xyz.erupt:erupt-sample (>=1.13.2 <=1.13.3) potentially affected by CVE-2026-4593 via xyz.erupt:erupt-ai (>=1.13.2 <=1.13.3)

xyz.erupt:erupt-ai MAVEN version =1.13.2, =1.13.2, =1.13.3 Source cves: CVE-2026-4593 Source advisory: SNYK:JAVA-XYZERUPT-15812217...

ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (>=0.2.0 <=0.28.0), ai.ancf.lmos:arc-graphql-spring-boot-starter (>=0.1.1 <=0.120.0) +2889 more potentially affected by CVE-2026-22737 via org.springframework:spring-webflux (>=6.0.0 <=6.2.16)

org.springframework:spring-webflux MAVEN version =6.0.0, =0.2.0, =0.1.1, =0.1.1, =0.0.4, =0.1.0, =0.6.0, =0.6.0, =1.0.0, =1.0.0, =0.2.2, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.6 and more Source cves: CVE-2026-22737 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORK-15701844...

org.webjars.npm:actions__core (>=1.10.0 <=1.11.1), org.webjars.npm:actions__http-client (>=2.2.1 <=2.2.3) +14 more potentially affected by CVE-2026-1526 via org.webjars.npm:undici (>=4.12.2 <=5.29.0)

org.webjars.npm:undici MAVEN version =4.12.2, =1.10.0, =2.2.1, =0.1.16, =0.1.28 - org.webjars.npm:elasticelasticsearch =8.6.0 - org.webjars.npm:elastictransport =8.3.1 - org.webjars.npm:firebase =10.13.0 - org.webjars.npm:firebaseauth =1.7.7 - org.webjars.npm:firebaseauth-compat =0.5.12 -...

org.apache.iotdb:client-example (>=2.0.1-beta <=2.0.6), org.apache.iotdb:customize-mqtt-example (=2.0.1-beta) +9 more potentially affected by CVE-2026-24015 via org.apache.iotdb:node-commons (>=2.0.1-beta <=2.0.6)

org.apache.iotdb:node-commons MAVEN version =2.0.1-beta, =2.0.1-beta, =2.0.1-beta, =2.0.6 - org.apache.iotdb:iotdb-distribution =2.0.1-beta - org.apache.iotdb:iotdb-server =2.0.1-beta - org.apache.iotdb:pipe-count-point-processor-example =2.0.1-beta - org.apache.iotdb:trigger-example =2.0.1-beta...

CVE-2025-48574

In validateAddingWindowLw of DisplayPolicy.java, there is a possible way for an app to intercept drag-and-drop events due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Security Bulletin: IBM webMethods BPM is vulnerable to Out-of-bounds memory operations in org.lz4:lz4-java.

Summary IBM webMethods BPM uses lz4-java which is pulled in automatically as a dependency of webmethods event streaming library. Vulnerability Details CVEID:CVE-2025-12183 DESCRIPTION: Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of...

Apache Avro Java SDK 安全漏洞

The Apache Avro Java SDK is a data processing toolkit developed by the Apache Foundation. Versions of the Apache Avro Java SDK prior to 1.11.4 and 1.12.0 have security vulnerabilities. These vulnerabilities stem from improper control over the generation of specific record schema code from the...

Seroval security vulnerabilities

Seroval is a formatted Java library developed by Alexis H. Munsayac. Versions of Seroval 1.4.0 and earlier contain security vulnerabilities. These vulnerabilities arise from the possibility of exhausting memory or causing denial-of-service attacks when custom RegEx patterns are deserialized...

CVE-2025-69275 Spectrum outdated java library in class-path

Dependency on Vulnerable Third-Party Component vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows DOM-Based XSS.This issue affects DX NetOps Spectrum: 24.3.9 and earlier...

CVE-2025-69275 Spectrum outdated java library in class-path

Dependency on Vulnerable Third-Party Component vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows DOM-Based XSS.This issue affects DX NetOps Spectrum: 24.3.9 and earlier...

