Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.1.6 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 8.1 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

OPENSUSE-SU-2026:20627-1 Security update for bouncycastle

This update for bouncycastle fixes the following issues: - Update to version 1.84: - CVE-2025-14813: GOSTCTR implementation unable to process more than 255 blocks correctly bsc1262225. - CVE-2026-0636: LDAP Injection Vulnerability in LDAPStoreHelper.java bsc1262226. - CVE-2026-3505: Unbounded PGP...

bouncycastle-1.84-1.1 on GA media (moderate)

bouncycastle-1.84-1.1 on GA media Announcement ID: openSUSE-SU-2026:10571-1 Rating: moderate Cross-References: CVE-2025-14813 CVE-2026-0636 CVE-2026-3505 CVE-2026-5588 CVE-2026-5598 CVSS scores: CVE-2025-14813 SUSE : 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L CVE-2025-14813 SUSE : 8.3...

CVE-2026-3505 vulnerabilities

Vulnerabilities for packages: apache-nifi, apache-nifi-registry, jenkins, wildfly, gradle...

org.vafer:jdeb (>=0.2 <=0.11) potentially affected by CVE-2026-3505 via org.bouncycastle:bcpg-jdk12 (=130)

org.bouncycastle:bcpg-jdk12 MAVEN version =130 is affected by a known vulnerability. The following packages have a transitive dependency on org.bouncycastle:bcpg-jdk12 and may be impacted: - org.vafer:jdeb =0.2, =0.11 Source cves: CVE-2026-3505 Source advisory: OSV:GHSA-CJ8J-37RH-8475...

io.github.compyoot:utilities-and-generic-tools (=0.3.11), org.scala-sbt.ivy:ivy (>=2.3.0-sbt-1b57d3bbc08ecf671169fd548918da18c91f77be <=2.3.0-sbt-fbc4f586aeeb1591710b14eb4f41b94880dcd745) potentially affected by CVE-2026-3505 via org.bouncycastle:bcpg-jdk14 (=1.45)

org.bouncycastle:bcpg-jdk14 MAVEN version =1.45 is affected by a known vulnerability. The following packages have a transitive dependency on org.bouncycastle:bcpg-jdk14 and may be impacted: - io.github.compyoot:utilities-and-generic-tools =0.3.11 - org.scala-sbt.ivy:ivy...

amdonov.ospackage-init:amdonov.ospackage-init.gradle.plugin (>=0.1.0 <=0.5.0), app.cash.backfila:client-misk-dynamodb (>=0.1.3-20210127.1838-76ab4fc <=0.1.4-20210806.0204-5341f38) +1646 more potentially affected by CVE-2026-3505 via org.bouncycastle:bcpg-jdk15on (>=1.46 <=1.70)

org.bouncycastle:bcpg-jdk15on MAVEN version =1.46, =0.1.0, =0.1.3-20210127.1838-76ab4fc, =0.1.3-20210127.1838-76ab4fc, =2023.06.07.114626-93b9d6f, =0.1.3-20210127.1838-76ab4fc, =0.1.4-20220614.0152-5ae0eef, =1.0.0-M6, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1-M3, =0.0.1-M19 and more...

io.github.epi155:promethium-pgp-jdk5 (=0.5-B1), io.github.hWorblehat:nexus3-external-auth-plugin (=0.1.0) +220 more potentially affected by CVE-2026-3505 via org.bouncycastle:bcpg-jdk15to18 (>=1.65 <=1.82)

org.bouncycastle:bcpg-jdk15to18 MAVEN version =1.65, =4.5.0-alpha2, =4.5.0-alpha2, =4.5.0-alpha2, =4.5.0-alpha2, =4.5.0-beta3, =4.5.0-alpha2, =4.5.0-alpha2, =4.5.0-alpha2, =4.5.0-alpha2, =1.9.0, =1.9.0, =1.9.0, =1.9.0, =1.10.0 and more Source cves: CVE-2026-3505 Source advisory:...

