Vulnerabilities in Eclipse Foundation
104 resultsCVE-2025-55102HIGHA denial-of-service vulnerability exists in the NetX IPv6 component functionality of Eclipse ThreadX NetX Duo. A specially crafted network pEPSS 0.4%CVE-2025-55099LOWPotential out-of-bounds read in _ux_host_class_audio_alternate_setting_locate()EPSS 0.3%CVE-2025-55081MEDIUMPotential out of bound read in _nx_secure_tls_process_clienthello()EPSS 0.3%CVE-2025-55090MEDIUMPotential out of bound read issue in _nx_ipv4_packet_receive() in NetX DuoEPSS 0.3%CVE-2025-55091MEDIUMPotential out of bound read in _nx_ip_packet_receive()EPSS 0.3%CVE-2024-2214HIGHMissing array size check in _Mtxinit() in the Xtensa portEPSS 0.3%CVE-2023-6194LOWIn Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered to prohibit
document type definition (DTD) rEPSS 0.3%CVE-2025-55092MEDIUMPotential out of bound read in _nx_ipv4_option_process()EPSS 0.3%CVE-2025-55084MEDIUMOut of bound read in _nx_secure_tls_proc_clienthello_supported_versions_extension()EPSS 0.3%CVE-2025-55098LOWPotential out-of-bounds read in _ux_host_class_audio_device_type_get()EPSS 0.3%CVE-2024-9408HIGHIn Eclipse GlassFish since version 6.2.5 it is possible to perform a Server Side Request Forgery attack in specific endpoints.EPSS 0.3%CVE-2025-55093MEDIUMOut of bound read and write in _nx_ipv4_packet_receive() when handling unicast DHCP messagesEPSS 0.3%CVE-2026-44688HIGHIn Eclipse Theia versions prior to 1.71.0, the AI chat agent processed workspace file and directory names as part of its prompt context withEPSS 0.3%CVE-2026-46580HIGHIn Eclipse Theia versions prior to 1.71.0, files matching the pattern .prompts/*.prompttemplate in a workspace were automatically loaded andEPSS 0.3%CVE-2025-12383CRITICALRace Condition allows Bypass of Trust RestrictionsEPSS 0.3%CVE-2026-6272HIGHA client holding only a read JWT scope can still register itself as a signal provider through the production kuksa.val.v2 OpenProviderStreamEPSS 0.3%CVE-2025-11966LOWIn Eclipse Vert.x versions [4.0.0, 4.5.21] and [5.0.0, 5.0.4], when "directory listing" is enabled, file and directory names are inserted inEPSS 0.3%CVE-2026-11576HIGHThe security fix for CVE-2025-0728 in eclipse-threadx NetX Duo refactors error handling in the HTTP server PUT process to use a shared cleanEPSS 0.3%CVE-2025-55097LOWPotential out-of-bounds read in _ux_host_class_audio_streaming_sampling_get()EPSS 0.2%CVE-2026-6860MEDIUMA TCP client can perform a TLS handshake and present the server name extension with a server name that is accepted by a server wildcard nameEPSS 0.2%