GHSA-X4GW-5CX5-PGMH vulnerabilities

Vulnerabilities for packages: management-api-for-apache-cassandra-4.0, knative-kafka-broker, hono, zookeeper-fips, s3proxy, request-9047-keycloak-fips, camunda, zookeeper, keycloak, apache-pulsar, strimzi-kafka-operator-fips, pinot, cassandra-reaper, keycloak-fips, flyway-fips, seata, s3proxy-fip...

CVE-2026-42402 vulnerabilities

Vulnerabilities for packages: wildfly...

GHSA-V8H7-RR48-VMMV vulnerabilities

Vulnerabilities for packages: opensearch, apache-camel-karavan-devmode, tez, management-api-for-apache-cassandra-4.0, logstash, spark-kubernetes-operator, knative-kafka-broker, hono, nuxeo, elasticsearch, apicurio-registry, apache-nifi-registry, neo4j, zipkin, kafka-bridge-fips, docker-selenium,...

EUVD-2018-0593

Malware in sbrugna...

EUVD-2020-3147

Malware in sbrugna...

EUVD-2021-1193

Malware in sbrugna...

EUVD-2024-33579

Malicious code in bioql PyPI...

EUVD-2022-6802

Malicious code in bioql PyPI...

EUVD-2022-5055

Malicious code in bioql PyPI...

EUVD-2022-5420

Malicious code in bioql PyPI...

PT-2025-15231 · Red Hat · Red Hat Jboss Enterprise Application Platform +1

Name of the Vulnerable Software and Affected Versions: WildFly affected versions not specified JBoss Enterprise Application Platform EAP affected versions not specified Description: A security flaw exists within the Enterprise JavaBeans EJB remote invocation mechanism, stemming from untrusted dat...

wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users

A flaw was found in Wildfly. An incorrect JBOSSLOCALUSER challenge location when using the elytron configuration may lead to JBOSSLOCALUSER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability...

PT-2025-4865

Name of the Vulnerable Software and Affected Versions WildFly versions prior to 27.0.1.Final Description A flaw was found in the Wildfly Server Role Based Access Control RBAC provider. When authorization to control management operations is secured using the Role Based Access Control provider, a...

PT-2024-16131 · Wildfly · Wildfly

Name of the Vulnerable Software and Affected Versions: Wildfly affected versions not specified Description: A flaw in the Wildfly deployment system allows a user to perform Cross-site scripting, enabling an attacker or insider to execute a deployment with a malicious payload. This could trigger...

wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled

A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have...

GHSA-9Q87-22GR-R8QF WildFly has incomplete blacklist vulnerability

Incomplete blacklist vulnerability in the servlet filter restriction mechanism in WildFly formerly JBoss Application Server before 10.0.0.Final on Windows allows remote attackers to read the sensitive files in the 1 WEB-INF or 2 META-INF directory via a request that contains a lowercase or b...

CVE-2021-3503

A flaw was found in Wildfly where insufficient RBAC restrictions may lead to expose metrics data. The highest threat from this vulnerability is to the confidentiality...

WildFly 安全漏洞

Wildfly is a powerful, modular and lightweight application server from Wildfly. WildFly has a security vulnerability that stems from the presence of an information leak. An attacker exploiting the vulnerability could see the deployment name, endpoints, and any data that the tracking payload may...

wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users

A flaw was found in Wildfly. An incorrect JBOSSLOCALUSER challenge location when using the elytron configuration may lead to JBOSSLOCALUSER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability...

wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users

A flaw was found in Wildfly. An incorrect JBOSSLOCALUSER challenge location when using the elytron configuration may lead to JBOSSLOCALUSER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability...