{"url":"http://public2.vulnerablecode.io/api/packages/105881?format=json","purl":"pkg:deb/debian/tomcat11@11.0.21-1?distro=trixie","type":"deb","namespace":"debian","name":"tomcat11","version":"11.0.21-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"0","latest_non_vulnerable_version":"11.0.22-2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/28594?format=json","vulnerability_id":"VCID-2n2k-sh22-fkfw","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41284","reference_id":"","reference_type":"","scores":[{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21313","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41284"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/17dacd9aa48628da2eba37a9ab743c0b6c71685c","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/17dacd9aa48628da2eba37a9ab743c0b6c71685c"},{"reference_url":"https://github.com/apache/tomcat/commit/a96fffd18487a29c0a30d36f00cb2b2d91f6d42c","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/a96fffd18487a29c0a30d36f00cb2b2d91f6d42c"},{"reference_url":"https://github.com/apache/tomcat/commit/b3d1c1c239142e806be0b7329d304b94a58913ed","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/b3d1c1c239142e806be0b7329d304b94a58913ed"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41284","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41284"},{"reference_url":"https://tomcat.apache.org/security-10.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html"},{"reference_url":"https://tomcat.apache.org/security-11.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html"},{"reference_url":"https://tomcat.apache.org/security-9.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/05/12/12","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/05/12/12"},{"reference_url":"https://lists.apache.org/thread/2nvqjr7ovjmvx2vbhb7s61ycd5msc8qc","reference_id":"2nvqjr7ovjmvx2vbhb7s61ycd5msc8qc","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T15:57:41Z/"}],"url":"https://lists.apache.org/thread/2nvqjr7ovjmvx2vbhb7s61ycd5msc8qc"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41284","reference_id":"CVE-2026-41284","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41284"},{"reference_url":"https://usn.ubuntu.com/8417-1/","reference_id":"USN-8417-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8417-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105889?format=json","purl":"pkg:deb/debian/tomcat11@11.0.22-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.22-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105890?format=json","purl":"pkg:deb/debian/tomcat11@11.0.22-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.22-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105883?format=json","purl":"pkg:deb/debian/tomcat11@11.0.22-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.22-2%3Fdistro=trixie"}],"aliases":["CVE-2026-41284","GHSA-gx5v-xp9w-j4cg"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2n2k-sh22-fkfw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/28596?format=json","vulnerability_id":"VCID-697g-gcg9-zyaa","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41293.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41293.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41293","reference_id":"","reference_type":"","scores":[{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22276","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41293"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/19f17a257797e8d139b33ff9c88d362a273be148","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/19f17a257797e8d139b33ff9c88d362a273be148"},{"reference_url":"https://github.com/apache/tomcat/commit/1c70480466572c9192ed412ebefcd43fc63137fd","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/1c70480466572c9192ed412ebefcd43fc63137fd"},{"reference_url":"https://github.com/apache/tomcat/commit/2a2476460e823789f530a22207873ea8cd6eff3b","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/2a2476460e823789f530a22207873ea8cd6eff3b"},{"reference_url":"https://github.com/apache/tomcat/commit/3915fd27e6810b14ccd21e3d900bd8faef44d3df","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/3915fd27e6810b14ccd21e3d900bd8faef44d3df"},{"reference_url":"https://github.com/apache/tomcat/commit/57c2b3bfd62792631e1df24cf4237b990a0b36fa","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/57c2b3bfd62792631e1df24cf4237b990a0b36fa"},{"reference_url":"https://github.com/apache/tomcat/commit/c2925554c677da57390f940d856871e18daaacab","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/c2925554c677da57390f940d856871e18daaacab"},{"reference_url":"https://github.com/apache/tomcat/commit/cf9452443bcbf3b1a4b435ef7d624364f1b65ca3","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/cf9452443bcbf3b1a4b435ef7d624364f1b65ca3"},{"reference_url":"https://github.com/apache/tomcat/commit/e5cef9618c3f4fd31bd6fb1e83f0f18022280dac","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/e5cef9618c3f4fd31bd6fb1e83f0f18022280dac"},{"reference_url":"https://github.com/apache/tomcat/commit/f72a6174ab1f0f5a053435f80448b4f6837fe6d7","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/f72a6174ab1f0f5a053435f80448b4f6837fe6d7"},{"reference_url":"https://lists.apache.org/thread/qwg0q16z7xkb2qrr853wdll5531mvl1r","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/qwg0q16z7xkb2qrr853wdll5531mvl1r"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41293","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41293"},{"reference_url":"https://tomcat.apache.org/security-10.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html"},{"reference_url":"https://tomcat.apache.org/security-11.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html"},{"reference_url":"https://tomcat.apache.org/security-9.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/05/12/13","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/05/12/13"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2476513","reference_id":"2476513","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2476513"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41293","reference_id":"CVE-2026-41293","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41293"},{"reference_url":"https://usn.ubuntu.com/8417-1/","reference_id":"USN-8417-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8417-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105889?format=json","purl":"pkg:deb/debian/tomcat11@11.0.22-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.22-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105890?format=json","purl":"pkg:deb/debian/tomcat11@11.0.22-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.22-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105883?format=json","purl":"pkg:deb/debian/tomcat11@11.0.22-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.22-2%3Fdistro=trixie"}],"aliases":["CVE-2026-41293","GHSA-r29c-68gh-xp6x"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-697g-gcg9-zyaa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/29213?format=json","vulnerability_id":"VCID-97et-ubnp-wqcy","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43512.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43512.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43512","reference_id":"","reference_type":"","scores":[{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33696","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43512"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat/commit/3d4d3fae07a6cd9c2eb193c5491001740ec64448","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/3d4d3fae07a6cd9c2eb193c5491001740ec64448"},{"reference_url":"https://github.com/apache/tomcat/commit/6565a6cb6499e56fe2f34457cec99f9d1c4f39e9","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/6565a6cb6499e56fe2f34457cec99f9d1c4f39e9"},{"reference_url":"https://github.com/apache/tomcat/commit/a99c355e8199adbfd67c9a1fffbd85b810b196cd","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/a99c355e8199adbfd67c9a1fffbd85b810b196cd"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43512","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43512"},{"reference_url":"https://tomcat.apache.org/security-10.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html"},{"reference_url":"https://tomcat.apache.org/security-11.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html"},{"reference_url":"https://tomcat.apache.org/security-9.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/05/12/8","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/05/12/8"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2476511","reference_id":"2476511","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2476511"},{"reference_url":"https://lists.apache.org/thread/7x09x7o12solvclslw3sz0288xc8wx73","reference_id":"7x09x7o12solvclslw3sz0288xc8wx73","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-14T16:38:42Z/"}],"url":"https://lists.apache.org/thread/7x09x7o12solvclslw3sz0288xc8wx73"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43512","reference_id":"CVE-2026-43512","reference_type":"","scores":[{"value":"Moderate","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43512"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13745","reference_id":"RHSA-2026:13745","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13745"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16528","reference_id":"RHSA-2026:16528","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16528"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:25123","reference_id":"RHSA-2026:25123","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:25123"},{"reference_url":"https://usn.ubuntu.com/8383-1/","reference_id":"USN-8383-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8383-1/"},{"reference_url":"https://usn.ubuntu.com/8417-1/","reference_id":"USN-8417-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8417-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105889?format=json","purl":"pkg:deb/debian/tomcat11@11.0.22-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.22-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105890?format=json","purl":"pkg:deb/debian/tomcat11@11.0.22-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.22-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105883?format=json","purl":"pkg:deb/debian/tomcat11@11.0.22-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.22-2%3Fdistro=trixie"}],"aliases":["CVE-2026-43512","GHSA-h6fc-48rj-7qqh"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-97et-ubnp-wqcy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/28669?format=json","vulnerability_id":"VCID-9xyf-k9wq-g7b9","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42498","reference_id":"","reference_type":"","scores":[{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15929","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42498"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/169d725788ea6aec217ecac70fe4161c837ba423","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/169d725788ea6aec217ecac70fe4161c837ba423"},{"reference_url":"https://github.com/apache/tomcat/commit/6cbe274592ef2d11607b5b188e1df649de52f8d5","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/6cbe274592ef2d11607b5b188e1df649de52f8d5"},{"reference_url":"https://github.com/apache/tomcat/commit/b7b173694d588ddcfa432f079baf763cbbbaa5c4","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/b7b173694d588ddcfa432f079baf763cbbbaa5c4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42498","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42498"},{"reference_url":"https://tomcat.apache.org/security-10.html","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html"},{"reference_url":"https://tomcat.apache.org/security-11.html","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html"},{"reference_url":"https://tomcat.apache.org/security-9.html","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/05/12/14","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/05/12/14"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42498","reference_id":"CVE-2026-42498","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42498"},{"reference_url":"https://lists.apache.org/thread/n61zwf75jrv09rz90j4jssncm244bwdb","reference_id":"n61zwf75jrv09rz90j4jssncm244bwdb","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T15:58:45Z/"}],"url":"https://lists.apache.org/thread/n61zwf75jrv09rz90j4jssncm244bwdb"},{"reference_url":"https://usn.ubuntu.com/8417-1/","reference_id":"USN-8417-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8417-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105889?format=json","purl":"pkg:deb/debian/tomcat11@11.0.22-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.22-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105890?format=json","purl":"pkg:deb/debian/tomcat11@11.0.22-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.22-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105883?format=json","purl":"pkg:deb/debian/tomcat11@11.0.22-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.22-2%3Fdistro=trixie"}],"aliases":["CVE-2026-42498","GHSA-fv25-8xcx-gqjc"],"risk_score":3.3,"exploitability":"0.5","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9xyf-k9wq-g7b9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/29216?format=json","vulnerability_id":"VCID-dj7q-4map-ebg4","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43515","reference_id":"","reference_type":"","scores":[{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26417","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43515"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/0659748659ec75253fea5aac72cab6f94e79c419","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/0659748659ec75253fea5aac72cab6f94e79c419"},{"reference_url":"https://github.com/apache/tomcat/commit/276087d9c7abbcecc6c4fb4e4b08cf64780c6e36","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/276087d9c7abbcecc6c4fb4e4b08cf64780c6e36"},{"reference_url":"https://github.com/apache/tomcat/commit/c621317382682206fb58ab92ebd3e1b6fdd10ce9","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/c621317382682206fb58ab92ebd3e1b6fdd10ce9"},{"reference_url":"https://github.com/apache/tomcat/commit/db919ff9912b4d61d1b702a1342b8bde39270031","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/db919ff9912b4d61d1b702a1342b8bde39270031"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43515","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43515"},{"reference_url":"https://tomcat.apache.org/security-10.html","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html"},{"reference_url":"https://tomcat.apache.org/security-11.html","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html"},{"reference_url":"https://tomcat.apache.org/security-9.html","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/05/12/11","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/05/12/11"},{"reference_url":"https://lists.apache.org/thread/746nxfxod0wsocxtmv8pb8nkgmwpc6bb","reference_id":"746nxfxod0wsocxtmv8pb8nkgmwpc6bb","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-14T16:33:57Z/"}],"url":"https://lists.apache.org/thread/746nxfxod0wsocxtmv8pb8nkgmwpc6bb"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43515","reference_id":"CVE-2026-43515","reference_type":"","scores":[{"value":"Moderate","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43515"},{"reference_url":"https://usn.ubuntu.com/8383-1/","reference_id":"USN-8383-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8383-1/"},{"reference_url":"https://usn.ubuntu.com/8417-1/","reference_id":"USN-8417-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8417-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105889?format=json","purl":"pkg:deb/debian/tomcat11@11.0.22-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.22-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105890?format=json","purl":"pkg:deb/debian/tomcat11@11.0.22-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.22-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105883?format=json","purl":"pkg:deb/debian/tomcat11@11.0.22-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.22-2%3Fdistro=trixie"}],"aliases":["CVE-2026-43515","GHSA-5m62-pw8w-7w9f"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dj7q-4map-ebg4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/29214?format=json","vulnerability_id":"VCID-hv33-kv9q-gugf","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43513","reference_id":"","reference_type":"","scores":[{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24017","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43513"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/4a90d3fa93988c447cd5bb7482f76ff70d7f15c2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/4a90d3fa93988c447cd5bb7482f76ff70d7f15c2"},{"reference_url":"https://github.com/apache/tomcat/commit/6dd75beb55bd42fc5f78e929596b25018cd17717","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/6dd75beb55bd42fc5f78e929596b25018cd17717"},{"reference_url":"https://github.com/apache/tomcat/commit/83f3e51df7b87f5f6e626951c575ded1a512e8ef","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/83f3e51df7b87f5f6e626951c575ded1a512e8ef"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43513","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43513"},{"reference_url":"https://tomcat.apache.org/security-10.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html"},{"reference_url":"https://tomcat.apache.org/security-11.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html"},{"reference_url":"https://tomcat.apache.org/security-9.