Poking around in the Dark: Why a Shared Understanding of Components Matters

By listing the components included in an application, Software Bills of Materials SBOMs are intended to support the timely identification of vulnerable components and ensure the security of the software supply chain. However, we question the underlying assumption that there is agreement on the...

CVE-2026-9828

Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core HardenedObjectInputStream logback-core modules allows Object Injection albeit heavily restricted. More precisely, an attacker able to influence serialized data sent to SimpleSocketServer or SimpleSSLSocketServer c...

CVE-2026-9828 Logback deserialization whitelist bypass for java.lang and java.util

Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core HardenedObjectInputStream logback-core modules allows Object Injection albeit heavily restricted. More precisely, an attacker able to influence serialized data sent to SimpleSocketServer or SimpleSSLSocketServer c...

OSV-2026-807 Security exception in com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.statement

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=515650237 Crash type: Security exception Crash state: com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.statement java.base/jdk.internal.misc.Unsafe.weakCompareAndSetInt...

PT-2026-45896

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=515650237 Crash type: Security exception Crash state: com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.statement java.base/jdk.internal.misc.Unsafe.weakCompareAndSetInt...

PublicCMS 安全漏洞

PublicCMS is an open-source content management system CMS developed by PublicCMS Company in China using the Java language. Version Sanluan PublicCMS 5.202506.d contains a security vulnerability. This vulnerability stems from the improper handling of the templateContent parameter in the execute...

Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain

Cybersecurity researchers have discovered a critical "by design" weakness in the Model Context Protocol's MCP architecture that could pave the way for remote code execution and have a cascading effect on the artificial intelligence AI supply chain. "This flaw enables Arbitrary Command Execution R...

CVE-2026-34237

The connected advisory describes MCP Java SDK with a hardcoded wildcard CORS header (Access-Control-Allow-Origin: *) in server transport code (HttpServletSseServerTransportProvider.java and HttpServletStreamableServerTransportProvider.java). This enables cross-origin access to SSE endpoints, allo...

OSV-2026-384 Security exception in com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=491529466 Crash type: Security exception Crash state: com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr java.base/java.nio.CharBuffer.wrap java.base/sun.nio.cs.StreamEncoder.implWrite...

OSV-2026-370 Security exception in com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=490658507 Crash type: Security exception Crash state: com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr java.base/java.lang.System$2.encodeASCII java.base/sun.nio.cs.UTF8$Encoder.encodeArrayLoop...

OSV-2026-94 Security exception in com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.statement

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=476574781 Crash type: Security exception Crash state: com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.statement java.base/jdk.internal.misc.Unsafe.weakCompareAndSetInt...

OSV-2026-65 Security exception in com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=476179553 Crash type: Security exception Crash state: com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr java.base/sun.nio.cs.UTF8$Encoder.encodeArrayLoop java.base/sun.nio.cs.UTF8$Encoder.encodeLoop...

CVE-2022-38138

The Triangle Microworks IEC 61850 Library Any client or server using the C language library with a version number of 11.2.0 or earlier and any client or server using the C++, C, or Java language library with a version number of 5.0.1 or earlier and 60870-6 ICCP/TASE.2 Library Any client or server...

OSV-2026-19 Security exception in com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=473884569 Crash type: Security exception Crash state: com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr java.base/java.lang.String. org.antlr.v4.runtime.CodePointCharStream$CodePoint8BitCharStream.getText...

OSV-2026-6 Security exception in com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=472785101 Crash type: Security exception Crash state: com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.primary...

CVE-2025-67505

Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another...

OSV-2025-926 Security exception in com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.statement

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=462261562 Crash type: Security exception Crash state: com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.statement java.base/jdk.internal.misc.Unsafe.weakCompareAndSetInt...

EUVD-2025-7410

Malicious code in bioql PyPI...

FreeBSD : unit-java -- security vulnerability (f6ca7c47-9190-11f0-b8da-589cfc10a551)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the f6ca7c47-9190-11f0-b8da-589cfc10a551 advisory. F5 reports: When NGINX Unit with the Java Language Module is in use, undisclosed requests can lead to a...

unit-java -- security vulnerability

F5 reports: When NGINX Unit with the Java Language Module is in use, undisclosed requests can lead to an infinite loop and cause an increase in CPU resource utilization...