CVE-2026-39852

Quarkus is a Java framework for building cloud-native applications. In versions prior to 3.20.6.1, 3.27.3.1, 3.33.1.1, 3.35.1.1, 3.34.7, and 3.35.2, a path normalization inconsistency between the security layer and the routing layer allows unauthenticated or lower-privileged users to bypass HTTP...

CVE-2026-39852 Quarkus authorization bypass via semicolon path normalization inconsistency

Quarkus is a Java framework for building cloud-native applications. In versions prior to 3.20.6.1, 3.27.3.1, 3.33.1.1, 3.35.1.1, 3.34.7, and 3.35.2, a path normalization inconsistency between the security layer and the routing layer allows unauthenticated or lower-privileged users to bypass HTTP...

EUVD-2025-18925

Malicious code in bioql PyPI...

CVE-2025-49574

Quarkus is a Cloud Native, Linux Container First framework for writing Java applications. In versions prior to 3.24.1, 3.20.2, and 3.15.6, there is a potential data leak when duplicating a duplicated context. Quarkus extensively uses the Vert.x duplicated context to implement context propagation...

CVE-2025-49574 Quarkus potential data leak when duplicating a duplicated context

Quarkus is a Cloud Native, Linux Container First framework for writing Java applications. In versions prior to 3.24.1, 3.20.2, and 3.15.6, there is a potential data leak when duplicating a duplicated context. Quarkus extensively uses the Vert.x duplicated context to implement context propagation...

CVE-2025-49574

CVE-2025-49574 affects Quarkus (Java) where data from a duplicated Vert.x context may leak into another transaction due to duplicating a duplicated context. Public details indicate this impacts versions prior to 3.24.1, 3.20.2, and 3.15.6, with patches provided in those versions. Remediation is t...

Quarkus 环境问题漏洞

Quarkus is a cloud-native Linux container-first framework for writing Java applications. An environmental issue vulnerability exists in Quarkus that stems from the inclusion of an HTTP cookie smuggling issue...

GHSA-JQH2-CH7P-XWXH Quarkus CXF logs passwords and other secrets

A vulnerability was found in Quarkus CXF. Passwords and other secrets may appear in the application log in spite of the user configuring them to be hidden. This issue requires some special configuration to be vulnerable, such as SOAP logging enabled, application set client, and endpoint logging...

The vulnerability of the RESTEasy Reactive Java framework component in Quarkus allows attackers to trigger a service failure.

The vulnerability of the RESTEasy Reactive Java framework in Quarkus is related to improper permission storage. Exploiting this vulnerability can allow an attacker to cause service failures remotely...

The vulnerability of the WebSocket technology in the Quarkus Java framework allows attackers to gain unauthorized access to protected information and enhance their privileges.

The vulnerability of the WebSocket technology in the Quarkus Java framework is related to the improper implementation of the sequence of actions performed during request processing, due to insufficient access control. Exploiting this vulnerability can allow an attacker to gain unauthorized access...

The vulnerability in the implementation of the TLS protocol in the Quarkus Java framework allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the TLS protocol implementation in the Quarkus Java framework is related to the insufficient encryption security when using the quarkus.http.ssl.protocols configuration. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

PT-2023-3549 · Unknown · Quarkus-Core

Name of the Vulnerable Software and Affected Versions: quarkus-core affected versions not specified Description: A vulnerability was found in the implementation of the TLS protocol in the Quarkus Java framework. This issue is related to the insufficient reliability of encryption when using the...

The vulnerability of the Dev UI Config Editor component in the quarkus Java framework, which allows a hacker to execute arbitrary code.

The vulnerability of the Dev UI Config Editor component in the quarkus Java framework is related to improper code generation management. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...