Red hat process automation 7

This hub aggregates every CVE we track for Red hat process automation 7, a product in the devtools ci space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Red hat process automation 7.

• CVE-2025-58713Rhpam: privilege escalation via excessive /etc/passwd permissions6.4Apr 8, 2026
• CVE-2026-28369Undertow: undertow: request smuggling via malformed http request headers8.7Mar 27, 2026
• CVE-2026-28367Undertow: undertow: request smuggling via `\r\r\r` as a header block terminator8.7Mar 27, 2026
• CVE-2026-28368Undertow: undertow: request smuggling via inconsistent header parsing8.7Mar 27, 2026
• CVE-2026-3260Undertow: undertow: denial of service due to premature multipart/form-data parsing in get requests5.9Mar 24, 2026
• CVE-2024-4027Undertow: outofmemoryerror in httpservletrequestimpl.getparameternames() can cause remote dos attacks7.5Jan 30, 2026
• CVE-2026-0603Org.hibernate/hibernate-core: hibernate: information disclosure and data deletion via second-order sql injection8.3Jan 23, 2026
• CVE-2025-12543Undertow-core: undertow http server fails to reject malformed host headers leading to potential cache poisoning and ssrf9.6Jan 7, 2026
• CVE-2024-3884Undertow: outofmemory when parsing form data encoding with application/x-www-form-urlencoded7.5Dec 3, 2025
• CVE-2025-9784Undertow: undertow madeyoureset http/2 ddos vulnerability7.5Sep 2, 2025
• CVE-2025-23368Org.wildfly.core:wildfly-elytron-integration: wildfly elytron brute force attack via cli8.1Mar 4, 2025
• CVE-2024-11831Npm-serialize-javascript: cross-site scripting (xss) in serialize-javascript5.4Feb 10, 2025
• CVE-2025-23367Org.wildfly.core:wildfly-server: wildfly improper rbac permission6.5Jan 30, 2025
• CVE-2024-12397Io.quarkus.http/quarkus-http-core: quarkus http cookie smuggling7.4Dec 12, 2024
• CVE-2023-4639Undertow: cookie smuggling/spoofing7.4Nov 17, 2024