BIT-JRE-2026-22008

Vulnerability in Oracle Java SE component: Libraries. The supported version that is affected is Oracle Java SE: 25.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this...

PT-2026-38878

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: AWT, JavaFX. Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17...

PT-2026-38884

Vulnerability in Oracle Java SE component: Libraries. The supported version that is affected is Oracle Java SE: 25.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this...

BIT-JAVA-2026-22008

Vulnerability in Oracle Java SE component: Libraries. The supported version that is affected is Oracle Java SE: 25.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this...

PT-2026-37863

Vulnerability in Oracle Java SE component: Libraries. The supported version that is affected is Oracle Java SE: 25.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this...

CVE-2026-22008

Vulnerability in Oracle Java SE component: Libraries. The supported version that is affected is Oracle Java SE: 25.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this...

CVE-2026-22008

Vulnerability in Oracle Java SE component: Libraries. The supported version that is affected is Oracle Java SE: 25.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this...

CVE-2026-29795

stellar-xdr is a library and CLI containing types and functionality for working with Stellar XDR. Prior to version 25.0.1, StringM::fromstr does not validate that the input length is within the declared maximum MAX. Calling StringM::::fromstrs where s is longer than N bytes succeeds and returns a...

CVE-2026-29795 stellar-xdr: `StringM::from_str` bypasses max length validation

stellar-xdr is a library and CLI containing types and functionality for working with Stellar XDR. Prior to version 25.0.1, StringM::fromstr does not validate that the input length is within the declared maximum MAX. Calling StringM::::fromstrs where s is longer than N bytes succeeds and returns a...

CVE-2026-29795

CVE-2026-29795 affects the stellar-xdr crate (StringM::from_str bypasses the max length validation). Affected: versions prior to 25.0.1. Root cause: input strings longer than MAX are accepted, producing StringM with violated length invariant. Impact: potential propagation through serialization/va...

Important: java-11-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: RMI. Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK:...

CVE-2026-23887

CVE-2026-23887 affects Group-Office. Vulnerability: unsanitized filenames stored in the database can lead to Stored XSS in the file-viewing context. Affected versions: 6.8.148 and earlier, and 25.0.1–25.0.79. Impact is limited to the file-viewing context but may interfere with sessions or browser...

EUVD-2026-3576

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17...

PT-2026-34077

Name of the Vulnerable Software and Affected Versions Oracle Java SE version 25.0.1 Description An issue in the Libraries component allows an unauthenticated attacker with network access via multiple protocols to compromise the system. This can lead to unauthorized update, insert, or delete acces...

CVE-2025-65073

OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone authorization...

git security update

1.8.3.1-25.0.1 - Fixed CVE-2025-48384 Orabug: 38234220...

VulnCheck KEV: CVE-2023-45878

GibbonEdu Gibbon version 25.0.1 and before allows Arbitrary File Write because rubricsvisualisesaveAjax.phps does not require authentication. The endpoint accepts the img, path, and gibbonPersonID parameters. The img parameter is expected to be a base64 encoded image. If the path parameter is...

Vulnerability fixed in Adobe After Effects

Adobe has fixed a vulnerability in Adobe After Effects Specifically for versions 24.6.2, 25.0.1 and earlier. The vulnerability is in the way Adobe After Effects handles files. When a user opens a maliciously crafted file, it can cause a buffer overflow, which can result in the execution of...

Gibbon Security Vulnerabilities

Gibbon is a school platform that solves real-world problems that educators encounter every day. A security vulnerability exists in GibbonEdu Gibbon version 25.0.1, which stems from a vulnerability that allows an unauthenticated attacker to upload arbitrary files to the application and execute cod...

Malicious code in @shennong/web-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a2fd786e967b26aa2bbe8f8367eda2745ce70026f11bcc9b832e3bcb93433b58 The OpenSSF Package Analysis project identified '@shennong/web-logger' @ 25.0.1 npm as malicious. It is considered malicious because: - The...