Every CVE whose affected-product data names Eclipse Vert.x, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2018-12544 — CVSS 9.8 (critical): In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense…
CVE-2019-17640 — CVSS 9.8 (critical): In Eclipse Vert.x 3.4.x up to 3.9.4, 4.0.0.milestone1, 4.0.0.milestone2, 4.0.0.milestone3, 4.0.0.milestone4, 4.0.0.milestone5, 4.0.0.Beta1…
CVE-2018-12542 — CVSS 9.8 (critical): In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the StaticHandler uses external input to construct a pathname that should be within a…
CVE-2018-12540 — CVSS 8.8 (high): In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form…
CVE-2025-11965 — CVSS 7.5 (high): In Eclipse Vert.x versions [4.0.0, 4.5.21] and [5.0.0, 5.0.4], a StaticHandler configuration for restricting access to hidden files fails…
CVE-2024-8391 — CVSS 7.5 (high): In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload (Maven GAV…
CVE-2018-12541 — CVSS 6.5 (medium): In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the…
CVE-2025-11966 — CVSS 6.4 (medium): In Eclipse Vert.x versions [4.0.0, 4.5.21] and [5.0.0, 5.0.4], when "directory listing" is enabled, file and directory names are inserted…
CVE-2026-6860 — CVSS 5.3 (medium): A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepted by a server wildcard…
CVE-2018-12537 — CVSS 5.3 (medium): In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and…