Lucene search
K

219 matches found

Veracode
Veracode
added 2025/10/28 4:42 p.m.6 views

Cross-site Scripting (XSS)

io.vertx:vertx-web is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper escaping of file and directory names in generated HTML when directory listing is enabled, which allows an attacker to craft malicious filenames that execute arbitrary scripts in the browser of users...

6.4CVSS6.6AI score0.00265EPSS
Exploits1References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/10/27 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2025-11965

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Vert.x versions 4.0.0, 4.5.21 and 5.0.0, 5.0.4, a StaticHandler configuration for restricting access to hidden files fails to restrict access to hidd...

7.5CVSS5.5AI score0.00459EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/10/22 7:38 p.m.8 views

ai.tock:bot-test (>=25.9.0 <=26.3.2), ai.tock:bot-test-base (>=25.9.0 <=26.3.2) +286 more potentially affected by CVE-2025-11966 via io.vertx:vertx-web (>=5.0.0.CR1 <=5.0.4)

io.vertx:vertx-web MAVEN version =5.0.0.CR1, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =26.3.2 and more Source cves: CVE-2025-11966 Source advisory: SNYK:JAVA-IOVERTX-13669867...

6.4CVSS5.7AI score0.00265EPSS
Exploits1
Snyk
Snyk
added 2025/10/22 7:38 p.m.5 views

Cross-site Scripting (XSS)

Overview io.vertx:vertx-web is a HTTP web applications for Vert.x. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the sendDirectoryListing in StaticHandlerImpl.java. An attacker can execute arbitrary JavaScript in the browser context of users viewing the director...

6.4CVSS5.5AI score0.00265EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2025/10/22 7:38 p.m.7 views

ai.tock:bot-test (>=25.9.0 <=26.3.2), ai.tock:bot-test-base (>=25.9.0 <=26.3.2) +287 more potentially affected by CVE-2025-11966 via io.vertx:vertx-web (>=5.0.0 <=5.0.4)

io.vertx:vertx-web MAVEN version =5.0.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =26.3.2 and more Source cves: CVE-2025-11966 Source advisory: OSV:GHSA-45P5-V273-3QQR...

6.4CVSS5.7AI score0.00265EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2025/10/22 7:38 p.m.6 views

ai.chronon:service_2.11 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91), ai.chronon:service_2.12 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91) +4384 more potentially affected by CVE-2025-11966 via io.vertx:vertx-web (>=4.0.0-milestone1 <=4.5.21)

io.vertx:vertx-web MAVEN version =4.0.0-milestone1, =0.0.86, =0.0.86, =0.0.86, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =22.9.0, =25.3.10 and more Sou...

6.4CVSS5.7AI score0.00265EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2025/10/22 7:38 p.m.7 views

ai.chronon:service_2.11 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91), ai.chronon:service_2.12 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91) +5641 more potentially affected by CVE-2025-11966 via io.vertx:vertx-web (>=3.0.0-milestone6 <=4.5.21)

io.vertx:vertx-web MAVEN version =3.0.0-milestone6, =0.0.86, =0.0.86, =0.0.86, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.3.0 - ai.konduit.serving:konduit-serving-python-config =0.0.2 and more Source cves: CVE-2025-11966 Source advisory:...

6.4CVSS5.7AI score0.00265EPSS
Exploits1
OSV
OSV
added 2025/10/22 7:38 p.m.1 views

GHSA-45P5-V273-3QQR Vert.x-Web vulnerable to Stored Cross-site Scripting in directory listings via file names

Description - In the StaticHandlerImplsendDirectoryListing... method under the text/html branch, file and directory names are directly embedded into the href, title, and link text without proper HTML escaping. - As a result, in environments where an attacker can control file names, injecting...

4.9CVSS7.1AI score0.00265EPSS
Exploits1References4
OSV
OSV
added 2025/10/22 7:38 p.m.7 views

GHSA-H5FG-JPGR-RV9C Vert.x-Web Access Control Flaw in StaticHandler’s Hidden File Protection for Files Under Hidden Directories

Description There is a flaw in the hidden file protection feature of Vert.x Web’s StaticHandler when setIncludeHiddenfalse is configured. In the current implementation, only files whose final path segment i.e., the file name begins with a dot . are treated as “hidden” and are blocked from being...

6.3CVSS5.9AI score0.00459EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2025/10/22 7:38 p.m.7 views

ai.chronon:service_2.11 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91), ai.chronon:service_2.12 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91) +5641 more potentially affected by CVE-2025-11965 via io.vertx:vertx-web (>=3.0.0-milestone6 <=4.5.21)

io.vertx:vertx-web MAVEN version =3.0.0-milestone6, =0.0.86, =0.0.86, =0.0.86, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.3.0 - ai.konduit.serving:konduit-serving-python-config =0.0.2 and more Source cves: CVE-2025-11965 Source advisory:...