SUSE CVE-2026-3505

Allocation of resources without limits or throttling, Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpg on all pg modules. This vulnerability is associated with program files AEADEncDataPacket.Java, BcAEADUtil.Java, JceAEADUtil.Java,...

io.github.epi155:promethium-pgp-jdk5 (=0.5-B1), io.github.hWorblehat:nexus3-external-auth-plugin (=0.1.0) +220 more potentially affected by CVE-2026-3505 via org.bouncycastle:bcpg-jdk15to18 (>=1.65 <=1.82)

org.bouncycastle:bcpg-jdk15to18 MAVEN version =1.65, =4.5.0-alpha2, =4.5.0-alpha2, =4.5.0-alpha2, =4.5.0-alpha2, =4.5.0-beta3, =4.5.0-alpha2, =4.5.0-alpha2, =4.5.0-alpha2, =4.5.0-alpha2, =1.9.0, =1.9.0, =1.9.0, =1.9.0, =1.10.0 and more Source cves: CVE-2026-3505 Source advisory:...

app.cash.backfila:client-misk-hibernate (>=2025.05.13.195510-03b951f <=2026.03.26.140500-911435f), app.cash.backfila:service (>=2025.05.13.195510-03b951f <=2026.03.26.140500-911435f) +1011 more potentially affected by CVE-2026-3505 via org.bouncycastle:bcpg-jdk18on (>=1.71 <=1.83)

org.bouncycastle:bcpg-jdk18on MAVEN version =1.71, =2025.05.13.195510-03b951f, =2025.05.13.195510-03b951f, =2025.05.13.195510-03b951f, =1.0.0, =1.0.0, =1.1, =1.5.0, =0.1.0, =4.0.0, =7.0.0 and more Source cves: CVE-2026-3505 Source advisory: SNYK:JAVA-ORGBOUNCYCASTLE-16073606...

io.github.compyoot:utilities-and-generic-tools (=0.3.11), org.scala-sbt.ivy:ivy (>=2.3.0-sbt-1b57d3bbc08ecf671169fd548918da18c91f77be <=2.3.0-sbt-fbc4f586aeeb1591710b14eb4f41b94880dcd745) potentially affected by CVE-2026-3505 via org.bouncycastle:bcpg-jdk14 (=1.45)

org.bouncycastle:bcpg-jdk14 MAVEN version =1.45 is affected by a known vulnerability. The following packages have a transitive dependency on org.bouncycastle:bcpg-jdk14 and may be impacted: - io.github.compyoot:utilities-and-generic-tools =0.3.11 - org.scala-sbt.ivy:ivy...

CVE-2026-3505 Unbounded PGP AEAD chunk size leads to pre-auth resource exhaustion.

Allocation of resources without limits or throttling, Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpg on all pg modules. This vulnerability is associated with program files AEADEncDataPacket.Java, BcAEADUtil.Java, JceAEADUtil.Java,...

CVE-2026-3505

Allocation of resources without limits or throttling, Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpg on all pg modules. This vulnerability is associated with program files AEADEncDataPacket.Java, BcAEADUtil.Java, JceAEADUtil.Java,...

CVE-2026-3505

CVE-2026-3505 describes an Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle BC-JAVA bcpg modules. The issue affects the BC-JAVA package (all pg modules) and is tied to specific code paths including AEADEncDataPacket.java, BcAEADUtil.java, JceAEADUtil.java, and Operat...

MiracleLinux 4 : openssl-1.0.1e-16.AXS4.15 (AXSA:2014-494:04)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2014-494:04 advisory. Description : The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and...

EUVD-2013-2731

Malware in sbrugna...

CVE-2023-3505

A vulnerability was found in Onest CRM 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/project/update/2 of the component Project List Handler. The manipulation of the argument name with the input leads to cross site scripting. It is possible to initiate...

CVE-2022-3505

A vulnerability was found in SourceCodester Sanitization Management System. It has been classified as problematic. Affected is an unknown function of the file /php-sms/admin/. The manipulation of the argument page leads to cross site scripting. It is possible to launch the attack remotely. The...

Linux Distros Unpatched Vulnerability : CVE-2021-3505

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit keys with 1984 bit strength due to a bug in the TCG specificatio...