bouncycastle: BC-JAVA: unbounded PGP AEAD chunk size leads to pre-auth resource exhaustion

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcpg. A specially crafted PGP AEAD Authenticated Encryption with Associated Data message with an unbounded chunk size can lead to an excessive consumption of memory. This issue allows an unauthenticated remote attacker to cause memory...

bouncycastle: BC-JAVA: LDAP injection vulnerability in LDAPStoreHelper.java

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcprov. The LDAPStoreHelper implementation fails to properly neutralize special elements in user-supplied input before incorporating them into LDAP queries. This allows a remote attacker to execute an LDAP injection attack by supplying...

GHSA-RCGG-9C38-7XPX OpenTelemetry Java SDK has Unbounded Memory Allocation in W3C Baggage Propagation

Overview A vulnerability affects the baggage propagation implementation in opentelemetry-api and opentelemetry-extension-trace-propagators. Parsing oversized baggage causes unbounded memory allocation and CPU consumption. Because baggage is automatically re-injected into every outgoing request, t...

Security Bulletin: Security vulnerability in Java affects IBM Robotic Process Automation

Summary A security vulnerability in Java affects IBM Robotic Process Automation. Java is used by IBM Robotic Process Automation as part of its deployment. This bulletin identifies the fixes required to resolve the vulnerabilities. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is...

ai.catboost:catboost-spark_4.0_2.13 (=1.2.10), ai.catboost:catboost-spark_4.1_2.13 (=1.2.10) +3094 more potentially affected by CVE-2026-45205 via org.apache.commons:commons-configuration2 (>=2.0 <=2.14.0)

org.apache.commons:commons-configuration2 MAVEN version =2.0, =0.31.0, =0.1.9, =0.1.9, =0.1.9, =3.30.1.1, =3.10.0.5, =3.10.0.7, =0.2.3.5, =0.1.9, =1.2.3, =1.2.3, =1.0.0-20260516144515, =1.0.0-20260516144515, =1.0.0.ee-20260516142404 and more Source cves: CVE-2026-45205 Source advisory:...

offsec-skills

offsec-exploit-research Elite adaptive whitebox exploit resea...

java-webauthn-server 安全漏洞

java-webauthn-server is a Java server-side web authentication library developed by Yubico. There were security vulnerabilities in versions of java-webauthn-server from 2.8.0 to 2.8.2. These vulnerabilities stemmed from incorrect check functions that accessed return values during the second-factor...

Important: java-1.8.0-openjdk

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalV...

Amazon Linux 2 : java-1.8.0-openjdk, --advisory ALAS2-2026-3301 (ALAS-2026-3301)

The version of java-1.8.0-openjdk installed on the remote host is prior to 1.8.0.492.b09-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3301 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product ...

Kiota Java Libraries 输入验证错误漏洞

Kiota Java Libraries is an open-source collection of Java libraries developed by Microsoft for generating OpenAPI SDKs. Version 1.9.0 of Kiota Java Libraries contains a vulnerability related to input validation errors. This vulnerability arises from the RedirectHandler middleware, which fails to...

PT-2026-41161

Name of the Vulnerable Software and Affected Versions opentelemetry-java versions prior to 1.62.0 Description A flaw in the baggage propagation implementation within opentelemetry-api and opentelemetry-extension-trace-propagators allows for unbounded memory allocation and CPU consumption when...

Joern 4.0.538

Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...

codepoc

Java Goof This is a collection of Java demo apps that are vu...

CVE-2026-44257

efw4.X (Enterprise Framework for Web) contains a zip-slip path traversal in efw.file.FileManager.unZip prior to 4.08.010. Zip entries are extracted with new File(baseDir, zipEntry.getName()) without canonical-path validation, allowing a crafted entry such as ../../../pwned.jsp to escape the extra...

GHSA-97JF-46M3-8953 Security feature bypass vulnerability in Azure Key Vault Keys library for Java

The Java Key Vault Keys library in the Azure SDK for Java contains an issue in the local cryptographic verification path where authentication tag comparison was implemented incorrectly. In affected applications that use the vulnerable local cryptography path, specially crafted encrypted input may...

Security feature bypass vulnerability in Azure Key Vault Keys library for Java

The Java Key Vault Keys library in the Azure SDK for Java contains an issue in the local cryptographic verification path where authentication tag comparison was implemented incorrectly. In affected applications that use the vulnerable local cryptography path, specially crafted encrypted input may...

CVE-2026-33117 Azure SDK for Java Security Feature Bypass Vulnerability

...

CVE-2026-33117

The Java Key Vault Keys library in the Azure SDK for Java contains an issue in the local cryptographic verification path where authentication tag comparison was implemented incorrectly. In affected applications that use the vulnerable local cryptography path, specially crafted encrypted input may...

CVE-2026-33117 Azure SDK for Java Security Feature Bypass Vulnerability

...

CVE-2026-33117

Azure SDK for Java is affected by CVE-2026-33117: improper authentication allows a remote attacker to bypass a security feature over the network. The issue has a CVSS v3.1 base score of 9.1 (CRITICAL) with high impact to confidentiality and integrity, no availability impact, and requires no privi...