Vulnerabilidades en Eclipse Foundation
104 resultadosCVE-2026-44691HIGHIn Eclipse Theia versions prior to 1.69.0, custom task definitions in workspace files (e.g. .theia/tasks.json, .vscode/tasks.json) could be EPSS 0.2%CVE-2025-55083MEDIUMBroken bounds check in Broken bounds check in _nx_secure_tls_process_clienthello_psk_extension()EPSS 0.2%CVE-2025-55082MEDIUMPotential out of bound read and info leak in_nx_secure_tls_psk_identity_find()EPSS 0.2%CVE-2026-4983MEDIUMOpen VSX Registry does not sanitize SVG files uploaded as extension icons prior to storage, and serves them with Content-Type: image/svg+xmlEPSS 0.2%CVE-2025-6705HIGHA vulnerability in the Eclipse Open VSX Registry’s automated publishing system could have allowed unauthorized uploads of extensions. SpecifEPSS 0.2%CVE-2024-9343MEDIUMIn Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting
attacks in the Administration Console.EPSS 0.2%CVE-2024-3933MEDIUMEclipse Open J9 With -Xgc:concurrentScavenge on IBM Z, could write/read outside of a bufferEPSS 0.2%CVE-2024-10032MEDIUMIn Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting
attacks in the Administration Console.EPSS 0.2%CVE-2024-10029MEDIUMIn Eclipse GlassFish version 7.0.15 is possible to perform Reflected Cross-site scripting
attacks in the Administration Console.EPSS 0.2%CVE-2025-10543MEDIUMIn Eclipse Paho Go MQTT v3.1 library (paho.mqtt.golang) versions <=1.5.0 UTF-8 encoded strings, passed into the library, may be incorrectly EPSS 0.2%CVE-2026-22551MEDIUMIn Eclipse Theia versions prior to 1.71.0, the AI chat rendered Markdown image tags from AI responses, triggering HTTP requests to arbitraryEPSS 0.2%CVE-2025-2515HIGHBluechi: privilege escalation in bluechi via unrestricted cross-node systemd dependenciesEPSS 0.2%CVE-2025-1471HIGHEclipse OMR: Buffer overflow vulnerabilityEPSS 0.2%CVE-2025-4447HIGHBuffer Overflow in Eclipse OpenJ9EPSS 0.2%CVE-2024-10031MEDIUMIn Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site Scripting
attacks by modifying the configuration file in the unEPSS 0.2%CVE-2025-1470MEDIUMEclipse OMR: Null pointer dereference vulnerabilityEPSS 0.2%CVE-2025-55078MEDIUMIncomplete validation of kernel object pointers in system callsEPSS 0.2%CVE-2025-11143LOWThe Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs EPSS 0.2%CVE-2025-55079MEDIUMMissing check for thread priorityEPSS 0.2%CVE-2026-9158MEDIUMIn Eclipse 4diac FORTE versions 3.0.0 to 3.1.0, a specially crafted DELETE connection command to the management interface can lead to a dangEPSS 0.2%