Security Bulletin: Due to use of IBM SDK, Java Technology Edition, IBM Tivoli Application Dependency Discovery Manager is vulnerable to Buffer overflow in OMR

Summary There is a Buffer overflow vulnerability in OMR allows denial-of-service in IBM® SDK Java™ Technology Edition used by IBM Tivoli Application Dependency Discovery Manager TADDM. Vulnerability Details CVEID:CVE-2026-1188 DESCRIPTION: In the Eclipse OMR port library component since release...

ROOT-APP-MAVEN-CVE-2023-34453 CVE-2023-34453 in io.root.org.xerial.snappy:snappy-java - Patched by Root

Root has patched CVE-2023-34453 in the io.root.org.xerial.snappy:snappy-java package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2023-34454 CVE-2023-34454 in io.root.org.xerial.snappy:snappy-java - Patched by Root

Root has patched CVE-2023-34454 in the io.root.org.xerial.snappy:snappy-java package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2023-34455 CVE-2023-34455 in io.root.org.xerial.snappy:snappy-java - Patched by Root

Root has patched CVE-2023-34455 in the io.root.org.xerial.snappy:snappy-java package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2023-43642 CVE-2023-43642 in io.root.org.xerial.snappy:snappy-java - Patched by Root

Root has patched CVE-2023-43642 in the io.root.org.xerial.snappy:snappy-java package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2025-66566 CVE-2025-66566 in io.root.org.lz4:lz4-java - Patched by Root

Root has patched CVE-2025-66566 in the io.root.org.lz4:lz4-java package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2025-12183 CVE-2025-12183 in io.root.org.lz4:lz4-java - Patched by Root

Root has patched CVE-2025-12183 in the io.root.org.lz4:lz4-java package for Root:Maven. Multiple fixed versions available...

Apache Unomi - Remote Code Execution

Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process, enabling attackers to execute arbitrary code. id: CVE-2020-11975 info: name: Apache Unomi -...

SCIMono <0.0.19 - Remote Code Execution

SCIMono before 0.0.19 is vulnerable to remote code execution because it is possible for an attacker to inject and execute java expressions and compromise the availability and integrity of the system. id: CVE-2021-21479 info: name: SCIMono 0.0.19 - Remote Code Execution author: dwisiswant0 severit...

CData Connect < 23.4.8846 - Path Traversal

A path traversal vulnerability exists in the Java version of CData Connect 23.4.8846 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application. id: CVE-2024-31849 info: name: CData Connect 23.4.8846...

Tiny Java Web Server - Cross-Site Scripting

A reflected cross-site scripting vulnerability in the web server TTiny Java Web Server and Servlet Container TJWS =1.115 allows an adversary to inject malicious code on the server's "404 Page not Found" error page. id: CVE-2021-37573 info: name: Tiny Java Web Server - Cross-Site Scripting author:...

Apache Unomi <1.5.2 - Remote Code Execution

Apache Unomi allows conditions to use OGNL and MVEL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process. This vulnerability affects all versions of Apache Unomi prior to 1.5.2. id:...

XStream <1.4.18 - Server-Side Request Forgery

XStream before 1.4.18 is susceptible to server-side request forgery. An attacker can request data from internal resources that are not publicly available by manipulating the processed input stream with a Java runtime version 14 to 8. This makes it possible to obtain sensitive information, modify...

CData API Server < 23.4.8844 - Path Traversal

A path traversal vulnerability exists in the Java version of CData API Server 23.4.8844 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application. id: CVE-2024-31848 info: name: CData API Server...

CData Arc < 23.4.8839 - Path Traversal

A path traversal vulnerability exists in the Java version of CData Arc 23.4.8839 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access to sensitive information and perform limited actions. id: CVE-2024-31850 info: name: CData Arc 23.4.88...

CData Sync < 23.4.8843 - Path Traversal

A path traversal vulnerability exists in the Java version of CData Sync CData - Sync' - r...

RWS WorldServer - Authentication Bypass

An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint. id: CVE-2022-34267 info: name: RWS...

Java-springboot-codebase 1.1 - Arbitrary File Read

OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects. Prior to commit c835c6f7799eacada4c0fc77e0816f250af01ad2, insufficient path traversal mechanisms make absolute path traversal possible. This vulnerability allows unauthorized...

Reposilite >= 3.3.0, < 3.5.12 - Arbitrary File Read

Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite v3.5.10 is affected by an Arbitrary File Read vulnerability via path traversal while serving expanded javadoc files. Reposilite has addressed this issue in version...

QVIS NVR/DVR - Remote Code Execution

QVIS NVR DVR before 2021-12-13 is vulnerable to Remote Code Execution via Java deserialization. id: CVE-2021-41419 info: name: QVIS NVR/DVR - Remote Code Execution author: me9187 severity: critical description: | QVIS NVR DVR before 2021-12-13 is vulnerable to Remote Code Execution via Java...