eclipse

268 tracked vulnerabilities.

CVE-2026-13323 MEDIUM
Eclipse Open Vsx < 1.0.2 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Jul 01, 2026
CVSS 4.1
EPSS 0.00
CVE-2026-4983 MEDIUM
Eclipse Open Vsx < 0.34.1 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Jun 23, 2026
CVSS 4.1
EPSS 0.00
CVE-2026-11576 HIGH
Eclipse ThreadX - NetX Duo < 6.5.0.202601 - Double Free
Jun 19, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-46580 HIGH
Eclipse Theia < 1.71.0 - Improper Neutralization of Input Used for LLM Prompting
Jun 18, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-44691 HIGH
Eclipse Theia < 1.69.0 - Inclusion of Functionality from Untrusted Control Sphere
Jun 18, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-44688 HIGH
Eclipse Theia < 1.71.0 - Improper Neutralization of Input Used for LLM Prompting
Jun 18, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-22551 MEDIUM
Eclipse Theia < 1.71.0 - Insertion of Sensitive Information Into Sent Data
Jun 18, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-9158 CRITICAL
Eclipse 4diac < 3.1.0 - Use After Free
Jun 18, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-2587 CRITICAL
Eclipse Glassfish - Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
May 19, 2026
CVSS 9.6
EPSS 0.01
CVE-2026-2586 CRITICAL
Eclipse Glassfish - Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
May 19, 2026
CVSS 9.1
EPSS 0.01
CVE-2026-6860 MEDIUM
Eclipse Vert.x 4.3.4-4.5.25, 5.0.0-5.0.10 - Improper Certificate Validation
May 06, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-6918 HIGH
Eclipse OpenJ9 0.21-0.58 - Unauthenticated Denial of Service via Crafted TCP Message
May 05, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-2332 HIGH
HTTP Request Smuggling via Chunked Extension Quoted-String Parsing
Apr 14, 2026
CVSS 7.4
EPSS 0.01
CVE-2026-5795 HIGH
Eclipse Jetty 9.4.0-9.4.59, 10.0.0-10.0.27, 11.0.0-11.0.27, 12.0.0-12.0.32, 12.1.0-12.1.6 Privilege Escalation
Apr 08, 2026
CVSS 7.4
EPSS 0.01
CVE-2026-24457 CRITICAL
Eclipse Open Message Queue < 6.5.1 - Path Traversal and Remote Code Execution via Configuration Parsing
Mar 05, 2026
CVSS 9.1
EPSS 0.01
CVE-2026-1605 HIGH
Eclipse Jetty 12.0.0-12.0.31/12.1.0-12.0.5 - Memory Corruption
Mar 05, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-22886 CRITICAL
Eclipse OpenMQ - Use of Weak Credentials via Default Admin Account
Mar 03, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-1699 CRITICAL
Eclipse Theia Website - Code Injection
Jan 30, 2026
CVSS 10.0
EPSS 0.01
CVE-2026-1188 CRITICAL
Eclipse OMR 0.2.0-0.7.9 - Buffer Overflow in Processor Feature Name API
Jan 29, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-0648 HIGH
Eclipse ThreadX 6.1.7-6.4.2 - Denial of Service via Incorrect Return Value Check in CreateCounter
Jan 27, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-1002 MEDIUM
Eclipse Vert.x Web - Static File Access Denial via URI Path Manipulation
Jan 15, 2026
CVSS 5.3
EPSS 0.00
CVE-2025-11143 LOW
Jetty HTTP 9.4.0-9.4.57 - URI Parsing Bypass via Differential Interpretation
Mar 05, 2026
CVSS 3.7
EPSS 0.00
CVE-2025-55102 HIGH
Eclipse ThreadX - NetX Duo < 6.4.3 - Denial of Service via IPv6 Packet Too Big Handling
Jan 27, 2026
CVSS 7.5
EPSS 0.00
CVE-2025-55095 MEDIUM
UX Host Class Storage - Buffer Overflow
Jan 27, 2026
CVSS 4.2
EPSS 0.00
CVE-2025-67109 CRITICAL
Eclipse Cyclone DDS <v0.10.5 - Privilege Escalation
Dec 23, 2025
CVSS 10.0
EPSS 0.00