Lucene search
K

849 matches found

Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-12856 Vscode-java: vscode: command injection vulnerability in the javadoc hover provider of the vscode-java extension

A flaw was found in the vscode-java extension, which provides Java language support for Visual Studio Code. The extension incorrectly trusts all Markdown content in JavaDoc hovers, allowing a malicious Java file to include hidden commands. If a user clicks a specially crafted link within a JavaDo...

8.8CVSS0.00297EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in snappy-java

Snappy-Java is a Java port of the snappy, a fast C++ compressor/decompressor developed by Google. It was found that the SnappyInputStream is vulnerable to Denial of Service DoS attacks when decompressing data with a too large chunk size. Due to a lack of a upper bound check on the chunk length, a...

7.5CVSS6.4AI score0.0104EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/19 10:52 a.m.6 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms (CVE-2026-22016, CVE-2026-22021, CVE-2026-22013, CVE-2026-22018, CVE-2026-34268, CVE-2026-22007)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 8 used by IBM Tivoli System Automation for Multiplatforms. Vulnerability Details CVEID:CVE-2026-22016 DESCRIPTION: Easily exploitable vulnerability allows unauthenticated attacker with network access via multip...

7.5CVSS5.8AI score0.00702EPSS
Exploits0Affected Software1
Rockylinux
Rockylinux
added 2026/05/30 6:3 p.m.21 views

jmc security update

An update is available for jmc. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list JDK Mission Control is a powerful profiler for HotSpot JVMs and has an advanced s...

9.1CVSS5.8AI score0.01127EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.18 views

PT-2026-37960

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerabilit...

3.7CVSS5.9AI score0.01473EPSS
Exploits0References7
vulnersOsv
vulnersOsv
added 2026/05/01 11:26 a.m.8 views

ai.h2o:sparkling-water-core_2.11 (>=3.46.0.1-1-2.3 <=3.46.0.6-1-2.4), ai.h2o:sparkling-water-core_2.12 (>=3.46.0.1-1-3.0 <=3.46.0.6-1-3.5) +762 more potentially affected by CVE-2026-42779 via org.apache.mina:mina-core (>=2.2.0 <=2.2.6)

org.apache.mina:mina-core MAVEN version =2.2.0, =3.46.0.1-1-2.3, =3.46.0.1-1-3.0, =3.46.0.1-1-2.3, =3.46.0.1-1-3.0, =3.46.0.1-1-2.3, =3.46.0.1-1-3.0, =3.46.0.1-1-2.3, =3.46.0.1-1-3.0, =1.5.4.RELEASE, =0.0.2, =3.0.0, =1.0.9, =1.6.9, =1.2.5, =1.1.7, =1.2.8 and more Source cves: CVE-2026-42779 Sourc...

9.8CVSS6.7AI score0.00902EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/04/26 3:10 p.m.7 views

cc.allio.uno:uno-data-db (>=1.1.9 <=1.2.1), cc.allio.uno:uno-test (>=1.1.9 <=1.2.1) +198 more potentially affected by CVE-2026-7045 via com.baomidou:dynamic-datasource-spring-boot-common (>=4.0.0-B1 <=4.5.0)

com.baomidou:dynamic-datasource-spring-boot-common MAVEN version =4.0.0-B1, =1.1.9, =1.1.9, =2024.1.1.0, =2023.5.1.0, =2022.5.0.0, =2022.4.1.0, =1.0.0-JDK21, =1.0.0-JDK21, =4.0.0, =4.0.0, =4.5.0 - com.baomidou:dynamic-datasource-spring-boot4-starter =4.5.0 and more Source cves: CVE-2026-7045 Sour...

6.5CVSS6.5AI score0.00237EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/23 5:56 p.m.12 views

Security Bulletin: IBM Guardium Data Protection is affected by multiple vulnerabilities

Summary IBM Guardium Data Protection has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by an easily exploitable vulnerability issue that allows an remote attacker to cause a hang or...

8.2CVSS6.5AI score0.00864EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.16 views

Amazon Corretto Java 17.x < 17.0.19.10.1 Multiple Vulnerabilities

The version of Amazon Corretto installed on the remote host is 17 prior to 17.0.19.10.1. It is, therefore, affected by multiple vulnerabilities as referenced in the corretto-17-2026-Apr-21 advisory. - An integer overflow in the ttvarloaditemvariationstore function of the Freetype library in...

7.5CVSS7.3AI score0.00702EPSS
Exploits0References8
Veracode
Veracode
added 2026/04/18 5:6 a.m.12 views

LDAP Injection

Bouncy Castle BC-JAVA is vulnerable to LDAP Injection.The vulnerability is due to improper sanitization of user-supplied input in the LDAPStoreHelper component, which allows an attacker to inject malicious LDAP queries and manipulate directory lookups or retrieve unauthorized data...