CVE-2025-69275

The CVE describes a dependency on a vulnerable third-party component in Broadcom DX NetOps Spectrum, affecting version 24.3.9 and earlier, on Windows and Linux. The underlying issue is DOM-Based XSS triggered by the vulnerable component in the product’s runtime environment. Impact is limited to t...

ai.pipestream.module:module-chunker (=0.1.1), ai.pipestream.module:module-echo (=0.1.1) +458 more potentially affected by CVE-2025-66560 via io.quarkus.vertx.utils:quarkus-vertx-utils (>=3.28.0.CR1 <=3.30.8)

io.quarkus.vertx.utils:quarkus-vertx-utils MAVEN version =3.28.0.CR1, =0.0.2, =0.1.1, =0.1.1, =0.2.0, =0.2.0, =0.1.1, =0.1.1, =0.1.7, =0.1.9 and more Source cves: CVE-2025-66560 Source advisory: SNYK:JAVA-IOQUARKUSVERTXUTILS-14897052...

ai.stainless:grails-tika (=0.1.0), au.com.turingg:turingg-files (=0.0.1) +488 more potentially affected by CVE-2025-68280 via org.apache.sis.core:sis-metadata (>=0.4 <=1.5)

org.apache.sis.core:sis-metadata MAVEN version =0.4, =1.1.0, =3.6.0, =3.6.1, =3.11.0, =3.19.0 - cloud.testload:jmeter-clickhouse-listener =2.00 and more Source cves: CVE-2025-68280 Source advisory: OSV:GHSA-JQMR-2PG9-VFX7...

Security Bulletin: Rational Performance Tester contains a vulnerability which could lead to potential remote code execution

Summary Due to the use of the Apache Xalan Java XLST library, Rational Performance Tester contains a vulnerability that could lead to potential remote code execution. Vulnerability Details CVEID:CVE-2022-34169 DESCRIPTION: The Apache Xalan Java XSLT library could allow a remote attacker to execut...

ba.sake:hepek-components_2.12 (>=0.7.0 <=0.8.0), ba.sake:hepek-components_2.13 (>=0.7.0 <=0.9.0) +327 more potentially affected by CVE-2026-0858 via net.sourceforge.plantuml:plantuml (>=1.2017.12 <=1.2025.7)

net.sourceforge.plantuml:plantuml MAVEN version =1.2017.12, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.0.2, =0.0.1, =0.0.59, =0.0.46, =0.0.46, =1.4.0, =2.0.0-M4 and more Source cves: CVE-2026-0858 Source advisory: SNYK:JAVA-NETSOURCEFORGEPLANTUML-14552230...

ai.ylyue:yue-library-data-es (>=j8.2.2.0 <=j11.2.6.2), br.com.simpli:simpli-ws (>=1.2.1 <=2.2.0) +1034 more potentially affected by CVE-2025-68390 via org.elasticsearch:elasticsearch (>=7.0.0-alpha1 <=8.19.7)

org.elasticsearch:elasticsearch MAVEN version =7.0.0-alpha1, =j8.2.2.0, =1.2.1, =0.0.1-alpha, =5.3.0, =5.6.5, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =6.2.0, =6.8.0, =6.4.0, =5.3.0, =5.3.0, =5.3.0, =5.4.0 and more Source cves: CVE-2025-68390 Source advisory: SNYK:JAVA-ORGELASTICSEARCH-14534841...

EUVD-2025-203944

Amazon S3 Encryption Client for Java has a Key Commitment Issue...

EUVD-2025-202630

Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another...

Linux Distros Unpatched Vulnerability : CVE-2025-66566

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - yawkat LZ4 Java provides LZ4 compression for Java. Insufficient clearing of the output buffer in Java- based decompressor implementations in lz4-java 1.10.0 and...

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the decompression process when the output buffer is reused without being cleared. An attacker can access sensitive information from previous buffer contents by providing crafted...