CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

156 matches found

Positive Technologies•added 2026/03/25 12:0 a.m.•1 views

PT-2026-28108

Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.1.132.Final and versions prior to 4.2.10.Final Description Netty, an asynchronous, event-driven network application framework, is susceptible to a Denial of Service DoS attack. A remote user can exploit this by sendin...

8.7CVSS5.9AI score0.00038EPSS

Exploits1References20

ATTACKERKB•added 2026/01/15 8:50 p.m.•4 views

CVE-2026-1002

The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URI. The issue comes from an improper implementation of the C. rule of section 5.2.4 of RFC3986 and is fixed in Vert.x Core component used b...

6.9CVSS5.5AI score0.00025EPSS

Exploits1References2Affected Software1

CVE•added 2026/01/15 8:50 p.m.•13 views

CVE-2026-1002

CVE-2026-1002 affects the Vert.x Web static handler cache. The issue stems from an improper implementation of the RFC3986 C-rule (section 5.2.4), enabling an attacker to craft a URI (e.g., bar%2F..%2F) that can cause denial of access to static files served by the handler. Connected evidence indic...

6.9CVSS6.4AI score0.00025EPSS

Exploits1References2Affected Software1

EUVD•added 2026/01/15 8:50 p.m.•1 views

EUVD-2026-2695

6.9CVSS6.2AI score0.00025EPSS

Exploits1References2

CNNVD•added 2026/01/15 12:0 a.m.•1 views

vert.x security vulnerability

Vert.x is an open-source toolkit developed by Eclipse Vert.x. There is a security vulnerability in Vert.x, which stems from improper implementation of the static program cache. This vulnerability could be exploited by specially crafted request URIs, leading to denial-of-service attacks against...

6.9CVSS6.6AI score0.00025EPSS

Exploits1References3

RedHat Linux•added 2025/12/16 11:13 p.m.•1 views

io.quarkus/quarkus-vertx: Quarkus potential data leak

A data leak vulnerability has been discovered in the io.quarkus:quarkus-vertx package. This flaw can lead to information disclosure if a Vert.x context that has already been duplicated is subsequently duplicated again. In such a scenario, sensitive data residing within that context may be...

6.4CVSS5.7AI score0.00126EPSS

Exploits0References7

RedHat Linux•added 2025/12/16 11:13 p.m.•0 views

io.vertx/vertx-web: Eclipse Vert.x cross site scripting

In Eclipse Vert.x, when "directory listing" is enabled, file and directory names are inserted into generated HTML without proper escaping in the href, title, and link attributes. An attacker who can create or rename files or directories within a served path can craft filenames containing maliciou...

6.4CVSS7AI score0.00027EPSS

Exploits1References5

EUVD•added 2025/10/22 7:38 p.m.•0 views

EUVD-2025-35364

Vert.x-Web vulnerable to Stored Cross-site Scripting in directory listings via file names...

2.3CVSS5.9AI score0.00027EPSS

Exploits1References3

EUVD•added 2025/10/22 7:38 p.m.•3 views

EUVD-2025-35593

Vert.x-Web Access Control Flaw in StaticHandler’s Hidden File Protection for Files Under Hidden Directories...

6.3CVSS6.4AI score0.00051EPSS

Exploits0References3

OSV•added 2025/10/22 3:15 p.m.•1 views

CVE-2025-11966

In Eclipse Vert.x versions 4.0.0, 4.5.21 and 5.0.0, 5.0.4, when "directory listing" is enabled, file and directory names are inserted into generated HTML without proper escaping in the href, title, and link attributes. An attacker who can create or rename files or directories within a served path...

6.4CVSS5.1AI score

Exploits0References1

Cvelist•added 2025/10/22 2:50 p.m.•4 views

CVE-2025-11965

In Eclipse Vert.x versions 4.0.0, 4.5.21 and 5.0.0, 5.0.4, a StaticHandler configuration for restricting access to hidden files fails to restrict access to hidden directories, allowing unauthorized users to retrieve files within them e.g. '.git/config'...

6.3CVSS0.00051EPSS

Exploits0References1

Cvelist•added 2025/10/22 2:44 p.m.•7 views

CVE-2025-11966

2.3CVSS0.00027EPSS

Exploits1References1

Positive Technologies•added 2025/10/22 12:0 a.m.•2 views

PT-2025-43147

Name of the Vulnerable Software and Affected Versions Eclipse Vert.x versions 4.0.0 through 4.5.21 Eclipse Vert.x versions 5.0.0 through 5.0.4 Description When directory listing is enabled, file and directory names are inserted into generated HTML without proper escaping in the href, title, and...

6.4CVSS4.9AI score0.00027EPSS

Exploits1References8

CNNVD•added 2025/10/22 12:0 a.m.•2 views

Eclipse Vert.x 安全漏洞

Eclipse Vert.x is an Eclipse Foundation toolkit for building responsive applications on the JVM. A security vulnerability exists in Eclipse Vert.x versions 4.0.0 through 4.5.21 and 5.0.0 through 5.0.4, which stems from a directory listing feature that does not properly escape file and directory...

6.4CVSS5.7AI score0.00027EPSS

Exploits1References1

CNNVD•added 2025/10/22 12:0 a.m.•2 views

Eclipse Vert.x 安全漏洞

Eclipse Vert.x is an Eclipse Foundation toolkit for building responsive applications on the JVM. A security vulnerability exists in Eclipse Vert.x versions 4.0.0 through 4.5.21 and 5.0.0 through 5.0.4, which stems from the inability of the StaticHandler configuration to restrict access to a hidde...

7.5CVSS6.3AI score0.00051EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2021-0807

Malware in sbrugna...

8.8CVSS8.7AI score0.00154EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2018-0664

Malware in sbrugna...

9.8CVSS9.3AI score0.00587EPSS

Exploits0References9