409 matches found
CVE-2025-59952
MinIO Java SDK is a Simple Storage Service aka S3 client to perform bucket and object operations to any Amazon S3 compatible object storage service. In minio-java versions prior to 8.6.0, XML tag values containing references to system properties or environment variables were automatically...
com.datasqrl:sqrl-discovery (>=0.7.0 <=0.8.7), com.datasqrl:sqrl-planner (>=0.7.0 <=0.8.7) +20 more potentially affected by CVE-2025-59432 via com.ongres.scram:scram-common (>=3.0 <=3.1)
com.ongres.scram:scram-common MAVEN version =3.0, =0.7.0, =0.7.0, =0.7.0, =0.3.124, =0.3.124, =0.3.124, =0.3.124, =0.3.124, =0.3.124, =0.3.124, =0.3.124, =0.3.124, =1.0.0, =3.0, =2.4.0-RC1, =2.4.0-rc1 and more Source cves: CVE-2025-59432 Source advisory: SNYK:JAVA-COMONGRESSCRAM-12818392...
org.webjars.npm:bonjour (=3.5.0), org.webjars.npm:dns-packet (>=1.3.1 <=4.2.0) +10 more potentially affected by CVE-2024-29415 +1 more via org.webjars.npm:ip (>=1.1.5 <=2.0.0)
org.webjars.npm:ip MAVEN version =1.1.5, =1.3.1, =1.0.1, =6.2.3, =4.2.0, =1.1.10, =3.0.1, =4.0.2 - org.webjars.npm:splitsoftwaresplitio =10.8.4 Source cves: CVE-2024-29415, CVE-2025-59436 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-14101892...
ai.ancf.lmos-router:benchmarks (>=0.2.0 <=0.28.0), ai.ancf.lmos-router:lmos-router-hybrid (>=0.2.0 <=0.28.0) +21813 more potentially affected by CVE-2025-58057 via io.netty:netty-codec-http (>=4.0.0.Alpha1 <=4.1.124.Final)
io.netty:netty-codec-http MAVEN version =4.0.0.Alpha1, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.6.0 - ai.ancf.lmos:lmos-router-hybrid =0.1.0 - ai.ancf.lmos:lmos-router-hybrid-spring-boot-starter =0.1.0 - ai.ancf.lmos:lmos-router-llm =0.1.0 -...
[SECURITY] [DLA 4286-1] libcommons-lang3-java security update
Debian LTS Advisory DLA-4286-1 [email protected] https://www.debian.org/lts/security/ Daniel Leidert August 31, 2025 https://wiki.debian.org/LTS Package : libcommons-lang3-java Version : 3.11-1+deb11u1 CVE ID : CVE-2025-48924 Debian Bug : 1109125 A vulnerability has been discovered in...
CVE-2025-44033
SQL injection vulnerability in oasystem oasys v.1.1 allows a remote attacker to execute arbitrary code via the allDirector method declaration in src/main/java/cn/gson/oasys/mappers/AddressMapper.java...
ai.driftkit:driftkit-context-engineering-spring-ai-starter (>=0.6.0 <=0.8.7), ai.driftkit:driftkit-context-engineering-spring-boot-starter (>=0.5.0 <=0.8.7) +6124 more potentially affected by CVE-2025-8916 via org.bouncycastle:bcpkix-jdk18on (>=1.74 <=1.78.1)
org.bouncycastle:bcpkix-jdk18on MAVEN version =1.74, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.8.3, =0.8.3, =0.8.3, =0.5.0, =0.5.0, =3.10.0.5, =2025.01.23.182856-596558a, =2025.01.23.182856-596558a, =2024.09.04.130719-0ef52f0, =2025.05.02.222809-f712db2 and more Source cves: CVE-2025-8916 Source...
CVE-2025-8885
A resource exhaustion flaw has been discovered in the Bouncy Castle for Java library. The flaw exists because there was no practical limit on the size of an encoded ASN.1 Object Identifier OID, beyond the maximum size of an ASN1Object. While technically valid, this could be exploited by an attack...
cn.loyom.boot:loyom-boot-cache (=1.0.0-JDK21), cn.loyom.boot:loyom-boot-common (=1.0.0-JDK21) +156 more potentially affected by CVE-2025-8885 via org.bouncycastle:bcprov-lts8on (>=2.73.0 <=2.73.4)
org.bouncycastle:bcprov-lts8on MAVEN version =2.73.0, =2.73.4 is affected by a known vulnerability. The following packages have a transitive dependency on org.bouncycastle:bcprov-lts8on and may be impacted: - cn.loyom.boot:loyom-boot-cache =1.0.0-JDK21 - cn.loyom.boot:loyom-boot-common =1.0.0-JDK...
io.github.andrekurait.trafficcapture:dockerSolution (>=0.1.3 <=0.1.5), io.github.andrekurait.trafficcapture:trafficCaptureProxyServer (>=0.1.3 <=0.1.5) +6 more potentially affected by unknown CVE via org.opensearch.plugin:opensearch-security (=2.11.1.0)
org.opensearch.plugin:opensearch-security MAVEN version =2.11.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.opensearch.plugin:opensearch-security and may be impacted: - io.github.andrekurait.trafficcapture:dockerSolution =0.1.3, =0.1.3, =0.1....
ai.swim:swim-js (=3.10.0), ai.swim:swim-vm (=3.10.0) +3052 more potentially affected by CVE-2025-30749 via org.graalvm.sdk:graal-sdk (>=19.0.0 <=21.0.0.2)
org.graalvm.sdk:graal-sdk MAVEN version =19.0.0, =0.0.1, =0.1.5, =0.1.5, =0.0.2, =0.0.2, =1.5.1, =1.0.0, =1.0.2, =1.0.0, =1.0.2, =1.0.2, =1.1.4 and more Source cves: CVE-2025-30749 Source advisory: SNYK:JAVA-ORGGRAALVMSDK-11998139...
cv.igrp:igrp-core (>=1.7.3.230801 <=1.7.3.230802), eu.unicore.security:secutils-cxf (=3.4.3) +377 more potentially affected by CVE-2025-48795 via org.apache.cxf:cxf-core (>=3.6.0 <=3.6.5)
org.apache.cxf:cxf-core MAVEN version =3.6.0, =1.7.3.230801, =3.0-M3, =3.0-M3, =3.0-M3, =3.0-M3, =2.0, =4.4.6.hyte-24270, =4.4.6.hyte-24270, =4.4.6.hyte-24270, =4.4.6.hyte-24270, =3.0.5, =3.0.6 - net.tirasa.connid.bundles:net.tirasa.connid.bundles.servicenow =1.0.4 -...
cloud.genesys:web-messaging-sdk (>=3.0.0 <=5.0.0), cn.acooly:acooly-auth-wechat-authenticator (=5.2.1) +557 more potentially affected by CVE-2025-5878 via org.owasp.esapi:esapi (>=2.0GA <=2.6.2.0)
org.owasp.esapi:esapi MAVEN version =2.0GA, =3.0.0, =5.0.0 - cn.acooly:acooly-auth-wechat-authenticator =5.2.1 - cn.dceast.platform:platform-security-starter =2.2.3 - com.acooly:acooly-component-account =5.2.1 - com.acooly:acooly-component-app =5.2.1 - com.acooly:acooly-component-assetmgmt =5.2.1...
com.farao-community.farao:csa-runner-api (>=1.2.1 <=2.6.1), com.farao-community.farao:csa-runner-app (>=1.2.1 <=2.6.1) +268 more potentially affected by CVE-2025-48058 via com.powsybl:powsybl-commons (>=6.0.0-RC1 <=6.7.1)
com.powsybl:powsybl-commons MAVEN version =6.0.0-RC1, =1.2.1, =1.2.1, =4.6.1, =4.6.1, =4.6.0, =4.6.1, =4.6.0, =4.6.1, =4.6.1, =4.6.1, =4.6.1, =4.6.0, =4.6.1, =4.6.1, =4.6.1, =5.0.0 and more Source cves: CVE-2025-48058 Source advisory: SNYK:JAVA-COMPOWSYBL-10442140...
com.farao-community.farao:gridcapa-core-cc-app (>=1.0.4 <=1.22.0), com.farao-community.farao:gridcapa-core-cc-post-processing-app (>=1.0.3 <=1.19.0) +16 more potentially affected by CVE-2025-48058 via com.powsybl:powsybl-entsoe-util (>=6.0.0-RC1 <=6.7.1)
com.powsybl:powsybl-entsoe-util MAVEN version =6.0.0-RC1, =1.0.4, =1.0.3, =1.10.0, =1.21.1, =1.21.1, =1.21.1, =1.12.0, =5.3.0, =6.0.0, =2.6.0, =2.6.0, =1.5.0, =1.5.0, =1.5.0, =2023.3.0, =2025.0.0 and more Source cves: CVE-2025-48058 Source advisory: SNYK:JAVA-COMPOWSYBL-10442142...
org.webjars:angular-markdown-directive (=0.3.0) potentially affected by CVE-2025-2336 via org.webjars:angular-sanitize (=1.2.16)
org.webjars:angular-sanitize MAVEN version =1.2.16 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars:angular-sanitize and may be impacted: - org.webjars:angular-markdown-directive =0.3.0 Source cves: CVE-2025-2336 Source advisory:...
org.webjars.npm:image-thumbnail (=1.0.15), org.webjars.npm:pkg-fetch (=3.4.2) +3 more potentially affected by CVE-2025-48387 via org.webjars.npm:tar-fs (=2.1.1)
org.webjars.npm:tar-fs MAVEN version =2.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:tar-fs and may be impacted: - org.webjars.npm:image-thumbnail =1.0.15 - org.webjars.npm:pkg-fetch =3.4.2 - org.webjars.npm:prebuild-install =7.1...
USN-7525-2 Tomcat vulnerability
USN-7525-1 fixed CVE-2025-24813 for tomcat9 in Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 18.04 LTS. This update fixes it for tomcat9 in Ubuntu 24.04 LTS, Ubuntu 24.10, and Ubuntu 25.10. These versions include only the tomcat library libtomcat9-java and not the full tomcat server stack...
com.ibeetl:iotdb (>=3.1.3-RELEASE <=3.1.4-RELEASE), io.edurt.datacap.plugin.jdbc:datacap-plugin-jdbc-iotdb (>=1.3.0 <=1.5.0) +22 more potentially affected by CVE-2025-26795 via org.apache.iotdb:iotdb-jdbc (>=0.10.0 <=1.3.4-1)
org.apache.iotdb:iotdb-jdbc MAVEN version =0.10.0, =3.1.3-RELEASE, =1.3.0, =1.6.0, =2024.4.0, =8.6.5-20231023, =0.13.0, =0.14.0-preview2, =0.10.0, =0.8.0, =0.12.0, =0.8.0, =0.8.0, =0.13.0, =0.9.0, =0.8.0, =1.3.2 and more Source cves: CVE-2025-26795 Source advisory: SNYK:JAVA-ORGAPACHEIOTDB-101761...
ant bug fix update
An update is available for byte-buddy, jzlib, xerces-j2, xz-java, xml-commons-apis, jdepend, regexp, jakarta-mail, junit5, assertj-core, univocity-parsers, jakarta-oro, objectweb-asm, hamcrest, opentest4j, ant, antlr, apache-commons-logging, junit, xml-commons-resolver, jsch, bcel,...