CVE Tools

eclipse foundation

OSS LibrariesDEoss-project

93

Cumulative CVEs

17

Monthly snapshots

#46

Peak rank

Top products

eclipse omr1 eclipse theia - website1 eclipse threadx1

Latest CVEs

The 15 most recently published vulnerabilities affecting eclipse foundation.

CVE-2026-11576The security fix for CVE-2025-0728 in eclipse-threadx NetX Duo refactors error handling in the HTTP server PUT process to use a shared cleanup label, but this unified cleanup path unconditionally c...7.5Jun 19, 2026
CVE-2026-44691In Eclipse Theia versions prior to 1.69.0, custom task definitions in workspace files (e.g. .theia/tasks.json, .vscode/tasks.json) could be executed without requiring workspace trust. An attacker c...8.8Jun 18, 2026
CVE-2026-46580In Eclipse Theia versions prior to 1.71.0, files matching the pattern .prompts/*.prompttemplate in a workspace were automatically loaded and could override or extend the AI agent's system prompts. ...8.8Jun 18, 2026
CVE-2026-44688In Eclipse Theia versions prior to 1.71.0, the AI chat agent processed workspace file and directory names as part of its prompt context without distinguishing them from system instructions. An atta...8.8Jun 18, 2026
CVE-2026-2586An authenticated Remote Code Execution (RCE) vulnerability was identified in GlassFish's Administration Console. A user with access to the panel can send crafted requests that allow the execution o...9.1May 19, 2026
CVE-2026-2587A critical Remote Code Execution (RCE) vulnerability was identified in the server-side template rendering mechanism used by the Glassfish gadget handler. The application processes .xml files and ev...9.6May 19, 2026
CVE-2026-6860A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepted by a server wildcard name, e.g. if the server is configured with a certificate acc...5.3May 6, 2026
CVE-2026-7412In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated remote attack...8.6May 5, 2026
CVE-2026-7411In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal a...10.0May 5, 2026
CVE-2026-6918In Eclipse Open9J versions 0.21 to 0.58, a pre-authentication remote attacker can crash JITServer by sending a 32-byte crafted TCP message.7.5May 5, 2026
CVE-2026-2332HTTP Request Smuggling via Chunked Extension Quoted-String Parsing7.4Apr 14, 2026
CVE-2026-5795In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication checks, which set two ThreadLocal variable. Upon returning from the initial checks, there are conditions that cause an ...7.4Apr 8, 2026
CVE-2026-24457An unsafe parsing of OpenMQ's configuration, allows a remote attacker to read arbitrary files from a MQ Broker's server. A full exploitation could read unauthorized files of the OpenMQ’s host OS....9.1Mar 5, 2026
CVE-2026-1605In Eclipse Jetty, versions 12.0.0-12.0.31 and 12.1.0-12.0.5, class GzipHandler exposes a vulnerability when a compressed HTTP request, with Content-Encoding: gzip, is processed and the correspondin...7.5Mar 5, 2026
CVE-2025-11143The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in secur...3.7Mar 5, 2026