Lucene search
K

2376 matches found

Nuclei
Nuclei
added 10 hours ago101 views

CData Sync < 23.4.8843 - Path Traversal

A path traversal vulnerability exists in the Java version of CData Sync CData - Sync' - r...

8.6CVSS7AI score0.02885EPSS
Exploits0References2
Nuclei
Nuclei
added 10 hours ago118 views

CData API Server < 23.4.8844 - Path Traversal

A path traversal vulnerability exists in the Java version of CData API Server 23.4.8844 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application. id: CVE-2024-31848 info: name: CData API Server...

9.8CVSS7.1AI score0.08151EPSS
Exploits1References5
Nuclei
Nuclei
added 10 hours ago15 views

Apache ActiveMQ 6.x < 6.1.2 - Broken Access Control

Apache ActiveMQ 6.x contains an unauthenticated API web context caused by default configuration lacking security measures in the Jetty server, letting anyone interact with broker APIs and messaging layers, exploit requires no authentication. id: CVE-2024-32114 info: name: Apache ActiveMQ 6.x 6.1....

8.8CVSS7AI score0.0692EPSS
Exploits1References4
Nuclei
Nuclei
added 10 hours ago85 views

CData Arc < 23.4.8839 - Path Traversal

A path traversal vulnerability exists in the Java version of CData Arc 23.4.8839 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access to sensitive information and perform limited actions. id: CVE-2024-31850 info: name: CData Arc 23.4.88...

9.8CVSS7.1AI score0.08151EPSS
Exploits1References3
Cvelist
Cvelist
added yesterday15 views

CVE-2026-8384

In Eclipse Jetty, an HTTP URI of this form: /public;/../admin/secret.txt results in an unresolved path of: /public/../admin/secret.txt instead of the expected: /admin/secret.txt Jetty itself is not affected, as it will not serve the secret.txt file because it will not pass the alias checker only...

5.3CVSS0.00191EPSS
Exploits1References1
EUVD
EUVD
added yesterday6 views

EUVD-2026-43647

In Eclipse Jetty, an HTTP URI of this form: /public;/../admin/secret.txt results in an unresolved path of: /public/../admin/secret.txt instead of the expected: /admin/secret.txt Jetty itself is not affected, as it will not serve the secret.txt file because it will not pass the alias checker only...

5.3CVSS6.1AI score0.00191EPSS
Exploits1References1
CVE
CVE
added yesterday9 views

CVE-2026-8384

CVE-2026-8384 describes a URI normalization issue in the context of Eclipse Jetty: a crafted HTTP URI like "/public;/../admin/secret.txt" yields an unresolved path "/public/../admin/secret.txt" instead of the expected "/admin/secret.txt". Jetty itself remains unaffected, since it won’t serve secr...

5.3CVSS6.1AI score0.00191EPSS
Exploits1References1Affected Software1
CVE
CVE
added yesterday8 views

CVE-2026-6790

In Eclipse Jetty, HTTP/1 requests to HTTP/1.3 (HTTP/2/3 included) do not enforce that the request authority (host and port) matches the Host header when present. This mismatch can affect URI redirects, virtual host selection, reverse proxying, and logs. The issue is described across CVE sources (...

5.3CVSS6.1AI score0.00196EPSS
Exploits0References1Affected Software1
CVE
CVE
added yesterday9 views

CVE-2026-10051

CVE-2026-10051 concerns Eclipse Jetty: the first HTTP/1.1 request with trailers is retained on the same connection, making subsequent requests either report the first request’s trailers or their union with the current request. This implies a potential confidentiality impact on trailer data (per C...

7.5CVSS6.1AI score0.00253EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added yesterday16 views

CVE-2026-10051

In Eclipse Jetty, a first HTTP/1.1 request with trailers causes the server to retain the trailers in subsequent requests performed over the same connection. Subsequent request that do not have trailers report the trailers of the first request. Subsequent request that do have trailers report the...

