CVE-2026-50076 Apache Fory: Java ReplaceResolverSerializer deserialization checks bypass

Deserialization of Untrusted Data in the Java replace-resolve path in Apache Fory fory-core Java SDK before 1.1.0 on Java/JVM platforms allows a remote attacker to bypass class registration, TypeChecker, and DisallowedList checks and invoke classpath-present readResolve/readExternal hooks via...

CVE-2026-50076

CVE-2026-50076 affects the Apache Fory fory-core Java SDK before 1.1.0 on Java/JVM. The issue is a deserialization flaw in the Java replace-resolve path that allows a remote attacker to bypass class registration, TypeChecker, and DisallowedList checks and to invoke classpath-present readResolve/r...

ruby4.0 security update

An update is available for ruby4.0. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Ruby is the interpreted scripting language for quick and easy object-oriente...

RLSA-2026:20606 Important: ruby4.0 security update

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible. Security Fixes: ruby/json: Ruby JSON: Denial of Service or Informatio...

Linux Distros Unpatched Vulnerability : CVE-2026-47065

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy Assessment: Fully addressed. When the serialised stream...

CVE-2026-47065 Apache MINA: Critical Deserialization Allow-list Bypass via resolveProxyClass - ZDRES-232

ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy Assessment: Fully addressed. When the serialised stream contains a TCPROXYCLASSDESC the marker for a java.lang.reflect.Proxy , JDK’s ObjectInputStream.readProxyDesc is dispatched. JDK then calls...

PT-2026-45913

Name of the Vulnerable Software and Affected Versions Java affected versions not specified Description Two issues exist regarding Java deserialization filters. First, a filter bypass occurs when a serialized stream contains a TC PROXYCLASSDESC marker for a java.lang.reflect.Proxy. In this case,...

RLSA-2026:20596 Important: ruby:4.0 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: ruby/json: Ruby JSON: Denial of Service or Information Disclosure via format string injection CVE-2026-33210 erb: ERB: Arbitrary...

CVE-2026-9828 Logback deserialization whitelist bypass for java.lang and java.util

Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core HardenedObjectInputStream logback-core modules allows Object Injection albeit heavily restricted. More precisely, an attacker able to influence serialized data sent to SimpleSocketServer or SimpleSSLSocketServer c...

AlmaLinux 9 : ruby:4.0 (ALSA-2026:20596)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:20596 advisory. ruby/json: Ruby JSON: Denial of Service or Information Disclosure via format string injection CVE-2026-33210 erb: ERB: Arbitrary code execution via...

RHEL 10 : ruby4.0 (RHSA-2026:20606)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:20606 advisory. Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and ...

RHEL 9 : ruby (RHSA-2026:20670)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:20670 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management task...

Oracle Linux 8 : ruby:3.3 (ELSA-2026-20614)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-20614 advisory. - Fix arbitrary code execution via deserialization bypass in ERB. CVE-2026-41316 Resolves: RHEL-171247 rubygem-abrt Tenable has extracted the preceding...

RLSA-2026:20614 Important: ruby:3.3 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: erb: ERB: Arbitrary code execution via deserialization bypass CVE-2026-41316 For more details about the security issues, including...

Important: Red Hat Security Advisory: ruby:4.0 security update

An update for the ruby:4.0 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: ruby4.0 security update

An update for ruby4.0 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

ruby:3.3 security update

ruby 3.3.10-6 - Fix arbitrary code execution via deserialization bypass in ERB. CVE-2026-41316 Resolves: RHEL-171247 rubygem-abrt 0.4.0-1 - Update to abrt 0.4.0. Resolves: rhbz1842476 rubygem-mysql2 0.5.5-1 - Upgrade to mysql2 0.5.5. Related: RHEL-17090 rubygem-pg 1.5.4-1 - Upgrade to pg 1.5.4...

Important: ruby:4.0 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: ruby/json: Ruby JSON: Denial of Service or Information Disclosure via format string injection CVE-2026-33210 erb: ERB: Arbitrary...

ALSA-2026:20596 Important: ruby:4.0 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: ruby/json: Ruby JSON: Denial of Service or Information Disclosure via format string injection CVE-2026-33210 erb: ERB: Arbitrary...

Important: ruby:3.3 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: erb: ERB: Arbitrary code execution via deserialization bypass CVE-2026-41316 For more details about the security issues, including...