CVE-2026-28369

all versions

A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, i

8.7HIGH

CVE-2026-28368

all versions

A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where header nam

8.7HIGH

CVE-2026-28367

all versions

A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending \r\r\r as a header block terminator. T

8.7HIGH

CVE-2026-3260

all versions

A flaw was found in Undertow. A remote attacker could exploit this vulnerability by sending an HTTP GET request containing multipa

5.9MEDIUM

CVE-2025-12543

all versions

A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow

9.6CRITICAL

CVE-2025-5731

all versions

A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plainte

5.5MEDIUM

CVE-2025-23368

all versions

A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed a

8.1HIGH

CVE-2024-7885

all versions

A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple r

7.5HIGH

CVE-2023-5384

< 8.4.6

A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials (JDBC

7.2HIGH

CVE-2023-5236

< 8.4.4

A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker wit

4.4MEDIUM

CVE-2023-3629

< 8.4.4

A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the

4.3MEDIUM

CVE-2023-3628

< 8.4.4

A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue

6.5MEDIUM

CVE-2023-4586

all versions

A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validat

7.4HIGH

CVE-2021-31917

all versions

A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1.1) and Infinispan (10.0.0 through 12.0.0). An attacker could

9.8CRITICAL

CVE-2021-3642

all versions

A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where Scra

5.3MEDIUM

CVE-2020-10771

all versions

A flaw was found in Infinispan version 10, where it is possible to perform various actions that could have side effects using GET

7.1HIGH

CVE-2021-3536

all versions

A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is

4.8MEDIUM

CVE-2020-25711

all versions

A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server managemen

6.5MEDIUM

CVE-2020-25644

all versions

A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. It may allow t

7.5HIGH

CVE-2019-14838

all versions

A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allo

4.9MEDIUM

CVE-2019-14281

all versions

The datagrid gem 1.0.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party.

9.8CRITICAL

CVE-2015-7501

all versions

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterp

9.8CRITICAL