PT-2026-38408

Name of the Vulnerable Software and Affected Versions microsoft-kiota-http-okHttp versions 1.9.0 and earlier kiota-dotnet affected versions not specified kiota-java affected versions not specified kiota-python affected versions not specified kiota-typescript affected versions not specified...

A Bootiful Podcast: Daniel Garnier-Moiroux on his new book 'Testing Spring Boot Applications'

Hi Spring fans! In this installment I'm thrilled to have had the opportunity to sit down and talk to Daniel Garnier-Moiroux and talk about "Testing Spring Boot Applications," from Manning! testing springboot java kotlin springframework...

RHEL 8 / 9 : Satellite 6.16.8 Async Update (Important) (RHSA-2026:14874)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:14874 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessi...

CVE-2026-7411

In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted fileName parameter during a file upload operation, an...

CVE-2026-7412

In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated remote attacker can exploit this design flaw to force the BaSyx server to execute blind HTTP POST requests to...

CVE-2026-41506 vulnerabilities

Vulnerabilities for packages: argo-cd, packer-fips, argo-workflows, flux-source-controller, cloudbeat-fips, steampipe, trufflehog-fips, goreleaser, k9s-fips, trivy-operator, amazon-ssm-agent-fips, gomplate, tfsec, nemo, apko, argocd-image-updater-fips, cloudbeat, kubescape-server, crossplane-fips...

bouncycastle: BC-JAVA: LDAP injection vulnerability in LDAPStoreHelper.java

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcprov. The LDAPStoreHelper implementation fails to properly neutralize special elements in user-supplied input before incorporating them into LDAP queries. This allows a remote attacker to execute an LDAP injection attack by supplying...

bouncycastle: BC-JAVA: GOSTCTR implementation unable to process more than 255 blocks correctly

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcprov. The GOSTCTR implementation is unable to securely process more than 255 blocks of data due to keystream reuse. This issue allows an attacker to break the fundamental confidentiality of any data protected by the G3413CTRBlockCiphe...

bouncycastle: BC-JAVA: LDAP injection vulnerability in LDAPStoreHelper.java

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcprov. The LDAPStoreHelper implementation fails to properly neutralize special elements in user-supplied input before incorporating them into LDAP queries. This allows a remote attacker to execute an LDAP injection attack by supplying...

bouncycastle: BC-JAVA: GOSTCTR implementation unable to process more than 255 blocks correctly

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcprov. The GOSTCTR implementation is unable to securely process more than 255 blocks of data due to keystream reuse. This issue allows an attacker to break the fundamental confidentiality of any data protected by the G3413CTRBlockCiphe...

avro-oom-compression-poc

Avro Decompression Bomb PoC CWE-409 Proof of concept demons...

BIT-JAVA-MIN-2026-34282

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10;...

BIT-JAVA-MIN-2026-34268

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0....

BIT-JAVA-2026-34282

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10;...

BIT-JAVA-2026-34268

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0....

BIT-JAVA-MIN-2026-22021

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 a...

BIT-JAVA-MIN-2026-22018

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK:...

BIT-JAVA-MIN-2026-22016

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 a...

BIT-JAVA-2026-22021

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 a...

BIT-JAVA-2026-22018

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK:...