[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2025-53506":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":86,"aliases":87,"duplicate_of":9,"upstream":90,"downstream":91,"duplicates":138,"related":139,"reserved_at":9,"published_at":153,"modified_at":154,"state":155,"summary":156,"references_raw":165,"kevs":206,"epss":207,"epss_history":210,"metrics":488,"affected":498},"CVE-2025-53506","Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Other EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-400","Uncontrolled Resource Consumption","The product does not properly control the allocation and maintenance of a limited resource.","weakness","Draft","Class","High",[20,24,82],{"id":21,"name":22,"techniques":23},"CAPEC-147","XML Ping of the Death",[],{"id":25,"name":26,"techniques":27},"CAPEC-227","Sustained Client Engagement",[28],{"id":29,"name":30,"tactics":31,"countermeasures":35},"T1499","Endpoint Denial of Service",[32],{"id":33,"name":34},"TA0105","Impact",[36,41,45,49,53,57,61,65,69,73,78],{"id":37,"name":38,"tactic":39},"D3-UGLPA","User Geolocation Logon Pattern Analysis",{"name":40},"Detect",{"id":42,"name":43,"tactic":44},"D3-PMAD","Protocol Metadata Anomaly Detection",{"name":40},{"id":46,"name":47,"tactic":48},"D3-CSPP","Client-server Payload Profiling",{"name":40},{"id":50,"name":51,"tactic":52},"D3-PHDURA","Per Host Download-Upload Ratio Analysis",{"name":40},{"id":54,"name":55,"tactic":56},"D3-NTSA","Network Traffic Signature Analysis",{"name":40},{"id":58,"name":59,"tactic":60},"D3-APCA","Application Protocol Command Analysis",{"name":40},{"id":62,"name":63,"tactic":64},"D3-NTCD","Network Traffic Community Deviation",{"name":40},{"id":66,"name":67,"tactic":68},"D3-RTSD","Remote Terminal Session Detection",{"name":40},{"id":70,"name":71,"tactic":72},"D3-ISVA","Inbound Session Volume Analysis",{"name":40},{"id":74,"name":75,"tactic":76},"D3-NTF","Network Traffic Filtering",{"name":77},"Isolate",{"id":79,"name":80,"tactic":81},"D3-ITF","Inbound Traffic Filtering",{"name":77},{"id":83,"name":84,"techniques":85},"CAPEC-492","Regular Expression Exponential Blowup",[],[],[88,89],"GHSA-25xr-qj8w-c4vf","BIT-tomcat-2025-53506",[],[92,94,96,98,100,102,104,106,108,110,112,114,116,118,120,122,124,126,128,130,132,134,136],{"_key":93},"SUSE-SU-2025:02745-1",{"_key":95},"DLA-4244-1",{"_key":97},"DSA-6120-1",{"_key":99},"DSA-6121-1",{"_key":101},"SUSE-SU-2025:02978-1",{"_key":103},"SUSE-SU-2025:02979-1",{"_key":105},"SUSE-SU-2025:03024-1",{"_key":107},"OPENSUSE-SU-2025:15440-1",{"_key":109},"OPENSUSE-SU-2025:15441-1",{"_key":111},"OPENSUSE-SU-2025:15442-1",{"_key":113},"SUSE-SU-2026:1058-1",{"_key":115},"MGASA-2025-0223",{"_key":117},"DEBIAN-CVE-2025-53506",{"_key":119},"RHSA-2025:11695",{"_key":121},"RHSA-2025:11741",{"_key":123},"RHSA-2025:14177",{"_key":125},"RHSA-2025:14178",{"_key":127},"RHSA-2025:14179",{"_key":129},"RHSA-2025:14180",{"_key":131},"RHSA-2025:14181",{"_key":133},"RHSA-2025:14182",{"_key":135},"RHSA-2025:14183",{"_key":137},"UBUNTU-CVE-2025-53506",[],[140,141,142,143,144,145,146,147,148,149,151],{"_key":93},{"_key":101},{"_key":103},{"_key":105},{"_key":107},{"_key":109},{"_key":111},{"_key":113},{"_key":115},{"_key":150},"CGA-MXPW-FXF6-GMQ3",{"_key":152},"CGA-37CH-CV83-JR47","2025-07-10T19:14:23.249Z","2025-11-04T21:11:48.893Z","Modified",{"cisa_kev":157,"cisa_ransomware":157,"cisa_vendor":9,"epss_severity":158,"epss_score":159,"severity":160,"severity_score":161,"severity_version":162,"severity_source":163,"severity_vector":164,"severity_status":155},false,"low",0.01247,"high",7.5,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",[166,176,180,184,189,193,197,201],{"url":167,"sources":168,"tags":171},"https://lists.apache.org/thread/p09775q0rd185m6zz98krg0fp45j8kr0",[163,169,170],"nvd","osv_maven",[172,173,174,175],"Vendor Advisory","Issue Tracking","Mailing List","WEB",{"url":177,"sources":178,"tags":179},"https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html",[163,169,170],[175],{"url":181,"sources":182,"tags":183},"http://www.openwall.com/lists/oss-security/2025/07/10/13",[163,169,170],[175],{"url":185,"sources":186,"tags":187},"https://nvd.nist.gov/vuln/detail/CVE-2025-53506",[170],[188],"Advisory",{"url":190,"sources":191,"tags":192},"https://github.com/apache/tomcat/commit/2aa6261276ebe50b99276953591e3a2be7898bdb",[170],[175],{"url":194,"sources":195,"tags":196},"https://github.com/apache/tomcat/commit/434772930f362145516dd60681134e7f0cf8115b",[170],[175],{"url":198,"sources":199,"tags":200},"https://github.com/apache/tomcat/commit/be8f330f83ceddaf3baeed57522e571572b6b99b",[170],[175],{"url":202,"sources":203,"tags":204},"https://github.com/apache/tomcat",[170],[205],"PACKAGE",[],{"date":208,"score":159,"percentile":209},"2026-06-04",0.79637,[211,215,219,222,225,228,232,235,238,241,244,247,250,253,256,260,263,265,268,271,274,277,280,283,286,289,292,295,299,302,306,310,313,316,320,323,326,329,332,335,338,341,344,347,350,354,357,360,363,366,368,371,374,377,380,383,386,389,392,396,399,402,405,408,411,414,417,420,422,425,428,430,433,436,439,442,446,449,452,455,458,461,464,467,470,473,476,479,482,485],{"date":212,"score":213,"percentile":214},"2025-11-04",0.0017,0.38683,{"date":216,"score":217,"percentile":218},"2025-11-05",0.00161,0.37477,{"date":220,"score":217,"percentile":221},"2025-11-06",0.37476,{"date":223,"score":217,"percentile":224},"2025-11-07",0.37498,{"date":226,"score":217,"percentile":227},"2025-11-08",0.37497,{"date":229,"score":230,"percentile":231},"2025-11-09",0.00204,0.42696,{"date":233,"score":230,"percentile":234},"2025-11-10",0.42662,{"date":236,"score":230,"percentile":237},"2025-11-11",0.4268,{"date":239,"score":230,"percentile":240},"2025-11-12",0.42715,{"date":242,"score":230,"percentile":243},"2025-11-13",0.42728,{"date":245,"score":230,"percentile":246},"2025-11-14",0.42738,{"date":248,"score":230,"percentile":249},"2025-11-15",0.42735,{"date":251,"score":230,"percentile":252},"2025-11-16",0.42719,{"date":254,"score":230,"percentile":255},"2025-11-17",0.4269,{"date":257,"score":258,"percentile":259},"2025-11-18",0.00302,0.50607,{"date":261,"score":258,"percentile":262},"2025-11-19",0.50619,{"date":264,"score":258,"percentile":259},"2025-11-20",{"date":266,"score":230,"percentile":267},"2025-11-21",0.42672,{"date":269,"score":230,"percentile":270},"2025-11-22",0.42674,{"date":272,"score":230,"percentile":273},"2025-11-23",0.42643,{"date":275,"score":230,"percentile":276},"2025-11-24",0.42634,{"date":278,"score":230,"percentile":279},"2025-11-25",0.42649,{"date":281,"score":230,"percentile":282},"2025-11-26",0.42644,{"date":284,"score":230,"percentile":285},"2025-11-27",0.42648,{"date":287,"score":230,"percentile":288},"2025-11-28",0.42618,{"date":290,"score":230,"percentile":291},"2025-11-29",0.42598,{"date":293,"score":230,"percentile":294},"2025-11-30",0.42578,{"date":296,"score":297,"percentile":298},"2025-12-01",0.00228,0.4555,{"date":300,"score":297,"percentile":301},"2025-12-02",0.45564,{"date":303,"score":304,"percentile":305},"2025-12-03",0.00147,0.35785,{"date":307,"score":308,"percentile":309},"2025-12-04",0.0015,0.36053,{"date":311,"score":308,"percentile":312},"2025-12-05",0.36085,{"date":314,"score":308,"percentile":315},"2025-12-06",0.36075,{"date":317,"score":318,"percentile":319},"2025-12-07",0.00144,0.35218,{"date":321,"score":318,"percentile":322},"2025-12-08",0.3523,{"date":324,"score":318,"percentile":325},"2025-12-09",0.3527,{"date":327,"score":318,"percentile":328},"2025-12-10",0.35317,{"date":330,"score":318,"percentile":331},"2025-12-11",0.35342,{"date":333,"score":318,"percentile":334},"2025-12-12",0.35374,{"date":336,"score":318,"percentile":337},"2025-12-13",0.35354,{"date":339,"score":318,"percentile":340},"2025-12-14",0.35325,{"date":342,"score":318,"percentile":343},"2025-12-15",0.35288,{"date":345,"score":318,"percentile":346},"2025-12-16",0.35314,{"date":348,"score":318,"percentile":349},"2025-12-17",0.35364,{"date":351,"score":352,"percentile":353},"2025-12-18",0.00205,0.42876,{"date":355,"score":352,"percentile":356},"2025-12-19",0.42894,{"date":358,"score":352,"percentile":359},"2025-12-20",0.42871,{"date":361,"score":352,"percentile":362},"2025-12-21",0.42833,{"date":364,"score":352,"percentile":365},"2025-12-22",0.4281,{"date":367,"score":352,"percentile":365},"2025-12-23",{"date":369,"score":352,"percentile":370},"2025-12-24",0.42823,{"date":372,"score":352,"percentile":373},"2025-12-25",0.42869,{"date":375,"score":352,"percentile":376},"2025-12-26",0.4285,{"date":378,"score":352,"percentile":379},"2025-12-27",0.42868,{"date":381,"score":352,"percentile":382},"2025-12-28",0.42773,{"date":384,"score":352,"percentile":385},"2025-12-29",0.42756,{"date":387,"score":352,"percentile":388},"2025-12-30",0.42749,{"date":390,"score":352,"percentile":391},"2025-12-31",0.42793,{"date":393,"score":394,"percentile":395},"2026-01-01",0.00202,0.42591,{"date":397,"score":394,"percentile":398},"2026-01-02",0.42565,{"date":400,"score":394,"percentile":401},"2026-01-03",0.42555,{"date":403,"score":352,"percentile":404},"2026-01-04",0.42734,{"date":406,"score":352,"percentile":407},"2026-01-05",0.42711,{"date":409,"score":352,"percentile":410},"2026-01-06",0.42714,{"date":412,"score":352,"percentile":413},"2026-01-07",0.42736,{"date":415,"score":352,"percentile":416},"2026-01-08",0.42761,{"date":418,"score":352,"percentile":419},"2026-01-09",0.4274,{"date":421,"score":352,"percentile":246},"2026-01-10",{"date":423,"score":352,"percentile":424},"2026-01-11",0.42712,{"date":426,"score":352,"percentile":427},"2026-01-12",0.42663,{"date":429,"score":352,"percentile":273},"2026-01-13",{"date":431,"score":352,"percentile":432},"2026-01-14",0.42695,{"date":434,"score":352,"percentile":435},"2026-01-15",0.42685,{"date":437,"score":352,"percentile":438},"2026-01-16",0.42704,{"date":440,"score":352,"percentile":441},"2026-01-17",0.42677,{"date":443,"score":444,"percentile":445},"2026-01-18",0.00167,0.38283,{"date":447,"score":444,"percentile":448},"2026-01-19",0.38249,{"date":450,"score":444,"percentile":451},"2026-01-20",0.38228,{"date":453,"score":352,"percentile":454},"2026-01-21",0.42605,{"date":456,"score":352,"percentile":457},"2026-01-22",0.42606,{"date":459,"score":352,"percentile":460},"2026-01-23",0.42661,{"date":462,"score":352,"percentile":463},"2026-01-24",0.4267,{"date":465,"score":352,"percentile":466},"2026-01-25",0.42613,{"date":468,"score":352,"percentile":469},"2026-01-26",0.42572,{"date":471,"score":352,"percentile":472},"2026-01-27",0.42571,{"date":474,"score":352,"percentile":475},"2026-01-28",0.42569,{"date":477,"score":352,"percentile":478},"2026-01-29",0.42558,{"date":480,"score":352,"percentile":481},"2026-01-30",0.42566,{"date":483,"score":352,"percentile":484},"2026-01-31",0.42577,{"date":486,"score":394,"percentile":487},"2026-02-01",0.42345,[489,494,496],{"source":163,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":490,"cvss_v4_0":9},{"baseScore":161,"baseSeverity":491,"vectorString":164,"impactScore":492,"exploitabilityScore":493},"HIGH",6,10,{"source":169,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":495,"cvss_v4_0":9},{"baseScore":161,"baseSeverity":491,"vectorString":164,"impactScore":492,"exploitabilityScore":493},{"source":170,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":497,"cvss_v4_0":9},{"baseScore":161,"baseSeverity":9,"vectorString":164,"impactScore":492,"exploitabilityScore":493},[499,523,536,556],{"ecosystem":9,"name":500,"vendor":501,"product":502,"cpe_part":503,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":504},"Apache