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/05/12/9","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/05/12/9"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43513","reference_id":"CVE-2026-43513","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43513"},{"reference_url":"https://usn.ubuntu.com/8383-1/","reference_id":"USN-8383-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8383-1/"},{"reference_url":"https://usn.ubuntu.com/8417-1/","reference_id":"USN-8417-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8417-1/"},{"reference_url":"https://lists.apache.org/thread/ytjcgldshj73lcnd1sh95od5hrghwogp","reference_id":"ytjcgldshj73lcnd1sh95od5hrghwogp","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-14T16:34:43Z/"}],"url":"https://lists.apache.org/thread/ytjcgldshj73lcnd1sh95od5hrghwogp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105889?format=json","purl":"pkg:deb/debian/tomcat11@11.0.22-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.22-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105890?format=json","purl":"pkg:deb/debian/tomcat11@11.0.22-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.22-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105883?format=json","purl":"pkg:deb/debian/tomcat11@11.0.22-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.22-2%3Fdistro=trixie"}],"aliases":["CVE-2026-43513","GHSA-5mp6-jrq3-r938"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hv33-kv9q-gugf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/29215?format=json","vulnerability_id":"VCID-s2kf-jwgc-pfas","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43514.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43514.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43514","reference_id":"","reference_type":"","scores":[{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27214","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43514"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/2e676264ce27448a4d4841e42c1238bd10ca3755","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/2e676264ce27448a4d4841e42c1238bd10ca3755"},{"reference_url":"https://github.com/apache/tomcat/commit/933dcdbf2515972280002929e7e597dead2e9ffa","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/933dcdbf2515972280002929e7e597dead2e9ffa"},{"reference_url":"https://github.com/apache/tomcat/commit/a102a2a157868ca51d83eaf5a119ccd9976a113e","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/a102a2a157868ca51d83eaf5a119ccd9976a113e"},{"reference_url":"https://github.com/apache/tomcat/commit/a90c358400c133b6173c6b26591923bf814a8508","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/a90c358400c133b6173c6b26591923bf814a8508"},{"reference_url":"https://github.com/apache/tomcat/commit/d35d9d23263c8e4af561f615c960c91697ff200e","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/d35d9d23263c8e4af561f615c960c91697ff200e"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43514","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43514"},{"reference_url":"https://tomcat.apache.org/security-10.html","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html"},{"reference_url":"https://tomcat.apache.org/security-11.html","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html"},{"reference_url":"https://tomcat.apache.org/security-9.html","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/05/12/10","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/05/12/10"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2476512","reference_id":"2476512","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2476512"},{"reference_url":"https://lists.apache.org/thread/2k654v5cq123npfsd1b2kk1y30owqb1m","reference_id":"2k654v5cq123npfsd1b2kk1y30owqb1m","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T17:22:38Z/"}],"url":"https://lists.apache.org/thread/2k654v5cq123npfsd1b2kk1y30owqb1m"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43514","reference_id":"CVE-2026-43514","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43514"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105889?format=json","purl":"pkg:deb/debian/tomcat11@11.0.22-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.22-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105890?format=json","purl":"pkg:deb/debian/tomcat11@11.0.22-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.22-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105883?format=json","purl":"pkg:deb/debian/tomcat11@11.0.22-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.22-2%3Fdistro=trixie"}],"aliases":["CVE-2026-43514","GHSA-9m89-8frq-c98c"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s2kf-jwgc-pfas"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25460?format=json","vulnerability_id":"VCID-1fr1-b1h1-zqcz","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48988.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48988.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48988","reference_id":"","reference_type":"","scores":[{"value":"0.00759","scoring_system":"epss","scoring_elements":"0.73765","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48988"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/2b0ab14fb55d4edc896e5f1817f2ab76f714ae5e","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/2b0ab14fb55d4edc896e5f1817f2ab76f714ae5e"},{"reference_url":"https://github.com/apache/tomcat/commit/cdde8e655bc1c5c60a07efd216251d77c52fd7f6","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/cdde8e655bc1c5c60a07efd216251d77c52fd7f6"},{"reference_url":"https://github.com/apache/tomcat/commit/ee8042ffce4cb9324dfd79efda5984f37bbb6910","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/ee8042ffce4cb9324dfd79efda5984f37bbb6910"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48988","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48988"},{"reference_url":"https://tomcat.apache.org/security-10.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html"},{"reference_url":"https://tomcat.apache.org/security-11.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html"},{"reference_url":"https://tomcat.apache.org/security-9.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/06/16/1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/06/16/1"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108116","reference_id":"1108116","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108116"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108117","reference_id":"1108117","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108117"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2373015","reference_id":"2373015","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2373015"},{"reference_url":"https://security.archlinux.org/AVG-2888","reference_id":"AVG-2888","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2888"},{"reference_url":"https://security.archlinux.org/AVG-2889","reference_id":"AVG-2889","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2889"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48988","reference_id":"CVE-2025-48988","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48988"},{"reference_url":"https://lists.apache.org/thread/nzkqsok8t42qofgqfmck536mtyzygp18","reference_id":"nzkqsok8t42qofgqfmck536mtyzygp18","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-17T18:20:54Z/"}],"url":"https://lists.apache.org/thread/nzkqsok8t42qofgqfmck536mtyzygp18"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11695","reference_id":"RHSA-2025:11695","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11695"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11696","reference_id":"RHSA-2025:11696","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11696"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11741","reference_id":"RHSA-2025:11741","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11741"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11742","reference_id":"RHSA-2025:11742","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11742"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14177","reference_id":"RHSA-2025:14177","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14177"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14178","reference_id":"RHSA-2025:14178","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14178"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14179","reference_id":"RHSA-2025:14179","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14179"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14180","reference_id":"RHSA-2025:14180","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14180"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14181","reference_id":"RHSA-2025:14181","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14181"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14182","reference_id":"RHSA-2025:14182","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14182"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14183","reference_id":"RHSA-2025:14183","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14183"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105885?format=json","purl":"pkg:deb/debian/tomcat11@11.0.11-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.11-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105884?format=json","purl":"pkg:deb/debian/tomcat11@11.0.15-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.15-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105881?format=json","purl":"pkg:deb/debian/tomcat11@11.0.21-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-s2kf-jwgc-pfas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.21-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105883?format=json","purl":"pkg:deb/debian/tomcat11@11.0.22-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.22-2%3Fdistro=trixie"}],"aliases":["CVE-2025-48988","GHSA-h3gc-qfqq-6h8f"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1fr1-b1h1-zqcz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25560?format=json","vulnerability_id":"VCID-4md2-vchu-3bgx","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53506.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53506.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53506","reference_id":"","reference_type":"","scores":[{"value":"0.01247","scoring_system":"epss","scoring_elements":"0.79715","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53506"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/2aa6261276ebe50b99276953591e3a2be7898bdb","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/2aa6261276ebe50b99276953591e3a2be7898bdb"},{"reference_url":"https://github.com/apache/tomcat/commit/434772930f362145516dd60681134e7f0cf8115b","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/434772930f362145516dd60681134e7f0cf8115b"},{"reference_url":"https://github.com/apache/tomcat/commit/be8f330f83ceddaf3baeed57522e571572b6b99b","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/be8f330f83ceddaf3baeed57522e571572b6b99b"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-53506","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-53506"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/07/10/13","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/07/10/13"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109113","reference_id":"1109113","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109113"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109114","reference_id":"1109114","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109114"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2379386","reference_id":"2379386","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2379386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53506","reference_id":"CVE-2025-53506","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53506"},{"reference_url":"https://lists.apache.org/thread/p09775q0rd185m6zz98krg0fp45j8kr0","reference_id":"p09775q0rd185m6zz98krg0fp45j8kr0","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-11T13:46:01Z/"}],"url":"https://lists.apache.org/thread/p09775q0rd185m6zz98krg0fp45j8kr0"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11695","reference_id":"RHSA-2025:11695","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11695"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11696","reference_id":"RHSA-2025:11696","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11696"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11741","reference_id":"RHSA-2025:11741","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11741"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11742","reference_id":"RHSA-2025:11742","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11742"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14177","reference_id":"RHSA-2025:14177","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14177"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14178","reference_id":"RHSA-2025:14178","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14178"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14179","reference_id":"RHSA-2025:14179","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14179"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14180","reference_id":"RHSA-2025:14180","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14180"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14181","reference_id":"RHSA-2025:14181","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14181"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14182","reference_id":"RHSA-2025:14182","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14182"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14183","reference_id":"RHSA-2025:14183","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14183"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105885?format=json","purl":"pkg:deb/debian/tomcat11@11.0.11-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.11-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105884?format=json","purl":"pkg:deb/debian/tomcat11@11.0.15-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.15-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105881?format=json","purl":"pkg:deb/debian/tomcat11@11.0.21-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-s2kf-jwgc-pfas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.21-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105883?format=json","purl":"pkg:deb/debian/tomcat11@11.0.22-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.22-2%3Fdistro=trixie"}],"aliases":["CVE-2025-53506","GHSA-25xr-qj8w-c4vf"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4md2-vchu-3bgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25635?format=json","vulnerability_id":"VCID-63vc-sc11-8kf1","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55754.json","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55754.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55754","reference_id":"","reference_type":"","scores":[{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33185","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55754"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/138d7f5cfaae683078948303333c080e6faa75d2","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/138d7f5cfaae683078948303333c080e6faa75d2"},{"reference_url":"https://github.com/apache/tomcat/commit/5a3db092982c0c58d4855304167ee757fe5e79bb","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/5a3db092982c0c58d4855304167ee757fe5e79bb"},{"reference_url":"https://github.com/apache/tomcat/commit/a03cabf3a36a42d27d8d997ed31f034f50ba6cd5","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/a03cabf3a36a42d27d8d997ed31f034f50ba6cd5"},{"reference_url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.45","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.45"},{"reference_url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.11","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.11"},{"reference_url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.109","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.109"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/10/27/5","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/10/27/5"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2406590","reference_id":"2406590","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2406590"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55754","reference_id":"CVE-2025-55754","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55754"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55754","reference_id":"CVE-2025-55754","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55754"},{"reference_url":"https://github.com/advisories/GHSA-vfww-5hm6-hx2j","reference_id":"GHSA-vfww-5hm6-hx2j","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vfww-5hm6-hx2j"},{"reference_url":"https://lists.apache.org/thread/j7w54hqbkfcn0xb9xy0wnx8w5nymcbqd","reference_id":"j7w54hqbkfcn0xb9xy0wnx8w5nymcbqd","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-09T04:55:55Z/"}],"url":"https://lists.apache.org/thread/j7w54hqbkfcn0xb9xy0wnx8w5nymcbqd"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:18536","reference_id":"RHSA-2026:18536","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:18536"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:18537","reference_id":"RHSA-2026:18537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:18537"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:18916","reference_id":"RHSA-2026:18916","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:18916"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2740","reference_id":"RHSA-2026:2740","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2740"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2741","reference_id":"RHSA-2026:2741","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2741"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6569","reference_id":"RHSA-2026:6569","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6569"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8334","reference_id":"RHSA-2026:8334","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8334"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105885?format=json","purl":"pkg:deb/debian/tomcat11@11.0.11-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.11-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105884?format=json","purl":"pkg:deb/debian/tomcat11@11.0.15-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.15-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105881?format=json","purl":"pkg:deb/debian/tomcat11@11.0.21-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-s2kf-jwgc-pfas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.21-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105883?format=json","purl":"pkg:deb/debian/tomcat11@11.0.22-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.22-2%3Fdistro=trixie"}],"aliases":["CVE-2025-55754","GHSA-vfww-5hm6-hx2j"],"risk_score":4.3,"exploitability":"0.5","weighted_severity":"8.