Every CVE whose affected-product data names Redhat Wildfly Core, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2025-23368 — CVSS 8.1 (high): A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed…
CVE-2021-3717 — CVSS 7.8 (high): A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to…
CVE-2023-4061 — CVSS 6.5 (medium): A flaw was found in wildfly-core. A management user could use the resolve-expression in the HAL Interface to read possible sensitive…
CVE-2021-3629 — CVSS 5.9 (medium): A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead…
CVE-2018-10862 — CVSS 5.5 (medium): WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted…
CVE-2019-14838 — CVSS 4.9 (medium): A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to…