Tomcat","apache software foundation","apache tomcat","a",[505,511,515,519],{"version":506,"is_range":507,"range_type":163,"version_start":508,"version_start_type":509,"version_end":510,"version_end_type":509,"fixed_in":9},">= 11.0.0-M1, \u003C= 11.0.8",true,"11.0.0-M1","including","11.0.8",{"version":512,"is_range":507,"range_type":163,"version_start":513,"version_start_type":509,"version_end":514,"version_end_type":509,"fixed_in":9},">= 10.1.0-M1, \u003C= 10.1.42","10.1.0-M1","10.1.42",{"version":516,"is_range":507,"range_type":163,"version_start":517,"version_start_type":509,"version_end":518,"version_end_type":509,"fixed_in":9},">= 9.0.0.M1, \u003C= 9.0.106","9.0.0.M1","9.0.106",{"version":520,"is_range":507,"range_type":163,"version_start":521,"version_start_type":509,"version_end":522,"version_end_type":509,"fixed_in":9},">= 8.5.0, \u003C= 8.5.100","8.5.0","8.5.100",{"ecosystem":9,"name":524,"vendor":9,"product":524,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":525},"Tomcat",[526,530,533],{"version":527,"is_range":507,"range_type":528,"version_start":529,"version_start_type":509,"version_end":518,"version_end_type":509,"fixed_in":9},"gte9.0.0_lte9.0.106","cpe","9.0.0",{"version":531,"is_range":507,"range_type":528,"version_start":532,"version_start_type":509,"version_end":514,"version_end_type":509,"fixed_in":9},"gte10.1.0_lte10.1.42","10.1.0",{"version":534,"is_range":507,"range_type":528,"version_start":535,"version_start_type":509,"version_end":510,"version_end_type":509,"fixed_in":9},"gte11.0.0_lte11.0.8","11.0.0",{"ecosystem":537,"name":538,"vendor":539,"product":540,"cpe_part":9,"purl_type":541,"purl_namespace":539,"purl_name":540,"source":9,"versions":542},"Maven","org.apache.tomcat:tomcat-coyote","org.apache.tomcat","tomcat-coyote","maven",[543,548,551,554],{"version":544,"is_range":507,"range_type":545,"version_start":508,"version_start_type":509,"version_end":546,"version_end_type":547,"fixed_in":9},"gte11_0_0_M1_lt11_0_9","ecosystem","11.0.9","excluding",{"version":549,"is_range":507,"range_type":545,"version_start":513,"version_start_type":509,"version_end":550,"version_end_type":547,"fixed_in":9},"gte10_1_0_M1_lt10_1_43","10.1.43",{"version":552,"is_range":507,"range_type":545,"version_start":517,"version_start_type":509,"version_end":553,"version_end_type":547,"fixed_in":9},"gte9_0_0_M1_lt9_0_107","9.0.107",{"version":555,"is_range":507,"range_type":545,"version_start":521,"version_start_type":509,"version_end":522,"version_end_type":509,"fixed_in":9},"gte8_5_0_lte8_5_100",{"ecosystem":537,"name":557,"vendor":558,"product":559,"cpe_part":9,"purl_type":541,"purl_namespace":558,"purl_name":559,"source":9,"versions":560},"org.apache.tomcat.embed:tomcat-embed-core","org.apache.tomcat.embed","tomcat-embed-core",[561,562,563,564],{"version":555,"is_range":507,"range_type":545,"version_start":521,"version_start_type":509,"version_end":522,"version_end_type":509,"fixed_in":9},{"version":552,"is_range":507,"range_type":545,"version_start":517,"version_start_type":509,"version_end":553,"version_end_type":547,"fixed_in":9},{"version":549,"is_range":507,"range_type":545,"version_start":513,"version_start_type":509,"version_end":550,"version_end_type":547,"fixed_in":9},{"version":544,"is_range":507,"range_type":545,"version_start":508,"version_start_type":509,"version_end":546,"version_end_type":547,"fixed_in":9}]