6.9CVSS5.2AI score0.00527EPSS
Exploits0References16Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/16 5:52 p.m.8 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in lz4-java-1.8.0.jar

Summary IBM Watson Discovery Cartridge affected by vulnerability in lz4-java-1.8.0.jar Vulnerability Details CVEID:CVE-2025-12183 DESCRIPTION: Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via...

8.8CVSS6AI score0.00647EPSS
Exploits0Affected Software1
vulnersOsv
vulnersOsv
added 2026/04/10 12:31 p.m.9 views

be.yildiz-games:module-messaging-activemq (=2.0.0), com.codbex.atlas:codbex-atlas-application (>=1.1.0 <=2.110.0) +111 more potentially affected by CVE-2026-39304 via org.apache.activemq:activemq-broker (>=6.0.0 <=6.2.3)

org.apache.activemq:activemq-broker MAVEN version =6.0.0, =1.1.0, =2.55.0, =1.0.5, =1.1.0, =1.1.0, =1.1.0, =0.2.0, =1.1.0, =0.2.2, =1.4.0, =2.2.0 and more Source cves: CVE-2026-39304 Source advisory: SNYK:JAVA-ORGAPACHEACTIVEMQ-15992455...

7.5CVSS5.7AI score0.00896EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/19 8:23 p.m.7 views

Security Bulletin: Communications Server (CS) for Data Center Deployment, CS for Linux, and CS for Linux on System z are affected by: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2024 - Includes Oracle October 2024 CPU plus CVE-2024-10917

Summary Communications Server CS for Data Center Deployment, CS for Linux, and CS for Linux on System z install a local Java JRE in its product directories. This JRE is used solely for the IBM Key Manager ikeyman tool which is called by the snakeyman script used for managing the SSL key database...

5.3CVSS7AI score0.01157EPSS
Exploits0Affected Software3
SUSE CVE
SUSE CVE
added 2026/03/11 5:30 p.m.2 views

SUSE CVE-2025-12183

Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input...

8.8CVSS5.9AI score0.00647EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/02 2:33 p.m.7 views

Security Bulletin: protobuf-java - CVE-2022-3171 fixed in Cloudera Data Platform Private Cloud Base 7.1.9

Summary Security Bulletin: protobuf-java - CVE-2022-3171 fixed in Cloudera Data Platform Private Cloud Base 7.1.9 Vulnerability Details CVEID:CVE-2022-3171 DESCRIPTION: A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to ...

7.5CVSS5.9AI score0.01048EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 4:52 p.m.8 views

Security Bulletin: Multiple vulnerabilities in IBM Rational Developer for i ( CVE-2025-48734, CVE-2025-53057)

Summary IBM Rational Developer for i is affected by an improper access control vulnerability in Apache Commons CVE-2025-48734 and an improper access control vulnerability in Java CVE-2025-53057 as described in the vulnerability details section. Vulnerability Details CVEID:CVE-2025-48734...

8.8CVSS6.2AI score0.01495EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/24 12:56 p.m.9 views

Security Bulletin: Vulnerabilities in IBM Java included with IBM Tivoli Composite Application Manager for Applications WebSphere MQ Monitoring Agent

Summary Vulnerabilities in IBM SDK Java Technology Edition that is shipped as part of agent framework in ITCAM for Applications WebSphere MQ Monitoring Agent. CVEs: CVE-2026-21945, CVE-2026-21932 Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service,...

7.5CVSS5.7AI score0.00864EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/16 3:12 p.m.15 views

Security Bulletin: File permission modification, improper access control, and other vulnerabilities might affect IBM Storage Defender - Resiliency Service

Summary IBM Storage Defender - Resiliency Service is vulnerable to file permission modification, improper access control, and others. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-24049 DESCRIPTION: wheel is a command line tool for manipulating Python wheel files, ...

8.8CVSS8.9AI score0.01495EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/10 9:15 a.m.14 views

Security Bulletin: Vulnerability in IBM® Java SDK affects IBM WebSphere Application Server and WebSphere Application Server Liberty shipped with IBM Guardium Key Lifecycle Manager (SKLM/GKLM)

Summary WebSphere Application Server and WebSphere Liberty is shipped as a component of IBM Guardium Key Lifecycle Manager SKLM/GKLM. Information about a security vulnerability affecting WebSphere Application Server and WebSphere Liberty has been published in a security bulletin. Vulnerability...

9.8CVSS5.4AI score0.00491EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2026/02/05 2:43 p.m.6 views

ongres-scram: Timing Attack Vulnerability in SCRAM Authentication

A timing attack vulnerability exists in the SCRAM Java implementation. The issue arises because Arrays.equals was used to compare secret values such as client proofs and server signatures. Since Arrays.equals performs a short-circuit comparison, the execution time varies depending on how many...

8.7CVSS5.9AI score0.00835EPSS
Exploits0References7
Rows per page
Query Builder