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-63vc-sc11-8kf1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25633?format=json","vulnerability_id":"VCID-6wqu-jupw-tyhu","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55752.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55752.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55752","reference_id":"","reference_type":"","scores":[{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.51126","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55752"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/130d36d8492ef9e4eb22952c17c92423cb35fd06","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/130d36d8492ef9e4eb22952c17c92423cb35fd06"},{"reference_url":"https://github.com/apache/tomcat/commit/b5042622b8b78340ae65403c55dcb9c7416924df","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/b5042622b8b78340ae65403c55dcb9c7416924df"},{"reference_url":"https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/fec06c610ed7466b401e29cc567a58aee5ed826a"},{"reference_url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.45","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.45"},{"reference_url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.11","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.11"},{"reference_url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.109","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.109"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/10/27/4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/10/27/4"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2406591","reference_id":"2406591","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2406591"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55752","reference_id":"CVE-2025-55752","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55752"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55752","reference_id":"CVE-2025-55752","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55752"},{"reference_url":"https://www.vicarius.io/vsociety/posts/cve-2025-55752-detect-apache-tomcat-vulnerability","reference_id":"CVE-2025-55752-DETECT-APACHE-TOMCAT-VULNERABILITY","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.vicarius.io/vsociety/posts/cve-2025-55752-detect-apache-tomcat-vulnerability"},{"reference_url":"https://www.vicarius.io/vsociety/posts/cve-2025-55752-mitigate-apache-tomcat-vulnerability","reference_id":"CVE-2025-55752-MITIGATE-APACHE-TOMCAT-VULNERABILITY","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.vicarius.io/vsociety/posts/cve-2025-55752-mitigate-apache-tomcat-vulnerability"},{"reference_url":"https://github.com/advisories/GHSA-wmwf-9ccg-fff5","reference_id":"GHSA-wmwf-9ccg-fff5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wmwf-9ccg-fff5"},{"reference_url":"https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog","reference_id":"n05kjcwyj1s45ovs8ll1qrrojhfb1tog","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T03:56:06Z/"}],"url":"https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19809","reference_id":"RHSA-2025:19809","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19809"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19810","reference_id":"RHSA-2025:19810","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19810"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22924","reference_id":"RHSA-2025:22924","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22924"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22925","reference_id":"RHSA-2025:22925","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22925"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23044","reference_id":"RHSA-2025:23044","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23044"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23045","reference_id":"RHSA-2025:23045","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23045"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23046","reference_id":"RHSA-2025:23046","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23046"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23047","reference_id":"RHSA-2025:23047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23048","reference_id":"RHSA-2025:23048","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23048"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23049","reference_id":"RHSA-2025:23049","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23049"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23050","reference_id":"RHSA-2025:23050","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23050"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23051","reference_id":"RHSA-2025:23051","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23051"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23052","reference_id":"RHSA-2025:23052","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23052"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23053","reference_id":"RHSA-2025:23053","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23053"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23225","reference_id":"RHSA-2025:23225","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23225"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0292","reference_id":"RHSA-2026:0292","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0292"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0293","reference_id":"RHSA-2026:0293","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0293"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2724","reference_id":"RHSA-2026:2724","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2724"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2725","reference_id":"RHSA-2026:2725","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2725"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2726","reference_id":"RHSA-2026:2726","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2726"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6569","reference_id":"RHSA-2026:6569","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6569"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8334","reference_id":"RHSA-2026:8334","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8334"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105885?format=json","purl":"pkg:deb/debian/tomcat11@11.0.11-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.11-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105884?format=json","purl":"pkg:deb/debian/tomcat11@11.0.15-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.15-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105881?format=json","purl":"pkg:deb/debian/tomcat11@11.0.21-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-s2kf-jwgc-pfas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.21-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105883?format=json","purl":"pkg:deb/debian/tomcat11@11.0.22-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.22-2%3Fdistro=trixie"}],"aliases":["CVE-2025-55752","GHSA-wmwf-9ccg-fff5"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6wqu-jupw-tyhu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/27439?format=json","vulnerability_id":"VCID-7wr9-uez1-8bdg","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25854.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25854.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25854","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10241","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25854"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/4c5d306001b780c9316aea5ff6502c524fb20695","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/4c5d306001b780c9316aea5ff6502c524fb20695"},{"reference_url":"https://github.com/apache/tomcat/commit/5fb910f9a9dafa37a0c0965a1bd62a21dcf437f2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/5fb910f9a9dafa37a0c0965a1bd62a21dcf437f2"},{"reference_url":"https://github.com/apache/tomcat/commit/c5a45ae68d07f7a07be2a875e5b6772d66c4e5d0","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/c5a45ae68d07f7a07be2a875e5b6772d66c4e5d0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25854","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25854"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/04/09/21","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/04/09/21"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356","reference_id":"1133356","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357","reference_id":"1133357","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457039","reference_id":"2457039","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25854","reference_id":"CVE-2026-25854","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25854"},{"reference_url":"https://lists.apache.org/thread/ghct3b6o74bp2vm7q875s1zh0dqrz3h0","reference_id":"ghct3b6o74bp2vm7q875s1zh0dqrz3h0","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:21:57Z/"}],"url":"https://lists.apache.org/thread/ghct3b6o74bp2vm7q875s1zh0dqrz3h0"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20405","reference_id":"RHSA-2026:20405","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20405"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20406","reference_id":"RHSA-2026:20406","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20406"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105884?format=json","purl":"pkg:deb/debian/tomcat11@11.0.15-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.15-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105881?format=json","purl":"pkg:deb/debian/tomcat11@11.0.21-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-s2kf-jwgc-pfas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.21-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105889?format=json","purl":"pkg:deb/debian/tomcat11@11.0.22-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.22-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105883?format=json","purl":"pkg:deb/debian/tomcat11@11.0.22-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.22-2%3Fdistro=trixie"}],"aliases":["CVE-2026-25854","GHSA-9m3c-qcxr-9x87"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7wr9-uez1-8bdg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63255?format=json","vulnerability_id":"VCID-8sda-scr3-qfex","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32990.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32990.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32990","reference_id":"","reference_type":"","scores":[{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43242","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32990"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/021d1f833e38b683a44688f7b28f1f27e8e37c36","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/021d1f833e38b683a44688f7b28f1f27e8e37c36"},{"reference_url":"https://github.com/apache/tomcat/commit/4d0615a5c718c260d6d4e0b944a050f09a490c02","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/4d0615a5c718c260d6d4e0b944a050f09a490c02"},{"reference_url":"https://github.com/apache/tomcat/commit/95f7778248cac46d03e6af04de9c72a598be3a53","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/95f7778248cac46d03e6af04de9c72a598be3a53"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32990","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32990"},{"reference_url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53"},{"reference_url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20"},{"reference_url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116"},{"reference_url":"https://www.herodevs.com/vulnerability-directory/cve-2026-32990","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.herodevs.com/vulnerability-directory/cve-2026-32990"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356","reference_id":"1133356","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357","reference_id":"1133357","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357"},{"reference_url":"https://lists.apache.org/thread/1nl9zqft0ksqlhlkd3j4obyjz1ghoyn7","reference_id":"1nl9zqft0ksqlhlkd3j4obyjz1ghoyn7","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:38:40Z/"}],"url":"https://lists.apache.org/thread/1nl9zqft0ksqlhlkd3j4obyjz1ghoyn7"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457025","reference_id":"2457025","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457025"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32990","reference_id":"CVE-2026-32990","reference_type":"","scores":[{"value":"Moderate","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32990"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12194","reference_id":"RHSA-2026:12194","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12194"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12195","reference_id":"RHSA-2026:12195","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12195"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105884?format=json","purl":"pkg:deb/debian/tomcat11@11.0.15-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.15-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105881?format=json","purl":"pkg:deb/debian/tomcat11@11.0.21-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-s2kf-jwgc-pfas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.21-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105889?format=json","purl":"pkg:deb/debian/tomcat11@11.0.22-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.22-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105883?format=json","purl":"pkg:deb/debian/tomcat11@11.0.22-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.22-2%3Fdistro=trixie"}],"aliases":["CVE-2026-32990","GHSA-8mc5-53m5-3qj2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8sda-scr3-qfex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25467?format=json","vulnerability_id":"VCID-a463-td75-3bhf","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49125.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49125.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49125","reference_id":"","reference_type":"","scores":[{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40649","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49125"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/7617b9c247bc77ed0444dd69adcd8aa48777886c","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/7617b9c247bc77ed0444dd69adcd8aa48777886c"},{"reference_url":"https://github.com/apache/tomcat/commit/9418e3ff9f1f4c006b4661311ae9376c52d162b9","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/9418e3ff9f1f4c006b4661311ae9376c52d162b9"},{"reference_url":"https://github.com/apache/tomcat/commit/d94bd36fb7eb32e790dae0339bc249069649a637","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/d94bd36fb7eb32e790dae0339bc249069649a637"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49125","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49125"},{"reference_url":"https://tomcat.apache.org/security-10.html","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html"},{"reference_url":"https://tomcat.apache.org/security-11.html","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html"},{"reference_url":"https://tomcat.apache.org/security-9.html","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/06/16/2","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/06/16/2"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108114","reference_id":"1108114","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108114"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108115","reference_id":"1108115","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108115"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2373018","reference_id":"2373018","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2373018"},{"reference_url":"https://security.archlinux.org/AVG-2888","reference_id":"AVG-2888","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2888"},{"reference_url":"https://security.archlinux.org/AVG-2889","reference_id":"AVG-2889","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2889"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49125","reference_id":"CVE-2025-49125","reference_type":"","scores":[{"value":"Moderate","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49125"},{"reference_url":"https://lists.apache.org/thread/m66cytbfrty9k7dc4cg6tl1czhsnbywk","reference_id":"m66cytbfrty9k7dc4cg6tl1czhsnbywk","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-17T14:06:30Z/"}],"url":"https://lists.apache.org/thread/m66cytbfrty9k7dc4cg6tl1czhsnbywk"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11695","reference_id":"RHSA-2025:11695","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11695"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11696","reference_id":"RHSA-2025:11696","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11696"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11741","reference_id":"RHSA-2025:11741","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11741"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11742","reference_id":"RHSA-2025:11742","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11742"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14177","reference_id":"RHSA-2025:14177","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14177"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14178","reference_id":"RHSA-2025:14178","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14178"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14179","reference_id":"RHSA-2025:14179","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14179"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14180","reference_id":"RHSA-2025:14180","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14180"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14181","reference_id":"RHSA-2025:14181","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14181"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14182","reference_id":"RHSA-2025:14182","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14182"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14183","reference_id":"RHSA-2025:14183","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14183"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105885?format=json","purl":"pkg:deb/debian/tomcat11@11.0.11-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.11-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105884?format=json","purl":"pkg:deb/debian/tomcat11@11.0.15-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.15-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105881?format=json","purl":"pkg:deb/debian/tomcat11@11.0.21-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-s2kf-jwgc-pfas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.21-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105883?format=json","purl":"pkg:deb/debian/tomcat11@11.0.22-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.22-2%3Fdistro=trixie"}],"aliases":["CVE-2025-49125","GHSA-wc4r-xq3c-5cf3"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a463-td75-3bhf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25461?format=json","vulnerability_id":"VCID-a7e6-gxvv-pub9","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48989.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48989.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48989","reference_id":"","reference_type":"","scores":[{"value":"0.02816","scoring_system":"epss","scoring_elements":"0.86463","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48989"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/73c04a10395774bda71a0b37802cf983662ce255","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/73c04a10395774bda71a0b37802cf983662ce255"},{"reference_url":"https://github.com/apache/tomcat/commit/f362c8eb3b8ec5b7f312f7f5610731c0fb299a06","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/f362c8eb3b8ec5b7f312f7f5610731c0fb299a06"},{"reference_url":"https://github.com/apache/tomcat/commit/f36b8a4eea4ce8a0bc035079e1d259d29f5eb7bf","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/f36b8a4eea4ce8a0bc035079e1d259d29f5eb7bf"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48989","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48989"},{"reference_url":"https://tomcat.apache.org/security-10.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html"},{"reference_url":"https://tomcat.apache.org/security-11.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html"},{"reference_url":"https://tomcat.apache.org/security-9.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html"},{"reference_url":"https://www.kb.cert.org/vuls/id/767506","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.kb.cert.org/vuls/id/767506"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/08/13/2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/08/13/2"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111096","reference_id":"1111096","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111096"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111097","reference_id":"1111097","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111097"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2373309","reference_id":"2373309","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2373309"},{"reference_url":"https://lists.apache.org/thread/9ydfg0xr0tchmglcprhxgwhj0hfwxlyf","reference_id":"9ydfg0xr0tchmglcprhxgwhj0hfwxlyf","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-13T18:37:15Z/"}],"url":"https://lists.apache.org/thread/9ydfg0xr0tchmglcprhxgwhj0hfwxlyf"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48989","reference_id":"CVE-2025-48989","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48989"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13685","reference_id":"RHSA-2025:13685","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:13685"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13686","reference_id":"RHSA-2025:13686","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:13686"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14177","reference_id":"RHSA-2025:14177","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14177"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14178","reference_id":"RHSA-2025:14178","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14178"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14179","reference_id":"RHSA-2025:14179","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14179"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14180","reference_id":"RHSA-2025:14180","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14180"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14181","reference_id":"RHSA-2025:14181","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14181"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14182","reference_id":"RHSA-2025:14182","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14182"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14183","reference_id":"RHSA-2025:14183","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14183"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22924","reference_id":"RHSA-2025:22924","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22924"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22925","reference_id":"RHSA-2025:22925","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22925"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105885?format=json","purl":"pkg:deb/debian/tomcat11@11.0.11-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.11-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105884?format=json","purl":"pkg:deb/debian/tomcat11@11.0.15-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.15-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105881?format=json","purl":"pkg:deb/debian/tomcat11@11.0.21-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-s2kf-jwgc-pfas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.21-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105883?format=json","purl":"pkg:deb/debian/tomcat11@11.0.22-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.22-2%3Fdistro=trixie"}],"aliases":["CVE-2025-48989","GHSA-gqp3-2cvr-x8m3"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a7e6-gxvv-pub9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/27391?format=json","vulnerability_id":"VCID-bwh8-tmf1-8uac","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24734.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24734.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24734","reference_id":"","reference_type":"","scores":[{"value":"0.00091","scoring_system":"epss","scoring_elements":"0.25711","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24734"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440426","reference_id":"2440426","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440426"},{"reference_url":"https://lists.apache.org/thread/292dlmx3fz1888v6v16221kpozq56gml","reference_id":"292dlmx3fz1888v6v16221kpozq56gml","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-21T21:16:49Z/"}],"url":"https://lists.apache.org/thread/292dlmx3fz1888v6v16221kpozq56gml"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24734","reference_id":"CVE-2026-24734","reference_type":"","scores":[{"value":"Moderate","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24734"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24734","reference_id":"CVE-2026-24734","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24734"},{"reference_url":"https://github.com/advisories/GHSA-mgp5-rv84-w37q","reference_id":"GHSA-mgp5-rv84-w37q","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mgp5-rv84-w37q"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19054","reference_id":"RHSA-2026:19054","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19054"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5611","reference_id":"RHSA-2026:5611","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5611"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5612","reference_id":"RHSA-2026:5612","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5612"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6569","reference_id":"RHSA-2026:6569","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6569"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8334","reference_id":"RHSA-2026:8334","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8334"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105884?format=json","purl":"pkg:deb/debian/tomcat11@11.0.15-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.15-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105888?format=json","purl":"pkg:deb/debian/tomcat11@11.0.18-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.18-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105881?format=json","purl":"pkg:deb/debian/tomcat11@11.0.21-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-s2kf-jwgc-pfas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.21-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105889?format=json","purl":"pkg:deb/debian/tomcat11@11.0.22-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.22-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105883?format=json","purl":"pkg:deb/debian/tomcat11@11.0.22-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.22-2%3Fdistro=trixie"}],"aliases":["CVE-2026-24734","GHSA-mgp5-rv84-w37q"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bwh8-tmf1-8uac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25632?format=json","vulnerability_id":"VCID-d4m6-nran-5ydj","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55668.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55668.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55668","reference_id":"","reference_type":"","scores":[{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.1683","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55668"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/8621e4c6ba2c916a41eb34cb0f781171ead33fb6","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/8621e4c6ba2c916a41eb34cb0f781171ead33fb6"},{"reference_url":"https://github.com/apache/tomcat/commit/90306d971bb8b8393336d893644124fb2ca11d21","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/90306d971bb8b8393336d893644124fb2ca11d21"},{"reference_url":"https://github.com/apache/tomcat/commit/9c3673ba04009377cb0c81ccb6cf5078aec1aa95","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/9c3673ba04009377cb0c81ccb6cf5078aec1aa95"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55668","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55668"},{"reference_url":"https://tomcat.apache.org/security-10.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html"},{"reference_url":"https://tomcat.apache.org/security-11.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html"},{"reference_url":"https://tomcat.apache.org/security-9.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/08/13/3","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/08/13/3"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111098","reference_id":"1111098","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111098"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111099","reference_id":"1111099","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111099"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2388226","reference_id":"2388226","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2388226"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55668","reference_id":"CVE-2025-55668","reference_type":"","scores":[{"value":"Moderate","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55668"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:18536","reference_id":"RHSA-2026:18536","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:18536"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:18537","reference_id":"RHSA-2026:18537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:18537"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:18916","reference_id":"RHSA-2026:18916","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:18916"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2740","reference_id":"RHSA-2026:2740","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2740"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2741","reference_id":"RHSA-2026:2741","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2741"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6569","reference_id":"RHSA-2026:6569","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6569"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8334","reference_id":"RHSA-2026:8334","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8334"},{"reference_url":"https://lists.apache.org/thread/v6bknr96rl7l1qxkl1c03v0qdvbbqs47","reference_id":"v6bknr96rl7l1qxkl1c03v0qdvbbqs47","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-13T13:38:12Z/"}],"url":"https://lists.apache.org/thread/v6bknr96rl7l1qxkl1c03v0qdvbbqs47"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105885?format=json","purl":"pkg:deb/debian/tomcat11@11.0.11-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.11-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105884?format=json","purl":"pkg:deb/debian/tomcat11@11.0.15-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.15-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105881?format=json","purl":"pkg:deb/debian/tomcat11@11.0.21-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-s2kf-jwgc-pfas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.21-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105883?format=json","purl":"pkg:deb/debian/tomcat11@11.0.22-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.22-2%3Fdistro=trixie"}],"aliases":["CVE-2025-55668","GHSA-23hv-mwm6-g8jf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d4m6-nran-5ydj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/27681?format=json","vulnerability_id":"VCID-dhxd-kknv-9qb7","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-29146.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-29146.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-29146","reference_id":"","reference_type":"","scores":[{"value":"0.12919","scoring_system":"epss","scoring_elements":"0.94218","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-29146"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/0112ed22abfccc3d54e44d91eb08804d0886acd1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/0112ed22abfccc3d54e44d91eb08804d0886acd1"},{"reference_url":"https://github.com/apache/tomcat/commit/1fab40ccc752e22639eccfe290d5624afad7eccd","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/1fab40ccc752e22639eccfe290d5624afad7eccd"},{"reference_url":"https://github.com/apache/tomcat/commit/55f3eb9148233054fccfdf761141c6894a050be1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/55f3eb9148233054fccfdf761141c6894a050be1"},{"reference_url":"https://github.com/apache/tomcat/commit/607ebc0fa522bd9e8c05517baa2d179bbd1e659c","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/607ebc0fa522bd9e8c05517baa2d179bbd1e659c"},{"reference_url":"https://github.com/apache/tomcat/commit/6d955cceca841f2eabf2d6c46b59a8c7e1cd6eaa","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/6d955cceca841f2eabf2d6c46b59a8c7e1cd6eaa"},{"reference_url":"https://github.com/apache/tomcat/commit/776e12b3e2b0b4507b8a3b62c187ceb0b74bf418","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/776e12b3e2b0b4507b8a3b62c187ceb0b74bf418"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-29146","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-29146"},{"reference_url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53"},{"reference_url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20"},{"reference_url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116"},{"reference_url":"https://www.herodevs.com/vulnerability-directory/cve-2026-29146","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.herodevs.com/vulnerability-directory/cve-2026-29146"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/04/09/24","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/04/09/24"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356","reference_id":"1133356","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357","reference_id":"1133357","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457020","reference_id":"2457020","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457020"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29146","reference_id":"CVE-2026-29146","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29146"},{"reference_url":"https://lists.apache.org/thread/lzt04z2pb3dc5tk85obn80xygw3z1p0w","reference_id":"lzt04z2pb3dc5tk85obn80xygw3z1p0w","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:17:02Z/"}],"url":"https://lists.apache.org/thread/lzt04z2pb3dc5tk85obn80xygw3z1p0w"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20405","reference_id":"RHSA-2026:20405","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20405"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20406","reference_id":"RHSA-2026:20406","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20406"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105884?format=json","purl":"pkg:deb/debian/tomcat11@11.0.15-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.15-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105881?format=json","purl":"pkg:deb/debian/tomcat11@11.0.21-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-s2kf-jwgc-pfas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.21-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105889?format=json","purl":"pkg:deb/debian/tomcat11@11.0.22-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.22-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105883?format=json","purl":"pkg:deb/debian/tomcat11@11.0.22-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.22-2%3Fdistro=trixie"}],"aliases":["CVE-2026-29146","GHSA-h468-7pvh-8vr8"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dhxd-kknv-9qb7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/23504?format=json","vulnerability_id":"VCID-dkek-2jbz-2fhz","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-31650.