Every CVE whose affected-product data names Redhat Jboss Enterprise Application Platform Expansion Pack, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (17)
CVE-2025-12543 — CVSS 9.6 (critical): A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library…
CVE-2026-28367 — CVSS 8.7 (high): A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending `\r\r\r` as a header block terminator. This can…
CVE-2026-28369 — CVSS 8.7 (high): A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, it…
CVE-2026-28368 — CVSS 8.7 (high): A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where header names are…
CVE-2026-3009 — CVSS 8.1 (high): A security flaw in the IdentityBrokerService.performLogin endpoint of Keycloak allows authentication to proceed using an Identity Provider…
CVE-2023-1108 — CVSS 7.5 (high): A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in…
CVE-2025-9784 — CVSS 7.5 (high): A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This…
CVE-2022-0853 — CVSS 7.5 (high): A flaw was found in JBoss-client. The vulnerability occurs due to a memory leak on the JBoss client-side, when using UserTransaction…
CVE-2022-1278 — CVSS 7.5 (high): A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain.
CVE-2023-4503 — CVSS 6.8 (medium): An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers…
CVE-2026-3121 — CVSS 6.5 (medium): A flaw was found in Keycloak. An administrator with `manage-clients` permission can exploit a misconfiguration where this permission is…
CVE-2026-4366 — CVSS 5.8 (medium): A flaw was identified in Keycloak, an identity and access management solution, where it improperly follows HTTP redirects when processing…
CVE-2025-5731 — CVSS 5.5 (medium): A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and…
CVE-2021-3642 — CVSS 5.3 (medium): A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer…
CVE-2021-20250 — CVSS 4.3 (medium): A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on…
CVE-2026-14209 — CVSS 4.3 (medium): A vulnerability was discovered in Keycloak's Admin UI extension that allows certain administrative users to bypass security restrictions…
CVE-2026-4874 — CVSS 3.1 (low): A flaw was found in Keycloak. An authenticated attacker can perform Server-Side Request Forgery (SSRF) by manipulating the…