20 matches found
CVE-2026-42402 vulnerabilities
Vulnerabilities for packages: wildfly...
GHSA-V8H7-RR48-VMMV vulnerabilities
Vulnerabilities for packages: elasticsearch, apache-pulsar, opensearch, neo4j, apache-nifi-registry, akhq, flyway-fips, kafbat-ui-fips, keycloak-fips, logstash, tez, camunda-zeebe, trino, kafbat-ui, management-api-for-apache-cassandra-5.0, wazuh-indexer, apicurio-registry, kserve-modelmesh,...
EUVD-2018-0593
Malware in sbrugna...
EUVD-2020-3147
Malware in sbrugna...
EUVD-2021-1193
Malware in sbrugna...
EUVD-2022-5055
Malicious code in bioql PyPI...
EUVD-2022-5420
Malicious code in bioql PyPI...
PT-2025-15231 · Red Hat · Red Hat Jboss Enterprise Application Platform +1
Name of the Vulnerable Software and Affected Versions: WildFly affected versions not specified JBoss Enterprise Application Platform EAP affected versions not specified Description: A security flaw exists within the Enterprise JavaBeans EJB remote invocation mechanism, stemming from untrusted dat...
wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users
A flaw was found in Wildfly. An incorrect JBOSSLOCALUSER challenge location when using the elytron configuration may lead to JBOSSLOCALUSER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability...
PT-2025-4865
Name of the Vulnerable Software and Affected Versions WildFly versions prior to 27.0.1.Final Description A flaw was found in the Wildfly Server Role Based Access Control RBAC provider. When authorization to control management operations is secured using the Role Based Access Control provider, a...
PT-2024-16131 · Wildfly · Wildfly
Name of the Vulnerable Software and Affected Versions: Wildfly affected versions not specified Description: A flaw in the Wildfly deployment system allows a user to perform Cross-site scripting, enabling an attacker or insider to execute a deployment with a malicious payload. This could trigger...
wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled
A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have...
GHSA-9Q87-22GR-R8QF WildFly has incomplete blacklist vulnerability
Incomplete blacklist vulnerability in the servlet filter restriction mechanism in WildFly formerly JBoss Application Server before 10.0.0.Final on Windows allows remote attackers to read the sensitive files in the 1 WEB-INF or 2 META-INF directory via a request that contains a lowercase or b...
CVE-2021-3503
A flaw was found in Wildfly where insufficient RBAC restrictions may lead to expose metrics data. The highest threat from this vulnerability is to the confidentiality...
wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users
A flaw was found in Wildfly. An incorrect JBOSSLOCALUSER challenge location when using the elytron configuration may lead to JBOSSLOCALUSER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability...
wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users
A flaw was found in Wildfly. An incorrect JBOSSLOCALUSER challenge location when using the elytron configuration may lead to JBOSSLOCALUSER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability...
wildfly: XSS via admin console when creating roles in domain mode
A flaw was found in Wildfly. While creating a new role in the domain mode via the admin console, it is possible to add a payload in the name field, leading to a Cross-site scripting attack XSS. The highest threat from this vulnerability is to confidentiality and integrity...
Information Disclosure
wildfly is vulnerable to information disclosure. The vulnerability through the exposed setting of TCCL at EmbeddedManagedProcess API...
wildfly: Race condition on PID file allows for termination of arbitrary processes by local users
A flaw was discovered in wildfly that would allow local users, who are able to execute init.d script, to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root...
Denial Of Service
wildfly is vulnerable to denial of service attacks. Locally authenticated attacker could modify the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root...