CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10032
https://notcve.org/view.php?id=CVE-2024-10032
16 Jul 2025 — In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting attacks in the Administration Console. In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting attacks in the Administration Console. • https://gitlab.eclipse.org/security/cve-assignement/-/issues/42 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10031
https://notcve.org/view.php?id=CVE-2024-10031
16 Jul 2025 — In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site Scripting attacks by modifying the configuration file in the underlying operating system. In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site Scripting attacks by modifying the configuration file in the underlying operating system. • https://gitlab.eclipse.org/security/cve-assignement/-/issues/41 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10029
https://notcve.org/view.php?id=CVE-2024-10029
16 Jul 2025 — In Eclipse GlassFish version 7.0.15 is possible to perform Reflected Cross-site scripting attacks in the Administration Console. In Eclipse GlassFish version 7.0.15 is possible to perform Reflected Cross-site scripting attacks in the Administration Console. • https://gitlab.eclipse.org/security/cve-assignement/-/issues/40 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9343
https://notcve.org/view.php?id=CVE-2024-9343
16 Jul 2025 — In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting attacks in the Administration Console. In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting attacks in the Administration Console. • https://gitlab.eclipse.org/security/cve-assignement/-/issues/37 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9342
https://notcve.org/view.php?id=CVE-2024-9342
16 Jul 2025 — In Eclipse GlassFish version 7.0.16 or earlier it is possible to perform Login Brute Force attacks as there is no limitation in the number of failed login attempts. • https://gitlab.eclipse.org/security/cve-assignement/-/issues/33 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-4949 – XXE vulnerability in Eclipse JGit
https://notcve.org/view.php?id=CVE-2025-4949
21 May 2025 — In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity (XXE) attacks when parsing XML files. This vulnerability can lead to information disclosure, denial of service, and other security issues. A flaw was found in Eclipse JGit. This vulnerability can allow information disclo... • https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1 • CWE-611: Improper Restriction of XML External Entity Reference CWE-827: Improper Control of Document Type Definition •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-4447 – Buffer Overflow in Eclipse OpenJ9
https://notcve.org/view.php?id=CVE-2025-4447
09 May 2025 — In Eclipse OpenJ9 versions up to 0.51, when used with OpenJDK version 8 a stack based buffer overflow can be caused by modifying a file on disk that is read when the JVM starts. A flaw was found in Eclipse OpenJ9 versions up to 0.51, when used with OpenJDK version 8. A stack based buffer overflow can be caused by modifying a file on disk that is read when the JVM starts. An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 8. • https://github.com/eclipse-openj9/openj9/pull/21762 • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1948 – Eclipse Jetty HTTP clients can increase memory allocation
https://notcve.org/view.php?id=CVE-2025-1948
08 May 2025 — In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGS_MAX_HEADER_LIST_SIZE. The Jetty HTTP/2 server does not perform validation on this setting, and tries to allocate a ByteBuffer of the specified capacity to encode HTTP responses, likely resulting in OutOfMemoryError being thrown, or even the JVM process exiting. A flaw was found in Eclipse Jetty. This vulnerability allows denial of service attack via an HTTP/2 clien... • https://github.com/jetty/jetty.project/security/advisories/GHSA-889j-63jv-qhr8 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13009 – Eclipse Jetty GZIP buffer release
https://notcve.org/view.php?id=CVE-2024-13009
08 May 2025 — In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request body. This can result in corrupted and/or inadvertent sharing of data between requests. A flaw was found in Eclipse Jetty. This vulnerability allows corrupted and inadvertent data sharing between requests via a gzip error when inflating a request body. If the request body is malformed, the gzip decompression process can fail, resulting in the application inadvertently usi... • https://github.com/jetty/jetty.project/security/advisories/GHSA-q4rv-gq96-w7c5 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2259 – Eclipse ThreadX NetX Duo component HTTP server single PUT request integer underflow
https://notcve.org/view.php?id=CVE-2025-2259
06 Apr 2025 — In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length in one packet smaller than the data request size of the other packet. A possible workaround is to disable HTTP PUT support. This issue follows an incomplete fix of CVE-2025-0727 • https://github.com/eclipse-threadx/netxduo/commit/fb3195bbb6d0d6fe71a7a19585c008623c217f9e • CWE-191: Integer Underflow (Wrap or Wraparound) •