[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2025-46701":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":19,"aliases":20,"duplicate_of":9,"upstream":23,"downstream":24,"duplicates":61,"related":62,"reserved_at":9,"published_at":75,"modified_at":76,"state":77,"summary":78,"references_raw":87,"kevs":152,"epss":153,"epss_history":156,"metrics":433,"affected":445},"CVE-2025-46701","Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.6, from 10.1.0-M1 through 10.1.40, from 9.0.0.M1 through 9.0.104.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.7, 10.1.41 or 9.0.105, which fixes the issue.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-178","Improper Handling of Case Sensitivity","The product does not properly account for differences in case sensitivity when accessing or determining the properties of a resource, leading to inconsistent results.","weakness","Incomplete","Base",[],[],[21,22],"GHSA-h2fw-rfh5-95r3","BIT-tomcat-2025-46701",[],[25,27,29,31,33,35,37,39,41,43,45,47,49,51,53,55,57,59],{"_key":26},"SUSE-SU-2025:02214-1",{"_key":28},"SUSE-SU-2025:02261-1",{"_key":30},"DLA-4244-1",{"_key":32},"DSA-6120-1",{"_key":34},"DSA-6121-1",{"_key":36},"SUSE-SU-2025:02280-1",{"_key":38},"OPENSUSE-SU-2025:15301-1",{"_key":40},"OPENSUSE-SU-2025:15302-1",{"_key":42},"OPENSUSE-SU-2025:15303-1",{"_key":44},"SUSE-SU-2026:1058-1",{"_key":46},"MGASA-2025-0177",{"_key":48},"USN-7705-1",{"_key":50},"DEBIAN-CVE-2025-46701",{"_key":52},"RHSA-2026:18536",{"_key":54},"RHSA-2026:18537",{"_key":56},"RHSA-2026:18916",{"_key":58},"RHSA-2026:2740",{"_key":60},"UBUNTU-CVE-2025-46701",[],[63,64,65,66,67,68,69,70,71,73],{"_key":26},{"_key":28},{"_key":36},{"_key":38},{"_key":40},{"_key":42},{"_key":44},{"_key":46},{"_key":72},"CGA-M722-VHQR-X99V",{"_key":74},"CGA-6R6H-2XGC-32PM","2025-05-29T19:06:04.289Z","2025-11-03T20:04:34.067Z","Modified",{"cisa_kev":79,"cisa_ransomware":79,"cisa_vendor":9,"epss_severity":80,"epss_score":81,"severity":82,"severity_score":83,"severity_version":84,"severity_source":85,"severity_vector":86,"severity_status":77},false,"low",0.00132,"high",7.3,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",[88,97,102,106,111,115,119,123,127,131,135,140,144,148],{"url":89,"sources":90,"tags":93},"https://lists.apache.org/thread/xhqqk9w5q45srcdqhogdk04lhdscv30j",[85,91,92],"nvd","osv_maven",[94,95,96],"Vendor Advisory","Mailing List","WEB",{"url":98,"sources":99,"tags":100},"http://www.openwall.com/lists/oss-security/2025/05/29/4",[85,91,92],[95,101,96],"Third Party Advisory",{"url":103,"sources":104,"tags":105},"https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html",[85,91,92],[96],{"url":107,"sources":108,"tags":109},"https://nvd.nist.gov/vuln/detail/CVE-2025-46701",[92],[110],"Advisory",{"url":112,"sources":113,"tags":114},"https://github.com/apache/tomcat/commit/0f01966eb60015d975525019e12a087f05ebf01a",[92],[96],{"url":116,"sources":117,"tags":118},"https://github.com/apache/tomcat/commit/238d2aa54b99f91d1111467e2237d2244c64e558",[92],[96],{"url":120,"sources":121,"tags":122},"https://github.com/apache/tomcat/commit/2c6800111e7d8d8d5403c07978ea9bff3db5a5a5",[92],[96],{"url":124,"sources":125,"tags":126},"https://github.com/apache/tomcat/commit/8cb95ff03221067c511b3fa66d4f745bc4b0a605",[92],[96],{"url":128,"sources":129,"tags":130},"https://github.com/apache/tomcat/commit/8df00018a252baa9497615d6420fb6c10466fa74",[92],[96],{"url":132,"sources":133,"tags":134},"https://github.com/apache/tomcat/commit/fab7247d2f0e3a29d5daef565f829f383e10e5e2",[92],[96],{"url":136,"sources