PT-2025-29769 · Eclipse · Eclipse Glassfish

Name of the Vulnerable Software and Affected Versions: Eclipse GlassFish version 7.0.15 Description: Eclipse GlassFish version 7.0.15 is susceptible to Stored Cross-site Scripting attacks. The attacks can be performed by modifying the configuration file within the underlying operating system...

Third-Party Dependency in Bamboo Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in version 9.6.0 of Bamboo Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.2 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N allows an unauthenticated attacker to...

Security Bulletin: Multiple vulnerabilities disclosed in IBM Semeru Runtime affect IBM SPSS Collaboration and Deployment Services

Summary Multiple vulnerabilities disclosed in IBM Semeru Runtime affect IBM SPSS Collaboration and Deployment Services CVE-2025-21587, CVE-2025-30698, CVE-2025-4447. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified...

jetty-http2-common: Jetty HTTP/2 Header List Size Vulnerability

A flaw was found in Eclipse Jetty. This vulnerability allows denial of service attack via an HTTP/2 client specifying a very large value for the SETTINGSMAXHEADERLISTSIZE parameter...

jetty-http2-common: Jetty HTTP/2 Header List Size Vulnerability

A flaw was found in Eclipse Jetty. This vulnerability allows denial of service attack via an HTTP/2 client specifying a very large value for the SETTINGSMAXHEADERLISTSIZE parameter...

ROS-20250630-04

The Eclipse Jetty servlet container vulnerability is related to a bug in GzipHandler when handling certain URL paths. Exploitation of the vulnerability could allow an attacker to bypass the enforced security restrictions security The Eclipse Jetty servlet container vulnerability is related to the...

CVE-2025-6705

A vulnerability in the Eclipse Open VSX Registry’s automated publishing system could have allowed unauthorized uploads of extensions. Specifically, the system’s build scripts were executed without proper isolation, potentially exposing a privileged token. This token enabled the publishing of new...

Eclipse Open VSX 安全漏洞

Eclipse Open VSX is an open source registry of code extensions for Eclipse Open Source. A security vulnerability exists in Eclipse Open VSX that stems from a lack of sandboxing restrictions for CI jobs, which could lead to a service account takeover...

SUSE SLES15 / openSUSE 15 Security Update : java-1_8_0-openj9 (SUSE-SU-2025:01954-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:01954-1 advisory. - CVE-2025-4447: Fixed buffer overflow in Eclipse OpenJ9 bsc1243429. - CVE-2025-30698: Fixed 2D unauthorized data access and DoS...

PT-2025-27026 · Undefined · Undefined

🚨 Critical flaw in Open VSX Registry CVE-2025-29182 Malicious extensions could hijack dev environments! ⚠️ 180K+ daily users at risk. Patched now—if you're using Eclipse Theia or any Open VSX-based IDE, update ASAP. CyberSecurity SupplyChain PatchNow...

Security Bulletin: Vulnerability in Eclipse OMR affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.

Summary Potential vulnerability in Eclipse OMR has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. The vulnerability has been addressed. Refer to details for additional information...

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to an Improper Resource Shutdown or Release in Eclipse Jetty (CVE-2024-13009)

Summary Eclipse Jetty is used by IBM DevOps Deploy / IBM UrbanCode Deploy UCD. CVE-2024-13009 Vulnerability Details CVEID:CVE-2024-13009 DESCRIPTION: In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request body. Thi...

Vulnerability fixed in GeoServer

GeoServer developers have fixed a vulnerability in GeoServer 2.27.0, 2.26.2, 2.25.6, GeoTools 33.0, 32.2, 31.6, 28.6.0 and GeoNetwork 4.4.7, 4..2.12. The vulnerability is located in the Eclipse XSD library. The vulnerability allows unauthenticated attackers to potentially execute code and access...

TencentOS Server 4: mosquitto (TSSA-2024:0990)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0990 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

java-1.8.0-ibm: Buffer Overflow in Eclipse OpenJ9

A flaw was found in Eclipse OpenJ9 versions up to 0.51, when used with OpenJDK version 8. A stack based buffer overflow can be caused by modifying a file on disk that is read when the JVM starts...

Security Bulletin: Multiple vulnerabilities in eclipse jetty may affect IBM Business Automation Workflow Case Configuration tool

Summary IBM Business Automation Workflow Case configuration tool packages vulnerable versions of the eclipse jetty open source library. Vulnerability Details CVEID:CVE-2023-26049 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to obtain sensitive information, caused by a fl...

Security Bulletin: Multiple vulnerabilities in IBM Tivoli Network Manager IP Edition (ITNM).

Summary Multiple vulnerabilities were addressed in ITNM version 4.2 Fix Pack 22 4.2.0.22 Vulnerability Details CVEID:CVE-2025-23184 DESCRIPTION: A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the...

Amazon Linux 2 : jetty (ALAS-2025-2871)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2871 advisory. In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. CVE-2021-28165 Tenable has extracted the precedin...

SUSE CVE-2025-4949

In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity XXE...

CVE-2024-9329

In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal...