| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-6857 | Camel-infinispan: camel-infinispan: remote code execution via unsafe deserialization | Red Hat | Red Hat build of Apache Camel 4 for Quarkus 3 | High | 7.5 | 2026-04-22 12:55:01 | Deep Dive |
| CVE-2026-28369 | Undertow: undertow: request smuggling via malformed http request headers | Red Hat | Red Hat build of Apache Camel for Spring Boot 4 | High | 8.7 | 2026-03-27 16:13:06 | Deep Dive |
| CVE-2026-28367 | Undertow: undertow: request smuggling via `\r\r\r` as a header block terminator | Red Hat | Red Hat build of Apache Camel for Spring Boot 4 | High | 8.7 | 2026-03-27 16:13:05 | Deep Dive |
| CVE-2026-28368 | Undertow: undertow: request smuggling via inconsistent header parsing | Red Hat | Red Hat build of Apache Camel for Spring Boot 4 | High | 8.7 | 2026-03-27 16:13:04 | Deep Dive |
| CVE-2026-3260 | Undertow: undertow: denial of service due to premature multipart/form-data parsing in get requests | Red Hat | Red Hat build of Apache Camel for Spring Boot 4 | Medium | 5.9 | 2026-03-24 04:11:16 | Deep Dive |
| CVE-2025-57849 | Fuse: privilege escalation via excessive /etc/passwd permissions | Red Hat | Red Hat Fuse 7 | Medium | 6.4 | 2026-03-13 03:08:33 | Deep Dive |
| CVE-2024-4027 | Undertow: outofmemoryerror in httpservletrequestimpl.getparameternames() can cause remote dos attacks | Red Hat | OpenShift Serverless | High | 7.5 | 2026-01-30 14:25:54 | Deep Dive |
| CVE-2026-0603 | Org.hibernate/hibernate-core: hibernate: information disclosure and data deletion via second-order sql injection | - | - | High | 8.3 | 2026-01-23 06:31:39 | Deep Dive |
| CVE-2025-12543 | Undertow-core: undertow http server fails to reject malformed host headers leading to potential cache poisoning and ssrf | Red Hat | Red Hat build of Apache Camel 4.14.4 for Spring Boot 3.5.11 | Critical | 9.6 | 2026-01-07 16:04:22 | Deep Dive |
| CVE-2024-3884 | Undertow: outofmemory when parsing form data encoding with application/x-www-form-urlencoded | Red Hat | Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 | High | 7.5 | 2025-12-03 18:40:26 | Deep Dive |
| CVE-2025-9784 | Undertow: undertow madeyoureset http/2 ddos vulnerability | - | - | High | 7.5 | 2025-09-02 13:38:00 | Deep Dive |
| CVE-2025-7195 | Operator-sdk: privilege escalation due to incorrect permissions of /etc/passwd | operator-framework | operator-sdk | Medium | 6.4 | 2025-08-07 19:05:09 | Deep Dive |
| CVE-2025-2240 | Smallrye-fault-tolerance: smallrye fault tolerance | - | - | High | 7.5 | 2025-03-12 14:55:16 | Deep Dive |
| CVE-2025-23368 | Org.wildfly.core:wildfly-elytron-integration: wildfly elytron brute force attack via cli | - | - | High | 8.1 | 2025-03-04 15:14:48 | Deep Dive |
| CVE-2024-11831 | Npm-serialize-javascript: cross-site scripting (xss) in serialize-javascript | - | - | Medium | 5.4 | 2025-02-10 15:27:47 | Deep Dive |
| CVE-2025-23367 | Org.wildfly.core:wildfly-server: wildfly improper rbac permission | - | - | Medium | 6.5 | 2025-01-30 14:30:04 | Deep Dive |
| CVE-2024-45497 | Openshift-api: openshift-controller-manager/build: build process in openshift allows overwriting of node pull credentials | - | - | High | 7.6 | 2024-12-31 02:19:23 | Deep Dive |
| CVE-2024-12397 | Io.quarkus.http/quarkus-http-core: quarkus http cookie smuggling | - | - | High | 7.4 | 2024-12-12 09:05:28 | Deep Dive |
| CVE-2023-4639 | Undertow: cookie smuggling/spoofing | Red Hat | Migration Toolkit for Runtimes 1 on RHEL 8 | High | 7.4 | 2024-11-17 10:21:45 | Deep Dive |
| CVE-2023-1932 | Hibernate-validator: rendering of invalid html with safehtml leads to html injection and xss | Red Hat | A-MQ Clients 2 | Medium | 6.1 | 2024-11-07 10:00:52 | Deep Dive |