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-31650.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-31650","reference_id":"","reference_type":"","scores":[{"value":"0.20251","scoring_system":"epss","scoring_elements":"0.95653","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-31650"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/1eef1dc459c45f1e421d8bd25ef340fc1cc34edc","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/1eef1dc459c45f1e421d8bd25ef340fc1cc34edc"},{"reference_url":"https://github.com/apache/tomcat/commit/40ae788c2e64d018b4e58cd4210bb96434d0100d","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/40ae788c2e64d018b4e58cd4210bb96434d0100d"},{"reference_url":"https://github.com/apache/tomcat/commit/75554da2fc5574862510ae6f0d7b3d78937f1d40","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/75554da2fc5574862510ae6f0d7b3d78937f1d40"},{"reference_url":"https://github.com/apache/tomcat/commit/8cc3b8fb3f2d8d4d6a757e014f19d1fafa948a60","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/8cc3b8fb3f2d8d4d6a757e014f19d1fafa948a60"},{"reference_url":"https://github.com/apache/tomcat/commit/b7674782679e1514a0d154166b1d04d38aaac4a9","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/b7674782679e1514a0d154166b1d04d38aaac4a9"},{"reference_url":"https://github.com/apache/tomcat/commit/b98e74f517b36929f4208506e5adad22cb767baa","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/b98e74f517b36929f4208506e5adad22cb767baa"},{"reference_url":"https://github.com/apache/tomcat/commit/cba1a0fe1289ee7f5dd46c61c38d1e1ac5437bff","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/cba1a0fe1289ee7f5dd46c61c38d1e1ac5437bff"},{"reference_url":"https://github.com/apache/tomcat/commit/ded0285b96b4d3f5560dfc8856ad5ec4a9b50ba9","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/ded0285b96b4d3f5560dfc8856ad5ec4a9b50ba9"},{"reference_url":"https://github.com/apache/tomcat/commit/f619e6a05029538886d5a9d987925d573b5bb8c2","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/f619e6a05029538886d5a9d987925d573b5bb8c2"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-31650","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-31650"},{"reference_url":"https://tomcat.apache.org/security-10.html","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html"},{"reference_url":"https://tomcat.apache.org/security-11.html","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html"},{"reference_url":"https://tomcat.apache.org/security-9.html","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/04/28/2","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/04/28/2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2362783","reference_id":"2362783","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2362783"},{"reference_url":"https://security.archlinux.org/AVG-2888","reference_id":"AVG-2888","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2888"},{"reference_url":"https://security.archlinux.org/AVG-2889","reference_id":"AVG-2889","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2889"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31650","reference_id":"CVE-2025-31650","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31650"},{"reference_url":"https://lists.apache.org/thread/j6zzk0y3yym9pzfzkq5vcyxzz0yzh826","reference_id":"j6zzk0y3yym9pzfzkq5vcyxzz0yzh826","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-06T20:07:38Z/"}],"url":"https://lists.apache.org/thread/j6zzk0y3yym9pzfzkq5vcyxzz0yzh826"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11332","reference_id":"RHSA-2025:11332","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11332"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11333","reference_id":"RHSA-2025:11333","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11333"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11334","reference_id":"RHSA-2025:11334","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11334"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11335","reference_id":"RHSA-2025:11335","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11335"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11381","reference_id":"RHSA-2025:11381","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11381"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11382","reference_id":"RHSA-2025:11382","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11382"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3608","reference_id":"RHSA-2025:3608","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3608"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3609","reference_id":"RHSA-2025:3609","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3609"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4521","reference_id":"RHSA-2025:4521","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4521"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4522","reference_id":"RHSA-2025:4522","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4522"},{"reference_url":"https://usn.ubuntu.com/7705-1/","reference_id":"USN-7705-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7705-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105882?format=json","purl":"pkg:deb/debian/tomcat11@11.0.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.6-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105884?format=json","purl":"pkg:deb/debian/tomcat11@11.0.15-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.15-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105881?format=json","purl":"pkg:deb/debian/tomcat11@11.0.21-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-s2kf-jwgc-pfas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.21-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105883?format=json","purl":"pkg:deb/debian/tomcat11@11.0.22-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.22-2%3Fdistro=trixie"}],"aliases":["CVE-2025-31650","GHSA-3p2h-wqq4-wf4h"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dkek-2jbz-2fhz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25466?format=json","vulnerability_id":"VCID-dyrd-71bh-v7fs","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49124","reference_id":"","reference_type":"","scores":[{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38742","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49124"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/28726cc2e63bed68771f5eb0f65a78dc7080571823","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/28726cc2e63bed68771f5eb0f65a78dc7080571823"},{"reference_url":"https://github.com/apache/tomcat/commit/c56456cda8151c9504dfb7985700824559d769a7","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/c56456cda8151c9504dfb7985700824559d769a7"},{"reference_url":"https://github.com/apache/tomcat/commit/e0e07812224d327a321babb554f5a5758d30cc49","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/e0e07812224d327a321babb554f5a5758d30cc49"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49124","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49124"},{"reference_url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.42","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.42"},{"reference_url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.8","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.8"},{"reference_url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.106","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.106"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/06/16/3","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/06/16/3"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49124","reference_id":"CVE-2025-49124","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49124"},{"reference_url":"https://lists.apache.org/thread/lnow7tt2j6hb9kcpkggx32ht6o90vqzv","reference_id":"lnow7tt2j6hb9kcpkggx32ht6o90vqzv","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-17T14:03:41Z/"}],"url":"https://lists.apache.org/thread/lnow7tt2j6hb9kcpkggx32ht6o90vqzv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105886?format=json","purl":"pkg:deb/debian/tomcat11@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105884?format=json","purl":"pkg:deb/debian/tomcat11@11.0.15-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.15-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105881?format=json","purl":"pkg:deb/debian/tomcat11@11.0.21-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-s2kf-jwgc-pfas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.21-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105883?format=json","purl":"pkg:deb/debian/tomcat11@11.0.22-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.22-2%3Fdistro=trixie"}],"aliases":["CVE-2025-49124","GHSA-42wg-hm62-jcwg"],"risk_score":3.8,"exploitability":"0.5","weighted_severity":"7.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dyrd-71bh-v7fs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/28349?format=json","vulnerability_id":"VCID-hvgr-azs4-qqac","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34483.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34483.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34483","reference_id":"","reference_type":"","scores":[{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20955","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34483"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/97566842589d0b80de138ca719378861fd017d68","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/97566842589d0b80de138ca719378861fd017d68"},{"reference_url":"https://github.com/apache/tomcat/commit/f22dc2ce6cfda8609ed86816c0d78e1a9cbadb06","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/f22dc2ce6cfda8609ed86816c0d78e1a9cbadb06"},{"reference_url":"https://github.com/apache/tomcat/commit/f9ddc24fcfcdfaea4a6953198d8636aca3e957bc","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/f9ddc24fcfcdfaea4a6953198d8636aca3e957bc"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34483","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34483"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/04/09/26","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/04/09/26"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356","reference_id":"1133356","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357","reference_id":"1133357","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457044","reference_id":"2457044","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457044"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34483","reference_id":"CVE-2026-34483","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34483"},{"reference_url":"https://lists.apache.org/thread/j1w7304yonlr8vo1tkb5nfs7od1y228b","reference_id":"j1w7304yonlr8vo1tkb5nfs7od1y228b","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:16:32Z/"}],"url":"https://lists.apache.org/thread/j1w7304yonlr8vo1tkb5nfs7od1y228b"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20405","reference_id":"RHSA-2026:20405","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20405"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20406","reference_id":"RHSA-2026:20406","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20406"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105884?format=json","purl":"pkg:deb/debian/tomcat11@11.0.15-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.15-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105881?format=json","purl":"pkg:deb/debian/tomcat11@11.0.21-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-s2kf-jwgc-pfas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.21-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105889?format=json","purl":"pkg:deb/debian/tomcat11@11.0.22-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.22-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105883?format=json","purl":"pkg:deb/debian/tomcat11@11.0.22-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.22-2%3Fdistro=trixie"}],"aliases":["CVE-2026-34483","GHSA-rv64-5gf8-9qq8"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hvgr-azs4-qqac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25782?format=json","vulnerability_id":"VCID-keh1-ycs9-ybdd","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61795.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61795.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61795","reference_id":"","reference_type":"","scores":[{"value":"0.00129","scoring_system":"epss","scoring_elements":"0.31943","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61795"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/1cdf5f730ede75a0759492f179ac21ca4ff68e06","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/1cdf5f730ede75a0759492f179ac21ca4ff68e06"},{"reference_url":"https://github.com/apache/tomcat/commit/af6e9181620304c0d818121c29c074e1330610d0","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/af6e9181620304c0d818121c29c074e1330610d0"},{"reference_url":"https://github.com/apache/tomcat/commit/afa422bd7ca1eef0f507259c682fd876494d9c3b","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/afa422bd7ca1eef0f507259c682fd876494d9c3b"},{"reference_url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.47","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.47"},{"reference_url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.12","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.12"},{"reference_url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.110","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.110"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/10/27/6","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/10/27/6"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119293","reference_id":"1119293","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119293"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119294","reference_id":"1119294","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119294"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2406588","reference_id":"2406588","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2406588"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61795","reference_id":"CVE-2025-61795","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61795"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61795","reference_id":"CVE-2025-61795","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-61795"},{"reference_url":"https://github.com/advisories/GHSA-hgrr-935x-pq79","reference_id":"GHSA-hgrr-935x-pq79","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hgrr-935x-pq79"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19809","reference_id":"RHSA-2025:19809","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19809"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19810","reference_id":"RHSA-2025:19810","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19810"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23050","reference_id":"RHSA-2025:23050","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23050"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23051","reference_id":"RHSA-2025:23051","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23051"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6569","reference_id":"RHSA-2026:6569","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6569"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8334","reference_id":"RHSA-2026:8334","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8334"},{"reference_url":"https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp","reference_id":"wm9mx8brmx9g4zpywm06ryrtvd3160pp","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-27T18:48:52Z/"}],"url":"https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105884?format=json","purl":"pkg:deb/debian/tomcat11@11.0.15-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.15-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105887?format=json","purl":"pkg:deb/debian/tomcat11@11.0.15-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.15-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105881?format=json","purl":"pkg:deb/debian/tomcat11@11.0.21-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-s2kf-jwgc-pfas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.21-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105883?format=json","purl":"pkg:deb/debian/tomcat11@11.0.22-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.22-2%3Fdistro=trixie"}],"aliases":["CVE-2025-61795","GHSA-hgrr-935x-pq79"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-keh1-ycs9-ybdd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/27680?format=json","vulnerability_id":"VCID-n4qq-m1x3-qkbz","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-29145.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-29145.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-29145","reference_id":"","reference_type":"","scores":[{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08623","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-29145"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/721591f7bff424c693f26adc18ae9b9abac3655b","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/721591f7bff424c693f26adc18ae9b9abac3655b"},{"reference_url":"https://github.com/apache/tomcat/commit/d1406df5ae0326f39f54c3f64ac30d8fca55cd5b","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/d1406df5ae0326f39f54c3f64ac30d8fca55cd5b"},{"reference_url":"https://github.com/apache/tomcat/commit/fe26667cd2385045ac73f4dea086cc9971209b90","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/fe26667cd2385045ac73f4dea086cc9971209b90"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-29145","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-29145"},{"reference_url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53"},{"reference_url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20"},{"reference_url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/04/09/23","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/04/09/23"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356","reference_id":"1133356","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357","reference_id":"1133357","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457037","reference_id":"2457037","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457037"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29145","reference_id":"CVE-2026-29145","reference_type":"","scores":[{"value":"Moderate","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29145"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20405","reference_id":"RHSA-2026:20405","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20405"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20406","reference_id":"RHSA-2026:20406","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20406"},{"reference_url":"https://lists.apache.org/thread/yz5fxmhd2j43wgqykssdo7kltws57jfz","reference_id":"yz5fxmhd2j43wgqykssdo7kltws57jfz","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:10:50Z/"}],"url":"https://lists.apache.org/thread/yz5fxmhd2j43wgqykssdo7kltws57jfz"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105884?format=json","purl":"pkg:deb/debian/tomcat11@11.0.15-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.15-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105881?format=json","purl":"pkg:deb/debian/tomcat11@11.0.21-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-s2kf-jwgc-pfas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.21-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105889?format=json","purl":"pkg:deb/debian/tomcat11@11.0.22-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.22-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105883?format=json","purl":"pkg:deb/debian/tomcat11@11.0.22-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.22-2%3Fdistro=trixie"}],"aliases":["CVE-2026-29145","GHSA-95jq-rwvf-vjx4"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n4qq-m1x3-qkbz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/28353?format=json","vulnerability_id":"VCID-nctp-shgj-sfgh","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34500.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34500.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34500","reference_id":"","reference_type":"","scores":[{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.352","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34500"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/29b56a56ce9e7d044b6162a99af0f38529b3a208","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/29b56a56ce9e7d044b6162a99af0f38529b3a208"},{"reference_url":"https://github.com/apache/tomcat/commit/c13e60e732ea6d07087293a41ad1866c20848271","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/c13e60e732ea6d07087293a41ad1866c20848271"},{"reference_url":"https://github.com/apache/tomcat/commit/ff589ab26e8250a2ca4286d986305318c033ff9f","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/ff589ab26e8250a2ca4286d986305318c033ff9f"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34500","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34500"},{"reference_url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.54","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.54"},{"reference_url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.21","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.21"},{"reference_url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.117","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.117"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/04/09/29","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/04/09/29"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356","reference_id":"1133356","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357","reference_id":"1133357","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457043","reference_id":"2457043","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457043"},{"reference_url":"https://lists.apache.org/thread/7rcl4zdxryc8hy3htyfyxkbqpxjtfdl2","reference_id":"7rcl4zdxryc8hy3htyfyxkbqpxjtfdl2","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T14:21:50Z/"}],"url":"https://lists.apache.org/thread/7rcl4zdxryc8hy3htyfyxkbqpxjtfdl2"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34500","reference_id":"CVE-2026-34500","reference_type":"","scores":[{"value":"Moderate","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34500"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20405","reference_id":"RHSA-2026:20405","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20405"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20406","reference_id":"RHSA-2026:20406","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20406"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105884?format=json","purl":"pkg:deb/debian/tomcat11@11.0.15-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.15-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105881?format=json","purl":"pkg:deb/debian/tomcat11@11.0.21-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-s2kf-jwgc-pfas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.21-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105889?format=json","purl":"pkg:deb/debian/tomcat11@11.0.22-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.22-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105883?format=json","purl":"pkg:deb/debian/tomcat11@11.0.22-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.22-2%3Fdistro=trixie"}],"aliases":["CVE-2026-34500","GHSA-24j9-x2wg-9qv6"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nctp-shgj-sfgh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/28350?format=json","vulnerability_id":"VCID-nfmu-1t27-e3fu","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34486.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34486.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34486","reference_id":"","reference_type":"","scores":[{"value":"0.01399","scoring_system":"epss","scoring_elements":"0.80834","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34486"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/1fab40ccc752e22639eccfe290d5624afad7eccd","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/1fab40ccc752e22639eccfe290d5624afad7eccd"},{"reference_url":"https://github.com/apache/tomcat/commit/55f3eb9148233054fccfdf761141c6894a050be1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/55f3eb9148233054fccfdf761141c6894a050be1"},{"reference_url":"https://github.com/apache/tomcat/commit/776e12b3e2b0b4507b8a3b62c187ceb0b74bf418","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/776e12b3e2b0b4507b8a3b62c187ceb0b74bf418"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34486","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34486"},{"reference_url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.54","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.54"},{"reference_url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.21","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.21"},{"reference_url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.117","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.117"},{"reference_url":"https://www.herodevs.com/vulnerability-directory/cve-2026-34486","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.herodevs.com/vulnerability-directory/cve-2026-34486"},{"reference_url":"https://www.vicarius.io/vsociety/posts/cve-2026-34486-detection-script-rce-on-apache-tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.vicarius.io/vsociety/posts/cve-2026-34486-detection-script-rce-on-apache-tomcat"},{"reference_url":"https://www.vicarius.io/vsociety/posts/cve-2026-34486-mitigation-script-rce-on-apache-tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.vicarius.io/vsociety/posts/cve-2026-34486-mitigation-script-rce-on-apache-tomcat"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457027","reference_id":"2457027","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457027"},{"reference_url":"https://lists.apache.org/thread/9510k5p5zdvt9pkkgtyp85mvwxo2qrly","reference_id":"9510k5p5zdvt9pkkgtyp85mvwxo2qrly","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:20:09Z/"}],"url":"https://lists.apache.org/thread/9510k5p5zdvt9pkkgtyp85mvwxo2qrly"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34486","reference_id":"CVE-2026-34486","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34486"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105886?format=json","purl":"pkg:deb/debian/tomcat11@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105884?format=json","purl":"pkg:deb/debian/tomcat11@11.0.15-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.15-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105881?format=json","purl":"pkg:deb/debian/tomcat11@11.0.21-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-s2kf-jwgc-pfas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.21-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105883?format=json","purl":"pkg:deb/debian/tomcat11@11.0.22-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.22-2%3Fdistro=trixie"}],"aliases":["CVE-2026-34486","GHSA-69r9-qgr7-g2wj"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nfmu-1t27-e3fu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25899?format=json","vulnerability_id":"VCID-p4j1-xp15-t3b8","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66614.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66614.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66614","reference_id":"","reference_type":"","scores":[{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16385","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66614"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/021d1f833e38b683a44688f7b28f1f27e8e37c36","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/021d1f833e38b683a44688f7b28f1f27e8e37c36"},{"reference_url":"https://github.com/apache/tomcat/commit/152c14885d45f5e0a8b59bd9f93c289cfe20ce30","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/152c14885d45f5e0a8b59bd9f93c289cfe20ce30"},{"reference_url":"https://github.com/apache/tomcat/commit/258a591b61f8cf5c22109e21e5a2a38b63454fd2","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/258a591b61f8cf5c22109e21e5a2a38b63454fd2"},{"reference_url":"https://github.com/apache/tomcat/commit/4d0615a5c718c260d6d4e0b944a050f09a490c02","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/4d0615a5c718c260d6d4e0b944a050f09a490c02"},{"reference_url":"https://github.com/apache/tomcat/commit/5053fa82a1b2b52756810601227984a8b71888a4","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/5053fa82a1b2b52756810601227984a8b71888a4"},{"reference_url":"https://github.com/apache/tomcat/commit/9276b5e783c8cd5b3fe2bb716306b65004bdd940","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/9276b5e783c8cd5b3fe2bb716306b65004bdd940"},{"reference_url":"https://github.com/apache/tomcat/commit/95f7778248cac46d03e6af04de9c72a598be3a53","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/95f7778248cac46d03e6af04de9c72a598be3a53"},{"reference_url":"https://github.com/apache/tomcat/commit/972f9a5e2a07674d92610c478aac1b205d60724e","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/972f9a5e2a07674d92610c478aac1b205d60724e"},{"reference_url":"https://github.com/apache/tomcat/commit/a4aa74232e826028cd2f7ba0445caf8a8b52c509","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/a4aa74232e826028cd2f7ba0445caf8a8b52c509"},{"reference_url":"https://tomcat.apache.org/security-10.html","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html"},{"reference_url":"https://tomcat.apache.org/security-11.html","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html"},{"reference_url":"https://tomcat.apache.org/security-9.html","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440430","reference_id":"2440430","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440430"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66614","reference_id":"CVE-2025-66614","reference_type":"","scores":[{"value":"Moderate","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66614"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-66614","reference_id":"CVE-2025-66614","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-66614"},{"reference_url":"https://github.com/advisories/GHSA-fpj8-gq4v-p354","reference_id":"GHSA-fpj8-gq4v-p354","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fpj8-gq4v-p354"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12194","reference_id":"RHSA-2026:12194","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12194"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12195","reference_id":"RHSA-2026:12195","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12195"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6569","reference_id":"RHSA-2026:6569","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6569"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8334","reference_id":"RHSA-2026:8334","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8334"},{"reference_url":"https://lists.apache.org/thread/vw6lxtlh2qbqwpb61wd3sv1flm2nttw7","reference_id":"vw6lxtlh2qbqwpb61wd3sv1flm2nttw7","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-21T21:17:26Z/"}],"url":"https://lists.apache.org/thread/vw6lxtlh2qbqwpb61wd3sv1flm2nttw7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105884?format=json","purl":"pkg:deb/debian/tomcat11@11.0.15-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.15-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105887?format=json","purl":"pkg:deb/debian/tomcat11@11.0.15-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.15-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105881?format=json","purl":"pkg:deb/debian/tomcat11@11.0.21-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-s2kf-jwgc-pfas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.21-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105883?format=json","purl":"pkg:deb/debian/tomcat11@11.0.22-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.22-2%3Fdistro=trixie"}],"aliases":["CVE-2025-66614","GHSA-fpj8-gq4v-p354"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p4j1-xp15-t3b8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25459?format=json","vulnerability_id":"VCID-q4zv-r7va-nfc3","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48976.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48976.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48976","reference_id":"","reference_type":"","scores":[{"value":"0.01278","scoring_system":"epss","scoring_elements":"0.79976","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48976"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/commons-fileupload","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/commons-fileupload"},{"reference_url":"https://github.com/apache/commons-fileupload/commit/b247774a72a044f5d5380ae947140ee80af4e78b","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/commons-fileupload/commit/b247774a72a044f5d5380ae947140ee80af4e78b"},{"reference_url":"https://github.com/apache/commons-fileupload/commit/bf68f63cfb312ef4710fb3dfb4d8e4e1665f4497","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/commons-fileupload/commit/bf68f63cfb312ef4710fb3dfb4d8e4e1665f4497"},{"reference_url":"https://github.com/apache/tomcat/commit/667ddd76e2a0e762f3a784d86f0d25e7fd7cdb86","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/667ddd76e2a0e762f3a784d86f0d25e7fd7cdb86"},{"reference_url":"https://github.com/apache/tomcat/commit/74f69ffaf61e54c727603e7e831fe20f0ac5d2a7","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/74f69ffaf61e54c727603e7e831fe20f0ac5d2a7"},{"reference_url":"https://github.com/apache/tomcat/commit/97790a35a27d236fa053e660676c3f8196284d93","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/97790a35a27d236fa053e660676c3f8196284d93"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00008.html","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00008.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48976","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48976"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/06/16/4","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/06/16/4"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108118","reference_id":"1108118","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108118"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108119","reference_id":"1108119","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108119"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108120","reference_id":"1108120","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108120"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2373020","reference_id":"2373020","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2373020"},{"reference_url":"https://security.archlinux.org/AVG-2888","reference_id":"AVG-2888","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2888"},{"reference_url":"https://security.archlinux.org/AVG-2889","reference_id":"AVG-2889","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2889"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48976","reference_id":"CVE-2025-48976","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48976"},{"reference_url":"https://lists.apache.org/thread/fbs3wrr3p67vkjcxogqqqqz45pqtso12","reference_id":"fbs3wrr3p67vkjcxogqqqqz45pqtso12","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-17T14:04:56Z/"}],"url":"https://lists.apache.org/thread/fbs3wrr3p67vkjcxogqqqqz45pqtso12"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11695","reference_id":"RHSA-2025:11695","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11695"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11696","reference_id":"RHSA-2025:11696","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11696"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11741","reference_id":"RHSA-2025:11741","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11741"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11742","reference_id":"RHSA-2025:11742","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11742"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14177","reference_id":"RHSA-2025:14177","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14177"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14178","reference_id":"RHSA-2025:14178","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14178"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14179","reference_id":"RHSA-2025:14179","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14179"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14180","reference_id":"RHSA-2025:14180","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14180"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14181","reference_id":"RHSA-2025:14181","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14181"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14182","reference_id":"RHSA-2025:14182","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14182"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14183","reference_id":"RHSA-2025:14183","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14183"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105885?format=json","purl":"pkg:deb/debian/tomcat11@11.0.11-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.11-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105884?format=json","purl":"pkg:deb/debian/tomcat11@11.0.15-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.15-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105881?format=json","purl":"pkg:deb/debian/tomcat11@11.0.21-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-s2kf-jwgc-pfas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.21-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105883?format=json","purl":"pkg:deb/debian/tomcat11@11.0.22-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.22-2%3Fdistro=trixie"}],"aliases":["CVE-2025-48976","GHSA-vv7r-c36w-3prj"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q4zv-r7va-nfc3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/27678?format=json","vulnerability_id":"VCID-r6yr-45cm-8ucv","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-29129.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-29129.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-29129","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10148","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-29129"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/5cfa876d73f1ff5f4dc8309c4320f684cbeff74e","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/5cfa876d73f1ff5f4dc8309c4320f684cbeff74e"},{"reference_url":"https://github.com/apache/tomcat/commit/6db238562ec36ab1106db4d04843f8b33e7a0c06","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/6db238562ec36ab1106db4d04843f8b33e7a0c06"},{"reference_url":"https://github.com/apache/tomcat/commit/8d69b33764dba81dce89e3a768de6093a35620ae","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/8d69b33764dba81dce89e3a768de6093a35620ae"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-29129","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-29129"},{"reference_url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53"},{"reference_url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20"},{"reference_url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/04/09/22","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/04/09/22"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356","reference_id":"1133356","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357","reference_id":"1133357","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457031","reference_id":"2457031","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457031"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29129","reference_id":"CVE-2026-29129","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29129"},{"reference_url":"https://lists.apache.org/thread/r4h1t6f8xhxsxfm6c2z5cprolsosho3f","reference_id":"r4h1t6f8xhxsxfm6c2z5cprolsosho3f","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:05:39Z/"}],"url":"https://lists.apache.org/thread/r4h1t6f8xhxsxfm6c2z5cprolsosho3f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105884?format=json","purl":"pkg:deb/debian/tomcat11@11.0.15-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.15-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105881?format=json","purl":"pkg:deb/debian/tomcat11@11.0.21-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-s2kf-jwgc-pfas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.21-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105889?format=json","purl":"pkg:deb/debian/tomcat11@11.0.22-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.22-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105883?format=json","purl":"pkg:deb/debian/tomcat11@11.0.22-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.22-2%3Fdistro=trixie"}],"aliases":["CVE-2026-29129","GHSA-69cc-cv78-qc8g"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r6yr-45cm-8ucv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/27398?format=json","vulnerability_id":"VCID-t8tc-zb3w-57gv","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24880.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24880.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24880","reference_id":"","reference_type":"","scores":[{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.38954","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24880"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/1b586d6aa8ae65726da5fa8799427b5d4718478a","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/1b586d6aa8ae65726da5fa8799427b5d4718478a"},{"reference_url":"https://github.com/apache/tomcat/commit/1e71441a15972f56e661b0b549fb9e5d838b83bb","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/1e71441a15972f56e661b0b549fb9e5d838b83bb"},{"reference_url":"https://github.com/apache/tomcat/commit/2cb06c34f661ca42f7570bbcc21e99806184bcc5","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/2cb06c34f661ca42f7570bbcc21e99806184bcc5"},{"reference_url":"https://github.com/apache/tomcat/commit/6d478dbe18b7c4bb671c30fedf130309b0dab77c","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/6d478dbe18b7c4bb671c30fedf130309b0dab77c"},{"reference_url":"https://github.com/apache/tomcat/commit/f07df938d00f7419b40fa65aa912966d0efac522","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/f07df938d00f7419b40fa65aa912966d0efac522"},{"reference_url":"https://github.com/apache/tomcat/commit/fde1a8235fb73125217bd41e162aa0a113f33552","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/fde1a8235fb73125217bd41e162aa0a113f33552"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24880","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24880"},{"reference_url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53"},{"reference_url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20"},{"reference_url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116"},{"reference_url":"https://www.herodevs.com/vulnerability-directory/cve-2026-24880","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.herodevs.com/vulnerability-directory/cve-2026-24880"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/04/09/20","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/04/09/20"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356","reference_id":"1133356","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357","reference_id":"1133357","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457040","reference_id":"2457040","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457040"},{"reference_url":"https://lists.apache.org/thread/2c682qnlg2tv4o5knlggqbl9yc2gb5sn","reference_id":"2c682qnlg2tv4o5knlggqbl9yc2gb5sn","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:33:19Z/"}],"url":"https://lists.apache.org/thread/2c682qnlg2tv4o5knlggqbl9yc2gb5sn"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24880","reference_id":"CVE-2026-24880","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24880"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20405","reference_id":"RHSA-2026:20405","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20405"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20406","reference_id":"RHSA-2026:20406","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20406"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105884?format=json","purl":"pkg:deb/debian/tomcat11@11.0.15-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.15-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105881?format=json","purl":"pkg:deb/debian/tomcat11@11.0.21-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-s2kf-jwgc-pfas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.21-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105889?format=json","purl":"pkg:deb/debian/tomcat11@11.0.22-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.22-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105883?format=json","purl":"pkg:deb/debian/tomcat11@11.0.22-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.22-2%3Fdistro=trixie"}],"aliases":["CVE-2026-24880","GHSA-563x-q5rq-57qp"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t8tc-zb3w-57gv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/28351?format=json","vulnerability_id":"VCID-vnfg-9em7-u7ee","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34487.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34487.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34487","reference_id":"","reference_type":"","scores":[{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22184","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34487"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/301bc6efbf72feb14dacfdfa3f50372182736150","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/301bc6efbf72feb14dacfdfa3f50372182736150"},{"reference_url":"https://github.com/apache/tomcat/commit/5eff2a773b8b728083e5195b3183df1b9e12a03d","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/5eff2a773b8b728083e5195b3183df1b9e12a03d"},{"reference_url":"https://github.com/apache/tomcat/commit/f593292a082e5ef9336a8db2b4b522f7f3e36976","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/f593292a082e5ef9336a8db2b4b522f7f3e36976"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34487","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34487"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/04/09/28","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/04/09/28"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356","reference_id":"1133356","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357","reference_id":"1133357","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457038","reference_id":"2457038","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457038"},{"reference_url":"https://lists.apache.org/thread/4xpkwolpkrj8v5xzp5nyovtlqp3y850h","reference_id":"4xpkwolpkrj8v5xzp5nyovtlqp3y850h","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T17:47:28Z/"}],"url":"https://lists.apache.org/thread/4xpkwolpkrj8v5xzp5nyovtlqp3y850h"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34487","reference_id":"CVE-2026-34487","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34487"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20405","reference_id":"RHSA-2026:20405","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20405"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20406","reference_id":"RHSA-2026:20406","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20406"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105884?format=json","purl":"pkg:deb/debian/tomcat11@11.0.15-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.15-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105881?format=json","purl":"pkg:deb/debian/tomcat11@11.0.21-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-s2kf-jwgc-pfas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.21-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105889?format=json","purl":"pkg:deb/debian/tomcat11@11.0.22-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.22-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105883?format=json","purl":"pkg:deb/debian/tomcat11@11.0.22-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.22-2%3Fdistro=trixie"}],"aliases":["CVE-2026-34487","GHSA-x4m4-345f-5h5g"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vnfg-9em7-u7ee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25526?format=json","vulnerability_id":"VCID-vwn1-fgjk-p7bz","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-52520.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-52520.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-52520","reference_id":"","reference_type":"","scores":[{"value":"0.00683","scoring_system":"epss","scoring_elements":"0.72135","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-52520"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/927d66fbc294cb65242102b817a45fd80834e040","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/927d66fbc294cb65242102b817a45fd80834e040"},{"reference_url":"https://github.com/apache/tomcat/commit/a51e4bedccfafd35b7cdd0ee3e22267dee9f90db","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/a51e4bedccfafd35b7cdd0ee3e22267dee9f90db"},{"reference_url":"https://github.com/apache/tomcat/commit/fc42bbccb9041fafd194fbfdf3eab1d44cb5c45c","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/fc42bbccb9041fafd194fbfdf3eab1d44cb5c45c"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-52520","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-52520"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/07/10/12","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/07/10/12"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109111","reference_id":"1109111","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109111"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109112","reference_id":"1109112","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109112"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2379374","reference_id":"2379374","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2379374"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52520","reference_id":"CVE-2025-52520","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52520"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11695","reference_id":"RHSA-2025:11695","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11695"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11696","reference_id":"RHSA-2025:11696","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11696"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13685","reference_id":"RHSA-2025:13685","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:13685"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13686","reference_id":"RHSA-2025:13686","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:13686"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14177","reference_id":"RHSA-2025:14177","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14177"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14178","reference_id":"RHSA-2025:14178","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14178"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14179","reference_id":"RHSA-2025:14179","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14179"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14180","reference_id":"RHSA-2025:14180","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14180"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14181","reference_id":"RHSA-2025:14181","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14181"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14182","reference_id":"RHSA-2025:14182","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14182"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14183","reference_id":"RHSA-2025:14183","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14183"},{"reference_url":"https://lists.apache.org/thread/trqq01bbxw6c92zx69kx2mw2qgmfy0o5","reference_id":"trqq01bbxw6c92zx69kx2mw2qgmfy0o5","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-11T14:08:03Z/"}],"url":"https://lists.apache.org/thread/trqq01bbxw6c92zx69kx2mw2qgmfy0o5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105885?format=json","purl":"pkg:deb/debian/tomcat11@11.0.11-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.11-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105884?format=json","purl":"pkg:deb/debian/tomcat11@11.0.15-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.15-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105881?format=json","purl":"pkg:deb/debian/tomcat11@11.0.21-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-s2kf-jwgc-pfas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.21-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105883?format=json","purl":"pkg:deb/debian/tomcat11@11.0.22-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.22-2%3Fdistro=trixie"}],"aliases":["CVE-2025-52520","GHSA-wr62-c79q-cv37"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vwn1-fgjk-p7bz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/27390?format=json","vulnerability_id":"VCID-wgfy-cxth-fkas","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24733.