6.9CVSS0.00253EPSS
Exploits1References1
EUVD
EUVD
added yesterday4 views

EUVD-2026-43645

In Eclipse Jetty, a first HTTP/1.1 request with trailers causes the server to retain the trailers in subsequent requests performed over the same connection. Subsequent request that do not have trailers report the trailers of the first request. Subsequent request that do have trailers report the...

7.5CVSS6.1AI score0.00253EPSS
Exploits1References1
Nuclei
Nuclei
added yesterday86 views

Eclipse Jetty ConcatServlet - Information Disclosure

Eclipse Jetty through 9.4.40, through 10.0.2, and through 11.0.2 is susceptible to information disclosure. Requests to the ConcatServlet with a doubly encoded path can access protected resources within the WEB-INF directory, thus enabling an attacker to potentially obtain sensitive information,...

5.3CVSS6.7AI score0.7848EPSS
Exploits2References5
Nuclei
Nuclei
added 2 days ago24 views

Apache ActiveMQ < 5.16.5/5.17.3 - Remote Code Execution

Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandlerhandlePostRequest is able to create JmxRequest...

8.8CVSS7.1AI score0.8581EPSS
Exploits2References3
Nuclei
Nuclei
added 2 days ago108 views

Eclipse Jetty <9.2.9.v20150224 - Sensitive Information Leakage

Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header. id: CVE-2015-2080 info: name: Eclipse Jetty 9.2.9.v20150224 - Sensitive Information Leakage author: pikpikcu severity: high description: Eclip...

7.5CVSS7AI score0.74881EPSS
Exploits16References5
Nuclei
Nuclei
added 2 days ago53 views

Eclipse Jetty - Information Disclosure

Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224 is susceptible to improper authorization. The default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. An attacker can access sensitive information regarding...

5.3CVSS6.7AI score0.82371EPSS
Exploits7References5
RedHat Linux
RedHat Linux
added 6 days ago3 views

micrometer-core: micrometer-jetty11: micrometer-jetty12: Micrometer: Denial of Service via specially crafted HTTP requests

A flaw was found in Micrometer. A remote attacker can provide specially crafted HTTP requests, which may lead to a denial-of-service DoS condition. This vulnerability allows an attacker to disrupt the availability of the affected system...

7.5CVSS5.9AI score0.00623EPSS
Exploits0References5
OSV
OSV
added 2026/07/02 4:26 p.m.26 views

ROOT-APP-MAVEN-CVE-2025-1948 CVE-2025-1948 in io.root.org.eclipse.jetty.http2:jetty-http2-common - Patched by Root

Root has patched CVE-2025-1948 in the io.root.org.eclipse.jetty.http2:jetty-http2-common package for Root:Maven. Multiple fixed versions available...

7.5CVSS7.1AI score0.00625EPSS
Exploits0
OSV
OSV
added 2026/07/02 4:26 p.m.16 views

ROOT-APP-MAVEN-CVE-2025-5115 CVE-2025-5115 in io.root.org.eclipse.jetty.http2:jetty-http2-common - Patched by Root

Root has patched CVE-2025-5115 in the io.root.org.eclipse.jetty.http2:jetty-http2-common package for Root:Maven. Multiple fixed versions available...

7.5CVSS7AI score0.01567EPSS
Exploits0
OSV
OSV
added 2026/07/02 4:26 p.m.28 views

ROOT-APP-MAVEN-CVE-2026-1605 CVE-2026-1605 in io.root.org.eclipse.jetty:jetty-server - Patched by Root

Root has patched CVE-2026-1605 in the io.root.org.eclipse.jetty:jetty-server package for Root:Maven. Multiple fixed versions available...

7.5CVSS5.8AI score0.00625EPSS
Exploits0
OSV
OSV
added 2026/07/02 4:26 p.m.8 views

ROOT-APP-MAVEN-CVE-2025-11143 CVE-2025-11143 in io.root.org.eclipse.jetty:jetty-http - Patched by Root

Root has patched CVE-2025-11143 in the io.root.org.eclipse.jetty:jetty-http package for Root:Maven. Multiple fixed versions available...

3.7CVSS5.2AI score0.00159EPSS
Exploits0
Rows per page
Query Builder