{"url":"http://public2.vulnerablecode.io/api/packages/1067267?format=json","purl":"pkg:deb/debian/tomcat10@10.1.34-0%2Bdeb12u2","type":"deb","namespace":"debian","name":"tomcat10","version":"10.1.34-0+deb12u2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"10.1.40-1~bpo12+1","latest_non_vulnerable_version":"10.1.54-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/351083?format=json","vulnerability_id":"VCID-2rmy-13ym-3bgm","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34483.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34483.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34483","reference_id":"","reference_type":"","scores":[{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08832","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08846","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08877","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.2368","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24008","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.23995","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.23977","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.23854","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.23843","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.23801","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34483"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/97566842589d0b80de138ca719378861fd017d68","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/97566842589d0b80de138ca719378861fd017d68"},{"reference_url":"https://github.com/apache/tomcat/commit/f22dc2ce6cfda8609ed86816c0d78e1a9cbadb06","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/f22dc2ce6cfda8609ed86816c0d78e1a9cbadb06"},{"reference_url":"https://github.com/apache/tomcat/commit/f9ddc24fcfcdfaea4a6953198d8636aca3e957bc","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/f9ddc24fcfcdfaea4a6953198d8636aca3e957bc"},{"reference_url":"https://lists.apache.org/thread/j1w7304yonlr8vo1tkb5nfs7od1y228b","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:16:32Z/"}],"url":"https://lists.apache.org/thread/j1w7304yonlr8vo1tkb5nfs7od1y228b"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34483","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34483"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/04/09/26","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/04/09/26"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356","reference_id":"1133356","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357","reference_id":"1133357","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457044","reference_id":"2457044","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457044"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34483","reference_id":"CVE-2026-34483","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34483"},{"reference_url":"https://github.com/advisories/GHSA-rv64-5gf8-9qq8","reference_id":"GHSA-rv64-5gf8-9qq8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rv64-5gf8-9qq8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1067268?format=json","purl":"pkg:deb/debian/tomcat10@10.1.40-1~bpo12%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.40-1~bpo12%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/1067270?format=json","purl":"pkg:deb/debian/tomcat10@10.1.52-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rmy-13ym-3bgm"},{"vulnerability":"VCID-35xg-a746-5qgc"},{"vulnerability":"VCID-74tx-sx8a-guhs"},{"vulnerability":"VCID-8e1c-rbkg-v7c2"},{"vulnerability":"VCID-d1fm-vbd1-n7au"},{"vulnerability":"VCID-gyed-x6s8-ybhr"},{"vulnerability":"VCID-rsxs-u5cc-rkgj"},{"vulnerability":"VCID-yrzk-1dbk-muhy"},{"vulnerability":"VCID-zw2q-kna8-mqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.52-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1067271?format=json","purl":"pkg:deb/debian/tomcat10@10.1.54-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.54-1"}],"aliases":["CVE-2026-34483","GHSA-rv64-5gf8-9qq8"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2rmy-13ym-3bgm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/351086?format=json","vulnerability_id":"VCID-35xg-a746-5qgc","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-29129.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-29129.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-29129","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05775","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05781","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05789","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08383","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08343","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08327","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08483","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08477","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08441","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08434","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-29129"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/5cfa876d73f1ff5f4dc8309c4320f684cbeff74e","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/5cfa876d73f1ff5f4dc8309c4320f684cbeff74e"},{"reference_url":"https://github.com/apache/tomcat/commit/6db238562ec36ab1106db4d04843f8b33e7a0c06","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/6db238562ec36ab1106db4d04843f8b33e7a0c06"},{"reference_url":"https://github.com/apache/tomcat/commit/8d69b33764dba81dce89e3a768de6093a35620ae","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/8d69b33764dba81dce89e3a768de6093a35620ae"},{"reference_url":"https://lists.apache.org/thread/r4h1t6f8xhxsxfm6c2z5cprolsosho3f","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:05:39Z/"}],"url":"https://lists.apache.org/thread/r4h1t6f8xhxsxfm6c2z5cprolsosho3f"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-29129","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-29129"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/04/09/22","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/04/09/22"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356","reference_id":"1133356","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357","reference_id":"1133357","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457031","reference_id":"2457031","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457031"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29129","reference_id":"CVE-2026-29129","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29129"},{"reference_url":"https://github.com/advisories/GHSA-69cc-cv78-qc8g","reference_id":"GHSA-69cc-cv78-qc8g","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-69cc-cv78-qc8g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1067268?format=json","purl":"pkg:deb/debian/tomcat10@10.1.40-1~bpo12%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.40-1~bpo12%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/1067270?format=json","purl":"pkg:deb/debian/tomcat10@10.1.52-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rmy-13ym-3bgm"},{"vulnerability":"VCID-35xg-a746-5qgc"},{"vulnerability":"VCID-74tx-sx8a-guhs"},{"vulnerability":"VCID-8e1c-rbkg-v7c2"},{"vulnerability":"VCID-d1fm-vbd1-n7au"},{"vulnerability":"VCID-gyed-x6s8-ybhr"},{"vulnerability":"VCID-rsxs-u5cc-rkgj"},{"vulnerability":"VCID-yrzk-1dbk-muhy"},{"vulnerability":"VCID-zw2q-kna8-mqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.52-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1067271?format=json","purl":"pkg:deb/debian/tomcat10@10.1.54-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.54-1"}],"aliases":["CVE-2026-29129","GHSA-69cc-cv78-qc8g"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-35xg-a746-5qgc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/351085?format=json","vulnerability_id":"VCID-74tx-sx8a-guhs","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-29145.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-29145.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-29145","reference_id":"","reference_type":"","scores":[{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10025","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10086","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10143","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10165","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19636","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19588","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19529","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.3096","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30907","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30941","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-29145"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/721591f7bff424c693f26adc18ae9b9abac3655b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/721591f7bff424c693f26adc18ae9b9abac3655b"},{"reference_url":"https://github.com/apache/tomcat/commit/d1406df5ae0326f39f54c3f64ac30d8fca55cd5b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/d1406df5ae0326f39f54c3f64ac30d8fca55cd5b"},{"reference_url":"https://github.com/apache/tomcat/commit/fe26667cd2385045ac73f4dea086cc9971209b90","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/fe26667cd2385045ac73f4dea086cc9971209b90"},{"reference_url":"https://lists.apache.org/thread/yz5fxmhd2j43wgqykssdo7kltws57jfz","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:10:50Z/"}],"url":"https://lists.apache.org/thread/yz5fxmhd2j43wgqykssdo7kltws57jfz"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-29145","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-29145"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/04/09/23","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/04/09/23"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356","reference_id":"1133356","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357","reference_id":"1133357","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457037","reference_id":"2457037","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457037"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29145","reference_id":"CVE-2026-29145","reference_type":"","scores":[{"value":"Moderate","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29145"},{"reference_url":"https://github.com/advisories/GHSA-95jq-rwvf-vjx4","reference_id":"GHSA-95jq-rwvf-vjx4","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-95jq-rwvf-vjx4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1067268?format=json","purl":"pkg:deb/debian/tomcat10@10.1.40-1~bpo12%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.40-1~bpo12%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/1067270?format=json","purl":"pkg:deb/debian/tomcat10@10.1.52-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rmy-13ym-3bgm"},{"vulnerability":"VCID-35xg-a746-5qgc"},{"vulnerability":"VCID-74tx-sx8a-guhs"},{"vulnerability":"VCID-8e1c-rbkg-v7c2"},{"vulnerability":"VCID-d1fm-vbd1-n7au"},{"vulnerability":"VCID-gyed-x6s8-ybhr"},{"vulnerability":"VCID-rsxs-u5cc-rkgj"},{"vulnerability":"VCID-yrzk-1dbk-muhy"},{"vulnerability":"VCID-zw2q-kna8-mqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.52-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1067271?format=json","purl":"pkg:deb/debian/tomcat10@10.1.54-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.54-1"}],"aliases":["CVE-2026-29145","GHSA-95jq-rwvf-vjx4"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-74tx-sx8a-guhs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/351079?format=json","vulnerability_id":"VCID-8e1c-rbkg-v7c2","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34500.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34500.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34500","reference_id":"","reference_type":"","scores":[{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15542","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15605","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.1564","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.3627","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36804","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36787","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36727","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36504","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36473","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36384","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34500"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/29b56a56ce9e7d044b6162a99af0f38529b3a208","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/29b56a56ce9e7d044b6162a99af0f38529b3a208"},{"reference_url":"https://github.com/apache/tomcat/commit/c13e60e732ea6d07087293a41ad1866c20848271","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/c13e60e732ea6d07087293a41ad1866c20848271"},{"reference_url":"https://github.com/apache/tomcat/commit/ff589ab26e8250a2ca4286d986305318c033ff9f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/ff589ab26e8250a2ca4286d986305318c033ff9f"},{"reference_url":"https://lists.apache.org/thread/7rcl4zdxryc8hy3htyfyxkbqpxjtfdl2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T14:21:50Z/"}],"url":"https://lists.apache.org/thread/7rcl4zdxryc8hy3htyfyxkbqpxjtfdl2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34500","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34500"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/04/09/29","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/04/09/29"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356","reference_id":"1133356","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357","reference_id":"1133357","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457043","reference_id":"2457043","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457043"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34500","reference_id":"CVE-2026-34500","reference_type":"","scores":[{"value":"Moderate","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34500"},{"reference_url":"https://github.com/advisories/GHSA-24j9-x2wg-9qv6","reference_id":"GHSA-24j9-x2wg-9qv6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-24j9-x2wg-9qv6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1067268?format=json","purl":"pkg:deb/debian/tomcat10@10.1.40-1~bpo12%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.40-1~bpo12%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/1067270?format=json","purl":"pkg:deb/debian/tomcat10@10.1.52-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rmy-13ym-3bgm"},{"vulnerability":"VCID-35xg-a746-5qgc"},{"vulnerability":"VCID-74tx-sx8a-guhs"},{"vulnerability":"VCID-8e1c-rbkg-v7c2"},{"vulnerability":"VCID-d1fm-vbd1-n7au"},{"vulnerability":"VCID-gyed-x6s8-ybhr"},{"vulnerability":"VCID-rsxs-u5cc-rkgj"},{"vulnerability":"VCID-yrzk-1dbk-muhy"},{"vulnerability":"VCID-zw2q-kna8-mqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.52-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1067271?format=json","purl":"pkg:deb/debian/tomcat10@10.1.54-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.54-1"}],"aliases":["CVE-2026-34500","GHSA-24j9-x2wg-9qv6"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8e1c-rbkg-v7c2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/351080?format=json","vulnerability_id":"VCID-d1fm-vbd1-n7au","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34487.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34487.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34487","reference_id":"","reference_type":"","scores":[{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08832","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08846","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08877","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.2368","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24008","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.23995","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.23977","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.23854","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.23843","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.23801","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34487"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/301bc6efbf72feb14dacfdfa3f50372182736150","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/301bc6efbf72feb14dacfdfa3f50372182736150"},{"reference_url":"https://github.com/apache/tomcat/commit/5eff2a773b8b728083e5195b3183df1b9e12a03d","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/5eff2a773b8b728083e5195b3183df1b9e12a03d"},{"reference_url":"https://github.com/apache/tomcat/commit/f593292a082e5ef9336a8db2b4b522f7f3e36976","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/f593292a082e5ef9336a8db2b4b522f7f3e36976"},{"reference_url":"https://lists.apache.org/thread/4xpkwolpkrj8v5xzp5nyovtlqp3y850h","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T17:47:28Z/"}],"url":"https://lists.apache.org/thread/4xpkwolpkrj8v5xzp5nyovtlqp3y850h"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34487","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34487"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/04/09/28","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/04/09/28"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356","reference_id":"1133356","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357","reference_id":"1133357","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457038","reference_id":"2457038","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457038"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34487","reference_id":"CVE-2026-34487","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34487"},{"reference_url":"https://github.com/advisories/GHSA-x4m4-345f-5h5g","reference_id":"GHSA-x4m4-345f-5h5g","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x4m4-345f-5h5g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1067268?format=json","purl":"pkg:deb/debian/tomcat10@10.1.40-1~bpo12%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.40-1~bpo12%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/1067270?format=json","purl":"pkg:deb/debian/tomcat10@10.1.52-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rmy-13ym-3bgm"},{"vulnerability":"VCID-35xg-a746-5qgc"},{"vulnerability":"VCID-74tx-sx8a-guhs"},{"vulnerability":"VCID-8e1c-rbkg-v7c2"},{"vulnerability":"VCID-d1fm-vbd1-n7au"},{"vulnerability":"VCID-gyed-x6s8-ybhr"},{"vulnerability":"VCID-rsxs-u5cc-rkgj"},{"vulnerability":"VCID-yrzk-1dbk-muhy"},{"vulnerability":"VCID-zw2q-kna8-mqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.52-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1067271?format=json","purl":"pkg:deb/debian/tomcat10@10.1.54-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.54-1"}],"aliases":["CVE-2026-34487","GHSA-x4m4-345f-5h5g"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d1fm-vbd1-n7au"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/351088?format=json","vulnerability_id":"VCID-gyed-x6s8-ybhr","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24880.