tomcat10 (SUSE:Linux Enterprise Module for Web and Scripting 15 SP6) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Module for Web and Scripting 15 SP6 package tomcat10, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (18)
CVE-2025-31651 — CVSS 9.8 (critical): Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule…
CVE-2024-50379 — CVSS 9.8 (critical): Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive…
CVE-2024-56337 — CVSS 9.8 (critical): Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through…
CVE-2024-52316 — CVSS 9.8 (critical): Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC)…
CVE-2025-55754 — CVSS 9.6 (critical): Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. Tomcat did not escape ANSI escape sequences…
CVE-2025-49125 — CVSS 7.5 (high): Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat. When using PreResources or PostResources mounted…
CVE-2025-53506 — CVSS 7.5 (high): Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that…
CVE-2025-52520 — CVSS 7.5 (high): For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing…
CVE-2025-55752 — CVSS 7.5 (high): Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the rewritten URL was…
CVE-2025-31650 — CVSS 7.5 (high): Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in…
CVE-2024-34750 — CVSS 7.5 (high): Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2…
CVE-2025-48988 — CVSS 7.5 (high): Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1…
CVE-2025-48989 — CVSS 7.5 (high): Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack. This issue…
CVE-2025-46701 — CVSS 7.3 (high): Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security…
CVE-2024-52317 — CVSS 6.5 (medium): Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2…
CVE-2024-54677 — CVSS 5.3 (medium): Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service…
CVE-2025-61795 — CVSS 5.3 (medium): Improper Resource Shutdown or Release vulnerability in Apache Tomcat. If an error occurred (including exceeding limits) during the…