USN-8341-1 openjdk-26 vulnerabilities

Thomas Beckers discovered that the JAXP component of OpenJDK 26 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of...

USN-8339-1: OpenJDK 25 vulnerabilities

Thomas Beckers discovered that the JAXP component of OpenJDK 25 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of...

USN-8332-1: CRaC JDK 17 vulnerabilities

Thomas Beckers discovered that the JAXP component of CRaC JDK 17 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of CRa...

USN-8331-1 openjdk-lts vulnerabilities

Thomas Beckers discovered that the JAXP component of OpenJDK 11 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of...

Vexa 安全漏洞

Vexa is an open-source conference robot and real-time transcription API developed by Vexa.ai. Versions of Vexa prior to 0.10.0-260419-1910 contained security vulnerabilities. These vulnerabilities stemmed from the lack of authentication and authorization checks for internal endpoints, which could...

PT-2026-30220

Insufficient authentication security controls in the browser-based authentication components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to intercept or hijack authentication sessions due to insufficient protections in the browser-based authentication flows. To remediat...

Juju has Improper TLS Client/Server authentication and certificate verification on Database Cluster

Impact Any Juju controller since 3.2.0. An attacker with only route-ability to the target juju controller Dqlite cluster endpoint may join the Dqlite cluster, read and modify all information, including escalating privileges, open firewall ports etc. This is due to not checking the client...

Belden Hirschmann HiEOS LRS11 安全漏洞

Belden Hirschmann HiEOS LRS11 is an industrial Ethernet switch operating system platform developed by the American company Belden. Versions of Belden Hirschmann HiEOS LRS11 prior to 01.1.00 contained security vulnerabilities. These vulnerabilities stemmed from improper handling of authentication ...

Nexxt Solutions Nebula 300+ 安全漏洞

The Nexxt Solutions Nebula 300+ is a wireless router produced by the Nexxt Solutions company in the United States. Versions of the Nebula 300+ with the software version 12.01.01.37 and earlier contain security vulnerabilities. These vulnerabilities stem from the lack of rate limits on the...

Tinycontrol多款产品 安全漏洞

Tinycontrol tcPDU is a product of the Polish company Tinycontrol. Tinycontrol tcPDU is a network distribution unit. Tinycontrol LAN Controllers LK3.5 is a device for remote monitoring and control of environmental parameters. Tinycontrol LAN Controllers LK3.9 is also a device for remote monitoring...

EulerOS 2.0 SP13 : curl (EulerOS-SA-2026-1268)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When doing multi-threaded LDAPS transfers LDAP over TLS with libcurl,changing TLS options in one thread would inadvertently change them globally and...

Rocket.Chat 安全漏洞

Rocket.Chat is a chat software developed by the Rocket.Chat company. There were security vulnerabilities in versions prior to 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0. These vulnerabilities stemmed from authentication issues within the DDP Streamer service, where two-factor...

Doruk Wispotter 安全漏洞

Doruk Wispotter is a WiFi hotspot management and marketing system developed by the Turkish company Doruk. Versions of Wispotter from 1.0 up to v2025.10.08.1 contained security vulnerabilities. These vulnerabilities were due to improper restrictions on authentication attempts and inadequate...

Broadcom Brocade Fabric OS 安全漏洞

Broadcom Brocade Fabric OS FOS is an embedded operating system used in switches and routers by Broadcom Corporation. Versions of Broadcom Brocade Fabric OS prior to 9.2.1c2 contained security vulnerabilities. These vulnerabilities stemmed from improper security configurations of authentication an...

Tenda W30E security vulnerabilities

The Tenda W30E is a router produced by the Chinese company Tenda. Versions of the Tenda W30E such as V2 and V16.01.0.195037 have security vulnerabilities. These vulnerabilities stem from the lack of rate limiting or account locking mechanisms in the authentication endpoints, which may lead to...

Arunna security vulnerabilities

Arunna is a social media framework developed by Arunna’s individual developer. Version 1.0.0 of Arunna contains security vulnerabilities; these vulnerabilities stem from the lack of authentication, which may lead to cross-site request forgery attacks, thereby manipulating user profile settings...

CVE-2023-40376

IBM UrbanCode Deploy UCD 7.1 - 7.1.2.12, 7.2 through 7.2.3.5, and 7.3 through 7.3.2.0 under certain configurations could allow an authenticated user to make changes to environment variables due to improper authentication controls. IBM X-Force ID: 263581...

CVE-2024-2384

The WooCommerce POS plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.4.11. This is due to the plugin not properly verifying the authentication and authorization of the current user This makes it possible for authenticated attackers, with...

JBL多款产品 安全漏洞

JBL Flip and JBL Pulse are both a range of Bluetooth audio from JBL USA. A security vulnerability exists in various JBL products that stems from improper authentication of BLE connection requests, which could result in a deadlock on affected devices. The following products are affected: JBL Flip ...

Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Information Disclosure Vulnerabilities

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. An information disclosure vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4, which is caused by incorrect...