56259 matches found
Security Bulletin: IBM SPSS Statistics Java SE Vulnerability Updates
Summary Denial of service, unauthorized access and buffer size vulnerabilities have been addressed. Addresses Java CVEs: CVE-2026-21945, CVE-2026-21932, CVE-2026-21933, CVE-2026-21925, CVE-2026-1188, CVE-2025-2900 and CVE-2025-4447. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE ...
GHSA-XCFG-FCR5-GW9R Geyser Vulnerable to Server-Side Request Forgery (SSRF) via Player Head Texture URL in Geyser
Summary A server-side request forgery SSRF vulnerability exists in Geyser’s handling of Bedrock player head texture data. By supplying a crafted Base64-encoded skin texture URL via the /give command, an attacker can cause the Minecraft server to issue arbitrary HTTP GET requests to...
GHSA-GX3V-WXFJ-8H24 Eclipse BaSyx Java Server SDK vulnerable to Server-Side Request Forgery
In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated remote attacker can exploit this design flaw to force the BaSyx server to execute blind HTTP POST requests to...
SUSE-SU-2026:21551-1 Security update for java-21-openjdk
This update for java-21-openjdk fixes the following issues: Update to upstream tag jdk-21.0.11+10 April 2026 CPU. Security issues fixed: - CVE-2026-22007: Security: unauthenticated attacker with logon to the infrastructure where java executes can gain unauthorized read access to a subset of...
org.eclipse.digitaltwin.basyx:basyx.submodelrepository-backend-inmemory (=2.0.0-milestone-01), org.eclipse.digitaltwin.basyx:basyx.submodelrepository-backend-mongodb (=2.0.0-milestone-01) +7 more potentially affected by CVE-2026-7411 via org.eclipse.digitaltwin.basyx:basyx.submodelservice-core (=2.0.0-milestone-01)
org.eclipse.digitaltwin.basyx:basyx.submodelservice-core MAVEN version =2.0.0-milestone-01 is affected by a known vulnerability. The following packages have a transitive dependency on org.eclipse.digitaltwin.basyx:basyx.submodelservice-core and may be impacted: -...
CVE-2026-7411
In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted fileName parameter during a file upload operation, an...
CVE-2026-7412
In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated remote attacker can exploit this design flaw to force the BaSyx server to execute blind HTTP POST requests to...
CVE-2026-7411
In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted fileName parameter during a file upload operation, an...
UBUNTU-CVE-2026-7411
In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted fileName parameter during a file upload operation, an...
UBUNTU-CVE-2026-7412
In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated remote attacker can exploit this design flaw to force the BaSyx server to execute blind HTTP POST requests to...
OPENSUSE-SU-2026:20681-1 Security update for java-21-openjdk
This update for java-21-openjdk fixes the following issues: Update to upstream tag jdk-21.0.11+10 April 2026 CPU. Security issues fixed: - CVE-2026-22007: Security: unauthenticated attacker with logon to the infrastructure where java executes can gain unauthorized read access to a subset of...
OPENSUSE-SU-2026:20680-1 Security update for java-17-openjdk
This update for java-17-openjdk fixes the following issues: Upgrade to upstream tag jdk-17.0.19+10 April 2026 CPU. Security issues fixed: - CVE-2026-22007: Security: unauthenticated attacker with logon to the infrastructure where java executes can gain unauthorized read access to a subset of...
SUSE-SU-2026:21552-1 Security update for java-17-openjdk
This update for java-17-openjdk fixes the following issues: Upgrade to upstream tag jdk-17.0.19+10 April 2026 CPU. Security issues fixed: - CVE-2026-22007: Security: unauthenticated attacker with logon to the infrastructure where java executes can gain unauthorized read access to a subset of...
CVE-2026-7412
In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated remote attacker can exploit this design flaw to force the BaSyx server to execute blind HTTP POST requests to...
CVE-2026-7412
In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated remote attacker can exploit this design flaw to force the BaSyx server to execute blind HTTP POST requests to...
CVE-2026-7412
CVE-2026-7412 affects Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10. The Operation Delegation feature fails to validate the destination URI of delegated requests, enabling an unauthenticated remote attacker to coerce the BaSyx server into performing blind HTTP POSTs to arbitr...
CVE-2026-7411
In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted fileName parameter during a file upload operation, an...
CVE-2026-7411
In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted fileName parameter during a file upload operation, an...
CVE-2026-7411
In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted fileName parameter during a file upload operation, an...
EUVD-2023-60563
Eclipse Equinox OSGi versions 3.8 through 3.18 contain a remote code execution vulnerability in the console interface that allows unauthenticated attackers to execute arbitrary code by exploiting the fork command functionality. Attackers can establish a telnet connection to the OSGi console,...