Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition for IBM Content Collector for SAP Applications

Summary Multiple Vulnerabilities were disclosed as part of the Oracle April 2026 Critical Patch Update. Vulnerability Details CVEID:CVE-2026-22016 DESCRIPTION: Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE...

Exploit for Improper Input Validation in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

🚀 Automated Log4Shell CVE-2021-44228 Play & Plug Lab An aut...

PT-2026-41592

A security vulnerability has been detected in linlinjava litemall up to 1.8.0. Affected by this vulnerability is the function backup/load of the file litemall-db/src/main/java/org/linlinjava/litemall/db/util/DbUtil.java of the component Database Setting Handler. The manipulation of the argument...

HAPI FHIR: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint

All implementations of FHIRPathEngine accept arbitrary FHIRPath expressions and evaluate them without input validation. The FHIRPath functions matches, matchesFull, and replaceMatches pass user-controlled regular expressions directly to Java's Pattern.compile and String.replaceAll without...

Joern 4.0.540

Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...

PT-2026-41787

Name of the Vulnerable Software and Affected Versions OpenTelemetry eBPF Instrumentation versions prior to 0.9.0 Description A memory leak exists in the custom CappedConcurrentHashMap used for Java TLS state tracking. The remove function deletes entries from the map but fails to remove the...

PT-2026-41788

Name of the Vulnerable Software and Affected Versions OpenTelemetry eBPF Instrumentation versions prior to 0.9.0 Description The Java TLS ioctl probe incorrectly uses the bpf probe read function instead of bpf probe read user when reading user-controlled ioctl pointers. This occurs within the do...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: google-oauth-java-client (UTSA-2026-021484)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021484 advisory. The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid...

Incorrect Privilege Assignment

Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment in the pre-auth logic that enables an attacker to activate the default-disabled POJO import feature. The attacker can then upload and import a malicious Java POJO leading to execution of arbitrary code by...

Incorrect Privilege Assignment

Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment in the pre-auth logic that enables an attacker to activate the default-disabled POJO import feature. The attacker can then upload and import a malicious Java POJO leading to execution of arbitrary code by...

PublicCMS 安全漏洞

PublicCMS is an open-source content management system CMS developed by PublicCMS Company in China using the Java language. Version Sanluan PublicCMS 5.202506.d contains a security vulnerability. This vulnerability stems from the improper handling of the templateContent parameter in the execute...

java-25-openj9-25.0.3.0-2.1 on GA media (moderate)

java-25-openj9-25.0.3.0-2.1 on GA media Announcement ID: openSUSE-SU-2026:10792-1 Rating: moderate Cross-References: CVE-2026-1188 CVSS scores: CVE-2026-1188 SUSE : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can...

java-17-openj9-17.0.19.0-2.1 on GA media (moderate)

java-17-openj9-17.0.19.0-2.1 on GA media Announcement ID: openSUSE-SU-2026:10789-1 Rating: moderate Cross-References: CVE-2026-1188 CVSS scores: CVE-2026-1188 SUSE : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can...

java-1_8_0-openj9-1.8.0.492-2.1 on GA media (moderate)

java-180-openj9-1.8.0.492-2.1 on GA media Announcement ID: openSUSE-SU-2026:10790-1 Rating: moderate Cross-References: CVE-2026-1188 CVSS scores: CVE-2026-1188 SUSE : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Tumbleweed An update that solves one vulnerability ca...

java-21-openj9-21.0.11.0-2.1 on GA media (moderate)

java-21-openj9-21.0.11.0-2.1 on GA media Announcement ID: openSUSE-SU-2026:10791-1 Rating: moderate Cross-References: CVE-2026-1188 CVSS scores: CVE-2026-1188 SUSE : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can...

java-11-openj9-11.0.31.0-2.1 on GA media (moderate)

java-11-openj9-11.0.31.0-2.1 on GA media Announcement ID: openSUSE-SU-2026:10788-1 Rating: moderate Cross-References: CVE-2026-1188 CVSS scores: CVE-2026-1188 SUSE : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can...

OPENSUSE-SU-2026:10791-1 java-21-openj9-21.0.11.0-2.1 on GA media

These are all security issues fixed in the java-21-openj9-21.0.11.0-2.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10789-1 java-17-openj9-17.0.19.0-2.1 on GA media

These are all security issues fixed in the java-17-openj9-17.0.19.0-2.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10792-1 java-25-openj9-25.0.3.0-2.1 on GA media

These are all security issues fixed in the java-25-openj9-25.0.3.0-2.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10790-1 java-1_8_0-openj9-1.8.0.492-2.1 on GA media

These are all security issues fixed in the java-180-openj9-1.8.0.492-2.1 package on the GA media of openSUSE Tumbleweed...