| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-28369 | Undertow: undertow: request smuggling via malformed http request headers | Red Hat | Red Hat build of Apache Camel for Spring Boot 4 | High | 8.7 | 2026-03-27 16:13:06 | Deep Dive |
| CVE-2026-28367 | Undertow: undertow: request smuggling via `\r\r\r` as a header block terminator | Red Hat | Red Hat build of Apache Camel for Spring Boot 4 | High | 8.7 | 2026-03-27 16:13:05 | Deep Dive |
| CVE-2026-28368 | Undertow: undertow: request smuggling via inconsistent header parsing | Red Hat | Red Hat build of Apache Camel for Spring Boot 4 | High | 8.7 | 2026-03-27 16:13:04 | Deep Dive |
| CVE-2026-3260 | Undertow: undertow: denial of service due to premature multipart/form-data parsing in get requests | Red Hat | Red Hat build of Apache Camel for Spring Boot 4 | Medium | 5.9 | 2026-03-24 04:11:16 | Deep Dive |
| CVE-2024-4027 | Undertow: outofmemoryerror in httpservletrequestimpl.getparameternames() can cause remote dos attacks | Red Hat | OpenShift Serverless | High | 7.5 | 2026-01-30 14:25:54 | Deep Dive |
| CVE-2026-0603 | Org.hibernate/hibernate-core: hibernate: information disclosure and data deletion via second-order sql injection | - | - | High | 8.3 | 2026-01-23 06:31:39 | Deep Dive |
| CVE-2025-12543 | Undertow-core: undertow http server fails to reject malformed host headers leading to potential cache poisoning and ssrf | Red Hat | Red Hat build of Apache Camel 4.14.4 for Spring Boot 3.5.11 | Critical | 9.6 | 2026-01-07 16:04:22 | Deep Dive |
| CVE-2024-3884 | Undertow: outofmemory when parsing form data encoding with application/x-www-form-urlencoded | Red Hat | Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 | High | 7.5 | 2025-12-03 18:40:26 | Deep Dive |
| CVE-2025-9784 | Undertow: undertow madeyoureset http/2 ddos vulnerability | - | - | High | 7.5 | 2025-09-02 13:38:00 | Deep Dive |
| CVE-2025-5731 | Infinispan: credential leakage in infinispan cli | Red Hat | infinispan | Medium | 5.5 | 2025-06-26 21:29:00 | Deep Dive |
| CVE-2024-6875 | Infinispan: infinispan: rest compare api has buffer leak | - | - | Medium | 6.5 | 2025-03-28 20:34:31 | Deep Dive |
| CVE-2025-23368 | Org.wildfly.core:wildfly-elytron-integration: wildfly elytron brute force attack via cli | - | - | High | 8.1 | 2025-03-04 15:14:48 | Deep Dive |
| CVE-2024-11831 | Npm-serialize-javascript: cross-site scripting (xss) in serialize-javascript | - | - | Medium | 5.4 | 2025-02-10 15:27:47 | Deep Dive |
| CVE-2025-23367 | Org.wildfly.core:wildfly-server: wildfly improper rbac permission | - | - | Medium | 6.5 | 2025-01-30 14:30:04 | Deep Dive |
| CVE-2025-0736 | Org.infinispan-infinispan-parent: exposure of sensitive information in application logs | - | - | Medium | 5.5 | 2025-01-28 09:12:38 | Deep Dive |
| CVE-2025-23366 | Org.jboss.hal:hal-console: wildfly hal console cross-site scripting | - | - | Medium | 6.5 | 2025-01-14 17:41:43 | Deep Dive |
| CVE-2024-8447 | Narayana: deadlock via multiple join requests sent to lra coordinator | - | - | Medium | 5.9 | 2025-01-02 20:19:30 | Deep Dive |
| CVE-2023-4639 | Undertow: cookie smuggling/spoofing | Red Hat | Migration Toolkit for Runtimes 1 on RHEL 8 | High | 7.4 | 2024-11-17 10:21:45 | Deep Dive |
| CVE-2023-1932 | Hibernate-validator: rendering of invalid html with safehtml leads to html injection and xss | Red Hat | A-MQ Clients 2 | Medium | 6.1 | 2024-11-07 10:00:52 | Deep Dive |
| CVE-2024-10234 | Wildfly: wildfly vulnerable to cross-site scripting (xss) | - | - | Medium | 6.1 | 2024-10-22 13:17:58 | Deep Dive |