threat
engine
.sh
Back
·
··:··
Home
/
Product
/
eclipse vert.x
Product
eclipse vert.x
13 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-6860
>= 4.3.4 and <= 4.5.26
A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepted by a server wil
5.3
MEDIUM
CVE-2026-1002
>= 4.0.0 and <= 4.5.23
The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler using sp
5.3
MEDIUM
CVE-2025-11966
>= 4.0.0 and < 4.5.22
In Eclipse Vert.x versions [4.0.0, 4.5.21] and [5.0.0, 5.0.4], when "directory listing" is enabled, file and directory names are i
6.4
MEDIUM
CVE-2025-11965
>= 4.0.0 and < 4.5.22
In Eclipse Vert.x versions [4.0.0, 4.5.21] and [5.0.0, 5.0.4], a StaticHandler configuration for restricting access to hidden file
7.5
HIGH
CVE-2024-8391
>= 4.3.0 and < 4.5.10
In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload (Maven GAV: io.vert
7.5
HIGH
CVE-2023-24815
>= 4.0.0 and < 4.3.8
Vert.x-Web is a set of building blocks for building web applications in the java programming language. When running vertx web appl
4.8
MEDIUM
CVE-2020-35217
all versions
Vert.x-Web framework v4.0 milestone 1-4 does not perform a correct CSRF verification. Instead of comparing the CSRF token in the r
8.8
HIGH
CVE-2019-17640
>= 3.4.0 and <= 3.9.4
In Eclipse Vert.x 3.4.x up to 3.9.4, 4.0.0.milestone1, 4.0.0.milestone2, 4.0.0.milestone3, 4.0.0.milestone4, 4.0.0.milestone5, 4.0
9.8
CRITICAL
CVE-2018-12544
all versions
In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriat
9.8
CRITICAL
CVE-2018-12542
>= 3.0.0 and <= 3.5.3
In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the StaticHandler uses external input to construct a pathname that should be wit
9.8
CRITICAL
CVE-2018-12541
>= 3.0.0 and < 3.5.4
In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before d
6.5
MEDIUM
CVE-2018-12537
>= 3.0.0 and <= 3.5.1
In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage retu
5.3
MEDIUM
CVE-2018-12540
>= 3.0.0 and <= 3.5.2
In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF hea
8.8
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin