Glassfish
This hub aggregates every CVE we track for Glassfish, a product in the devtools ci space. Use it to gauge the current risk picture and drill into individual advisories.
12
CVEs tracked
4
Critical
0
High
0
In CISA KEV
Severity distribution
MEDIUM8CRITICAL4
Monthly trend
0
0
2
0
0
0
0
0
0
0
0
0
6
0
0
0
0
0
0
0
0
0
2
0
2024-072026-06
Latest CVEs
The 12 most recently published vulnerabilities affecting Glassfish.
- CVE-2026-2586An authenticated Remote Code Execution (RCE) vulnerability was identified in GlassFish's Administration Console. A user with access to the panel can send crafted requests that allow the execution o...9.1
- CVE-2026-2587A critical Remote Code Execution (RCE) vulnerability was identified in the server-side template rendering mechanism used by the Glassfish gadget handler. The application processes .xml files and ev...9.6
- CVE-2024-9408In Eclipse GlassFish since version 6.2.5 it is possible to perform a Server Side Request Forgery attack in specific endpoints.9.8
- CVE-2024-10032In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting attacks in the Administration Console.5.4
- CVE-2024-10031In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site Scripting attacks by modifying the configuration file in the underlying operating system.5.4
- CVE-2024-10029In Eclipse GlassFish version 7.0.15 is possible to perform Reflected Cross-site scripting attacks in the Administration Console.6.1
- CVE-2024-9343In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting attacks in the Administration Console.6.1
- CVE-2024-9342In Eclipse GlassFish versions before 8.0.3 it is possible to perform Login Brute Force attacks as there is no limitation in the number of failed login attempts. GlassFish 8.0.3 adds automatic attac...9.8
- CVE-2024-9329Glassfish redirect to untrusted site6.1
- CVE-2024-8646Eclipse Glassfish: URL redirection vulnerability to untrusted sites6.1
- CVE-2023-5763Glassfish remote code execution6.8
- CVE-2022-2712In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter request path starting with './'. Successful exploitation could allow an ...6.5
Product normalization is registry-driven with AI assist and human review. How it works