USN-8339-1: OpenJDK 25 vulnerabilities

Thomas Beckers discovered that the JAXP component of OpenJDK 25 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of...

WordPress plugin WP Promoter 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

BIT-JRE-2020-14782

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multipl...

PT-2026-38724

Vulnerability in the Java SE product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 11.0.6 and 14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability c...

PT-2026-34805

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Versions 1.7 through 4.4.0 have an SQL injection vulnerability in the API routes inside the CMS responsible for Filtering DataSets. This allows an authenticated user to to...

CVE-2026-24060

Service information is not encrypted when transmitted as BACnet packets over the wire, and can be sniffed, intercepted, and modified by an attacker. Valuable information such as the File Start Position and File Data can be sniffed from network traffic using Wireshark's BACnet dissector filter. Th...

CVE-2026-1920 Booktics <= 1.0.16 - Missing Authorization to Addon Plugin Installation

The Booking Calendar for Appointments and Service Businesses – Booktics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ExtensionController::updateitempermissionscheck' function in all versions up to, and including, 1.0.16. This...

seerr 安全漏洞

Seerr is a media request and discovery manager developed by the Seerr Team. Versions of Seerr from 2.7.0 to 3.1.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of authorization checks, which could allow authenticated users to access and modify data of other users...

SourceCodester Customer Support System 安全漏洞

The SourceCodester Customer Support System is an open-source customer support system developed by SourceCodester. Version 1.0 of the SourceCodester Customer Support System contains security vulnerabilities. These vulnerabilities stem from the AJAX scheduler in the ajax.php file, which lacks...

IBM Watsonx.data 代码问题漏洞

IBM Watsonx.data is an open data lake platform developed by IBM. There were code vulnerabilities in versions 2.2 to 2.2.1 of IBM Watsonx.data. These vulnerabilities allowed privileged users to upload malicious files and execute them on the server, potentially leading to modifications to files or...

DEBIAN-CVE-2026-21932

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: AWT, JavaFX. Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17...

CVE-2026-21932

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: AWT, JavaFX. Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17...

CVE-2021-2254

Vulnerability in the Oracle Project Contracts product of Oracle E-Business Suite component: Hold Management. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Project Contracts...

CVE-2025-11164

The Mavix Education theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mavixeducationactivateplugin' AJAX action in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level acces...

CVE-2025-11815

The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the uipsavesiteoption function in all versions up to, and including, 3.5.08. This makes it possible for authenticate...

CVE-2025-53053

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

openjdk: Enhance certificate handling (Oracle CPU 2025-10)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracl...

EUVD-2002-0565

Malware in sbrugna...

EUVD-2021-11743

Malware in sbrugna...

EUVD-2021-16682

Malware in sbrugna...