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24733.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24733","reference_id":"","reference_type":"","scores":[{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37012","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24733"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/2e2fa23f2635bbb819759576a2f2f5e64ecf7c5f","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/2e2fa23f2635bbb819759576a2f2f5e64ecf7c5f"},{"reference_url":"https://github.com/apache/tomcat/commit/6c73d74ff281260d74c836370ff6b82f1da8048b","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/6c73d74ff281260d74c836370ff6b82f1da8048b"},{"reference_url":"https://github.com/apache/tomcat/commit/711b465cf22684a1acf0cb43501cdbbce9b6c5f4","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/711b465cf22684a1acf0cb43501cdbbce9b6c5f4"},{"reference_url":"https://tomcat.apache.org/security-10.html","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html"},{"reference_url":"https://tomcat.apache.org/security-11.html","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html"},{"reference_url":"https://tomcat.apache.org/security-9.html","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440437","reference_id":"2440437","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440437"},{"reference_url":"https://lists.apache.org/thread/6xk3t65qpn1myp618krtfotbjn1qt90f","reference_id":"6xk3t65qpn1myp618krtfotbjn1qt90f","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-21T21:16:58Z/"}],"url":"https://lists.apache.org/thread/6xk3t65qpn1myp618krtfotbjn1qt90f"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24733","reference_id":"CVE-2026-24733","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24733"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24733","reference_id":"CVE-2026-24733","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24733"},{"reference_url":"https://github.com/advisories/GHSA-qq5r-98hh-rxc9","reference_id":"GHSA-qq5r-98hh-rxc9","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qq5r-98hh-rxc9"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12194","reference_id":"RHSA-2026:12194","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12194"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12195","reference_id":"RHSA-2026:12195","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12195"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6569","reference_id":"RHSA-2026:6569","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6569"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8334","reference_id":"RHSA-2026:8334","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8334"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105884?format=json","purl":"pkg:deb/debian/tomcat11@11.0.15-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.15-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105887?format=json","purl":"pkg:deb/debian/tomcat11@11.0.15-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.15-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105881?format=json","purl":"pkg:deb/debian/tomcat11@11.0.21-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-s2kf-jwgc-pfas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.21-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105883?format=json","purl":"pkg:deb/debian/tomcat11@11.0.22-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.22-2%3Fdistro=trixie"}],"aliases":["CVE-2026-24733","GHSA-qq5r-98hh-rxc9"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wgfy-cxth-fkas"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25377?format=json","vulnerability_id":"VCID-xvbv-9ztw-mfcn","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-46701.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-46701.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-46701","reference_id":"","reference_type":"","scores":[{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.3228","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-46701"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/0f01966eb60015d975525019e12a087f05ebf01a","reference_id":"","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/0f01966eb60015d975525019e12a087f05ebf01a"},{"reference_url":"https://github.com/apache/tomcat/commit/238d2aa54b99f91d1111467e2237d2244c64e558","reference_id":"","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/238d2aa54b99f91d1111467e2237d2244c64e558"},{"reference_url":"https://github.com/apache/tomcat/commit/2c6800111e7d8d8d5403c07978ea9bff3db5a5a5","reference_id":"","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/2c6800111e7d8d8d5403c07978ea9bff3db5a5a5"},{"reference_url":"https://github.com/apache/tomcat/commit/8cb95ff03221067c511b3fa66d4f745bc4b0a605","reference_id":"","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/8cb95ff03221067c511b3fa66d4f745bc4b0a605"},{"reference_url":"https://github.com/apache/tomcat/commit/8df00018a252baa9497615d6420fb6c10466fa74","reference_id":"","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/8df00018a252baa9497615d6420fb6c10466fa74"},{"reference_url":"https://github.com/apache/tomcat/commit/fab7247d2f0e3a29d5daef565f829f383e10e5e2","reference_id":"","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/fab7247d2f0e3a29d5daef565f829f383e10e5e2"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-46701","reference_id":"","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-46701"},{"reference_url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.41","reference_id":"","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.41"},{"reference_url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.7","reference_id":"","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.7"},{"reference_url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.105","reference_id":"","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.105"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/05/29/4","reference_id":"","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/05/29/4"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106820","reference_id":"1106820","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106820"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106821","reference_id":"1106821","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106821"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2369253","reference_id":"2369253","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2369253"},{"reference_url":"https://security.archlinux.org/AVG-2888","reference_id":"AVG-2888","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2888"},{"reference_url":"https://security.archlinux.org/AVG-2889","reference_id":"AVG-2889","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2889"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46701","reference_id":"CVE-2025-46701","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46701"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:18536","reference_id":"RHSA-2026:18536","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:18536"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:18537","reference_id":"RHSA-2026:18537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:18537"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:18916","reference_id":"RHSA-2026:18916","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:18916"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2740","reference_id":"RHSA-2026:2740","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2740"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2741","reference_id":"RHSA-2026:2741","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2741"},{"reference_url":"https://usn.ubuntu.com/7705-1/","reference_id":"USN-7705-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7705-1/"},{"reference_url":"https://lists.apache.org/thread/xhqqk9w5q45srcdqhogdk04lhdscv30j","reference_id":"xhqqk9w5q45srcdqhogdk04lhdscv30j","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"1.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T14:58:21Z/"}],"url":"https://lists.apache.org/thread/xhqqk9w5q45srcdqhogdk04lhdscv30j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105885?format=json","purl":"pkg:deb/debian/tomcat11@11.0.11-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.11-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105884?format=json","purl":"pkg:deb/debian/tomcat11@11.0.15-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.15-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105881?format=json","purl":"pkg:deb/debian/tomcat11@11.0.21-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-s2kf-jwgc-pfas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.21-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105883?format=json","purl":"pkg:deb/debian/tomcat11@11.0.22-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.22-2%3Fdistro=trixie"}],"aliases":["CVE-2025-46701","GHSA-h2fw-rfh5-95r3"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xvbv-9ztw-mfcn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/23505?format=json","vulnerability_id":"VCID-zgcn-hta4-xfb2","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-31651.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-31651.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-31651","reference_id":"","reference_type":"","scores":[{"value":"0.00341","scoring_system":"epss","scoring_elements":"0.5719","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-31651"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/066bf6b6a15a4e7e0941d4acf096841165b97098","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/066bf6b6a15a4e7e0941d4acf096841165b97098"},{"reference_url":"https://github.com/apache/tomcat/commit/175dc75fc428930034a6c93fb52f830d955d8e64","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/175dc75fc428930034a6c93fb52f830d955d8e64"},{"reference_url":"https://github.com/apache/tomcat/commit/ee3ab548e92345eca0cbd1f01649eb36c6f29454","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/ee3ab548e92345eca0cbd1f01649eb36c6f29454"},{"reference_url":"https://github.com/apache/tomcat/commit/fbecc915a10c5a3d634c5e2c6ced4ff479ce9953","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/fbecc915a10c5a3d634c5e2c6ced4ff479ce9953"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-31651","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-31651"},{"reference_url":"https://tomcat.apache.org/security-10.html","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html"},{"reference_url":"https://tomcat.apache.org/security-11.html","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html"},{"reference_url":"https://tomcat.apache.org/security-9.html","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/04/28/3","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/04/28/3"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2362782","reference_id":"2362782","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2362782"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31651","reference_id":"CVE-2025-31651","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31651"},{"reference_url":"https://lists.apache.org/list.html?announce@tomcat.apache.org","reference_id":"list.html?announce@tomcat.apache.org","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-07-30T03:55:44Z/"}],"url":"https://lists.apache.org/list.html?announce@tomcat.apache.org"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19809","reference_id":"RHSA-2025:19809","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19809"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19810","reference_id":"RHSA-2025:19810","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19810"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22924","reference_id":"RHSA-2025:22924","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22924"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22925","reference_id":"RHSA-2025:22925","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22925"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23044","reference_id":"RHSA-2025:23044","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23044"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23045","reference_id":"RHSA-2025:23045","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23045"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23046","reference_id":"RHSA-2025:23046","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23046"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23047","reference_id":"RHSA-2025:23047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23048","reference_id":"RHSA-2025:23048","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23048"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23049","reference_id":"RHSA-2025:23049","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23049"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23050","reference_id":"RHSA-2025:23050","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23050"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23051","reference_id":"RHSA-2025:23051","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23051"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23052","reference_id":"RHSA-2025:23052","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23052"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23053","reference_id":"RHSA-2025:23053","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23053"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0292","reference_id":"RHSA-2026:0292","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0292"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0293","reference_id":"RHSA-2026:0293","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0293"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2724","reference_id":"RHSA-2026:2724","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2724"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2725","reference_id":"RHSA-2026:2725","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2725"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2726","reference_id":"RHSA-2026:2726","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2726"},{"reference_url":"https://usn.ubuntu.com/7705-1/","reference_id":"USN-7705-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7705-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/105882?format=json","purl":"pkg:deb/debian/tomcat11@11.0.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.6-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105884?format=json","purl":"pkg:deb/debian/tomcat11@11.0.15-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.15-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105881?format=json","purl":"pkg:deb/debian/tomcat11@11.0.21-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2n2k-sh22-fkfw"},{"vulnerability":"VCID-697g-gcg9-zyaa"},{"vulnerability":"VCID-97et-ubnp-wqcy"},{"vulnerability":"VCID-9xyf-k9wq-g7b9"},{"vulnerability":"VCID-dj7q-4map-ebg4"},{"vulnerability":"VCID-hv33-kv9q-gugf"},{"vulnerability":"VCID-s2kf-jwgc-pfas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.21-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/105883?format=json","purl":"pkg:deb/debian/tomcat11@11.0.22-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.22-2%3Fdistro=trixie"}],"aliases":["CVE-2025-31651","GHSA-ff77-26x5-69cr"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zgcn-hta4-xfb2"}],"risk_score":"4.4","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat11@11.0.21-1%3Fdistro=trixie"}