Vulnerabilities in Eclipse Foundation
104 resultsCVE-2024-8376HIGHMemory leakEPSS 0.7%CVE-2025-0728MEDIUMEclipse ThreadX NetX Duo HTTP server single PUT request integer underflowEPSS 0.7%CVE-2025-0726HIGHEclipse ThreadX NetX Duo HTTP server denial of serviceEPSS 0.7%CVE-2025-0727MEDIUMEclipse ThreadX NetX Duo HTTP server single PUT request integer underflowEPSS 0.7%CVE-2024-9329MEDIUMGlassfish redirect to untrusted siteEPSS 0.7%CVE-2023-5763MEDIUMGlassfish remote code executionEPSS 0.7%CVE-2026-2587CRITICALA critical Remote Code Execution (RCE) vulnerability was identified in the server-side template rendering mechanism used by the Glassfish gaEPSS 0.6%CVE-2025-1948HIGHEclipse Jetty HTTP clients can increase memory allocationEPSS 0.6%CVE-2026-24457CRITICALAn unsafe parsing of OpenMQ's configuration, allows a remote attacker to read arbitrary files from a MQ Broker's server. A full exploitationEPSS 0.6%CVE-2023-7272HIGHEclipse Parsson stack overflow with deeply nested objectsEPSS 0.6%CVE-2024-8391MEDIUMEclipse Vert.x gRPC server does not limit the maximum message sizeEPSS 0.6%CVE-2024-3046HIGHIn Eclipse Kura LogServlet component included in versions 5.0.0 to 5.4.1, a specifically crafted request to the servlet can allow an unautheEPSS 0.6%CVE-2025-55085HIGHWeb http client: Unchecked Server-Side Malicious Packet IssueEPSS 0.6%CVE-2024-2212HIGHInteger wraparounds, under-allocations, and heap buffer overflows in Eclipse ThreadX xQueueCreate() and xQueueCreateSet()EPSS 0.5%CVE-2026-2332HIGHHTTP Request Smuggling via Chunked Extension Quoted-String ParsingEPSS 0.5%CVE-2026-7412HIGHIn Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination UREPSS 0.5%CVE-2025-55100LOWPotential out-of-bounds read in _ux_host_class_audio10_sam_parse_func()EPSS 0.5%CVE-2026-1699CRITICALIn the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview.yml used pull_request_target trigger while chEPSS 0.5%CVE-2024-5165MEDIUMEclipse Ditto User Interface vulnerable to XSS due to Improper Neutralization of InputEPSS 0.5%CVE-2026-1188MEDIUMIn the Eclipse OMR port library component since release 0.2.0, an API function to return the textual names of all supported processor featurEPSS 0.5%