eclipse

260 tracked vulnerabilities.

CVE-2026-2587 CRITICAL
Eclipse Glassfish - Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
May 19, 2026
CVSS 9.6
EPSS 0.00
CVE-2026-2586 CRITICAL
Eclipse Glassfish - Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
May 19, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-6860 MEDIUM
Eclipse Vert.x 4.3.4-4.5.25, 5.0.0-5.0.10 - Improper Certificate Validation
May 06, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-6918 HIGH
Eclipse OpenJ9 0.21-0.58 - Unauthenticated Denial of Service via Crafted TCP Message
May 05, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-2332 HIGH
HTTP Request Smuggling via Chunked Extension Quoted-String Parsing
Apr 14, 2026
CVSS 7.4
EPSS 0.00
CVE-2026-5795 HIGH
Eclipse Jetty 9.4.0-9.4.59, 10.0.0-10.0.27, 11.0.0-11.0.27, 12.0.0-12.0.32, 12.1.0-12.1.6 Privilege Escalation
Apr 08, 2026
CVSS 7.4
EPSS 0.00
CVE-2026-24457 CRITICAL
Eclipse Open Message Queue < 6.5.1 - Path Traversal and Remote Code Execution via Configuration Parsing
Mar 05, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-1605 HIGH
Eclipse Jetty 12.0.0-12.0.31/12.1.0-12.0.5 - Memory Corruption
Mar 05, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-22886 CRITICAL
Eclipse OpenMQ - Use of Weak Credentials via Default Admin Account
Mar 03, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-1699 CRITICAL
Eclipse Theia Website - Code Injection
Jan 30, 2026
CVSS 10.0
EPSS 0.00
CVE-2026-1188 CRITICAL
Eclipse OMR 0.2.0-0.7.9 - Buffer Overflow in Processor Feature Name API
Jan 29, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-0648 HIGH
Eclipse ThreadX 6.1.7-6.4.2 - Denial of Service via Incorrect Return Value Check in CreateCounter
Jan 27, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-1002 MEDIUM
Eclipse Vert.x Web - Static File Access Denial via URI Path Manipulation
Jan 15, 2026
CVSS 5.3
EPSS 0.00
CVE-2025-11143 LOW
Jetty HTTP 9.4.0-9.4.57 - URI Parsing Bypass via Differential Interpretation
Mar 05, 2026
CVSS 3.7
EPSS 0.00
CVE-2025-55102 HIGH
Eclipse ThreadX - NetX Duo < 6.4.3 - Denial of Service via IPv6 Packet Too Big Handling
Jan 27, 2026
CVSS 7.5
EPSS 0.00
CVE-2025-55095 MEDIUM
UX Host Class Storage - Buffer Overflow
Jan 27, 2026
CVSS 4.2
EPSS 0.00
CVE-2025-67109 CRITICAL
Eclipse Cyclone DDS <v0.10.5 - Privilege Escalation
Dec 23, 2025
CVSS 10.0
EPSS 0.00
CVE-2025-14549 HIGH
Eclipse OMR <0.7.0 - Buffer Overflow
Dec 15, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-10543 MEDIUM
Eclipse Paho Go MQTT v3.1 <=1.5.0 - Buffer Overflow
Dec 02, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-12383 HIGH
Eclipse Jersey 2.45 3.0.16 3.1.9 - Race Condition in SSL Configuration Handling
Nov 18, 2025
CVSS 7.4
EPSS 0.00
CVE-2025-11966 MEDIUM
Eclipse Vert.x 4.0.0-4.5.21 and 5.0.0-5.0.4 - Stored Cross-Site Scripting via Directory Listing Filename Injection
Oct 22, 2025
CVSS 6.4
EPSS 0.00
CVE-2025-11965 HIGH
Eclipse Vert.x <4.5.21 & <5.0.4 - Info Disclosure
Oct 22, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-55086 CRITICAL
Eclipse ThreadX NetX Duo < 6.4.4.202503 - Out-of-bounds Read in DHCPV6 Client
Oct 20, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-55085 HIGH
Eclipse ThreadX NetX Duo < 6.4.4.202503 - HTTP Header Parsing Buffer Overflow
Oct 17, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-55100 CRITICAL
Eclipse ThreadX USBX < 6.4.3.202503 - Out-of-bounds Read in Audio Sampling Frequency Parser
Oct 17, 2025
CVSS 9.1
EPSS 0.00
Products
jetty 47 mosquitto 26 openj9 21 threadx_netx_duo 20 threadx_usbx 15 glassfish 12 vert.x 10 theia 7 omr 6 threadx 6 kura 5 californium 4 che 4 cyclone_data_distribution_service 4 business_intelligence_and_reporting_tools 3 eclipse_ide 3 jgit 3 memory_analyzer 3 mojarra 3 vert.x-web 3 cyclonedds 2 eclipse_dataspace_components 2 hawkbit 2 hono 2 jersey 2 keti 2 lemminx 2 open_vsx 2 openmq 2 parsson 2
Quick Filters
Critical CVEs With Exploits In CISA KEV