1294 matches found
CVE-2026-41417 vulnerabilities
Vulnerabilities for packages: neo4j, thingsboard, management-api-for-apache-cassandra-5.0, selenium, akhq, wavefront-proxy, tez, kserve-modelmesh, flyway, apache-nifi-registry, sonarqube, strimzi-kafka-operator, apache-activemq-artemis, opensearch, spark, apicurio-registry, apache-nifi, trino,...
GHSA-V8H7-RR48-VMMV vulnerabilities
Vulnerabilities for packages: management-api-for-apache-cassandra-5.0, kafka-bridge, tez, strimzi-kafka-operator-fips, nuxeo, spark-kubernetes-operator, knative-kafka-broker, spark-kubernetes-operator-fips, trino, apicurio-registry, keycloak, zipkin, kserve-modelmesh, knative-kafka-broker-fips,...
CVE-2026-41417 vulnerabilities
Vulnerabilities for packages: management-api-for-apache-cassandra-5.0, kafka-bridge, tez, strimzi-kafka-operator-fips, nuxeo, spark-kubernetes-operator, knative-kafka-broker, spark-kubernetes-operator-fips, trino, apicurio-registry, keycloak, zipkin, kserve-modelmesh, knative-kafka-broker-fips,...
org.apache.camel.kafkaconnector:camel-consul-kafka-connector (>=0.1.0 <=0.11.5), org.apache.camel.karaf:camel-consul (>=4.10.3 <=4.14.5) +7 more potentially affected by CVE-2026-27172 via org.apache.camel:camel-consul (>=3.0.0 <=4.14.5)
org.apache.camel:camel-consul MAVEN version =3.0.0, =0.1.0, =4.10.3, =4.10.3, =1.0.0, =1.0.0, =1.0.0, =4.10.0, =3.0.0, =4.14.5 - org.wildfly.camel:wildfly-camel-itests-standalone-docker =12.0.0 Source cves: CVE-2026-27172 Source advisory: OSV:GHSA-5RC6-9QFP-8VWG...
GHSA-PWQR-WMGM-9RR8 vulnerabilities
Vulnerabilities for packages: neo4j, thingsboard, management-api-for-apache-cassandra-5.0, celeborn, akhq, wavefront-proxy, tez, kserve-modelmesh, flyway, sonarqube, strimzi-kafka-operator, apache-activemq-artemis, opensearch, spark, apicurio-registry, trino, infinispan, keycloak, wildfly,...
CVE-2026-33870 vulnerabilities
Vulnerabilities for packages: neo4j, thingsboard, management-api-for-apache-cassandra-5.0, celeborn, akhq, wavefront-proxy, tez, kserve-modelmesh, flyway, sonarqube, strimzi-kafka-operator, apache-activemq-artemis, opensearch, spark, apicurio-registry, trino, infinispan, keycloak, wildfly,...
undertow-core: Undertow HTTP Server Fails to Reject Malformed Host Headers Leading to Potential Cache Poisoning and SSRF
A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without...
GHSA-QHP6-6P8P-2RQH Wildfly Elytron integration susceptible to brute force attacks via CLI
Impact A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI. Patches The default behaviour has been changed in...
Wildfly Elytron integration susceptible to brute force attacks via CLI
Impact A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI. Patches The default behaviour has been changed in...
io.github.rzo1.org.apache.cxf:apache-cxf (=4.2.0-tomee-m0-071068f), io.github.rzo1.org.apache.cxf:cxf-distribution-javadoc (=4.2.0-tomee-m0-071068f) +9 more potentially affected by CVE-2024-4027 via io.undertow:undertow-core (=2.4.0.Alpha1)
io.undertow:undertow-core MAVEN version =2.4.0.Alpha1 is affected by a known vulnerability. The following packages have a transitive dependency on io.undertow:undertow-core and may be impacted: - io.github.rzo1.org.apache.cxf:apache-cxf =4.2.0-tomee-m0-071068f -...
io.github.rzo1.org.apache.cxf:apache-cxf (=4.2.0-tomee-m0-071068f), io.github.rzo1.org.apache.cxf:cxf-distribution-javadoc (=4.2.0-tomee-m0-071068f) +9 more potentially affected by CVE-2024-4027 via io.undertow:undertow-core (=2.4.0.Alpha1)
io.undertow:undertow-core MAVEN version =2.4.0.Alpha1 is affected by a known vulnerability. The following packages have a transitive dependency on io.undertow:undertow-core and may be impacted: - io.github.rzo1.org.apache.cxf:apache-cxf =4.2.0-tomee-m0-071068f -...
CVE-2025-12543 vulnerabilities
Vulnerabilities for packages: wildfly...
GHSA-J382-5JJ3-VW4J vulnerabilities
Vulnerabilities for packages: wildfly...
GHSA-6H4F-PJ3G-Q8FQ vulnerabilities
Vulnerabilities for packages: wildfly...
CVE-2024-3884 vulnerabilities
Vulnerabilities for packages: wildfly...
GHSA-J382-5JJ3-VW4J vulnerabilities
Vulnerabilities for packages: wildfly...
GHSA-6H4F-PJ3G-Q8FQ vulnerabilities
Vulnerabilities for packages: wildfly...
CVE-2025-12543 vulnerabilities
Vulnerabilities for packages: wildfly...
CVE-2024-3884 vulnerabilities
Vulnerabilities for packages: wildfly...
undertow-core: Undertow HTTP Server Fails to Reject Malformed Host Headers Leading to Potential Cache Poisoning and SSRF
A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without...