Oracle WebLogic Server Multiple Vulnerabilities (April 2026 CPU)

The 12.2.1.4.0 and 14.1.1.0.0 versions of WebLogic Server installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2026 CPU advisory. - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that...

Oracle WebLogic Server (April 2026 CPU)

The 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0, and 15.1.1.0.0 versions of WebLogic Server installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2026 CPU advisory. - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Web...

Oracle WebLogic Server Unauthorized Access (April 2026 CPU)

The 12.2.1.4.0 version of WebLogic Server installed on the remote host is affected by a vulnerability as referenced in the April 2026 CPU advisory. - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Centralized Thirdparty Jars Validator. The supported...

org.bouncycastle:bcjmail-debug-jdk15to18 (>=1.81 <=1.83), org.bouncycastle:bcmail-debug-jdk15to18 (>=1.81 <=1.83) potentially affected by CVE-2026-5588 via org.bouncycastle:bcpkix-debug-jdk15to18 (>=1.81 <=1.83)

org.bouncycastle:bcpkix-debug-jdk15to18 MAVEN version =1.81, =1.81, =1.81, =1.83 Source cves: CVE-2026-5588 Source advisory: SNYK:JAVA-ORGBOUNCYCASTLE-16075256...

📄 NLTK StanfordSegmenter 3.9.2 Arbitrary Code Execution

nltk.tokenize.StanfordSegmenter dynamically loads external Java .jar files via subprocess without performing any integrity verification, signature checking, or sandboxing. The class accepts fully attacker-controlled parameters including pathtojar, pathtomodel, pathtodict, and javaclass, and passe...

CVE-2026-0848

A code injection flaw was found in nltk. The StanfordSegmenter module in NLTK Natural Language Toolkit is vulnerable to arbitrary code execution due to improper input validation. An attacker can exploit this by supplying or replacing Java Archive JAR files, which are dynamically loaded without...

SUSE CVE-2026-0848

NLTK versions =3.9.2 are vulnerable to arbitrary code execution due to improper input validation in the StanfordSegmenter module. The module dynamically loads external Java .jar files without verification or sandboxing. An attacker can supply or replace the JAR file, enabling the execution of...

PYSEC-2026-99

NLTK versions =3.9.2 are vulnerable to arbitrary code execution due to improper input validation in the StanfordSegmenter module. The module dynamically loads external Java .jar files without verification or sandboxing. An attacker can supply or replace the JAR file, enabling the execution of...

DEBIAN-CVE-2026-0848

NLTK versions =3.9.2 are vulnerable to arbitrary code execution due to improper input validation in the StanfordSegmenter module. The module dynamically loads external Java .jar files without verification or sandboxing. An attacker can supply or replace the JAR file, enabling the execution of...

PYSEC-2026-99

NLTK versions =3.9.2 are vulnerable to arbitrary code execution due to improper input validation in the StanfordSegmenter module. The module dynamically loads external Java .jar files without verification or sandboxing. An attacker can supply or replace the JAR file, enabling the execution of...

CVE-2026-0848

NLTK versions =3.9.2 are vulnerable to arbitrary code execution due to improper input validation in the StanfordSegmenter module. The module dynamically loads external Java .jar files without verification or sandboxing. An attacker can supply or replace the JAR file, enabling the execution of...

UBUNTU-CVE-2026-0848

NLTK versions =3.9.2 are vulnerable to arbitrary code execution due to improper input validation in the StanfordSegmenter module. The module dynamically loads external Java .jar files without verification or sandboxing. An attacker can supply or replace the JAR file, enabling the execution of...

CVE-2026-0848

NLTK versions =3.9.2 are vulnerable to arbitrary code execution due to improper input validation in the StanfordSegmenter module. The module dynamically loads external Java .jar files without verification or sandboxing. An attacker can supply or replace the JAR file, enabling the execution of...

CVE-2026-0848

NLTK versions ≤3.9.2 are vulnerable due to the StanfordSegmenter loading external Java .jar files without verification or sandboxing. An attacker can supply or replace the JAR, enabling arbitrary Java bytecode execution at import time via unvalidated classpath input. Potential attack vectors incl...

CVE-2026-0848

NLTK versions =3.9.2 are vulnerable to arbitrary code execution due to improper input validation in the StanfordSegmenter module. The module dynamically loads external Java .jar files without verification or sandboxing. An attacker can supply or replace the JAR file, enabling the execution of...

PT-2026-23514

Name of the Vulnerable Software and Affected Versions NLTK versions 3.9.2 and earlier Description The software contains a flaw due to improper input validation in the StanfordSegmenter module, potentially leading to arbitrary code execution. The module dynamically loads external Java .jar files...

Oracle WebLogic Server (January 2026 CPU)

The 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0, and 15.1.1.0.0 versions of WebLogic Server installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2026 CPU advisory. - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component:...

Security Bulletin: IBM Maximo Application Suite - Predict Component uses bcpkix-jdk18on-1.78.1.jar which is vulnerable to CVE-2025-8916

Summary Security Bulletin: IBM Maximo Application Suite - Predict Component uses bcpkix-jdk18on-1.78.1.jar which is vulnerable to CVE-2025-8916. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-8916 DESCRIPTION: Allocation of...

Oracle WebLogic Server (October 2025 CPU)

The 12.2.1.4.0, 14.1.1.0.0, and 14.1.2.0.0 versions of WebLogic Server installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2025 CPU advisory. - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Centralized...

Security Bulletin: IBM OpenPages for IBM Cloud Pak for Data is Vulnerable to Spring Web Unsafe Deserialization [CVE-2016-1000027]

Summary There is a vulnerability called potential remote code execution RCE in the Spring Web open source library used by IBM OpenPages for IBM Cloud Pak for Data. This vulnerability has been addressed. CVE-2016-1000027 Vulnerability Details CVEID:CVE-2016-1000027 DESCRIPTION: Pivotal Spring...