Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-13323 |
|
Cross-Site Scripting (XSS) in eclipse (CVE-2026-13323)
cross-site scripting in eclipse (CVE-2026-13323). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4983 |
|
Cross-Site Scripting (XSS) in eclipse (CVE-2026-4983)
cross-site scripting in eclipse (CVE-2026-4983). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11576 |
|
Vulnerability in eclipse (CVE-2026-11576)
vulnerability in eclipse (CVE-2026-11576). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46580 |
|
Vulnerability in @theia/ai-chat-ui (CVE-2026-46580)
vulnerability in @theia/ai-chat-ui (CVE-2026-46580). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.71.0` or later.
|
| CVE-2026-44691 |
|
Vulnerability in @theia/debug (CVE-2026-44691)
vulnerability in @theia/debug (CVE-2026-44691). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.69.0` or later.
|
| CVE-2026-44688 |
|
Vulnerability in @theia/ai-chat-ui (CVE-2026-44688)
vulnerability in @theia/ai-chat-ui (CVE-2026-44688). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.71.0` or later.
|
| CVE-2026-22551 |
|
Vulnerability in @theia/ai-chat-ui (CVE-2026-22551)
vulnerability in @theia/ai-chat-ui (CVE-2026-22551). Confidential information can be exposed externally. Mitigation: upgrade to `1.71.0` or later.
|
| CVE-2026-9158 |
|
Use-After-Free in eclipse (CVE-2026-9158)
vulnerability in eclipse (CVE-2026-9158). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2586 |
|
Code Injection in org.glassfish.main.admingui:console-common (CVE-2026-2586)
code injection in org.glassfish.main.admingui:console-common (CVE-2026-2586). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.0.2` or later.
|
| CVE-2026-2587 |
|
Vulnerability in org.glassfish.main.admingui:admingui (CVE-2026-2587)
vulnerability in org.glassfish.main.admingui:admingui (CVE-2026-2587). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.0.2` or later.
|
| CVE-2026-6860 |
|
Vulnerability in io.vertx:vertx-core (CVE-2026-6860)
vulnerability in io.vertx:vertx-core (CVE-2026-6860). Risk of unauthorized operations or information disclosure. Exploitable via ``SslContext``. Mitigation: upgrade to `5.0.12` or later.
|
| CVE-2026-6918 |
|
Out-of-Bounds Read in eclipse (CVE-2026-6918)
vulnerability in eclipse (CVE-2026-6918). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-2332 |
|
Vulnerability in org.eclipse.jetty:jetty-http (CVE-2026-2332)
vulnerability in org.eclipse.jetty:jetty-http (CVE-2026-2332). Confidential information can be exposed externally. Exploitable via `GET /smuggled`.
|
| CVE-2026-5795 |
|
Vulnerability in privilege-escalation (CVE-2026-5795)
vulnerability in privilege-escalation (CVE-2026-5795). Confidential information can be exposed externally.
|
| CVE-2026-1605 |
|
Vulnerability in eclipse (CVE-2026-1605)
vulnerability in eclipse (CVE-2026-1605). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-67109 |
|
Vulnerability in eclipse (CVE-2025-67109)
vulnerability in eclipse (CVE-2025-67109). Successful exploitation can lead to full system takeover.
|
| CVE-2025-7962 |
|
Vulnerability in eclipse (CVE-2025-7962)
vulnerability in eclipse (CVE-2025-7962). Data can be tampered with by attackers.
|
| CVE-2024-9342 |
|
Vulnerability in eclipse (CVE-2024-9342)
vulnerability in eclipse (CVE-2024-9342). Successful exploitation can lead to full system takeover.
|
| CVE-2023-44487 KEV |
|
[KEV] Vulnerability in Ietf golang.org/x/net (CVE-2023-44487)
vulnerability in Ietf golang.org/x/net (CVE-2023-44487). Risk of unauthorized operations or information disclosure. Exploitable via ``Channel``. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `0.17.0` or later.
|
| CVE-2021-34432 |
|
Vulnerability in eclipse (CVE-2021-34432)
vulnerability in eclipse (CVE-2021-34432). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-7650 |
|
Authentication Bypass in eclipse (CVE-2017-7650)
authentication bypass in eclipse (CVE-2017-7650). Confidential information can be exposed externally.
|
| CVE-2017-7649 |
|
Authentication Bypass in eclipse (CVE-2017-7649)
authentication bypass in eclipse (CVE-2017-7649). Successful exploitation can lead to full system takeover.
|
| CVE-2017-9868 |
|
Information Disclosure in eclipse (CVE-2017-9868)
vulnerability in eclipse (CVE-2017-9868). Confidential information can be exposed externally.
|
| CVE-2017-9735 |
|
Vulnerability in eclipse (CVE-2017-9735)
vulnerability in eclipse (CVE-2017-9735). Confidential information can be exposed externally.
|
| CVE-2016-4800 |
|
Vulnerability in eclipse (CVE-2016-4800)
vulnerability in eclipse (CVE-2016-4800). Successful exploitation can lead to full system takeover.
|
| CVE-2017-7243 |
|
Vulnerability in dos (CVE-2017-7243)
vulnerability in dos (CVE-2017-7243). Risk of unauthorized operations or information disclosure.
|