EUVD-2026-26485

Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy normalization. Specially crafted WS-Policy documents can trigger an exponential Cartesian cross-product expansion during the normalization process, causing unbounded memory allocation that exhausts...

This Week in Spring - April 14th, 2026

Hi, Spring fans! ¡Hola from Barcelona, Spain! I'm at the amazing Spring I/O event, hanging out with some of the amazing Spring ecosystem developers! Life is amazing here in the warm sun of springtime. There's a lot to look at this week, so let's dive right into it! Another nice tutorial on how to...

The vulnerability of the JVM component of the cryptographic security tool Bouncy Castle, which allows a hacker to disclose protected information

The vulnerability of the JVM component of the Bouncy Castle cryptographic protection tool relates to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to disclose the protected information...

CVE-2022-3171 Memory handling vulnerability in ProtocolBuffers Java core and lite

A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted...

Improper Neutralization of Input During Web Page Generation in Apache ActiveMQ

The administration web console in Apache ActiveMQ 5.x before 5.11.4, 5.12.x before 5.12.3, and 5.13.x before 5.13.2 allows remote authenticated users to conduct cross-site scripting XSS attacks and consequently obtain sensitive information from a Java memory dump via vectors related to creating a...

Apache ActiveMQ Web Console Cross-Site Scripting Vulnerability

Apache ActiveMQ is prone to a cross-site scripting vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:activemq...

CVE-2016-0782

The administration web console in Apache ActiveMQ 5.x before 5.11.4, 5.12.x before 5.12.3, and 5.13.x before 5.13.2 allows remote authenticated users to conduct cross-site scripting XSS attacks and consequently obtain sensitive information from a Java memory dump via vectors related to creating a...

Cross site scripting

The administration web console in Apache ActiveMQ 5.x before 5.11.4, 5.12.x before 5.12.3, and 5.13.x before 5.13.2 allows remote authenticated users to conduct cross-site scripting XSS attacks and consequently obtain sensitive information from a Java memory dump via vectors related to creating a...

CVE-2016-0782

The administration web console in Apache ActiveMQ 5.x before 5.11.4, 5.12.x before 5.12.3, and 5.13.x before 5.13.2 allows remote authenticated users to conduct cross-site scripting XSS attacks and consequently obtain sensitive information from a Java memory dump via vectors related to creating a...

CVE-2016-0782

The administration web console in Apache ActiveMQ 5.x before 5.11.4, 5.12.x before 5.12.3, and 5.13.x before 5.13.2 allows remote authenticated users to conduct cross-site scripting XSS attacks and consequently obtain sensitive information from a Java memory dump via vectors related to creating a...

activemq -- Web Console Cross-Site Scripting

Vladimir Ivanov Positive Technologies reports: Several instances of cross-site scripting vulnerabilities were identified to be present in the web based administration console as well as the ability to trigger a Java memory dump into an arbitrary folder. The root cause of these issues are improper...

OOME from EAP 6 http management console

It was discovered that sending requests containing large headers to the Web Console produced a Java OutOfMemoryError in the HTTP management interface. An attacker could use this flaw to cause a denial of service...

ICU: font parsing OOB read (OpenJDK 2D, 8055489)

A boundary check flaw was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory...

ICU: font parsing OOB read (OpenJDK 2D, 8056276)

A boundary check flaw was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory...

Important: java-1.6.0-openjdk

Issue Overview: Multiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual...

VUPEN Security Research - Oracle Java Preloader Click-2-Play Warning Bypass Vulnerability

VUPEN Security Research - Oracle Java Applet Preloader Click-2-Play Warning Bypass Vulnerability Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Java is the foundation for virtually every type of networked application and is the global standa...