Lucene search
K

2006 matches found

IBM Security Bulletins
IBM Security Bulletins
added 5 days ago3 views

Security Bulletin: IBM i is Affected by Multiple Vulnerabilities in IBM Java SDK and IBM Java Runtime [CVE-2026-22016, CVE-2026-22021, CVE-2026-22013, CVE-2026-22018, CVE-2026-34268, CVE-2026-22007]

Summary IBM SDK Java Technology Edition and IBM Runtime Environment Java used by IBM i to support the building and running of Java applications are vulnerable to partial denial-of-service DoS CVE-2026-22021, CVE-2026-22018 and unauthorized access to data CVE-2026-22016, CVE-2026-22013,...

7.5CVSS6.4AI score0.00702EPSS
Exploits0Affected Software5
OSV
OSV
added 2026/07/06 8:3 a.m.4 views

PYSEC-2026-784 Microsoft: CBC Padding Oracle in Azure Blob Storage Encryption Library

Summary The Azure Storage Encryption library in Java and other languages is vulnerable to a CBC Padding Oracle attack, similar to CVE-2020-8911. The library is not vulnerable to the equivalent of CVE-2020-8912, but only because it currently only supports AES-CBC as encryption mode. Severity...

4.7CVSS6.4AI score0.00521EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/25 7:40 p.m.11 views

Security Bulletin: Multiple vulnerabilities in IBM® SDK Java™ affect IBM Cloud Pak System

Summary Multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition were addressed in IBM Cloud Pak System version 2.3.6.1. Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerability in Java SE component: Hotspot. Difficult to exploit vulnerability allows unauthenticated attacke...

8.1CVSS6.9AI score0.01157EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/24 11:13 p.m.3 views

Security Bulletin: Multiple Vulnerabilities in IBM® SDK, Java™ Technology affect IBM Cloud Pak System

Summary Multiple Vulnerabilities have been found in IBM® SDK, Java™ Technology that is shipped with IBM Cloud Pak System. IBM Cloud Pak System has addressed these vulnerabilities as per the IBM® SDK, Java™ Technology April 2026 in IBM Cloud Pak System 2.3.5.1. Vulnerability Details...

7.5CVSS6.5AI score0.00864EPSS
Exploits1Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 7:26 a.m.3 views

Security Bulletin: Multiple Vulnerabilities of IBM Java SDK affect VMware Agent from IBM Tivoli Monitoring for Virtual Environments.

Summary IBM java SDK is used by VMware Agent from IBM Tivoli Monitoring for Virtual Environments. Vulnerability Details CVEID:CVE-2026-22016 DESCRIPTION: Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful...

7.5CVSS5.9AI score0.00702EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/19 10:55 a.m.7 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager (CVE-2026-22016, CVE-2026-22021, CVE-2026-22013, CVE-2026-22018, CVE-2026-34268, CVE-2026-22007)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition used by IBM Tivoli System Automation Application Manager. Vulnerability Details CVEID:CVE-2026-22016 DESCRIPTION: Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protoco...

7.5CVSS5.8AI score0.00702EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/16 4:18 p.m.5 views

Security Bulletin: Db2 Query Management Facility is vulnerable to IBM SDK, Java Technology Edition Quarterly CPU - Apr 2026 - Includes Oracle April 2026 CPU

Summary Db2 Query Management Facility is vulnerable to IBM SDK, Java Technology Edition Quarterly CPU - Apr 2026 - Includes Oracle April 2026 CPU plus CVE-2026-22016, CVE-2026-22021, CVE-2026-22013, CVE-2026-22018, CVE-2026-34268, and CVE-2026-22007 Vulnerability Details CVEID:CVE-2026-22016...

7.5CVSS5AI score0.00702EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.19 views

CVE-2026-50076

Deserialization of Untrusted Data in the Java replace-resolve path in Apache Fory fory-core Java SDK before 1.1.0 on Java/JVM platforms allows a remote attacker to bypass class registration, TypeChecker, and DisallowedList checks and invoke classpath-present readResolve/readExternal hooks via...

9.1CVSS5.5AI score0.0052EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.10 views

CVE-2026-35568

MCP Java SDK is the official Java SDK for Model Context Protocol servers and clients. Prior to 1.0.0, the java-sdk contains a DNS rebinding vulnerability. This vulnerability allows an attacker to access a locally or network-private java-sdk MCP server via a victims browser that is either local, o...

7.6CVSS5.4AI score0.00136EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 4:9 p.m.8 views

CVE-2026-50076

Deserialization of Untrusted Data in the Java replace-resolve path in Apache Fory fory-core Java SDK before 1.1.0 on Java/JVM platforms allows a remote attacker to bypass class registration, TypeChecker, and DisallowedList checks and invoke classpath-present readResolve/readExternal hooks via...