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24880.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24880","reference_id":"","reference_type":"","scores":[{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08199","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08236","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08216","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43706","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43827","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43912","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43909","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43957","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44021","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44031","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24880"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/1b586d6aa8ae65726da5fa8799427b5d4718478a","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/1b586d6aa8ae65726da5fa8799427b5d4718478a"},{"reference_url":"https://github.com/apache/tomcat/commit/1e71441a15972f56e661b0b549fb9e5d838b83bb","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/1e71441a15972f56e661b0b549fb9e5d838b83bb"},{"reference_url":"https://github.com/apache/tomcat/commit/2cb06c34f661ca42f7570bbcc21e99806184bcc5","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/2cb06c34f661ca42f7570bbcc21e99806184bcc5"},{"reference_url":"https://github.com/apache/tomcat/commit/6d478dbe18b7c4bb671c30fedf130309b0dab77c","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/6d478dbe18b7c4bb671c30fedf130309b0dab77c"},{"reference_url":"https://github.com/apache/tomcat/commit/f07df938d00f7419b40fa65aa912966d0efac522","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/f07df938d00f7419b40fa65aa912966d0efac522"},{"reference_url":"https://github.com/apache/tomcat/commit/fde1a8235fb73125217bd41e162aa0a113f33552","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/fde1a8235fb73125217bd41e162aa0a113f33552"},{"reference_url":"https://lists.apache.org/thread/2c682qnlg2tv4o5knlggqbl9yc2gb5sn","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:33:19Z/"}],"url":"https://lists.apache.org/thread/2c682qnlg2tv4o5knlggqbl9yc2gb5sn"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24880","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24880"},{"reference_url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53"},{"reference_url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20"},{"reference_url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/04/09/20","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/04/09/20"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356","reference_id":"1133356","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357","reference_id":"1133357","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457040","reference_id":"2457040","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457040"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24880","reference_id":"CVE-2026-24880","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24880"},{"reference_url":"https://www.herodevs.com/vulnerability-directory/cve-2026-24880","reference_id":"CVE-2026-24880","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.herodevs.com/vulnerability-directory/cve-2026-24880"},{"reference_url":"https://github.com/advisories/GHSA-563x-q5rq-57qp","reference_id":"GHSA-563x-q5rq-57qp","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-563x-q5rq-57qp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1067268?format=json","purl":"pkg:deb/debian/tomcat10@10.1.40-1~bpo12%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.40-1~bpo12%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/1067270?format=json","purl":"pkg:deb/debian/tomcat10@10.1.52-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rmy-13ym-3bgm"},{"vulnerability":"VCID-35xg-a746-5qgc"},{"vulnerability":"VCID-74tx-sx8a-guhs"},{"vulnerability":"VCID-8e1c-rbkg-v7c2"},{"vulnerability":"VCID-d1fm-vbd1-n7au"},{"vulnerability":"VCID-gyed-x6s8-ybhr"},{"vulnerability":"VCID-rsxs-u5cc-rkgj"},{"vulnerability":"VCID-yrzk-1dbk-muhy"},{"vulnerability":"VCID-zw2q-kna8-mqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.52-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1067271?format=json","purl":"pkg:deb/debian/tomcat10@10.1.54-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.54-1"}],"aliases":["CVE-2026-24880","GHSA-563x-q5rq-57qp"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gyed-x6s8-ybhr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/351084?format=json","vulnerability_id":"VCID-rsxs-u5cc-rkgj","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32990.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32990.