7.5CVSS5.7AI score0.00459EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/10/22 7:38 p.m.8 views

ai.tock:bot-test (>=25.9.0 <=26.3.2), ai.tock:bot-test-base (>=25.9.0 <=26.3.2) +287 more potentially affected by CVE-2025-11965 via io.vertx:vertx-web (>=5.0.0 <=5.0.4)

io.vertx:vertx-web MAVEN version =5.0.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =26.3.2 and more Source cves: CVE-2025-11965 Source advisory: OSV:GHSA-H5FG-JPGR-RV9C...

7.5CVSS5.7AI score0.00459EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/10/22 7:38 p.m.6 views

ai.tock:bot-test (>=25.9.0 <=26.3.2), ai.tock:bot-test-base (>=25.9.0 <=26.3.2) +286 more potentially affected by CVE-2025-11965 via io.vertx:vertx-web (>=5.0.0.CR1 <=5.0.4)

io.vertx:vertx-web MAVEN version =5.0.0.CR1, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =26.3.2 and more Source cves: CVE-2025-11965 Source advisory: SNYK:JAVA-IOVERTX-13669868...

7.5CVSS5.7AI score0.00459EPSS
Exploits0
Snyk
Snyk
added 2025/10/22 7:38 p.m.4 views

Files or Directories Accessible to External Parties

Overview io.vertx:vertx-web is a HTTP web applications for Vert.x. Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties via improper handling of hidden directories in the StaticHandler implementation when the setIncludeHiddenfalse configuration i...

8.3CVSS6.7AI score0.00459EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/10/22 7:38 p.m.11 views

ai.chronon:service_2.11 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91), ai.chronon:service_2.12 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91) +4384 more potentially affected by CVE-2025-11965 via io.vertx:vertx-web (>=4.0.0-milestone1 <=4.5.21)

io.vertx:vertx-web MAVEN version =4.0.0-milestone1, =0.0.86, =0.0.86, =0.0.86, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =22.9.0, =25.3.10 and more Sou...

7.5CVSS5.7AI score0.00459EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2025/10/22 7:38 p.m.10 views

Vert.x-Web Access Control Flaw in StaticHandler’s Hidden File Protection for Files Under Hidden Directories

Description There is a flaw in the hidden file protection feature of Vert.x Web’s StaticHandler when setIncludeHiddenfalse is configured. In the current implementation, only files whose final path segment i.e., the file name begins with a dot . are treated as “hidden” and are blocked from being...

7.5CVSS6.6AI score0.00459EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2025/10/22 3:15 p.m.7 views

CVE-2025-11965

In Eclipse Vert.x versions 4.0.0, 4.5.21 and 5.0.0, 5.0.4, a StaticHandler configuration for restricting access to hidden files fails to restrict access to hidden directories, allowing unauthorized users to retrieve files within them e.g. '.git/config'...

7.5CVSS0.00459EPSS
Exploits0References1
NVD
NVD
added 2025/10/22 3:15 p.m.13 views

CVE-2025-11966

In Eclipse Vert.x versions 4.0.0, 4.5.21 and 5.0.0, 5.0.4, when "directory listing" is enabled, file and directory names are inserted into generated HTML without proper escaping in the href, title, and link attributes. An attacker who can create or rename files or directories within a served path...

6.4CVSS0.00265EPSS
Exploits1References1
OSV
OSV
added 2025/10/22 2:50 p.m.4 views

CVE-2025-11965

In Eclipse Vert.x versions 4.0.0, 4.5.21 and 5.0.0, 5.0.4, a StaticHandler configuration for restricting access to hidden files fails to restrict access to hidden directories, allowing unauthorized users to retrieve files within them e.g. '.git/config'...

6.3CVSS6.7AI score0.00459EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/22 2:50 p.m.4 views

CVE-2025-11965

In Eclipse Vert.x versions 4.0.0, 4.5.21 and 5.0.0, 5.0.4, a StaticHandler configuration for restricting access to hidden files fails to restrict access to hidden directories, allowing unauthorized users to retrieve files within them e.g. '.git/config'...

6.3CVSS6.4AI score0.00459EPSS
Exploits0References1
CVE
CVE
added 2025/10/22 2:50 p.m.18 views

CVE-2025-11965

The CVE-2025-11965 issue affects Eclipse Vert.x: versions 4.0.0–4.5.21 and 5.0.0–5.0.4 contain a misconfiguration in StaticHandler that fails to restrict access to hidden directories, enabling unauthorized access to files inside them (for example, .git/config). The available connected documents c...

7.5CVSS6.4AI score0.00459EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder