Eclipse Security Vulnerabilities (CVEs)
Track 75 security vulnerabilities affecting Eclipse products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This vulnerability in Eclipse Jetty's GzipHandler causes a memory leak when processing compressed HTTP requests without compressed responses. Attacker...
Mar 5, 2026CVE-2026-1188 is a buffer overflow vulnerability in Eclipse OMR's port library component where an API function fails to properly account for separator...
Jan 29, 2026This vulnerability in Vert.x Web's static handler allows attackers to manipulate the cache to deny access to static files via specially crafted URIs. ...
Jan 15, 2026This vulnerability in Eclipse OMR's compiler component causes incorrect handling of NUL characters during charset translation on Z processors, leading...
Dec 15, 2025This vulnerability in Eclipse Paho Go MQTT library allows UTF-8 strings longer than 65535 bytes to be incorrectly encoded, potentially causing packet ...
Dec 2, 2025This stored XSS vulnerability in Eclipse Vert.x allows attackers to inject malicious scripts into directory listings when they can create or rename fi...
Oct 22, 2025This vulnerability in NetXDuo's DHCPv6 client allows attackers to cause out-of-bounds memory reads by sending specially crafted DHCPv6 packets. It aff...
Oct 20, 2025This vulnerability in NextX Duo's HTTP client module allows a malicious server response to trigger undefined behavior through improper bounds checking...
Oct 17, 2025This vulnerability allows an attacker to trigger an out-of-bounds read in USBX's audio host class implementation when parsing malicious USB descriptor...
Oct 17, 2025This vulnerability allows attackers to read memory beyond allocated boundaries in USBX's audio class parsing function. It affects systems using Eclips...
Oct 17, 2025This vulnerability in NetX Duo's ICMPv6 packet processing allows attackers to read memory beyond intended boundaries when handling specially crafted I...
Oct 17, 2025This vulnerability allows an attacker to read memory beyond the intended buffer boundaries when parsing USB audio streaming device descriptors. It aff...
Oct 17, 2025This vulnerability allows an attacker to trigger an out-of-bounds read in USBX's audio device parsing function when a malicious USB audio device is co...
Oct 17, 2025This vulnerability in NextX Duo's SNMP addon allows attackers to trigger an out-of-bounds read via specially crafted SNMPv3 security parameters. This ...
Oct 17, 2025This vulnerability in NetX Duo's IPv4 packet handling allows an attacker to read 4 bytes of memory beyond allocated boundaries when processing unicast...
Oct 17, 2025This vulnerability in NetX Duo's _nx_ip_packet_receive() function allows an attacker to cause an out-of-bounds read by sending specially crafted Ether...
Oct 16, 2025A buffer overflow vulnerability in FileX's RAM disk driver allows remote attackers to execute arbitrary code by sending specially crafted packets. Thi...
Oct 16, 2025This vulnerability in NetX Duo (part of Eclipse ThreadX) allows attackers to read two bytes beyond allocated memory boundaries due to an incorrect bou...
Oct 15, 2025This vulnerability in NetX Duo's TLS implementation allows attackers to cause an out-of-bounds read by providing malformed PSK length in ClientHello m...
Oct 15, 2025This vulnerability in Eclipse ThreadX allows attackers to bypass memory protection mechanisms and perform arbitrary memory read/write operations when ...
Oct 15, 2025This vulnerability in Eclipse ThreadX allows threads to be created with higher priority than configured maximum, potentially causing denial of service...
Oct 15, 2025This vulnerability in Eclipse ThreadX allows attackers to cause denial of service by providing pointers to unmapped memory regions. The system call va...
Oct 14, 2025This vulnerability in Eclipse Jetty allows HTTP/2 clients to trigger resource exhaustion attacks by sending malformed frames that force the server to ...
Aug 20, 2025This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Eclipse GlassFish application server. Attackers can exploit specific endpoint...
Jul 16, 2025This stored cross-site scripting (XSS) vulnerability in Eclipse GlassFish 7.0.15 allows attackers to inject malicious scripts into the administration ...
Jul 16, 2025CVE-2024-9342 allows attackers to perform unlimited brute-force login attempts against Eclipse GlassFish servers, potentially compromising administrat...
Jul 16, 2025This vulnerability allows attackers to perform reflected cross-site scripting (XSS) attacks in the Eclipse GlassFish Administration Console. Attackers...
Jul 16, 2025A vulnerability in Eclipse Open VSX Registry's automated publishing system allowed unauthorized uploads of extensions due to insufficient isolation of...
Jun 27, 2025A stack-based buffer overflow vulnerability in Eclipse OpenJ9 when used with OpenJDK 8 allows local attackers to execute arbitrary code by modifying a...
May 9, 2025This vulnerability in Eclipse Jetty allows incorrect buffer release during gzip decompression errors, potentially leading to data corruption or uninte...
May 8, 2025This vulnerability in Eclipse ThreadX NetX Duo's HTTP server allows attackers to cause denial of service through specially crafted packets. The issue ...
Apr 6, 2025This vulnerability in Eclipse ThreadX NetX Duo's HTTP server allows attackers to cause integer underflow and denial of service by sending specially cr...
Apr 6, 2025CVE-2024-10838 is an integer underflow vulnerability in Eclipse Cyclone DDS during deserialization that allows unauthenticated attackers to read out-o...
Mar 12, 2025This vulnerability in Eclipse OMR versions up to 0.4.0 allows NULL pointer dereference crashes when z/OS atoe functions fail to allocate memory. It af...
Feb 21, 2025This CVE describes a buffer overflow vulnerability in Eclipse OMR's z/OS atoe print functions. Attackers could exploit this to execute arbitrary code ...
Feb 21, 2025An integer underflow vulnerability in NetX HTTP server functionality of Eclipse ThreadX NetX Duo allows attackers to cause denial of service by sendin...
Feb 21, 2025An integer underflow vulnerability in NetX HTTP server functionality of Eclipse ThreadX NetX Duo allows attackers to cause denial of service by sendin...
Feb 21, 2025A denial-of-service vulnerability in Eclipse ThreadX NetX Duo's HTTP server allows attackers to exhaust file handles by sending specially crafted pack...
Feb 21, 2025This vulnerability allows a malicious MQTT broker to crash or potentially execute arbitrary code on clients using libmosquitto by sending a specially ...
Oct 30, 2024This vulnerability in Jetty's ThreadLimitHandler.getRemote() allows unauthenticated attackers to send crafted requests that trigger OutOfMemory errors...
Oct 14, 2024This vulnerability in Jetty's DosFilter allows unauthenticated attackers to send crafted requests that trigger OutOfMemory errors, leading to denial-o...
Oct 14, 2024This vulnerability in Eclipse Mosquitto allows attackers to cause memory corruption through specific MQTT packet sequences, potentially leading to cra...
Oct 11, 2024This vulnerability in Eclipse Glassfish allows attackers to redirect users to malicious websites via manipulated HTTP Host parameters when accessing t...
Sep 30, 2024This vulnerability in Eclipse Dataspace Components allows attackers to bypass token expiration checks in the ConsumerPullTransferTokenValidationApiCon...
Sep 11, 2024This vulnerability allows attackers to send unlimited size payloads to Vert.x gRPC servers, potentially causing resource exhaustion and denial of serv...
Sep 4, 2024This vulnerability in Eclipse Parsson allows attackers to cause denial of service by sending JSON documents with deeply nested objects, triggering Jav...
Jul 17, 2024This vulnerability allows attackers to obtain OAuth2 client secrets from the vault in Eclipse Dataspace Components. It affects users of the EDC Connec...
May 7, 2024This vulnerability allows unauthenticated remote attackers to execute arbitrary code on systems running vulnerable versions of Eclipse Target Manageme...
Apr 26, 2024This vulnerability in Eclipse Kura's LogServlet allows unauthenticated attackers to retrieve device logs via specially crafted requests. The downloade...
Apr 9, 2024CVE-2024-2212 is a heap buffer overflow vulnerability in Eclipse ThreadX's FreeRTOS compatibility layer. Missing parameter checks in xQueueCreate() an...
Mar 26, 2024Why Monitor Eclipse Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 75+ known vulnerabilities affecting Eclipse products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Eclipse packages in under 60 seconds. No agents required - completely agentless scanning that works across Eclipse deployments.
Free vulnerability database: Access detailed information about every Eclipse CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Eclipse CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