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32990","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12404","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12443","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12364","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40214","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40368","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40399","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40293","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.39982","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40121","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40202","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32990"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/021d1f833e38b683a44688f7b28f1f27e8e37c36","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/021d1f833e38b683a44688f7b28f1f27e8e37c36"},{"reference_url":"https://github.com/apache/tomcat/commit/4d0615a5c718c260d6d4e0b944a050f09a490c02","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/4d0615a5c718c260d6d4e0b944a050f09a490c02"},{"reference_url":"https://github.com/apache/tomcat/commit/95f7778248cac46d03e6af04de9c72a598be3a53","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/95f7778248cac46d03e6af04de9c72a598be3a53"},{"reference_url":"https://lists.apache.org/thread/1nl9zqft0ksqlhlkd3j4obyjz1ghoyn7","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:38:40Z/"}],"url":"https://lists.apache.org/thread/1nl9zqft0ksqlhlkd3j4obyjz1ghoyn7"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32990","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32990"},{"reference_url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53"},{"reference_url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20"},{"reference_url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356","reference_id":"1133356","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357","reference_id":"1133357","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457025","reference_id":"2457025","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457025"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32990","reference_id":"CVE-2026-32990","reference_type":"","scores":[{"value":"Moderate","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32990"},{"reference_url":"https://www.herodevs.com/vulnerability-directory/cve-2026-32990","reference_id":"CVE-2026-32990","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.herodevs.com/vulnerability-directory/cve-2026-32990"},{"reference_url":"https://github.com/advisories/GHSA-8mc5-53m5-3qj2","reference_id":"GHSA-8mc5-53m5-3qj2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8mc5-53m5-3qj2"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12194","reference_id":"RHSA-2026:12194","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12194"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12195","reference_id":"RHSA-2026:12195","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12195"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1067268?format=json","purl":"pkg:deb/debian/tomcat10@10.1.40-1~bpo12%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.40-1~bpo12%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/1067270?format=json","purl":"pkg:deb/debian/tomcat10@10.1.52-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rmy-13ym-3bgm"},{"vulnerability":"VCID-35xg-a746-5qgc"},{"vulnerability":"VCID-74tx-sx8a-guhs"},{"vulnerability":"VCID-8e1c-rbkg-v7c2"},{"vulnerability":"VCID-d1fm-vbd1-n7au"},{"vulnerability":"VCID-gyed-x6s8-ybhr"},{"vulnerability":"VCID-rsxs-u5cc-rkgj"},{"vulnerability":"VCID-yrzk-1dbk-muhy"},{"vulnerability":"VCID-zw2q-kna8-mqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.52-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1067271?format=json","purl":"pkg:deb/debian/tomcat10@10.1.54-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.54-1"}],"aliases":["CVE-2026-32990","GHSA-8mc5-53m5-3qj2"],"risk_score":3.3,"exploitability":"0.5","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rsxs-u5cc-rkgj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/351081?format=json","vulnerability_id":"VCID-yrzk-1dbk-muhy","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-29146.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-29146.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-29146","reference_id":"","reference_type":"","scores":[{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08832","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08846","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08877","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.2843","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.27903","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28063","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28141","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28454","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28253","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28379","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-29146"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/0112ed22abfccc3d54e44d91eb08804d0886acd1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/0112ed22abfccc3d54e44d91eb08804d0886acd1"},{"reference_url":"https://github.com/apache/tomcat/commit/1fab40ccc752e22639eccfe290d5624afad7eccd","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/1fab40ccc752e22639eccfe290d5624afad7eccd"},{"reference_url":"https://github.com/apache/tomcat/commit/55f3eb9148233054fccfdf761141c6894a050be1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/55f3eb9148233054fccfdf761141c6894a050be1"},{"reference_url":"https://github.com/apache/tomcat/commit/607ebc0fa522bd9e8c05517baa2d179bbd1e659c","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/607ebc0fa522bd9e8c05517baa2d179bbd1e659c"},{"reference_url":"https://github.com/apache/tomcat/commit/6d955cceca841f2eabf2d6c46b59a8c7e1cd6eaa","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/6d955cceca841f2eabf2d6c46b59a8c7e1cd6eaa"},{"reference_url":"https://github.com/apache/tomcat/commit/776e12b3e2b0b4507b8a3b62c187ceb0b74bf418","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/776e12b3e2b0b4507b8a3b62c187ceb0b74bf418"},{"reference_url":"https://lists.apache.org/thread/lzt04z2pb3dc5tk85obn80xygw3z1p0w","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:17:02Z/"}],"url":"https://lists.apache.org/thread/lzt04z2pb3dc5tk85obn80xygw3z1p0w"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-29146","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-29146"},{"reference_url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53"},{"reference_url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20"},{"reference_url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/04/09/24","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/04/09/24"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356","reference_id":"1133356","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357","reference_id":"1133357","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457020","reference_id":"2457020","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457020"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29146","reference_id":"CVE-2026-29146","reference_type":"","scores":[{"value":"Important","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29146"},{"reference_url":"https://www.herodevs.com/vulnerability-directory/cve-2026-29146","reference_id":"CVE-2026-29146","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.herodevs.com/vulnerability-directory/cve-2026-29146"},{"reference_url":"https://github.com/advisories/GHSA-h468-7pvh-8vr8","reference_id":"GHSA-h468-7pvh-8vr8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h468-7pvh-8vr8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1067268?format=json","purl":"pkg:deb/debian/tomcat10@10.1.40-1~bpo12%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.40-1~bpo12%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/1067270?format=json","purl":"pkg:deb/debian/tomcat10@10.1.52-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rmy-13ym-3bgm"},{"vulnerability":"VCID-35xg-a746-5qgc"},{"vulnerability":"VCID-74tx-sx8a-guhs"},{"vulnerability":"VCID-8e1c-rbkg-v7c2"},{"vulnerability":"VCID-d1fm-vbd1-n7au"},{"vulnerability":"VCID-gyed-x6s8-ybhr"},{"vulnerability":"VCID-rsxs-u5cc-rkgj"},{"vulnerability":"VCID-yrzk-1dbk-muhy"},{"vulnerability":"VCID-zw2q-kna8-mqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.52-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1067271?format=json","purl":"pkg:deb/debian/tomcat10@10.1.54-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.54-1"}],"aliases":["CVE-2026-29146","GHSA-h468-7pvh-8vr8"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yrzk-1dbk-muhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/351087?format=json","vulnerability_id":"VCID-zw2q-kna8-mqcm","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25854.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25854.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25854","reference_id":"","reference_type":"","scores":[{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07234","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10373","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10425","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10485","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10487","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10503","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10375","published_at":"2026-04-18T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00834","published_at":"2026-04-11T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00829","published_at":"2026-04-13T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00828","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25854"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat/commit/4c5d306001b780c9316aea5ff6502c524fb20695","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/4c5d306001b780c9316aea5ff6502c524fb20695"},{"reference_url":"https://github.com/apache/tomcat/commit/5fb910f9a9dafa37a0c0965a1bd62a21dcf437f2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/5fb910f9a9dafa37a0c0965a1bd62a21dcf437f2"},{"reference_url":"https://github.com/apache/tomcat/commit/c5a45ae68d07f7a07be2a875e5b6772d66c4e5d0","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat/commit/c5a45ae68d07f7a07be2a875e5b6772d66c4e5d0"},{"reference_url":"https://lists.apache.org/thread/ghct3b6o74bp2vm7q875s1zh0dqrz3h0","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:21:57Z/"}],"url":"https://lists.apache.org/thread/ghct3b6o74bp2vm7q875s1zh0dqrz3h0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25854","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25854"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/04/09/21","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/04/09/21"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356","reference_id":"1133356","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357","reference_id":"1133357","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457039","reference_id":"2457039","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25854","reference_id":"CVE-2026-25854","reference_type":"","scores":[{"value":"Low","scoring_system":"apache_tomcat","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25854"},{"reference_url":"https://github.com/advisories/GHSA-9m3c-qcxr-9x87","reference_id":"GHSA-9m3c-qcxr-9x87","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9m3c-qcxr-9x87"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1067268?format=json","purl":"pkg:deb/debian/tomcat10@10.1.40-1~bpo12%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.40-1~bpo12%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/1067270?format=json","purl":"pkg:deb/debian/tomcat10@10.1.52-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rmy-13ym-3bgm"},{"vulnerability":"VCID-35xg-a746-5qgc"},{"vulnerability":"VCID-74tx-sx8a-guhs"},{"vulnerability":"VCID-8e1c-rbkg-v7c2"},{"vulnerability":"VCID-d1fm-vbd1-n7au"},{"vulnerability":"VCID-gyed-x6s8-ybhr"},{"vulnerability":"VCID-rsxs-u5cc-rkgj"},{"vulnerability":"VCID-yrzk-1dbk-muhy"},{"vulnerability":"VCID-zw2q-kna8-mqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.52-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1067271?format=json","purl":"pkg:deb/debian/tomcat10@10.1.54-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.54-1"}],"aliases":["CVE-2026-25854","GHSA-9m3c-qcxr-9x87"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zw2q-kna8-mqcm"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tomcat10@10.1.34-0%252Bdeb12u2"}