CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0CVE-2025-5731 – Infinispan: credential leakage in infinispan cli
https://notcve.org/view.php?id=CVE-2025-5731
26 Jun 2025 — A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found. An update for Red Hat Data Grid 8 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from t... • https://access.redhat.com/security/cve/CVE-2025-5731 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-6875 – Infinispan: infinispan: rest compare api has buffer leak
https://notcve.org/view.php?id=CVE-2024-6875
28 Mar 2025 — A vulnerability was found in the Infinispan component in Red Hat Data Grid. The REST compare API may have a buffer leak and an out of memory error can occur when sending continual requests with large POST data to the REST API. • https://access.redhat.com/security/cve/CVE-2024-6875 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 8.1EPSS: 0%CPEs: 12EXPL: 0CVE-2025-23368 – Org.wildfly.core:wildfly-elytron-integration: wildfly elytron brute force attack via cli
https://notcve.org/view.php?id=CVE-2025-23368
04 Mar 2025 — A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI. • https://access.redhat.com/security/cve/CVE-2025-23368 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 5.5EPSS: 0%CPEs: 45EXPL: 0CVE-2024-11831 – Npm-serialize-javascript: cross-site scripting (xss) in serialize-javascript
https://notcve.org/view.php?id=CVE-2024-11831
10 Feb 2025 — A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web applicatio... • https://access.redhat.com/security/cve/CVE-2024-11831 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 10EXPL: 0CVE-2025-23367 – Org.wildfly.core:wildfly-server: wildfly improper rbac permission
https://notcve.org/view.php?id=CVE-2025-23367
30 Jan 2025 — A flaw was found in the Wildfly Server Role Based Access Control (RBAC) provider. When authorization to control management operations is secured using the Role Based Access Control provider, a user without the required privileges can suspend or resume the server. A user with a Monitor or Auditor role is supposed to have only read access permissions and should not be able to suspend the server. The vulnerability is caused by the Suspend and Resume handlers not performing authorization checks to validate whet... • https://access.redhat.com/security/cve/CVE-2025-23367 • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-0736 – Org.infinispan-infinispan-parent: exposure of sensitive information in application logs
https://notcve.org/view.php?id=CVE-2025-0736
28 Jan 2025 — A flaw was found in Infinispan, when using JGroups with JDBC_PING. This issue occurs when an application inadvertently exposes sensitive information, such as configuration details or credentials, through logging mechanisms. This exposure can lead to unauthorized access and exploitation by malicious actors. An update for Red Hat Data Grid 8 is now available. Red Hat Product Security has rated this update as having a security impact of Important. • https://access.redhat.com/security/cve/CVE-2025-0736 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.7EPSS: 0%CPEs: 3EXPL: 0CVE-2025-23366 – Org.jboss.hal:hal-console: wildfly hal console cross-site scripting
https://notcve.org/view.php?id=CVE-2025-23366
14 Jan 2025 — A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated as a user that belongs to management groups “SuperUser”, “Admin”, or “Maintainer”. • https://access.redhat.com/security/cve/CVE-2025-23366 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2024-8447 – Narayana: deadlock via multiple join requests sent to lra coordinator
https://notcve.org/view.php?id=CVE-2024-8447
02 Jan 2025 — A security issue was discovered in the LRA Coordinator component of Narayana. When Cancel is called in LRA, an execution time of approximately 2 seconds occurs. If Join is called with the same LRA ID within that timeframe, the application may crash or hang indefinitely, leading to a denial of service. A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0. Red Hat Product Security has rated this update as having a security impact of Important. • https://access.redhat.com/security/cve/CVE-2024-8447 • CWE-833: Deadlock •
CVSS: 6.4EPSS: 0%CPEs: 32EXPL: 0CVE-2023-1932 – Hibernate-validator: rendering of invalid html with safehtml leads to html injection and xss
https://notcve.org/view.php?id=CVE-2023-1932
07 Nov 2024 — A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an invalid html, allowing HTML injection or Cross-Site-Scripting (XSS) attacks. Se encontró una falla en el método 'isValid' de hibernate-validator en la clase org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator, que se puede evitar omitiendo la ... • https://access.redhat.com/security/cve/CVE-2023-1932 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.7EPSS: 0%CPEs: 7EXPL: 0CVE-2024-10234 – Wildfly: wildfly vulnerable to cross-site scripting (xss)
https://notcve.org/view.php?id=CVE-2024-10234
22 Oct 2024 — A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. This flaw allows an attacker or insider to execute a deployment with a malicious payload, which could trigger undesired behavior against the server. A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0 for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring Syste... • https://access.redhat.com/security/cve/CVE-2024-10234 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •