firefox: thunderbird: Incorrect boundary conditions in the Networking: JAR component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Networking: JAR component...

Security Bulletin: Multiple vulnerabilites in IBM Rational Build Forge.

Summary IBM Rational Build Forge 8.0.0.29 addresses multiple vulnerabilites Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions 0.30.2 and 1.12.0 runs on Node.js and i...

firefox: thunderbird: Same-origin policy bypass in the Networking: JAR component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the Networking: JAR component...

firefox: thunderbird: Incorrect boundary conditions in the Networking: JAR component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Networking: JAR component...

firefox: thunderbird: Incorrect boundary conditions in the Networking: JAR component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Networking: JAR component...

Exploit for Code Injection in Vmware Spring_Framework

🚨 CVE-2022-22965 - "Spring4Shell" !CVEhttps://img.shield...

GHSA-72HV-8253-57QQ vulnerabilities

Vulnerabilities for packages: wildfly, solr, confluent-kafka, scala, dependency-track, apicurio-registry, trino, logstash, tez, ruby4.0-jrjackson, airflow, kafka, neo4j, kserve-modelmesh, zipkin, management-api-for-apache-cassandra-5.0, infinispan, celeborn, spdx-tools-java, ruby3.2-jrjackson,...

GHSA-72HV-8253-57QQ vulnerabilities

Vulnerabilities for packages: scala, kafbat-ui, wso2is, apache-nifi-registry, apache-activemq-fips, camunda, nextflow, apache-tika-fips, logstash-fips, solr, tritonserver-backend-vllm-cuda-12.9, nacos, ontop, cassandra-fips, s3proxy, opensearch-fips, kayenta, zookeeper-fips, apache-hop, tez, nuxe...

PUB-A-416259739

In DeviceId of DeviceId.java, there is a possible desync in persistence due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

ASB-A-454062218

In enableSystemPackageLPw of Settings.java, there is a possible way to prevent location access from working due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

ASB-A-457742426

In executeRequest of ActivityStarter.java, there is a possible launch anywhere due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

ASB-A-418225717

In multiple functions of MediaProvider.java, there is a possible way to bypass the WRITEEXTERNALSTORAGE permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

Remote Code Execution (RCE)

mchange-commons-java is vulnerable to Remote Code Execution RCE. The vulnerability is due to its independent JNDI dereferencing implementation allowing remote factoryClassLocation values, which can cause the application to download and execute attacker-controlled code when processing a malicious...

OSV-2026-324 Security exception in java.base/java.util.Arrays.copyOfRange

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=488130836 Crash type: Security exception Crash state: java.base/java.util.Arrays.copyOfRange java.base/java.lang.StringUTF16.newString java.base/java.lang.StringBuilder.toString...

Security Bulletin: Multiple vulnerabilities in IBM Rational Developer for i ( CVE-2025-48734, CVE-2025-53057)

Summary IBM Rational Developer for i is affected by an improper access control vulnerability in Apache Commons CVE-2025-48734 and an improper access control vulnerability in Java CVE-2025-53057 as described in the vulnerability details section. Vulnerability Details CVEID:CVE-2025-48734...

Security Bulletin: IBM Enterprise Application Service for Java is affected by a remote code execution vulnerability in IBM WebSphere Application Server Liberty (CVE-2025-14914)

Summary IBM Enterprise Application Service for Java is affected by a remote code execution vulnerability in IBM WebSphere Application Server Liberty with the restConnector-1.0 or restConnector-2.0 feature enabled. Vulnerability Details CVEID:CVE-2025-14914 DESCRIPTION: IBM WebSphere Application...

Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms

Threat actors are luring unsuspecting users into running trojanized gaming utilities that are distributed via browsers and chat platforms to distribute a remote access trojan RAT. "A malicious downloader staged a portable Java runtime and executed a malicious Java archive JAR file named...

com.codbex.atlas:codbex-atlas-application (>=2.97.0 <=2.99.0), com.codbex.gaia:codbex-gaia-application (=2.73.0) +24 more potentially affected by CVE-2026-3293 via net.snowflake:snowflake-jdbc (>=4.0.0 <=4.0.1)

net.snowflake:snowflake-jdbc MAVEN version =4.0.0, =2.97.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.1.0, =5.1.0, =5.1.1 and more Source cves: CVE-2026-3293 Source advisory: SNYK:JAVA-NETSNOWFLAKE-15361271...

CVE-2026-3293

A weakness has been identified in snowflakedb snowflake-jdbc up to 4.0.1. Impacted is the function SdkProxyRoutePlanner of the file src/main/java/net/snowflake/client/internal/core/SdkProxyRoutePlanner.java of the component JDBC URL Handler. Executing a manipulation of the argument nonProxyHosts...

CVE-2026-3293

CVE-2026-3293 affects snowflake-bdb snowflake-jdbc up to 4.0.1, specifically the SdkProxyRoutePlanner (src/main/java/net/snowflake/client/internal/core/SdkProxyRoutePlanner.java) in the JDBC URL Handler. The vulnerability arises from manipulating the nonProxyHosts argument, which can cause ineffi...