Eclipse ThreadX FileX RAM disk driver buffer overflow vulnerability

Talos Vulnerability Report TALOS-2024-2088 Eclipse ThreadX FileX RAM disk driver buffer overflow vulnerability July 30, 2025 CVE Number CVE-2025-55089 SUMMARY A buffer overflow vulnerability exists in the FileX RAM disk driver functionality of Eclipse ThreadX FileX git commit 1b85eb2. A specially...

com.blazebit:blaze-notify-channel-smtp (=1.0.0-Alpha6), com.blazebit:blaze-notify-server (=1.0.0-Alpha6) +21 more potentially affected by CVE-2025-7962 via org.eclipse.angus:smtp (>=2.0.0 <=2.0.3)

org.eclipse.angus:smtp MAVEN version =2.0.0, =2.0.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.7 and more Source cves: CVE-2025-7962 Source advisory: SNYK:JAVA-ORGECLIPSEANGUS-11520768...

Eclipse Jakarta Mail 安全漏洞

Eclipse Jakarta Mail is an open source Java mail library for Eclipse. A security vulnerability exists in Eclipse Jakarta Mail version 2.2 that stems from allowing the use of UTF-8 characters and...

CVE-2024-10031

In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site Scripting attacks by modifying the configuration file in the underlying operating system...

CVE-2024-10032

In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting attacks in the Administration Console...

CVE-2024-9408

In Eclipse GlassFish since version 6.2.5 it is possible to perform a Server Side Request Forgery attack in specific endpoints...

CVE-2024-9342

In Eclipse GlassFish version 7.0.16 or earlier it is possible to perform Login Brute Force attacks as there is no limitation in the number of failed login attempts...

CVE-2024-10029

In Eclipse GlassFish version 7.0.15 is possible to perform Reflected Cross-site scripting attacks in the Administration Console...

CVE-2024-9343

In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting attacks in the Administration Console...

The vulnerability of Eclipse Jetty servlet containers, related to improper cleaning or release of resources, allows attackers to trigger a service failure.

The vulnerability of Eclipse Jetty servlet containers is related to improper cleaning or release of resources. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

The vulnerability of Eclipse Jetty servlet containers relates to improper cleaning or release of resources, allowing attackers to circumvent established security restrictions.

The vulnerability of Eclipse Jetty servlet containers is related to improper cleaning or release of resources. Exploiting this vulnerability can allow a malicious actor to bypass established security restrictions remotely...

Oracle Coherence (July 2025 CPU)

The 12.2.1.4.0, 14.1.1.0.0, and 14.1.2.0.0 versions of Coherence installed on the remote host are affected by a vulnerability as referenced in the July 2025 CPU advisory. - Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class,...

Eclipse GlassFish is vulnerable to Server Side Request Forgery attacks through specific endpoints

In Eclipse GlassFish version 6.2.5, it is possible to perform a Server Side Request Forgery attack using specific endpoints...

GHSA-F7H5-C625-3795 Eclipse GlassFish is vulnerable to Server Side Request Forgery attacks through specific endpoints

In Eclipse GlassFish version 6.2.5, it is possible to perform a Server Side Request Forgery attack using specific endpoints...

Eclipse GlassFish is vulnerable to Stored XSS attacks through its Administration Console

In Eclipse GlassFish version 7.0.15, it is possible to perform Stored Cross-Site Scripting attacks through the Administration Console...

Eclipse GlassFish is vulnerable to Stored XSS attacks through its Administration Console

In Eclipse GlassFish version 7.0.15, it is possible to perform Stored Cross-Site Scripting attacks through the Administration Console...

GHSA-HP97-5X6G-Q538 Eclipse GlassFish is vulnerable to Stored XSS attacks through configuration file modifications

In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site Scripting attacks by modifying the configuration file in the underlying operating system...

Eclipse GlassFish is vulnerable to Reflected XSS attacks through its Administration Console

In Eclipse GlassFish version 7.0.15, it is possible to perform Reflected Cross-Site Scripting attacks through the Administration Console...

Eclipse GlassFish is vulnerable to Login Brute Force attacks through unlimited failed login attempts

In Eclipse GlassFish version 7.0.16 or earlier, it is possible to perform login brute force attacks as there is no limitation on the number of failed login attempts...

Eclipse GlassFish is vulnerable to Stored XSS attacks through configuration file modifications

In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site Scripting attacks by modifying the configuration file in the underlying operating system...