eclipse

Top products

The 15 most recently published vulnerabilities affecting eclipse.

• CVE-2026-44691In Eclipse Theia versions prior to 1.69.0, custom task definitions in workspace files (e.g. .theia/tasks.json, .vscode/tasks.json) could be executed without requiring workspace trust. An attacker c...8.8Jun 18, 2026
• CVE-2026-46580In Eclipse Theia versions prior to 1.71.0, files matching the pattern .prompts/*.prompttemplate in a workspace were automatically loaded and could override or extend the AI agent's system prompts. ...8.8Jun 18, 2026
• CVE-2026-44688In Eclipse Theia versions prior to 1.71.0, the AI chat agent processed workspace file and directory names as part of its prompt context without distinguishing them from system instructions. An atta...8.8Jun 18, 2026
• CVE-2026-2586An authenticated Remote Code Execution (RCE) vulnerability was identified in GlassFish's Administration Console. A user with access to the panel can send crafted requests that allow the execution o...9.1May 19, 2026
• CVE-2026-2587A critical Remote Code Execution (RCE) vulnerability was identified in the server-side template rendering mechanism used by the Glassfish gadget handler. The application processes .xml files and ev...9.6May 19, 2026
• CVE-2026-6860A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepted by a server wildcard name, e.g. if the server is configured with a certificate acc...5.3May 6, 2026
• CVE-2026-6918In Eclipse Open9J versions 0.21 to 0.58, a pre-authentication remote attacker can crash JITServer by sending a 32-byte crafted TCP message.7.5May 5, 2026
• CVE-2026-2332HTTP Request Smuggling via Chunked Extension Quoted-String Parsing7.4Apr 14, 2026
• CVE-2026-5795In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication checks, which set two ThreadLocal variable. Upon returning from the initial checks, there are conditions that cause an ...7.4Apr 8, 2026
• CVE-2026-24457An unsafe parsing of OpenMQ's configuration, allows a remote attacker to read arbitrary files from a MQ Broker's server. A full exploitation could read unauthorized files of the OpenMQ’s host OS....9.1Mar 5, 2026
• CVE-2026-1188In the Eclipse OMR port library component since release 0.2.0, an API function to return the textual names of all supported processor features was not accounting for the separator inserted between ...9.8Jan 29, 2026
• CVE-2026-1002Eclipse Vert.x Web static handler file access denial5.3Jan 15, 2026
• CVE-2025-67109Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and execute commands with System privileges.10.0Dec 23, 2025
• CVE-2025-14549OMR on Z processors Exposing a possible buffer over-read problem8.1Dec 15, 2025
• CVE-2025-10543In Eclipse Paho Go MQTT v3.1 library (paho.mqtt.golang) versions <=1.5.0 UTF-8 encoded strings, passed into the library, may be incorrectly encoded if their length exceeds 65535 bytes. This may lea...5.3Dec 2, 2025