Lucene search
K

56305 matches found

CNNVD
CNNVD
added 2026/02/04 12:0 a.m.7 views

HubSpot Jinjava 安全漏洞

HubSpot Jinjava is an application developed by a personal developer at HubSpot in the United States. It provides a Java-based template engine and Django template syntax, suitable for rendering Jinja templates. There were security vulnerabilities in versions of HubSpot Jinjava prior to 2.7.6 and...

9.8CVSS6AI score0.00889EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/02/04 12:0 a.m.6 views

Ubuntu 25.10 : CRaC JDK 17 vulnerabilities (USN-7997-1)

The remote Ubuntu 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7997-1 advisory. It was discovered that the RMI component of CRaC JDK 17 would establish RMI TCP endpoint connections to a remote host without setting an endpoint...

7.5CVSS6.6AI score0.00864EPSS
Exploits1References5
OpenVAS
OpenVAS
added 2026/02/04 12:0 a.m.6 views

Ubuntu: Security Advisory (USN-7997-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS5.4AI score0.00864EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/02/04 12:0 a.m.6 views

Ubuntu 25.10 : CRaC JDK 25 vulnerabilities (USN-7996-1)

The remote Ubuntu 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7996-1 advisory. It was discovered that the RMI component of CRaC JDK 25 would establish RMI TCP endpoint connections to a remote host without setting an endpoint...

7.5CVSS6.1AI score0.00864EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/02/03 5:52 p.m.14 views

JinJava Bypass through ForTag leads to Arbitrary Java Execution

Impact Vulnerability Type: Sandbox Bypass / Remote Code Execution Affected Component: Jinjava Affected Users: - Organizations using HubSpot's Jinjava template rendering engine for user-provided template content - Any system that renders untrusted Jinja templates using HubSpot's Jinjava...

9.8CVSS6.2AI score0.00889EPSS
Exploits1References7Affected Software1
RedHat Linux
RedHat Linux
added 2026/02/03 1:51 p.m.2 views

lz4-java: lz4-java: Information Disclosure via Insufficient Output Buffer Clearing

A flaw was found in lz4-java. This vulnerability allows disclosure of sensitive data via crafted compressed input due to insufficient clearing of the output buffer in Java-based decompressor implementations...

8.2CVSS5.9AI score0.00541EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/02/03 1:51 p.m.9 views

Important: Red Hat Security Advisory: JMC bug fix and enhancement update

An update for JDK Mission Control JMC is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. JDK Mission Control JMC is a powerful profiler for HotSpot JVMs and has an advanced set of tools that enables efficient and detailed analysis of the extensive data collected by JDK...

8.2CVSS7.1AI score0.00541EPSS
Exploits0References2
OSV
OSV
added 2026/02/03 11:37 a.m.6 views

CLSA-2026-1770118623 java-1.8.0-openjdk: Fix of CVE-2026-21945

Update to openjdk-shenandoah-jdk8u-shenandoah-jdk8u482-b03. - CVE-2026-21945: Security component vulnerability allowing unauthenticated attacker with network access to cause hang or crash DoS...

7.5CVSS6.6AI score0.00864EPSS
Exploits0References1
OSV
OSV
added 2026/02/03 10:51 a.m.12 views

CLSA-2026-1770115899 java-17-openjdk: Fix of 5 CVEs

Update to jdk-17.0.18+8 GA - CVE-2026-21925: improve JMX connections - CVE-2026-21933: improve HttpServer Request handling - CVE-2026-21945: enhance Certificate Checking - CVE-2025-64720: libpng: fix buffer overflow - CVE-2025-65018: libpng: fix heap buffer overflow...

7.5CVSS6.6AI score0.00864EPSS
Exploits6References1
SUSE Linux
SUSE Linux
added 2026/02/03 9:39 a.m.8 views

Security update for java-21-openjdk

This update for java-21-openjdk fixes the following issues: Update to upstream tag jdk-21.0.10+7 January 2026 CPU Security fixes: CVE-2026-21925: Fixed Oracle Java SE component RMI bsc1257034. CVE-2026-21932: Fixed Oracle Java SE component AWT and JavaFX bsc1257036. CVE-2026-21933: Fixed Oracle...

7.5CVSS5.4AI score0.00864EPSS
Exploits1References20
OSV
OSV
added 2026/02/03 9:39 a.m.5 views

SUSE-SU-2026:0363-1 Security update for java-21-openjdk

This update for java-21-openjdk fixes the following issues: Update to upstream tag jdk-21.0.10+7 January 2026 CPU Security fixes: - CVE-2026-21925: Fixed Oracle Java SE component RMI bsc1257034. - CVE-2026-21932: Fixed Oracle Java SE component AWT and JavaFX bsc1257036. - CVE-2026-21933: Fixed...

7.5CVSS5.8AI score0.00864EPSS
Exploits1References9
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/03 6:3 a.m.7 views

Security Bulletin: Vulnerabilities in IBM Semeru SDK (CVE-2025-53057, CVE-2025-53066) affect Power HMC.

Summary The IBM Semeru SDK is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-53057 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow a remote attacker to cause no...

7.5CVSS5.6AI score0.00633EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/02/03 12:0 a.m.4 views

OPENSUSE-SU-2026:10136-1 java-1_8_0-openjdk-1.8.0.482-1.1 on GA media

These are all security issues fixed in the java-180-openjdk-1.8.0.482-1.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS6.3AI score0.00864EPSS
Exploits1References4
Packet Storm News
Packet Storm News
added 2026/02/03 12:0 a.m.5 views

I Can't Believe It's Not a Valid Exploit

Recently Large Language Models LLMs have been used in security vulnerability detection tasks including generating proof-of-concept PoC exploits. A PoC exploit is a program used to demonstrate how a vulnerability can be exploited. Several approaches suggest that supporting LLMs with additional...

5.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/02/03 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-21945

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions...

7.5CVSS6.1AI score0.00864EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.10 views

PT-2026-6313

Name of the Vulnerable Software and Affected Versions JinJava versions prior to 2.7.6 JinJava versions prior to 2.8.3 Description JinJava is a Java-based template engine that uses django template syntax to render jinja templates. A flaw exists in the ForTag component that allows for arbitrary Jav...

10CVSS5.7AI score0.00889EPSS
Exploits1References19
Tenable Nessus
Tenable Nessus
added 2026/02/03 12:0 a.m.11 views

MiracleLinux 8 : java-21-openjdk-21.0.10.0.7-1.el8.ML.1 (AXSA:2026-129:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-129:02 advisory. JDK: Improve JMX connections CVE-2026-21925 JDK: Improve HttpServer Request handling CVE-2026-21933 JDK: Enhance Certificate Checking CVE-2026-21945...

7.5CVSS6.3AI score0.00864EPSS
Exploits6References6
Tenable Nessus
Tenable Nessus
added 2026/02/03 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-21932

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: AWT, JavaFX. Supported...

7.4CVSS6.5AI score0.00427EPSS
Exploits0References2
OSV
OSV
added 2026/02/03 12:0 a.m.4 views

OPENSUSE-SU-2026:10134-1 java-17-openj9-17.0.18.0-1.1 on GA media

These are all security issues fixed in the java-17-openj9-17.0.18.0-1.1 package on the GA media of openSUSE Tumbleweed...

6.1CVSS5.8AI score0.00261EPSS
Exploits1References2
OPENSUSE Linux
OPENSUSE Linux
added 2026/02/03 12:0 a.m.6 views

Security update for java-17-openjdk (important)

openSUSE security update: security update for java-17-openjdk ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20134-1 Rating: important References: bsc1255446 bsc1257034 bsc1257036 bsc1257037 bsc1257038 Cross-References: CVE-2026-21925 CVE-2026-2193...

7.5CVSS5.4AI score0.00864EPSS
Exploits1References5
Rows per page
Query Builder