PT-2026-28108

Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.1.132.Final and versions prior to 4.2.10.Final Description Netty, an asynchronous, event-driven network application framework, is susceptible to a Denial of Service DoS attack. A remote user can exploit this by sendin...

io.vertx/vertx-web: Eclipse Vert.x cross site scripting

In Eclipse Vert.x, when "directory listing" is enabled, file and directory names are inserted into generated HTML without proper escaping in the href, title, and link attributes. An attacker who can create or rename files or directories within a served path can craft filenames containing maliciou...

EUVD-2025-35364

Vert.x-Web vulnerable to Stored Cross-site Scripting in directory listings via file names...

EUVD-2025-35593

Vert.x-Web Access Control Flaw in StaticHandler’s Hidden File Protection for Files Under Hidden Directories...

CVE-2025-11966

In Eclipse Vert.x versions 4.0.0, 4.5.21 and 5.0.0, 5.0.4, when "directory listing" is enabled, file and directory names are inserted into generated HTML without proper escaping in the href, title, and link attributes. An attacker who can create or rename files or directories within a served path...

CVE-2025-11965

In Eclipse Vert.x versions 4.0.0, 4.5.21 and 5.0.0, 5.0.4, a StaticHandler configuration for restricting access to hidden files fails to restrict access to hidden directories, allowing unauthorized users to retrieve files within them e.g. '.git/config'...

CVE-2025-11966

In Eclipse Vert.x versions 4.0.0, 4.5.21 and 5.0.0, 5.0.4, when "directory listing" is enabled, file and directory names are inserted into generated HTML without proper escaping in the href, title, and link attributes. An attacker who can create or rename files or directories within a served path...

PT-2025-43147

Name of the Vulnerable Software and Affected Versions Eclipse Vert.x versions 4.0.0 through 4.5.21 Eclipse Vert.x versions 5.0.0 through 5.0.4 Description When directory listing is enabled, file and directory names are inserted into generated HTML without proper escaping in the href, title, and...

Eclipse Vert.x 安全漏洞

Eclipse Vert.x is an Eclipse Foundation toolkit for building responsive applications on the JVM. A security vulnerability exists in Eclipse Vert.x versions 4.0.0 through 4.5.21 and 5.0.0 through 5.0.4, which stems from a directory listing feature that does not properly escape file and directory...

Eclipse Vert.x 安全漏洞

Eclipse Vert.x is an Eclipse Foundation toolkit for building responsive applications on the JVM. A security vulnerability exists in Eclipse Vert.x versions 4.0.0 through 4.5.21 and 5.0.0 through 5.0.4, which stems from the inability of the StaticHandler configuration to restrict access to a hidde...

EUVD-2018-0664

Malware in sbrugna...

EUVD-2018-0690

Malware in sbrugna...

EUVD-2018-0516

Malware in sbrugna...

EUVD-2018-0608

Malware in sbrugna...

EUVD-2018-0495

Malware in sbrugna...

EUVD-2024-0823

Malicious code in bioql PyPI...

EUVD-2024-2795

Malicious code in bioql PyPI...

EUVD-2024-1174

Malicious code in bioql PyPI...

EUVD-2022-1208

Malicious code in bioql PyPI...

CVE-2019-17640

In Eclipse Vert.x 3.4.x up to 3.9.4, 4.0.0.milestone1, 4.0.0.milestone2, 4.0.0.milestone3, 4.0.0.milestone4, 4.0.0.milestone5, 4.0.0.Beta1, 4.0.0.Beta2, and 4.0.0.Beta3, StaticHandler doesn't correctly processes back slashes on Windows Operating systems, allowing, escape the webroot folder to the...