Red hat jboss enterprise application platform 7

This hub aggregates every CVE we track for Red hat jboss enterprise application platform 7, a product in the operating systems space. Use it to gauge the current risk picture and drill into individual advisories.

Operating Systemson-premother

CVEs tracked

Critical

High

In CISA KEV

Severity distribution

HIGH21MEDIUM20CRITICAL1

Monthly trend

2024-072026-06

Latest CVEs

See all →

The 15 most recently published vulnerabilities affecting Red hat jboss enterprise application platform 7.

CVE-2026-28369Undertow: undertow: request smuggling via malformed http request headers8.7Mar 27, 2026
CVE-2026-28367Undertow: undertow: request smuggling via `\r\r\r` as a header block terminator8.7Mar 27, 2026
CVE-2026-28368Undertow: undertow: request smuggling via inconsistent header parsing8.7Mar 27, 2026
CVE-2026-3260Undertow: undertow: denial of service due to premature multipart/form-data parsing in get requests5.9Mar 24, 2026
CVE-2024-4027Undertow: outofmemoryerror in httpservletrequestimpl.getparameternames() can cause remote dos attacks7.5Jan 30, 2026
CVE-2026-0603Org.hibernate/hibernate-core: hibernate: information disclosure and data deletion via second-order sql injection8.3Jan 23, 2026
CVE-2025-12543Undertow-core: undertow http server fails to reject malformed host headers leading to potential cache poisoning and ssrf9.6Jan 7, 2026
CVE-2024-3884Undertow: outofmemory when parsing form data encoding with application/x-www-form-urlencoded7.5Dec 3, 2025
CVE-2025-9784Undertow: undertow madeyoureset http/2 ddos vulnerability7.5Sep 2, 2025
CVE-2025-5731Infinispan: credential leakage in infinispan cli5.5Jun 26, 2025
CVE-2025-2240Smallrye-fault-tolerance: smallrye fault tolerance7.5Mar 12, 2025
CVE-2025-23368Org.wildfly.core:wildfly-elytron-integration: wildfly elytron brute force attack via cli8.1Mar 4, 2025
CVE-2024-11831Npm-serialize-javascript: cross-site scripting (xss) in serialize-javascript5.4Feb 10, 2025
CVE-2025-23367Org.wildfly.core:wildfly-server: wildfly improper rbac permission6.5Jan 30, 2025
CVE-2025-23366Org.jboss.hal:hal-console: wildfly hal console cross-site scripting6.5Jan 14, 2025

Product normalization is registry-driven with AI assist and human review. How it works