Common Vulnerabilities and Exposures (CVE)
CVE-2025-59436
The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value 017700000001 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29...
CVE-2024-4029
A vulnerability was found in Wildfly’s management interface. Due to the lack of limitation of sockets for the management interface, it may be possible to cause a denial of service hitting the nofile limit as there is no possibility to confi...
CVE-2024-3653
A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the ha...
CVE-2023-5379
A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without retur...
CVE-2024-1233
A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which m...
CVE-2024-5971
A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected 0\r\n termination of th...
CVE-2025-43277
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.8. Processing a maliciously crafted audio file may lead to memory corruption.
CVE-2025-43332
A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to break out of its sandbox.
CVE-2025-43349
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in tvOS 26, macOS Sonoma 14.8, macOS Sequoia 15.7, iOS 18.7 and iPadOS 18.7, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. Proce...
CVE-2025-43308
This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access sensitive user data.
CVE-2025-43328
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data.
CVE-2025-43294
An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data.
CVE-2025-43369
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Tahoe 26. An app may be able to access protected user data.
CVE-2025-43312
A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to cause unexpected system termination.
CVE-2025-43353
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. Processing a maliciously crafted string may lead to heap corruption.