Lucene search
K

32 matches found

CVE
CVE
added yesterday19 views

CVE-2026-15075

CVE-2026-15075 affects Eclipse Vert.x up to 4.5.29 (4.x) and 5.1.4 (5.x). The DefaultRedirectHandler in vertx-core forwards all request headers across cross-origin HTTP 30x redirects, stripping only Content-Length. No origin check is performed before copying headers to the redirect target. This a...

8.2CVSS6.2AI score0.00154EPSS
Exploits0References1Affected Software1
CVE
CVE
added yesterday12 views

CVE-2026-15076

Vulnerability context: CVE-2026-15076 affects Eclipse Vert.x Web Client’s WebClientSession (versions up to 4.5.29 and 5.1.4). The issue is that the Domain attribute of a Set-Cookie header is not validated against the originating server’s domain. Root cause: WebClientSession stores cookies without...

8.2CVSS6.1AI score0.00171EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added yesterday5 views

EUVD-2026-43637

In versions up to and including 4.5.29 4.x branch and 5.1.4 5.x branch, the WebClientSession component of Eclipse Vert.x Web Client does not validate that the Domain attribute of a Set-Cookie response header matches the originating server's domain, in violation of RFC 6265 section 5.3. An attacke...

8.2CVSS6.1AI score0.00171EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-15076

In versions up to and including 4.5.29 4.x branch and 5.1.4 5.x branch, the WebClientSession component of Eclipse Vert.x Web Client does not validate that the Domain attribute of a Set-Cookie response header matches the originating server's domain, in violation of RFC 6265 section 5.3. An attacke...

8.2CVSS6.1AI score0.00171EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added yesterday22 views

CVE-2026-15076

In versions up to and including 4.5.29 4.x branch and 5.1.4 5.x branch, the WebClientSession component of Eclipse Vert.x Web Client does not validate that the Domain attribute of a Set-Cookie response header matches the originating server's domain, in violation of RFC 6265 section 5.3. An attacke...

8.2CVSS0.00171EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/25 6:47 p.m.6 views

eclipse-vertx/vert.x: eclipse-vertx/vert.x: Denial of Service via TLS handshake with wildcard server name

A flaw was found in eclipse-vertx/vert.x. A remote attacker can exploit this vulnerability by performing a Transport Layer Security TLS handshake and presenting a server name extension with a server wildcard name. This can lead to a denial of service DoS condition, impacting the availability of t...

6.9CVSS5.9AI score0.00238EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2026/06/25 5:36 p.m.9 views

eclipse-vertx/vert.x: eclipse-vertx/vert.x: Denial of Service via TLS handshake with wildcard server name

A flaw was found in eclipse-vertx/vert.x. A remote attacker can exploit this vulnerability by performing a Transport Layer Security TLS handshake and presenting a server name extension with a server wildcard name. This can lead to a denial of service DoS condition, impacting the availability of t...

6.9CVSS5.8AI score0.00238EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2026/06/17 4:18 p.m.15 views

eclipse-vertx/vert.x: eclipse-vertx/vert.x: Denial of Service via TLS handshake with wildcard server name

A flaw was found in eclipse-vertx/vert.x. A remote attacker can exploit this vulnerability by performing a Transport Layer Security TLS handshake and presenting a server name extension with a server wildcard name. This can lead to a denial of service DoS condition, impacting the availability of t...

6.9CVSS5.3AI score0.00238EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2026/06/17 3:45 p.m.9 views

eclipse-vertx/vert.x: eclipse-vertx/vert.x: Denial of Service via TLS handshake with wildcard server name

A flaw was found in eclipse-vertx/vert.x. A remote attacker can exploit this vulnerability by performing a Transport Layer Security TLS handshake and presenting a server name extension with a server wildcard name. This can lead to a denial of service DoS condition, impacting the availability of t...

6.9CVSS5.4AI score0.00238EPSS
Exploits1References7
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/09 5:21 a.m.8 views

Security Bulletin: IBM Automation Decision Services for May 2026- Multiple CVEs addressed

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Automation Decision Services. See full list below. Vulnerability Details CVEID:CVE-2025-46295 DESCRIPTION: Apache Commons Text versions prior to 1.10.0 included...