9.1CVSS5.8AI score0.0052EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.24 views

PT-2026-46269

Name of the Vulnerable Software and Affected Versions Apache Fory fory-core versions prior to 1.1.0 Description Deserialization of untrusted data in the Java replace-resolve path on Java/JVM platforms allows a remote attacker to bypass class registration, TypeChecker, and DisallowedList checks. B...

9.1CVSS5.5AI score0.0052EPSS
Exploits0References8
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/02 4:22 p.m.32 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Service Registry and Repository due to April 2026 CPU

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, used by WebSphere Service Registry and Repository. These issues were disclosed as part of the IBM Java SDK updates in April 2026. These issues are also addressed by WebSphere Application Server shipped with WebSphere...

7.5CVSS7.2AI score0.00702EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/22 3:39 p.m.10 views

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple vulnerabilities due to IBM Java SDK

Summary There are multiple vulnerabilities in IBM Java SDK, Java Technology Edition used by IBM App Connect Enterprise and IBM Integration Bus for z/OS . Vulnerability Details CVEID:CVE-2026-22016 DESCRIPTION: Easily exploitable vulnerability allows unauthenticated attacker with network access vi...

7.5CVSS7.2AI score0.00702EPSS
Exploits0Affected Software2
vulnersOsv
vulnersOsv
added 2026/05/19 3:47 p.m.6 views

io.debezium:debezium-platform-conductor (>=3.5.0.CR1 <=3.6.0.Beta1), io.jenkins.plugins:jobcacher-oras-storage (>=8.vc4686b_899f53 <=144.vb_727c9b_7d229) +9 more potentially affected by unknown CVE via land.oras:oras-java-sdk (>=0.2.0 <=0.6.1)

land.oras:oras-java-sdk MAVEN version =0.2.0, =3.5.0.CR1, =8.vc4686b899f53, =0.2.0-4.vc50576b371f6, =7.v5b3e89ff2fca, =8.v5d229eba22c5, =5.v2bc0b458b8b2, =0.0.1, =0.0.1, =0.2.0, =0.2.0, =0.1.0, =0.1.1 Source cves: unknown CVE Source advisory: OSV:GHSA-XM96-GFJX-JCRC...

5.5AI score
Exploits0
Cvelist
Cvelist
added 2026/05/12 4:58 p.m.38 views

CVE-2026-33117 Azure SDK for Java Security Feature Bypass Vulnerability

...

9.1CVSS0.00479EPSS
Exploits0References1
OSV
OSV
added 2026/05/11 5:40 a.m.6 views

BIT-HYPERLEDGER-FABRIC-ORDERER-2026-41586 ObjectInputStream.readObject() without ObjectInputFilter in fabric-sdk-java allows Java deserialization RCE

Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. From versions 1.0.0 to 2.2.26, Channel.java implements readObject and exposes deSerializeChannel which call ObjectInputStream.readObject on untrusted byte arrays without...

9.3CVSS5.8AI score0.0041EPSS
Exploits0References3
NVD
NVD
added 2026/05/05 4:16 p.m.11 views

CVE-2026-7411

In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted fileName parameter during a file upload operation, an...

10CVSS0.03678EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/05 2:15 p.m.7 views

CVE-2026-7412

In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated remote attacker can exploit this design flaw to force the BaSyx server to execute blind HTTP POST requests to...

8.6CVSS6.1AI score0.00516EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/04 2:25 p.m.6 views

Security Bulletin: Vulnerability in Apache Avro Java SDK affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Apache Avro Java SDK has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

7.3CVSS7.1AI score0.00602EPSS
Exploits0Affected Software2
vulnersOsv
vulnersOsv
added 2026/04/17 6:31 p.m.7 views

ai.rev.speechtotext:revai-java-sdk-speechtotext (>=1.0.0 <=1.4.0), ai.rev:revai-java-sdk (>=2.1.0 <=2.5.0) +13 more potentially affected by CVE-2026-3505 via org.bouncycastle:bcpg-jdk15 (>=1.45 <=1.46)

org.bouncycastle:bcpg-jdk15 MAVEN version =1.45, =1.0.0, =2.1.0, =1.0.Alpha1, =0.0.1, =1.2-2, =1.3-2, =1.2-2, =1.2-2, =0.0.2, =1.0, =1.1 Source cves: CVE-2026-3505 Source advisory: OSV:GHSA-CJ8J-37RH-8475...

8.7CVSS5.8AI score0.00758EPSS
Exploits0
Rows per page
Query Builder