":137,"tags":138},"https://github.com/apache/tomcat",[92],[139],"PACKAGE",{"url":141,"sources":142,"tags":143},"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.41",[92],[96],{"url":145,"sources":146,"tags":147},"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.7",[92],[96],{"url":149,"sources":150,"tags":151},"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.105",[92],[96],[],{"date":154,"score":81,"percentile":155},"2026-06-04",0.32242,[157,161,164,168,171,174,177,180,183,186,189,192,195,198,201,205,208,211,215,218,221,225,228,231,234,237,240,242,246,249,252,255,258,261,264,267,270,273,276,279,282,285,287,290,293,296,299,302,305,308,312,315,318,320,323,326,329,332,334,338,341,344,347,350,353,356,359,362,365,368,371,374,377,380,383,386,390,393,396,399,402,405,408,411,414,417,420,423,426,429],{"date":158,"score":159,"percentile":160},"2025-11-04",0.00017,0.02998,{"date":162,"score":159,"percentile":163},"2025-11-05",0.03023,{"date":165,"score":166,"percentile":167},"2025-11-06",0.00018,0.03341,{"date":169,"score":166,"percentile":170},"2025-11-07",0.03347,{"date":172,"score":166,"percentile":173},"2025-11-08",0.0335,{"date":175,"score":166,"percentile":176},"2025-11-09",0.03354,{"date":178,"score":166,"percentile":179},"2025-11-10",0.03338,{"date":181,"score":166,"percentile":182},"2025-11-11",0.03366,{"date":184,"score":166,"percentile":185},"2025-11-12",0.03377,{"date":187,"score":166,"percentile":188},"2025-11-13",0.03411,{"date":190,"score":166,"percentile":191},"2025-11-14",0.03423,{"date":193,"score":166,"percentile":194},"2025-11-15",0.03453,{"date":196,"score":166,"percentile":197},"2025-11-16",0.0345,{"date":199,"score":166,"percentile":200},"2025-11-17",0.03435,{"date":202,"score":203,"percentile":204},"2025-11-18",0.00091,0.22152,{"date":206,"score":203,"percentile":207},"2025-11-19",0.22163,{"date":209,"score":203,"percentile":210},"2025-11-20",0.22171,{"date":212,"score":213,"percentile":214},"2025-11-21",0.0002,0.04163,{"date":216,"score":213,"percentile":217},"2025-11-22",0.04166,{"date":219,"score":213,"percentile":220},"2025-11-23",0.04159,{"date":222,"score":223,"percentile":224},"2025-11-24",0.00024,0.05447,{"date":226,"score":223,"percentile":227},"2025-11-25",0.05452,{"date":229,"score":223,"percentile":230},"2025-11-26",0.05479,{"date":232,"score":223,"percentile":233},"2025-11-27",0.05498,{"date":235,"score":223,"percentile":236},"2025-11-28",0.05477,{"date":238,"score":223,"percentile":239},"2025-11-29",0.0552,{"date":241,"score":223,"percentile":239},"2025-11-30",{"date":243,"score":244,"percentile":245},"2025-12-01",0.00031,0.08356,{"date":247,"score":244,"percentile":248},"2025-12-02",0.08373,{"date":250,"score":244,"percentile":251},"2025-12-03",0.08398,{"date":253,"score":223,"percentile":254},"2025-12-04",0.056,{"date":256,"score":223,"percentile":257},"2025-12-05",0.05665,{"date":259,"score":223,"percentile":260},"2025-12-06",0.05677,{"date":262,"score":223,"percentile":263},"2025-12-07",0.05672,{"date":265,"score":223,"percentile":266},"2025-12-08",0.05668,{"date":268,"score":223,"percentile":269},"2025-12-09",0.0571,{"date":271,"score":223,"percentile":272},"2025-12-10",0.05784,{"date":274,"score":223,"percentile":275},"2025-12-11",0.05779,{"date":277,"score":223,"percentile":278},"2025-12-12",0.05809,{"date":280,"score":223,"percentile":281},"2025-12-13",0.05849,{"date":283,"score":223,"percentile":284},"2025-12-14",0.0582,{"date":286,"score":223,"percentile":284},"2025-12-15",{"date":288,"score":223,"percentile":289},"2025-12-16",0.05838,{"date":291