Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: docker (UTSA-2026-017338)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017338 advisory. Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is...

BIT-JAVA-MIN-2026-22016

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 a...

Important: Red Hat Security Advisory: OpenJDK 25.0.3 Security Update for Windows Builds

An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References...

EUVD-2026-10497

Specially crafted ZIP archives can escape the intended extraction directory during Node.js download and extraction in Vaadin 14.2.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 through 24.9.8, and 25.0.0 through 25.0.2. Vaadin’s build process can automatically download and extract Node.js if it...

CVE-2026-2742

An authentication bypass vulnerability exists in Vaadin 14.0.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 through 24.9.7 and 25.0.0 through 25.0.1, applications using Spring Security due to inconsistent path pattern matching of reserved framework paths. Accessing the /VAADIN endpoint without ...

vaadin 安全漏洞

Vaadin is an open-source platform for web application development developed by Vaadin contributors. The Vaadin platform includes a set of web components, a Java web framework, as well as a set of tools and application starters. Vulnerabilities exist in Vaadin versions 14.14.0 and earlier, 23.6.6...

openSUSE 16 Security Update : java-25-openjdk (openSUSE-SU-2026:20143-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20143-1 advisory. Update to upstream tag jdk-25.0.2+10 January 2026 CPU Security fixes: - CVE-2026-21925: Fixed Oracle Java SE component RMI bsc1257034. -...

SUSE CVE-2024-24557

Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions most important being HEALTHCHECK and ONBUILD would not cause a cache miss. An...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-1852)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AZL-35002 CVE-2024-24557 affecting package moby-engine for versions less than 25.0.3-1

Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions most important being HEALTHCHECK and ONBUILD would not cause a cache miss. An...

Moby Access Control Error Vulnerability

Moby is an open source project that aims to drive containerization of software and help the ecosystem mainstream container technology. An Access Control Error vulnerability exists in Moby versions prior to 24.0.9 and prior to 25.0.2, which stems from the classic builder cache system that is...

SUSE CVE-2023-25816

Nextcloud is an Open Source private cloud software. Versions 25.0.0 and above, prior to 25.0.3, are subject to Uncontrolled Resource Consumption. A user can configure a very long password, consuming more resources on password validation than desired. This issue is patched in 25.0.3 No workaround ...

CVE-2023-25579 Directory traversal in Nextcloud server

Nextcloud server is a self hosted home cloud product. In affected versions the OC\Files\Node\Folder::getFullPath function was validating and normalizing the string in the wrong order. The function is used in the newFile and newFolder items, which may allow to creation of paths outside of ones own...

SUSE CVE-2022-37026

In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS...