The HTTP/2 protocol allows a denial of service (server resource consumption) because request ca…

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtu…

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker h…

A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entit…

A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, wher…

swagger-ui has XSS in key names

The admin terminal in Hawt.io does not require authentication, which allows remote attackers to…

A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same Strin…

A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of Obje…

A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of …

Multiple cross-site scripting (XSS) vulnerabilities in Fuse Management Console in Red Hat JBoss…

A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it remo…

A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listen…

undertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was found vulnerable when using …

It was found that the Karaf container used by Red Hat JBoss Fuse 6.x, and Red Hat JBoss A-MQ 6.…

It was found that the Apache ActiveMQ client before 5.14.5 exposed a remote shutdown command in…

It was found that the JMX endpoint of Red Hat JBoss Fuse 6, and Red Hat A-MQ 6 deserializes the…

A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.securi…

A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-…

Red Hat JBoss Fuse before 6.2.0 allows remote authenticated users to bypass intended restrictio…

A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controll…

A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron…

A flaw was found in Wildfly before wildfly-embedded-13.0.0.Final, where the embedded managed pr…

A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows …

A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes…

A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) versions shipped with Red Ha…

A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some s…

Cross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io allows remote …

A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols…

A flaw was found in the reset credential flow in all Keycloak versions before 8.0.0. This flaw …

Async Http Client (aka AHC or async-http-client) before 1.9.0 skips X.509 certificate verificat…

It was discovered that the hawtio servlet 1.4 uses a single HttpClient instance to proxy reques…

The Ignite Realtime Smack XMPP API 4.x before 4.0.2, and 3.x and 2.x when a custom SSLContext i…

When a POST request comes through AJP and the request exceeds the max-post-size limit (maxEntit…

A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final a…

main/java/com/ning/http/client/AsyncHttpClientConfig.java in Async Http Client (aka AHC or asyn…

A flaw was found in Keycloak 7.0.1. A logged in user can do an account email enumeration attack.

A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for th…

It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycl…

The undertow client is not checking the server identity presented by the server certificate in …