| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-6857 | Camel-infinispan: camel-infinispan: remote code execution via unsafe deserialization | Red Hat | Red Hat build of Apache Camel 4 for Quarkus 3 | High | 7.5 | 2026-04-22 12:55:01 | Deep Dive |
| CVE-2026-40180 | Zip Slip Path Traversal in quarkus-openapi-generator ApicurioCodegenWrapper class | quarkiverse | quarkus-openapi-generator | - | - | 2026-04-10 19:35:53 | Deep Dive |
| CVE-2024-4027 | Undertow: outofmemoryerror in httpservletrequestimpl.getparameternames() can cause remote dos attacks | Red Hat | OpenShift Serverless | High | 7.5 | 2026-01-30 14:25:54 | Deep Dive |
| CVE-2025-14969 | Hibernate-reactive-core: hibernate reactive: denial of service due to connection leak on http client disconnect | Red Hat | Red Hat build of Quarkus 3.27.2 | Medium | 4.3 | 2026-01-26 19:36:40 | Deep Dive |
| CVE-2025-66560 | Quarkus REST has potential worker thread starvation when HTTP connection is closed while waiting to write | quarkusio | quarkus | Medium | 5.9 | 2026-01-07 17:33:22 | Deep Dive |
| CVE-2024-3884 | Undertow: outofmemory when parsing form data encoding with application/x-www-form-urlencoded | Red Hat | Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 | High | 7.5 | 2025-12-03 18:40:26 | Deep Dive |
| CVE-2025-49574 | Quarkus potential data leak when duplicating a duplicated context | quarkusio | quarkus | Medium | 6.4 | 2025-06-23 19:47:05 | Deep Dive |
| CVE-2024-12225 | Io.quarkus:quarkus-security-webauthn: quarkus webauthn unexpected authentication bypass | - | - | Critical | 9.1 | 2025-05-06 19:49:17 | Deep Dive |
| CVE-2025-2240 | Smallrye-fault-tolerance: smallrye fault tolerance | - | - | High | 7.5 | 2025-03-12 14:55:16 | Deep Dive |
| CVE-2025-1634 | Io.quarkus:quarkus-resteasy: memory leak in quarkus resteasy classic when client requests timeout | - | - | High | 7.5 | 2025-02-26 16:56:24 | Deep Dive |
| CVE-2025-1247 | Io.quarkus:quarkus-rest: quarkus rest endpoint request parameter leakage due to shared instance | - | - | High | 8.3 | 2025-02-13 13:26:27 | Deep Dive |
| CVE-2024-12397 | Io.quarkus.http/quarkus-http-core: quarkus http cookie smuggling | - | - | High | 7.4 | 2024-12-12 09:05:28 | Deep Dive |
| CVE-2023-4639 | Undertow: cookie smuggling/spoofing | Red Hat | Migration Toolkit for Runtimes 1 on RHEL 8 | High | 7.4 | 2024-11-17 10:21:45 | Deep Dive |
| CVE-2024-9621 | Io.quarkiverse.cxf:quarkus-cxf: quarkus cxf may log user password and secret to application log | - | - | Medium | 5.3 | 2024-10-08 16:26:09 | Deep Dive |
| CVE-2023-6841 | Keycloak: amount of attributes per object is not limited and it may lead to dos | - | - | High | 7.5 | 2024-09-10 16:15:33 | Deep Dive |
| CVE-2024-7885 | Undertow: improper state management in proxy protocol parsing causes information leakage | - | - | High | 7.5 | 2024-08-21 14:13:37 | Deep Dive |
| CVE-2024-3653 | Undertow: learningpushhandler can lead to remote memory dos attacks | - | - | Medium | 5.3 | 2024-07-08 21:21:21 | Deep Dive |
| CVE-2024-5971 | Undertow: response write hangs in case of java 17 tlsv1.3 newsessionticket | - | - | High | 7.5 | 2024-07-08 20:51:29 | Deep Dive |
| CVE-2024-1726 | Quarkus: security checks for some inherited endpoints performed after serialization in resteasy reactive may trigger a denial of service | - | - | Medium | 5.3 | 2024-04-25 16:29:05 | Deep Dive |
| CVE-2023-6717 | Keycloak: xss via assertion consumer service url in saml post-binding flow | - | - | Medium | 6.0 | 2024-04-25 16:02:03 | Deep Dive |