Improper Validation of Specified Quantity in Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input in the LDAP federation BER decoder. An attacker can cause the Java Virtual Machine to terminate and disrupt service availability by sending a malformed LDAP password-policy response...

A Bootiful Podcast: Microsoft's Martijn Verburg

Hi Spring fans! In this installment, I talk to my friend from JClarity and Microsoft fame, fellow Java champion, and Java guru Martijn Verburg ai microsoft java jclarity performance...

CVE-2026-38807

Insecure Permissions vulnerability in kvf-admin v1.0.0 allows a remote attacker to escalate privileges via the UserController.java component...

CVE-2025-69600

Command injection in Raynet rvia RayVentory Scan Engine 12.6 Update 8 and previous versions allows adversaries to execute commands via getconfig, upload, inventory, and oracle options...

CVE-2026-38945

Command injection in Raynet rvia version 12.6 Update 8 and previous versions allows adversaries to execute arbitrary code via a crafted path that matches the improperly terminated search criteria of rvia's Java search using the find command...

firefox: Integer overflow in the Networking: JAR component

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Integer overflow in the Networking: JAR component...

firefox: Integer overflow in the Networking: JAR component

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Integer overflow in the Networking: JAR component...

firefox: Integer overflow in the Networking: JAR component

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Integer overflow in the Networking: JAR component...

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in IBM Semeru Runtime Quarterly CPU - Apr 2026

Summary IBM Sterling Control Center is affected by vulnerabilities CVE-2026-34282, CVE-2026-22016, CVE-2026-23865, CVE-2026-22021, CVE-2026-22013, CVE-2026-22018, CVE-2026-22008, CVE-2026-34268, CVE-2026-22007, CVE-2026-6918 reported for IBM Semeru Runtime Quarterly CPU - Apr 2026 - Includes...

USN-8322-1 commons-beanutils vulnerability

It was discovered that Apache Commons BeanUtils incorrectly allowed access to the declaredClass property of Java enum objects when handling externally supplied property paths. An attacker could possibly use this issue to execute arbitrary code...

Security Bulletin: IBM Engineering Lifecycle Management - Engineering Test management is impacted by vulnerabilities in Eclipse Paho Java client library

Summary A vulnerability has been identified in Eclipse Paho Java client library, which is used in IBM Engineering Lifecycle Management - Engineering Test management Vulnerability Details CVEID:CVE-2019-11777 DESCRIPTION: In the Eclipse Paho Java client library version 1.2.0, when connecting to an...

Multiple Vulnerabilities in Cosminexus

Overview Cosminexus Developer's Kit for JavaTM and Hitachi Developer's Kit for Java contain the following vulnerabilities: CVE-2026-22007, CVE-2026-22013, CVE-2026-22016, CVE-2026-22018, CVE-2026-22021, CVE-2026-23865, CVE-2026-34268, CVE-2026-34282 Impact Regarding the impact of the vulnerabilit...

Yamcs Vulnerable to Server-Side Code Injection (RCE) via Janino Expression Engine in `JavaExprAlgorithmExecutionFactory`

Summary A Server-Side Code Injection vulnerability exists in the Yamcs algorithm evaluation engine org.yamcs.algorithms.JavaExprAlgorithmExecutionFactory. The application dynamically compiles and evaluates user-controlled algorithm text without enforcing a secure sandbox. An authenticated user wi...

RayVentory Scan Engine 安全漏洞

RayVentory Scan Engine is a network scanning engine developed by the German company RayVentory, designed for automatically discovering and collecting IT asset information. Versions of RayVentory Scan Engine 12.6 Update 8 and earlier contained security vulnerabilities. These vulnerabilities stemme...

CVE-2026-38945

Raynet rvia 12.6 Update 8 and earlier versions are affected by a command injection due to improper termination of search criteria in Java-based search using the find command. This allows an adversary with local access to execute arbitrary code via a crafted path. The CVSS base score is 7.8 (HIGH)...

CVE-2026-38945

Command injection in Raynet rvia version 12.6 Update 8 and previous versions allows adversaries to execute arbitrary code via a crafted path that matches the improperly terminated search criteria of rvia's Java search using the find command...

CVE-2026-38945

Command injection in Raynet rvia version 12.6 Update 8 and previous versions allows adversaries to execute arbitrary code via a crafted path that matches the improperly terminated search criteria of rvia's Java search using the find command...

RayVentory Scan Engine 安全漏洞

RayVentory Scan Engine is a network scanning engine developed by the German company RayVentory, designed for automatically discovering and collecting IT asset information. Version 12.6.4392.49 of the RayVentory Scan Engine contains a security vulnerability. This vulnerability stems from parameter...

PT-2026-44161

Name of the Vulnerable Software and Affected Versions Yamcs versions 4.7.3 through 5.12.6 Description The Nashorn ScriptEngine used to evaluate user-supplied algorithm text is constructed without a ClassFilter. This allows a user with the ChangeMissionDatabase privilege to execute arbitrary Java...

CVE-2025-69600

Command injection in Raynet rvia 12.6.4392.49-amd64.deb allows adversaries to execute commands via getconfig, and upload through the URL argument, and oracle through the -o flag The Supplier's perspective is that this is caused by Argument Injection in the find command query in rvia 12.6.4392.49...