CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

761 matches found

RHEL 8 / 9 : Red Hat JBoss Enterprise Application Platform 8.1.6 (RHSA-2026:25125)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25125 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This...

9.1CVSS5.7AI score0.00074EPSS

Exploits0References13

Tenable Nessus•added 2026/03/30 12:0 a.m.•5 views

RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.3.17 (RHSA-2026:6011)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:6011 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...

9.8CVSS7.1AI score0.0044EPSS

Exploits2References15

UbuntuCve•added 2026/01/07 5:15 p.m.•4 views

CVE-2025-12543

A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without...

9.6CVSS7.3AI score0.00031EPSS

Exploits0References8

Tenable Nessus•added 2026/01/07 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2025-12543

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly...

9.6CVSS7.3AI score0.00031EPSS

Exploits0References3

OSV•added 2025/11/07 11:1 a.m.•35 views

BIT-WILDFLY-2022-0866

This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal. In particular, the org.jboss.as.ejb3.component.EJBComponent class has an incomingRunAsIdentity field. This field is used by the...

5.3CVSS7AI score0.00272EPSS

Exploits0References2