USN-8328-1: OpenJDK 21 vulnerabilities

Thomas Beckers discovered that the JAXP component of OpenJDK 21 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of...

Security Bulletin: Security vulnerabilities in Java SE shipped with IBM CICS TX Standard (CVE-2025-53066 and CVE-2025-53057)

Summary There are multiple vulnerabilities in the Java SE version shipped with IBM CICS TX Standard CVE-2025-53066 and CVE-2025-53057. An update to IBM CICS TX Standard has been released to address these vulnerabilities. Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 / 25.10 : OpenJDK 11 vulnerabilities (USN-7882-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7882-1 advisory. Jinfeng Guo discovered that the Security component of OpenJDK 11 did not correctly handle certain...

Security Bulletin: IBM Application Modernization Accelerator is affected by multiple vulnerabilities found in Java and Node.js

Summary There are multiple vulnerabilities in Java and Node.js used by IBM Application Modernization Accelerator. Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow a remote attacker to cause high confidentiali...

The vulnerability of the Security component of the Oracle Communications Order and Service Management system allows a perpetrator to gain read, modify, add, or delete access to data, or cause a partial service disruption.

The vulnerability of the Security component of the Oracle Communications Order and Service Management system is related to a data source validation error. Exploiting this vulnerability may allow an attacker, operating remotely, to gain read, modify, add, or delete access to data, or cause a parti...

The vulnerability of the Security component of the Oracle Retail Xstore Office software allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Security component of the Oracle Retail Xstore Office software relates to the disclosure of information. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the Security component of Oracle Java SE software and the Oracle GraalVM Enterprise Edition virtual machine allows a perpetrator to trigger a service failure.

The vulnerability of the Security component of Oracle Java SE and the Oracle GraalVM Enterprise Edition software platform is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...

The vulnerability of the Security component of the Oracle Retail Customer Management and Segmentation Foundation software allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Security component of the Oracle Retail Customer Management and Segmentation Foundation software is related to access control deficiencies. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information using the HTTP protocol...

The vulnerability of the Security component in Java SE and Java SE Embedded software platforms allows a perpetrator to gain unauthorized access to information.

The vulnerability of the Security component in Java SE and Java SE Embedded software-related programs is related to deficiencies in access control. Exploiting this vulnerability may allow an attacker operating remotely to gain unauthorized access to information...