Bouncy Castle Has Covert Timing Channel Vulnerability

Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all core modules. This vulnerability is associated with program files FrodoEngine.Java. This issue only affects users of the FrodoKEM algorithm involved in the decryption of encapsulations. This issue affects...

SUSE CVE-2025-14813

: Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all core modules. This vulnerability is associated with program files G3413CTRBlockCipher. This issue affects BC-JAVA: from 1.59 before 1.80.2, from 1.81 before 1.81.1, from 1.82...

SUSE CVE-2026-0636

Improper neutralization of special elements used in an LDAP query 'LDAP injection' vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all prov modules. This vulnerability is associated with program files LDAPStoreHelper. This issue affects BC-JAVA: from 1.74 before 1.80.2, from...

SUSE CVE-2026-3505

Allocation of resources without limits or throttling, Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpg on all pg modules. This vulnerability is associated with program files AEADEncDataPacket.Java, BcAEADUtil.Java, JceAEADUtil.Java,...

SUSE CVE-2026-5588

Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all pkix modules, Legion of the Bouncy Castle Inc. BCPKIX-FIPS bcpkix on All pkix modules, Legion of the Bouncy Castle Inc. BCPIX-LTS bcpkix on All pkix modules. This vulnerability...

SUSE CVE-2026-5598

Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all core modules. This vulnerability is associated with program files FrodoEngine.Java. This issue affects BC-JAVA: from 1.71 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84...

PT-2026-35073

Name of the Vulnerable Software and Affected Versions OpenTelemetry eBPF Instrumentation versions 0.4.0 through 0.7.x Description A flaw in the Java agent injection path allows a local attacker controlling a Java workload to overwrite arbitrary host files when Java injection is enabled and the...

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +7198 more potentially affected by CVE-2026-22745 via org.springframework:spring-core (>=7.0.0-M1 <=7.0.6)

org.springframework:spring-core MAVEN version =7.0.0-M1, =0.1.0, =0.1.0, =4.5.0, =4.7.11, =4.5.0, =4.5.0, =4.3.0, =4.3.0, =4.3.0, =4.7.0, =4.7.4, =4.7.4, =4.3.0, =4.7.0, =4.5.0, =4.6.0 and more Source cves: CVE-2026-22745 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORK-16109618...

com.flowlogix.depchain:shiro-jakarta (>=101 <=115), de.muehlencord.pf-adm:pf-adm-spring-boot-autoconfigure (=0.2.0) +6 more potentially affected by CVE-2026-41883 via org.omnifaces:omnifaces (>=5.0-M2 <=5.2.2)

org.omnifaces:omnifaces MAVEN version =5.0-M2, =101, =5.0-M2, =5.0-M2, =6.0.4, =6.0.4, =6.1.0-m4 Source cves: CVE-2026-41883 Source advisory: SNYK:JAVA-ORGOMNIFACES-16638690...

com.exactpro.sf:sailfish-frontend (>=3.2.1036 <=3.4.260), com.github.persapiens:jsf-bootsfaces-spring-boot-starter (>=1.6.0 <=1.7.3) +67 more potentially affected by CVE-2026-41883 via org.omnifaces:omnifaces (>=1.10 <=1.14.1)

org.omnifaces:omnifaces MAVEN version =1.10, =3.2.1036, =1.6.0, =1.7.0, =1.6.0, =1.7.0, =1.6.0, =1.7.0, =1.3.0, =1.2.0, =1.6.0, =1.7.0, =1.3.0, =1.0.0, =1.6.0, =1.7.0, =1.7.3 and more Source cves: CVE-2026-41883https://vulners.com...

EUVD-2026-23310

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below ship the legacy velocity-1.7.jar, which pulls in commons-collections-3.2.1.jar containing the InvokerTransformer deserialization gadget chain. Quartz 2.3.2, also bundled in the application, deserializ...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in lz4-java-1.8.0.jar

Summary IBM Watson Discovery Cartridge affected by vulnerability in lz4-java-1.8.0.jar Vulnerability Details CVEID:CVE-2025-12183 DESCRIPTION: Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via...

CLSA-2026-1775779143 java-11-openjdk: Fix of 5 CVEs

Upgrade to openjdk-11.0.30+7 GA. The following CVEs were fixed: - CVE-2026-21945: enhance Certificate Checking - CVE-2026-21933: improve HttpServer Request handling - CVE-2026-21925: improve JMX connections - CVE-2025-65018: fix LIBPNG heap buffer overflow - CVE-2025-64720: fix LIBPNG buffer...

Security Bulletin: Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition for Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint

Summary IBM SDK, Java Technology Edition Quarterly CPU - Oct 2025 - Includes vulnerablity fix for Java SE related to the JAXP component and Security component CVE-2026-21925 CVSS 4.8,CVE-2026-21932 CVSS 7.4,CVE-2026-21933 CVSS 6.1 and CVE-2026-21945 CVSS 7.5 Vulnerability Details...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses c3p0-0.11.2.jar and mchange-commons-java-0.3.2.jar which are vulnerable to CVE-2026-27830 and CVE-2026-27727.

Summary IBM Maximo Application Suite - Monitor Component uses c3p0-0.11.2.jar and mchange-commons-java-0.3.2.jar which are vulnerable to CVE-2026-27830 and CVE-2026-27727. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-27727 DESCRIPTION:...

Linux Distros Unpatched Vulnerability : CVE-2026-5598

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all core modules. This vulnerability is associated with program files...

SAP NetWeaver AS Java Code Injection (3719397)

The version of SAP NetWeaver Application Server Java detected on the remote host is affected by a code injection vulnerability as disclosed in the SAP Security Patch Day April 2026: - Due to a Code Injection vulnerability in SAP NetWeaver Application Server Java Web Dynpro Java, an unauthenticate...

ai.hyacinth.framework:core-service-admin-server (>=0.5.0 <=0.5.24), au.com.cybernostics:theme-tree (=0.9.0) +2936 more potentially affected by CVE-2026-40478 via org.thymeleaf:thymeleaf (>=3.0.0.ALPHA01 <=3.1.3.RELEASE)

org.thymeleaf:thymeleaf MAVEN version =3.0.0.ALPHA01, =0.5.0, =0.9.6, =0.9.6, =1.0.0, =0.0.1, =1.0.0, =1.0, =3.4.0, =5.6.5, =4.1.0, =4.1.0, =3.6.0, =5.0.0, =5.5.7 and more Source cves: CVE-2026-40478 Source advisory: SNYK:JAVA-ORGTHYMELEAF-16078379...

ai.hyacinth.framework:core-service-admin-server (>=0.5.0 <=0.5.24), au.org.consumerdatastandards:client-cli (>=1.1.1 <=2.4.1) +1473 more potentially affected by CVE-2026-40478 via org.thymeleaf:thymeleaf-spring5 (>=3.0.10.RELEASE <=3.1.3.RELEASE)

org.thymeleaf:thymeleaf-spring5 MAVEN version =3.0.10.RELEASE, =0.5.0, =1.1.1, =3.4.0, =5.6.5, =4.1.0, =4.1.0, =3.7.0, =3.7.0, =5.3.0, =6.2.0, =5.1.0, =6.8.0, =6.4.0, =5.3.0, =3.7.0, =5.5.7 and more Source cves: CVE-2026-40478 Source advisory: SNYK:JAVA-ORGTHYMELEAF-16078378...

best.skn:skn-spring-mail (>=1.0.0 <=2.4.0), ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=7.0.0 <=8.8.1) +746 more potentially affected by CVE-2026-40477 via org.thymeleaf:thymeleaf-spring6 (>=3.1.0.M1 <=3.1.3.RELEASE)

org.thymeleaf:thymeleaf-spring6 MAVEN version =3.1.0.M1, =1.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.6.0, =7.6.0, =7.0.0, =7.0.0, =8.8.1 and more Source cves: CVE-2026-40477 Source advisory: SNYK:JAVA-ORGTHYMELEAF-16078370...