9.8CVSS6.1AI score0.99931EPSS
Exploits43Affected Software1
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.10 views

Eclipse Vert.x 安全漏洞

Eclipse Vert.x is a toolkit developed by the Eclipse Foundation for building responsive applications on the JVM. There is a security vulnerability in Eclipse Vert.x, which stems from the fact that the TCP client can perform TLS handshakes and present server name extensions. These server name...

6.9CVSS5.8AI score0.00238EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.9 views

PT-2026-28107

Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.1.132.Final and 4.2.10.Final Description Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. Specifically, Netty terminates chunk header...

9.8CVSS5.8AI score0.0064EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/04 3:44 p.m.8 views

Security Bulletin: IBM Event Processing is vulnerable to unauthorized access to hidden files and stored cross-site scripting (XSS) (CVE-2025-11965, CVE-2025-11966)

Summary IBM Event Processing is vulnerable to unauthorized access to hidden files and stored cross-site scripting XSS when using Eclipse Vert.x. Vulnerability Details CVEID:CVE-2025-11965 DESCRIPTION: In Eclipse Vert.x versions 4.0.0, 4.5.21 and 5.0.0, 5.0.4, a StaticHandler configuration for...

7.5CVSS5.8AI score0.00459EPSS
Exploits1Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/15 8:50 p.m.7 views

CVE-2026-1002 Eclipse Vert.x Web static handler file access denial

The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URI. The issue comes from an improper implementation of the C. rule of section 5.2.4 of RFC3986 and is fixed in Vert.x Core component used b...

6.9CVSS6.4AI score0.00343EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/01/06 1:12 p.m.8 views

io.vertx/vertx-web: Eclipse Vert.x cross site scripting

In Eclipse Vert.x, when "directory listing" is enabled, file and directory names are inserted into generated HTML without proper escaping in the href, title, and link attributes. An attacker who can create or rename files or directories within a served path can craft filenames containing maliciou...

6.4CVSS7AI score0.00265EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2025/10/27 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2025-11965

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Vert.x versions 4.0.0, 4.5.21 and 5.0.0, 5.0.4, a StaticHandler configuration for restricting access to hidden files fails to restrict access to hidd...

7.5CVSS5.5AI score0.00459EPSS
Exploits0References2
NVD
NVD
added 2025/10/22 3:15 p.m.8 views

CVE-2025-11965

In Eclipse Vert.x versions 4.0.0, 4.5.21 and 5.0.0, 5.0.4, a StaticHandler configuration for restricting access to hidden files fails to restrict access to hidden directories, allowing unauthorized users to retrieve files within them e.g. '.git/config'...

7.5CVSS0.00459EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/22 2:50 p.m.4 views

CVE-2025-11965

In Eclipse Vert.x versions 4.0.0, 4.5.21 and 5.0.0, 5.0.4, a StaticHandler configuration for restricting access to hidden files fails to restrict access to hidden directories, allowing unauthorized users to retrieve files within them e.g. '.git/config'...

6.3CVSS6.4AI score0.00459EPSS
Exploits0References1
CVE
CVE
added 2025/10/22 2:50 p.m.19 views

CVE-2025-11965

The CVE-2025-11965 issue affects Eclipse Vert.x: versions 4.0.0–4.5.21 and 5.0.0–5.0.4 contain a misconfiguration in StaticHandler that fails to restrict access to hidden directories, enabling unauthorized access to files inside them (for example, .git/config). The available connected documents c...

7.5CVSS6.4AI score0.00459EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/10/22 2:44 p.m.42 views

CVE-2025-11966

CVE-2025-11966 affects Eclipse Vert.x with directory listing enabled: when using Vert.x 4.0.0–4.5.21 and 5.0.0–5.0.4, file/directory names are inserted into generated HTML without escaping in href, title, and link attributes, enabling stored XSS. Red Hat advisory RHSA-2026:0134 notes this CVE is ...

6.4CVSS5.2AI score0.00265EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder