15 matches found
EUVD-2019-13431
Malware in sbrugna...
EUVD-2022-1875
Malicious code in bioql PyPI...
EUVD-2022-1702
Malicious code in bioql PyPI...
EUVD-2022-1221
Malicious code in bioql PyPI...
EUVD-2022-1084
Malicious code in bioql PyPI...
CVE-2025-2251
CVE-2025-2251 is an issue in Red Hat JBoss EAP 7.4.x/WildFly where the EJB remote invocation path deserializes untrusted data via JBoss Marshalling, allowing remote code execution without authentication. Red Hat advisories RHSA-2025:10925 and related notices enumerate this vulnerability among sev...
CVE-2025-23366
A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated as a user that belongs to management groups...
Design/Logic Flaw
A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain...
PT-2022-10637 · Red Hat · Wildfly
Name of the Vulnerable Software and Affected Versions: Wildfly versions prior to 17.0 Description: A flaw was found in Wildfly, where an incorrect JBOSS LOCAL USER challenge location when using the elytron configuration may lead to JBOSS LOCAL USER access to all users on the machine. The highest...
wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users
A flaw was found in Wildfly. An incorrect JBOSSLOCALUSER challenge location when using the elytron configuration may lead to JBOSSLOCALUSER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability...
wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users
A flaw was found in Wildfly. An incorrect JBOSSLOCALUSER challenge location when using the elytron configuration may lead to JBOSSLOCALUSER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability...
wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users
A flaw was found in Wildfly. An incorrect JBOSSLOCALUSER challenge location when using the elytron configuration may lead to JBOSSLOCALUSER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability...
wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API
A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader TCCL. This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality...
PT-2020-13968 · Red Hat · Red Hat Jboss Eap
Name of the Vulnerable Software and Affected Versions: Red Hat JBoss EAP 7 Description: A flaw was found in Wildfly's Enterprise Java Beans EJB where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received. This allows an attacker to craft a denial ...
The vulnerability of the WildFly application server and the JBoss Enterprise Application Platform, which allows a hacker to perform authentication under the identity of an administrator
The vulnerability of the Java server consoles of WildFly and the JBoss Enterprise Application Platform lies in the manipulation of inter-site requests. Exploiting this vulnerability allows a malicious actor to bypass authentication as the administrator, when the administrator performs any actions...