VYPR
Vendor

Eclipse

Products
62
CVEs
209
Across products
204
Status
Private

Products

62
View all 62 products →

Recent CVEs

209
View all 209 CVEs →
  • CVE-2025-12548CriJan 13, 2026
    risk 0.65cvss 9.0epss 0.01

    A flaw was found in Eclipse Che che-machine-exec. This vulnerability allows unauthenticated remote arbitrary command execution and secret exfiltration (SSH keys, tokens, etc.) from other users' Developer Workspace containers, via an unauthenticated JSON-RPC / websocket API…

  • CVE-2023-44487HigKEVOct 10, 2023
    risk 0.65cvss 7.5epss 1.00

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

  • CVE-2017-7658CriJun 26, 2018
    risk 0.65cvss 9.8epss 0.21

    In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the…

  • CVE-2017-7657CriJun 26, 2018
    risk 0.65cvss 9.8epss 0.16

    In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size…

  • CVE-2023-54344CriMay 5, 2026
    risk 0.64cvss 9.8epss 0.01

    Eclipse Equinox OSGi 3.7.2 and earlier contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by sending payloads to the console interface. Attackers can connect to the OSGi console port and send base64-encoded bash…

  • CVE-2023-54342CriMay 5, 2026
    risk 0.64cvss 9.8epss 0.00

    Eclipse Equinox OSGi versions 3.8 through 3.18 contain a remote code execution vulnerability in the console interface that allows unauthenticated attackers to execute arbitrary code by exploiting the fork command functionality. Attackers can establish a telnet connection to the…

  • CVE-2026-22886CriMar 3, 2026
    risk 0.64cvss 9.8epss 0.00

    OpenMQ exposes a TCP-based management service (imqbrokerd) that by default requires authentication. However, the product ships with a default administrative account (admin/ admin) and does not enforce a mandatory password change on first use. After the first successful login,…

  • CVE-2017-7649CriSep 11, 2017
    risk 0.64cvss 9.8epss 0.02

    The network enabled distribution of Kura before 2.1.0 takes control over the device's firewall setup but does not allow IPv6 firewall rules to be configured. Still the Equinox console port 5002 is left open, allowing to log into Kura without any user credentials over unencrypted…

  • CVE-2016-4800CriApr 13, 2017
    risk 0.64cvss 9.8epss 0.06

    The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes.

  • CVE-2026-2587CriMay 19, 2026
    risk 0.62cvss 9.6epss 0.01

    A critical Remote Code Execution (RCE) vulnerability was identified in the server-side template rendering mechanism used by the Glassfish gadget handler. The application processes .xml files and evaluates user-supplied values within a context where Expression Language (EL)…

  • CVE-2026-2586CriMay 19, 2026
    risk 0.59cvss 9.1epss 0.01

    An authenticated Remote Code Execution (RCE) vulnerability was identified in GlassFish's Administration Console. A user with access to the panel can send crafted requests that allow the execution of arbitrary operating system commands with the privileges of the application…

  • CVE-2026-24457CriMar 5, 2026
    risk 0.59cvss 9.1epss 0.01

    An unsafe parsing of OpenMQ's configuration, allows a remote attacker to read arbitrary files from a MQ Broker's server. A full exploitation could read unauthorized files of the OpenMQ’s host OS. In some scenarios RCE could be achieved.

  • CVE-2015-2080HigOct 7, 2016
    risk 0.58cvss 7.5epss 0.75

    The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.

  • CVE-2026-12856impJun 29, 2026
    risk 0.57cvss 8.8epss 0.00

    vscode-java: vscode: Command Injection vulnerability in the JavaDoc hover provider of the vscode-java extension

  • CVE-2018-12538HigJun 22, 2018
    risk 0.57cvss 8.8epss 0.03

    In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the…

  • CVE-2026-6272HigApr 24, 2026
    risk 0.55cvss epss 0.00

    A client holding only a read JWT scope can still register itself as a signal provider through the production kuksa.val.v2 OpenProviderStream API by sending ProvideSignalRequest. 1. Obtain any valid token with only read scope. 2. Connect to the normal production gRPC API…

  • CVE-2026-0648HigJan 27, 2026
    risk 0.51cvss 7.8epss 0.00

    The vulnerability stems from an incorrect error-checking logic in the CreateCounter() function (in threadx/utility/rtos_compatibility_layers/OSEK/tx_osek.c) when handling the return value of osek_get_counter(). Specifically, the current code checks if cntr_id equals 0u to…

  • CVE-2018-12539HigAug 14, 2018
    risk 0.51cvss 7.8epss 0.00

    In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code. Attach API is enabled…

  • CVE-2025-55102HigJan 27, 2026
    risk 0.49cvss 7.5epss 0.00

    A denial-of-service vulnerability exists in the NetX IPv6 component functionality of Eclipse ThreadX NetX Duo. A specially crafted network packet of "Packet Too Big" with more than 15 different source address can lead to denial of service. An attacker can send a malicious packet…

  • CVE-2017-7656HigJun 26, 2018
    risk 0.49cvss 7.5epss 0.06

    In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was…