >= 10.1.0-M1 < 10.1.14
CVE-2023-41080	Medium	August 25, 2023 8/25/23	>= 11.0.0-M1 < 11.0.0-M11 >= 10.1.0-M1 < 10.1.13 >= 9.0.0-M1 < 9.0.80 >= 8.5.0 < 8.5.93
CVE-2021-43980	Low	September 28, 2022 9/28/22	>= 8.5.0 < 8.5.78 >= 9.0.0-M1 < 9.0.62 >= 10.0.0-M1 < 10.0.20 >= 10.1.0-M1 < 10.1.0-M14
CVE-2022-34305	Medium	June 23, 2022 6/23/22	>= 10.1.0-M1 < 10.1.0-M17 >= 10.0.0-M1 < 10.0.22 >= 9.0.30 < 9.0.65 >= 8.5.50 < 8.5.82
CVE-2022-25762	High	May 13, 2022 5/13/22	>= 8.5.0 < 8.5.75 >= 9.0.0M1 < 9.0.20
CVE-2022-29885	High	May 12, 2022 5/12/22	>= 10.1.0-M1 < 10.1.0-M15 >= 10.0.0-M1 < 10.0.21 >= 9.0.13 < 9.0.63 >= 8.5.38 < 8.5.79
CVE-2022-23181	High	January 27, 2022 1/27/22	>= 10.0.0 < 10.0.16 >= 9.0.0 < 9.0.58 < 8.5.75
CVE-2021-42340	High	October 14, 2021 10/14/21	>= 10.1.0-M1 < 10.1.0-M6 >= 10.0.0-M1 < 10.0.12 >= 9.0.40 < 9.0.54 >= 8.5.60 < 8.5.72
CVE-2021-41079	High	September 16, 2021 9/16/21	>= 10.0.0 < 10.0.4 >= 9.0.0 < 9.0.44 >= 8.5.0 < 8.5.64
CVE-2021-30639	High	July 12, 2021 7/12/21	>= 10.0.3 < 10.0.5 >= 9.0.0 < 9.0.45 < 8.5.65
CVE-2021-30640	Medium	July 12, 2021 7/12/21	>= 10.0.0-M1 < 10.0.5 >= 9.0.0M1 < 9.0.45 >= 8.5.0 < 8.5.65
CVE-2021-33037	Medium	July 12, 2021 7/12/21	>= 10.0.0-M1 < 10.0.7 >= 9.0.0-M1 < 9.0.48 >= 8.5.0 < 8.5.68
CVE-2020-13934	High	July 14, 2020 7/14/20	>= 10.0.0-M1 < 10.0.0-M6 >= 9.0.0.M5 < 9.0.36 >= 8.5.1 < 8.5.56
CVE-2020-13935	High	July 14, 2020 7/14/20	>= 10.0.0-M1 < 10.0.0-M7 >= 9.0.0.M1 < 9.0.37 >= 8.5.0 < 8.5.57 >= 7.0.27 < 7.0.105
CVE-2020-8022	High	June 29, 2020 6/29/20	< 8.0.53 >= 9.0.0 < 9.0.35
CVE-2020-11996	High	June 26, 2020 6/26/20	>= 10.0.0-M1 < 10.0.0-M5 >= 9.0.0.M1 < 9.0.35 >= 8.5.0 < 8.5.55
CVE-2019-17569	Medium	February 24, 2020 2/24/20	>= 7.0.98 < 7.0.100 >= 8.5.48 < 8.5.51 >= 9.0.28 < 9.0.31
CVE-2020-1935	Medium	February 24, 2020 2/24/20	< 7.0.100 >= 8.0.0 < 8.5.51 >= 9.0.0 < 9.0.31
CVE-2019-0221	Medium	May 28, 2019 5/28/19	>= 9.0.0 < 9.0.17 >= 8.5.0 < 8.5.40 >= 7.0.0 < 7.0.94
CVE-2017-15706	Medium	January 31, 2018 1/31/18	>= 9.0.0.M22 < 9.0.2 >= 8.5.16 < 8.5.24 >= 8.0.45 < 8.0.48 >= 7.0.79 < 7.0.84
CVE-2016-6796	High	August 11, 2017 8/11/17	>= 9.0.0.M1 < 9.0.0.M10 >= 8.5.0 < 8.5.5 >= 8.0.0.RC1 < 8.0.37 >= 7.0.0 < 7.0.71 >= 6.0.0 < 6.0.46
CVE-2017-7674	Medium	August 11, 2017 8/11/17	>= 9.0.0.M1 < 9.0.0.M22 >= 8.5.0 < 8.5.16 >= 8.0.0.RC1 < 8.0.45 >= 7.0.41 < 7.0.79
CVE-2017-7675	High	August 11, 2017 8/11/17	>= 9.0.0.M1 < 9.0.0.M22 >= 8.5.0 < 8.5.16
CVE-2016-6797	High	August 10, 2017 8/10/17	>= 9.0.0.M1 < 9.0.0.M10 >= 8.5.0 < 8.5.5 >= 8.0.0 < 8.0.37 >= 7.0.0 < 7.0.72
CVE-2016-6817	High	August 10, 2017 8/10/17	>= 9.0.0.M1 < 9.0.0.M12 >= 8.5.0 < 8.5.8
CVE-2016-0762	Medium	August 10, 2017 8/10/17	>= 9.0.0M1 < 9.0.0.M10 >= 8.5.0 < 8.5.5 >= 8.0.0.RC1 < 8.0.37 >= 7.0.0 < 7.0.72 >= 6.0.0 < 6.0.46

Showing vulnerabilities for 2 products matching "tomcat". Each product has independent pagination.

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo

Frequently Asked Questions

What is a Vulnerability (CVE) and why does it matter?

A security vulnerability is a weakness in software, hardware, or configuration that can be exploited to compromise confidentiality, integrity, or availability. Many vulnerabilities are tracked as CVEs (Common Vulnerabilities and Exposures), which provide a standardized identifier so teams can coordinate patching, mitigation, and risk assessment across tools and vendors.

CVSS (Common Vulnerability Scoring System) estimates technical severity, but it doesn't automatically equal business risk. Prioritize using context like internet exposure, affected asset criticality, known exploitation (proof-of-concept or in-the-wild), and whether compensating controls exist. A "Medium" CVSS on an exposed, production system can be more urgent than a "Critical" on an isolated, non-production host.

A vulnerability is the underlying weakness. An exploit is the method or code used to take advantage of it. A zero-day is a vulnerability that is unknown to the vendor or has no publicly available fix when attackers begin using it. In practice, risk increases sharply when exploitation becomes reliable or widespread.

Recurring findings usually come from incomplete Asset Discovery, inconsistent patch management, inherited images, and configuration drift. In modern environments, you also need to watch the software supply chain: dependencies, containers, build pipelines, and third-party services can reintroduce the same weakness even after you patch a single host. Unknown or unmanaged assets (often called Shadow IT) are a common reason the same issues resurface.

Use a simple, repeatable triage model: focus first on externally exposed assets, high-value systems (identity, VPN, email, production), vulnerabilities with known exploits, and issues that enable remote code execution or privilege escalation. Then enforce patch SLAs and track progress using consistent metrics so remediation is steady, not reactive.

SynScan combines attack surface monitoring and continuous security auditing to keep your inventory current, flag high-impact vulnerabilities early, and help you turn raw findings into a practical remediation plan.