Lucene search
K

220 matches found

vulnersOsv
vulnersOsv
added 2026/02/10 11:54 a.m.9 views

ai.timefold.solver:timefold-solver-quarkus-benchmark-integration-test (>=0.9.38 <=1.26.2), ai.timefold.solver:timefold-solver-quarkus-devui-integration-test (>=0.9.38 <=1.26.2) +1739 more potentially affected by CVE-2025-11537 via io.quarkus:quarkus-vertx-http (>=3.0.0.Alpha1 <=3.27.1)

io.quarkus:quarkus-vertx-http MAVEN version =3.0.0.Alpha1, =0.9.38, =0.9.38, =0.9.38, =0.9.38, =0.9.38, =0.9.38, =0.0.6, =0.0.1, =0.0.6, =0.0.6, =0.0.6, =0.0.1, =0.0.1, =0.0.4, =0.0.4, =0.0.5 and more Source cves: CVE-2025-11537 Source advisory: SNYK:JAVA-IOQUARKUS-15265250...

5CVSS5.7AI score0.00141EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/16 6:16 p.m.14 views

CVE-2026-1002

A flaw was found in Vert.x. The Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URIs, preventing legitimate users from accessing static files with an HTTP 404 response. Mitigation To mitigate this...

6.9CVSS6.6AI score0.00343EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-1002

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request UR...

6.9CVSS5.5AI score0.00343EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2026/01/15 9:31 p.m.9 views

ai.tock:bot-test (>=25.9.0 <=26.3.2), ai.tock:bot-test-base (>=25.9.0 <=26.3.2) +832 more potentially affected by CVE-2026-1002 via io.vertx:vertx-core (>=5.0.0.CR1 <=5.0.6)

io.vertx:vertx-core MAVEN version =5.0.0.CR1, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =26.3.2 and more Source cves: CVE-2026-1002 Source advisory: OSV:GHSA-CPHF-4846-3XX9...

6.9CVSS6.5AI score0.00343EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/01/15 9:31 p.m.7 views

ai.chronon:service_2.11 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91), ai.chronon:service_2.12 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91) +9866 more potentially affected by CVE-2026-1002 via io.vertx:vertx-core (>=2.0.0-CR1 <=4.5.23)

io.vertx:vertx-core MAVEN version =2.0.0-CR1, =0.0.86, =0.0.86, =0.0.86, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.3.0 and more Source cves: CVE-2026-1002 Source advisory: OSV:GHSA-CPHF-4846-3XX9...

6.9CVSS6.5AI score0.00343EPSS
Exploits1
OSV
OSV
added 2026/01/15 9:31 p.m.3 views

GHSA-CPHF-4846-3XX9 Vert.x Web static handler component cache can be manipulated to deny the access to static files

The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URI. The issue comes from an improper implementation of the C. rule of section 5.2.4 of RFC3986 and is fixed in Vert.x Core component used b...

6.9CVSS5.8AI score0.00343EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2026/01/15 9:31 p.m.12 views

Vert.x Web static handler component cache can be manipulated to deny the access to static files

The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URI. The issue comes from an improper implementation of the C. rule of section 5.2.4 of RFC3986 and is fixed in Vert.x Core component used b...

6.9CVSS6.8AI score0.00343EPSS
Exploits1References7Affected Software1
Snyk
Snyk
added 2026/01/15 9:31 p.m.6 views

HTTP Request Smuggling

Overview io.vertx:vertx-core is a tool-kit for building reactive applications on the JVM. Affected versions of this package are vulnerable to HTTP Request Smuggling due to improper handling of / in the output buffer by removeDots function in Static Handler. An attacker can prevent access to stati...

6.9CVSS7AI score0.00343EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2026/01/15 9:31 p.m.8 views

ai.chronon:service_2.11 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91), ai.chronon:service_2.12 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91) +7721 more potentially affected by CVE-2026-1002 via io.vertx:vertx-core (>=4.0.0-milestone1 <=4.5.23)

io.vertx:vertx-core MAVEN version =4.0.0-milestone1, =0.0.86, =0.0.86, =0.0.86, =0.0.2, =0.1.1, =0.1.1, =0.2.0, =0.2.0, =0.2.0, =0.2.11 and more Source cves: CVE-2026-1002 Source advisory: SNYK:JAVA-IOVERTX-14988768...

6.9CVSS6.5AI score0.00343EPSS
Exploits1
NVD
NVD
added 2026/01/15 9:16 p.m.21 views

CVE-2026-1002

The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URI. The issue comes from an improper implementation of the C. rule of section 5.2.4 of RFC3986 and is fixed in Vert.x Core component used b...

6.9CVSS0.00343EPSS
Exploits1References2
OSV
OSV
added 2026/01/15 8:50 p.m.6 views

CVE-2026-1002 Eclipse Vert.x Web static handler file access denial

The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URI. The issue comes from an improper implementation of the C. rule of section 5.2.4 of RFC3986 and is fixed in Vert.x Core component used b...

