Lucene search
+L

729 matches found

Snyk
Snyk
added 2026/06/17 12:0 a.m.5 views

Path Equivalence

Overview Affected versions of this package are vulnerable to Path Equivalence in the pathWithoutMatrixParams of AbstractPathMatchingHttpSecurityPolicy via specially crafted HTTP requests containing encoded semicolons, slashes, or backslashes in the request path. An attacker can gain unauthorized...

8.7CVSS5.9AI score0.00463EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/17 12:0 a.m.7 views

Path Equivalence

Overview Affected versions of this package are vulnerable to Path Equivalence in the pathWithoutMatrixParams of AbstractPathMatchingHttpSecurityPolicy via specially crafted HTTP requests containing encoded semicolons, slashes, or backslashes in the request path. An attacker can gain unauthorized...

8.7CVSS5.9AI score0.00463EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/17 12:0 a.m.8 views

Path Equivalence

Overview Affected versions of this package are vulnerable to Path Equivalence in the pathWithoutMatrixParams of AbstractPathMatchingHttpSecurityPolicy via specially crafted HTTP requests containing encoded semicolons, slashes, or backslashes in the request path. An attacker can gain unauthorized...

8.7CVSS5.9AI score0.00463EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/17 12:0 a.m.7 views

Path Equivalence

Overview Affected versions of this package are vulnerable to Path Equivalence in the pathWithoutMatrixParams of AbstractPathMatchingHttpSecurityPolicy via specially crafted HTTP requests containing encoded semicolons, slashes, or backslashes in the request path. An attacker can gain unauthorized...

8.7CVSS5.9AI score0.00463EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/11 7:12 a.m.7 views

Security Bulletin: Due to the use of Netty, IBM Enterprise Build of Quarkus is affected by multiple vulnerabilities

Summary IBM Enterprise Build of Quarkus is affected by vulnerabilities in Netty Vulnerability Details CVEID:CVE-2026-42580 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's chunk size parser silently overflows int,...

9.8CVSS5.7AI score0.00969EPSS
Exploits6Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/10 3:39 p.m.10 views

io.quarkus:quarkus-vertx-http: io.quarkus:quarkus-vertx-http: Authorization bypass via semicolons in HTTP requests

A flaw was found in io.quarkus:quarkus-vertx-http. A remote attacker can exploit an authorization bypass vulnerability by including semicolons, also known as matrix parameters, in HTTP requests. This allows bypassing path-based HTTP security policies, enabling unauthorized access to protected...

8.8CVSS5.5AI score0.00444EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/10 3:39 p.m.18 views

Important: Red Hat Security Advisory: HawtIO 4.4.0 for Red Hat build of Apache Camel 4 Release and security update.

HawtIO 4.4.0 for Red Hat build of Apache Camel 4 GA Release is now available. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products. Red Hat Product Security has rated this update ...

10CVSS7.3AI score0.01945EPSS
Exploits10References1
RedHat Linux
RedHat Linux
added 2026/06/10 12:9 p.m.23 views

Important: Red Hat Security Advisory: Red Hat build of Quarkus 3.33.2 release and security update

An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more informatio...

9.8CVSS6.8AI score0.00969EPSS
Exploits5References80
RedHat Linux
RedHat Linux
added 2026/06/10 12:5 p.m.14 views

Important: Red Hat Security Advisory: Red Hat build of Quarkus 3.27.4 release and security update

An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more informatio...

9.8CVSS6.8AI score0.00969EPSS
Exploits5References35
vulnersOsv
vulnersOsv
added 2026/06/08 11:2 p.m.8 views

ai.agentican:agentican-quarkus-deployment (>=0.1.0-alpha.1 <=0.1.0-alpha.4), ai.agentican:agentican-quarkus-metrics (>=0.1.0-alpha.1 <=0.1.0-alpha.4) +14426 more potentially affected by CVE-2026-47691 via io.netty:netty-resolver-dns (>=4.1.0.Beta7 <=4.1.134.Final)

io.netty:netty-resolver-dns MAVEN version =4.1.0.Beta7, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.3, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.28.0 and more Source cves: CVE-2026-47691 Sour...

10CVSS5.7AI score0.00292EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/08 11:2 p.m.10 views

ai.agentican:agentican-quarkus-deployment (>=0.1.0-alpha.1 <=0.1.0-alpha.4), ai.agentican:agentican-quarkus-metrics (>=0.1.0-alpha.1 <=0.1.0-alpha.4) +14426 more potentially affected by CVE-2026-45674 via io.netty:netty-resolver-dns (>=4.1.0.Beta7 <=4.1.134.Final)

io.netty:netty-resolver-dns MAVEN version =4.1.0.Beta7, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.3, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.28.0 and more Source cves: CVE-2026-45674 Sour...

