CVE-2026-28369

all versions

A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, i

8.7HIGH

CVE-2026-28368

all versions

A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where header nam

8.7HIGH

CVE-2026-28367

all versions

A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending \r\r\r as a header block terminator. T

8.7HIGH

CVE-2026-3121

all versions

A flaw was found in Keycloak. An administrator with manage-clients permission can exploit a misconfiguration where this permissi

6.5MEDIUM

CVE-2026-4874

all versions

A flaw was found in Keycloak. An authenticated attacker can perform Server-Side Request Forgery (SSRF) by manipulating the `client

3.1LOW

CVE-2026-3260

all versions

A flaw was found in Undertow. A remote attacker could exploit this vulnerability by sending an HTTP GET request containing multipa

5.9MEDIUM

CVE-2026-4366

all versions

A flaw was identified in Keycloak, an identity and access management solution, where it improperly follows HTTP redirects when pro

5.8MEDIUM

CVE-2026-3009

all versions

A security flaw in the IdentityBrokerService.performLogin endpoint of Keycloak allows authentication to proceed using an Identity

8.1HIGH

CVE-2025-12543

all versions

A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow

9.6CRITICAL

CVE-2025-9784

all versions

A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counte

7.5HIGH

CVE-2025-5731

all versions

A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plainte

5.5MEDIUM

CVE-2023-4503

all versions

An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the s

6.8MEDIUM

CVE-2023-1108

all versions

A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status update

7.5HIGH

CVE-2022-1278

all versions

A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may conta

7.5HIGH

CVE-2022-0853

all versions

A flaw was found in JBoss-client. The vulnerability occurs due to a memory leak on the JBoss client-side, when using UserTransacti

7.5HIGH

CVE-2021-3642

all versions

A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where Scra

5.3MEDIUM

CVE-2021-20250

all versions

A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclos

4.3MEDIUM