,"score":223,"percentile":292},"2025-12-17",0.05902,{"date":294,"score":223,"percentile":295},"2025-12-18",0.05949,{"date":297,"score":223,"percentile":298},"2025-12-19",0.05935,{"date":300,"score":223,"percentile":301},"2025-12-20",0.05928,{"date":303,"score":223,"percentile":304},"2025-12-21",0.05918,{"date":306,"score":223,"percentile":307},"2025-12-22",0.05886,{"date":309,"score":310,"percentile":311},"2025-12-23",0.00026,0.06518,{"date":313,"score":310,"percentile":314},"2025-12-24",0.0655,{"date":316,"score":310,"percentile":317},"2025-12-25",0.06612,{"date":319,"score":310,"percentile":317},"2025-12-26",{"date":321,"score":310,"percentile":322},"2025-12-27",0.06621,{"date":324,"score":310,"percentile":325},"2025-12-28",0.06609,{"date":327,"score":310,"percentile":328},"2025-12-29",0.06593,{"date":330,"score":310,"percentile":331},"2025-12-30",0.06575,{"date":333,"score":310,"percentile":322},"2025-12-31",{"date":335,"score":336,"percentile":337},"2026-01-01",0.00034,0.09574,{"date":339,"score":336,"percentile":340},"2026-01-02",0.0957,{"date":342,"score":336,"percentile":343},"2026-01-03",0.09555,{"date":345,"score":310,"percentile":346},"2026-01-04",0.0652,{"date":348,"score":310,"percentile":349},"2026-01-05",0.06465,{"date":351,"score":310,"percentile":352},"2026-01-06",0.06476,{"date":354,"score":310,"percentile":355},"2026-01-07",0.065,{"date":357,"score":310,"percentile":358},"2026-01-08",0.06556,{"date":360,"score":310,"percentile":361},"2026-01-09",0.06564,{"date":363,"score":310,"percentile":364},"2026-01-10",0.066,{"date":366,"score":310,"percentile":367},"2026-01-11",0.06587,{"date":369,"score":310,"percentile":370},"2026-01-12",0.06554,{"date":372,"score":310,"percentile":373},"2026-01-13",0.06539,{"date":375,"score":310,"percentile":376},"2026-01-14",0.06659,{"date":378,"score":310,"percentile":379},"2026-01-15",0.06665,{"date":381,"score":310,"percentile":382},"2026-01-16",0.06678,{"date":384,"score":310,"percentile":385},"2026-01-17",0.06682,{"date":387,"score":388,"percentile":389},"2026-01-18",0.00021,0.04841,{"date":391,"score":388,"percentile":392},"2026-01-19",0.04791,{"date":394,"score":388,"percentile":395},"2026-01-20",0.04754,{"date":397,"score":310,"percentile":398},"2026-01-21",0.06588,{"date":400,"score":310,"percentile":401},"2026-01-22",0.06557,{"date":403,"score":310,"percentile":404},"2026-01-23",0.06625,{"date":406,"score":310,"percentile":407},"2026-01-24",0.06668,{"date":409,"score":310,"percentile":410},"2026-01-25",0.0664,{"date":412,"score":310,"percentile":413},"2026-01-26",0.06622,{"date":415,"score":310,"percentile":416},"2026-01-27",0.0661,{"date":418,"score":310,"percentile":419},"2026-01-28",0.06586,{"date":421,"score":310,"percentile":422},"2026-01-29",0.06584,{"date":424,"score":310,"percentile":425},"2026-01-30",0.06601,{"date":427,"score":310,"percentile":428},"2026-01-31",0.06616,{"date":430,"score":431,"percentile":432},"2026-02-01",0.00037,0.10621,[434,439,441],{"source":85,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":435,"cvss_v4_0":9},{"baseScore":83,"baseSeverity":436,"vectorString":86,"impactScore":437,"exploitabilityScore":438},"HIGH",5.7,10,{"source":91,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":440,"cvss_v4_0":9},{"baseScore":83,"baseSeverity":436,"vectorString":86,"impactScore":437,"exploitabilityScore":438},{"source":92,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":442},{"baseScore":443,"baseSeverity":9,"vectorString":444,"impactScore":9,"exploitabilityScore":9},6.3,"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear",[446,470,487,503],{"ecosystem":9,"name":447,"vendor":448,"product":449,"cpe_part":450,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":451},"Apache