Jboss core services

This hub aggregates every CVE we track for Jboss core services, a product in the devtools ci space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Jboss core services.

• CVE-2026-6732Libxml2: libxml2: denial of service via crafted xsd-validated document6.5Apr 23, 2026
• CVE-2025-14819OpenSSL partial chain store policy bypass5.3Jan 8, 2026
• CVE-2025-14017broken TLS options for threaded LDAPS6.3Jan 8, 2026
• CVE-2026-22184zlib <= 1.3.1.2 untgz Global Buffer Overflow in TGZfname()9.8Jan 7, 2026
• CVE-2025-6170Libxml2: stack buffer overflow in xmllint interactive shell command handling2.5Jun 16, 2025
• CVE-2025-6021Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml27.5Jun 12, 2025
• CVE-2025-27113libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.2.9Feb 18, 2025
• CVE-2024-46544Apache Tomcat Connectors: mod_jk: local users can view and modify configuration5.9Sep 23, 2024
• CVE-2024-39573Apache HTTP Server: mod_rewrite proxy handler substitution7.5Jul 1, 2024
• CVE-2023-5678Excessive time spent in DH check / generation with large Q parameter value5.3Nov 6, 2023
• CVE-2023-45802Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST5.9Oct 23, 2023
• CVE-2023-44487The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.KEV7.5Oct 10, 2023
• CVE-2023-3446Excessive time spent checking DH keys and parameters5.3Jul 19, 2023
• CVE-2023-27533A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during ser...8.8Mar 30, 2023
• CVE-2023-27538An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have ...5.5Mar 30, 2023