6.9CVSS6.7AI score0.00343EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/01/15 8:50 p.m.7 views

CVE-2026-1002 Eclipse Vert.x Web static handler file access denial

The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URI. The issue comes from an improper implementation of the C. rule of section 5.2.4 of RFC3986 and is fixed in Vert.x Core component used b...

6.9CVSS6.4AI score0.00343EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/01/15 8:50 p.m.29 views

CVE-2026-1002 Eclipse Vert.x Web static handler file access denial

The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URI. The issue comes from an improper implementation of the C. rule of section 5.2.4 of RFC3986 and is fixed in Vert.x Core component used b...

6.9CVSS0.00343EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.12 views

PT-2026-3133

Name of the Vulnerable Software and Affected Versions Vert.x versions affected versions not specified Description The Vert.x Web static handler component cache can be manipulated to deny access to static files served by the handler using specifically crafted request URIs. This is due to an improp...

6.9CVSS5.9AI score0.00343EPSS
Exploits1References13
vulnersOsv
vulnersOsv
added 2026/01/07 5:47 p.m.9 views

ai.timefold.solver:timefold-solver-quarkus-benchmark-integration-test (>=1.21.0 <=1.26.2), ai.timefold.solver:timefold-solver-quarkus-devui-integration-test (>=1.21.0 <=1.26.2) +590 more potentially affected by CVE-2025-66560 via io.quarkus.vertx.utils:quarkus-vertx-utils (>=3.21.0.CR1 <=3.27.1)

io.quarkus.vertx.utils:quarkus-vertx-utils MAVEN version =3.21.0.CR1, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =0.0.6, =0.0.6, =0.0.6, =0.0.8, =0.1.0-RC15, =0.1.0-RC15, =0.1.0-RC14, =0.1.0-RC25 and mor...

7.5CVSS5.4AI score0.00349EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/01/07 5:47 p.m.7 views

ai.timefold.solver:timefold-solver-quarkus-benchmark-integration-test (>=1.12.0 <=1.20.1), ai.timefold.solver:timefold-solver-quarkus-devui-integration-test (>=1.12.0 <=1.20.1) +914 more potentially affected by CVE-2025-66560 via io.quarkus.vertx.utils:quarkus-vertx-utils (>=3.12.0 <=3.20.4)

io.quarkus.vertx.utils:quarkus-vertx-utils MAVEN version =3.12.0, =1.12.0, =1.12.0, =1.12.0, =1.12.0, =1.12.0, =1.12.0, =0.0.1, =0.0.4, =0.0.1, =0.0.1, =0.0.1, =3.15.3, =3.15.3, =0.2.0.0, =0.4.8.0, =0.7.0.2 and more Source cves: CVE-2025-66560 Source advisory: SNYK:JAVA-IOQUARKUSVERTXUTILS-148970...

7.5CVSS5.7AI score0.00349EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/01/07 5:47 p.m.8 views

ai.pipestream.module:module-chunker (=0.1.1), ai.pipestream.module:module-echo (=0.1.1) +459 more potentially affected by CVE-2025-66560 via io.quarkus.vertx.utils:quarkus-vertx-utils (>=3.28.0.CR1 <=3.30.8)

io.quarkus.vertx.utils:quarkus-vertx-utils MAVEN version =3.28.0.CR1, =0.0.2, =0.1.1, =0.1.1, =0.2.0, =0.2.0, =0.1.1, =0.1.1, =0.1.7, =0.1.9 and more Source cves: CVE-2025-66560 Source advisory: SNYK:JAVA-IOQUARKUSVERTXUTILS-14897052...

7.5CVSS5.7AI score0.00349EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/01/06 1:22 p.m.3 views

io.vertx/vertx-web: Eclipse Vert.x cross site scripting

In Eclipse Vert.x, when "directory listing" is enabled, file and directory names are inserted into generated HTML without proper escaping in the href, title, and link attributes. An attacker who can create or rename files or directories within a served path can craft filenames containing maliciou...

6.4CVSS7AI score0.00265EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/01/06 1:22 p.m.9 views

Important: Red Hat Security Advisory: Red Hat build of Quarkus 3.27.1.SP1 security update

An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more informatio...

8.8CVSS6.6AI score0.00647EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2026/01/06 1:12 p.m.8 views

io.vertx/vertx-web: Eclipse Vert.x cross site scripting

In Eclipse Vert.x, when "directory listing" is enabled, file and directory names are inserted into generated HTML without proper escaping in the href, title, and link attributes. An attacker who can create or rename files or directories within a served path can craft filenames containing maliciou...

6.4CVSS7AI score0.00265EPSS
Exploits1References5
Rows per page
Query Builder