Tomcat","apache software foundation","apache tomcat","a",[452,458,462,466],{"version":453,"is_range":454,"range_type":85,"version_start":455,"version_start_type":456,"version_end":457,"version_end_type":456,"fixed_in":9},">= 11.0.0-M1, \u003C= 11.0.6",true,"11.0.0-M1","including","11.0.6",{"version":459,"is_range":454,"range_type":85,"version_start":460,"version_start_type":456,"version_end":461,"version_end_type":456,"fixed_in":9},">= 10.1.0-M1, \u003C= 10.1.40","10.1.0-M1","10.1.40",{"version":463,"is_range":454,"range_type":85,"version_start":464,"version_start_type":456,"version_end":465,"version_end_type":456,"fixed_in":9},">= 9.0.0.M1, \u003C= 9.0.104","9.0.0.M1","9.0.104",{"version":467,"is_range":454,"range_type":85,"version_start":468,"version_start_type":456,"version_end":469,"version_end_type":456,"fixed_in":9},">= 8.5.0, \u003C= 8.5.100","8.5.0","8.5.100",{"ecosystem":9,"name":471,"vendor":9,"product":471,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":472},"Tomcat",[473,479,483],{"version":474,"is_range":454,"range_type":475,"version_start":476,"version_start_type":456,"version_end":477,"version_end_type":478,"fixed_in":9},"gte9.0.0_lt9.0.105","cpe","9.0.0","9.0.105","excluding",{"version":480,"is_range":454,"range_type":475,"version_start":481,"version_start_type":456,"version_end":482,"version_end_type":478,"fixed_in":9},"gte10.1.0_lt10.1.41","10.1.0","10.1.41",{"version":484,"is_range":454,"range_type":475,"version_start":485,"version_start_type":456,"version_end":486,"version_end_type":478,"fixed_in":9},"gte11.0.0_lt11.0.7","11.0.0","11.0.7",{"ecosystem":488,"name":489,"vendor":490,"product":491,"cpe_part":9,"purl_type":492,"purl_namespace":490,"purl_name":491,"source":9,"versions":493},"Maven","org.apache.tomcat:tomcat-catalina","org.apache.tomcat","tomcat-catalina","maven",[494,497,499,501],{"version":495,"is_range":454,"range_type":496,"version_start":464,"version_start_type":456,"version_end":477,"version_end_type":478,"fixed_in":9},"gte9_0_0_M1_lt9_0_105","ecosystem",{"version":498,"is_range":454,"range_type":496,"version_start":460,"version_start_type":456,"version_end":482,"version_end_type":478,"fixed_in":9},"gte10_1_0_M1_lt10_1_41",{"version":500,"is_range":454,"range_type":496,"version_start":455,"version_start_type":456,"version_end":486,"version_end_type":478,"fixed_in":9},"gte11_0_0_M1_lt11_0_7",{"version":502,"is_range":454,"range_type":496,"version_start":468,"version_start_type":456,"version_end":469,"version_end_type":456,"fixed_in":9},"gte8_5_0_lte8_5_100",{"ecosystem":488,"name":504,"vendor":505,"product":506,"cpe_part":9,"purl_type":492,"purl_namespace":505,"purl_name":506,"source":9,"versions":507},"org.apache.tomcat.embed:tomcat-embed-core","org.apache.tomcat.embed","tomcat-embed-core",[508,509,510,511],{"version":495,"is_range":454,"range_type":496,"version_start":464,"version_start_type":456,"version_end":477,"version_end_type":478,"fixed_in":9},{"version":498,"is_range":454,"range_type":496,"version_start":460,"version_start_type":456,"version_end":482,"version_end_type":478,"fixed_in":9},{"version":500,"is_range":454,"range_type":496,"version_start":455,"version_start_type":456,"version_end":486,"version_end_type":478,"fixed_in":9},{"version":502,"is_range":454,"range_type":496,"version_start":468,"version_start_type":456,"version_end":469,"version_end_type":456,"fixed_in":9}]