10CVSS5.7AI score0.00224EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/08 11:2 p.m.11 views

ai.agentican:agentican-quarkus-deployment (>=0.1.0-alpha.1 <=0.1.0-alpha.4), ai.agentican:agentican-quarkus-metrics (>=0.1.0-alpha.1 <=0.1.0-alpha.4) +14426 more potentially affected by CVE-2026-45673 via io.netty:netty-resolver-dns (>=4.1.0.Beta7 <=4.1.134.Final)

io.netty:netty-resolver-dns MAVEN version =4.1.0.Beta7, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.3, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.28.0 and more Source cves: CVE-2026-45673 Sour...

6.8CVSS5.7AI score0.00256EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/02 11:27 a.m.16 views

Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.18 for Quarkus 3.33 update is now available (RHBQ 3.33.1.GA)

An update for Red Hat Build of Apache Camel 4.18 for Quarkus 3.33 update is now available RHBQ 3.33.1.GA. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products. Red Hat Product...

9.8CVSS6.3AI score0.01127EPSS
Exploits6References9
vulnersOsv
vulnersOsv
added 2026/05/25 11:19 p.m.8 views

cloud.opencode.base:opencode-base-token (=1.0.0), com.flowlogix.depchain:shiro-jakarta (>=18 <=119) +22 more potentially affected by CVE-2026-44598 via org.apache.shiro:shiro-jakarta-ee (>=2.0.0-alpha-1 <=2.1.0)

org.apache.shiro:shiro-jakarta-ee MAVEN version =2.0.0-alpha-1, =18, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =0.82.10, =0.82.10, =4.7.0, =3.10.0, =3.10.0, =3.10.0, =4.5.0, =4.20.0 and more Source cves: CVE-2026-44598 Source advisory: SNYK:JAVA-ORGAPACHESHIRO-17115416...

5.4CVSS5.5AI score0.00383EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/05/20 8:47 p.m.24 views

Critical: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.14 for Quarkus 3.27 update is now available (RHBQ 3.27.3.SP2)

An update for Red Hat Build of Apache Camel 4.14 for Quarkus 3.27 update is now available RHBQ 3.27.3.SP2. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products. Red Hat Product...

9.9CVSS5.8AI score0.0086EPSS
Exploits2References11
RedHat Linux
RedHat Linux
added 2026/05/20 12:47 p.m.14 views

Important: Red Hat Security Advisory: Red Hat build of Quarkus 3.27.3.SP2 security update

An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more informatio...

7.5CVSS5.8AI score0.0077EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2026/05/14 4:36 p.m.11 views

ai.agentican:agentican-quarkus-otel (>=0.1.0-alpha.1 <=0.1.0-alpha.4), ai.agentican:agentican-quarkus-otel-store-jpa (>=0.1.0-alpha.1 <=0.1.0-alpha.4) +10807 more potentially affected by CVE-2026-45292 via io.opentelemetry:opentelemetry-api (>=0.2.0 <=1.61.0)

io.opentelemetry:opentelemetry-api MAVEN version =0.2.0, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.3, =0.21.0-alpha.2, =0.1.1, =0.1.1, =0.1.1, =0.0.1, =3.10.0.5, =1.0.0, =1.0.0, =0.3.0, =1.0.0, =1.0.0-beta, =1.0.0-beta-preview7 and more Source cves: CVE-2026-45292 Source...

7.5CVSS5.7AI score0.00791EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/11 8:26 p.m.13 views

CVE-2026-42333

Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients and server stubs generation. Prior to versions 2.11.1-lts, 2.16.0-lts, and 2.17.0, the generated authentication filter matches OpenAPI path templates too broadly when deciding whether to attach credentials. A security...

6.3CVSS5.7AI score0.004EPSS
Exploits0References1
NVD
NVD
added 2026/05/09 8:16 p.m.25 views

CVE-2026-42333

Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients and server stubs generation. Prior to versions 2.11.1-lts, 2.16.0-lts, and 2.17.0, the generated authentication filter matches OpenAPI path templates too broadly when deciding whether to attach credentials. A security...

6.3CVSS0.004EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/09 7:16 p.m.12 views

CVE-2026-42333 quarkus-openapi-generator has overly broad path-parameter matching that sends authentication headers to unintended operations

Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients and server stubs generation. Prior to versions 2.11.1-lts, 2.16.0-lts, and 2.17.0, the generated authentication filter matches OpenAPI path templates too broadly when deciding whether to attach credentials. A security...

6.3CVSS5.7AI score0.004EPSS
Exploits0References5
Rows per page
Query Builder