Lucene search
K

937 matches found

Cvelist
Cvelist
added 2026/07/06 7:54 a.m.35 views

CVE-2026-40859 Apache Camel: Camel-Vertx-Http: Unsafe Java deserialization of HTTP response bodies via a raw ObjectInputStream when transferException is enabled

Deserialization of Untrusted Data vulnerability in Apache Camel. The camel-vertx-http component deserializes HTTP response bodies carrying the Content-Type application/x-java-serialized-object using a raw java.io.ObjectInputStream, without applying any ObjectInputFilter...

0.00724EPSS
Exploits1References1
NVD
NVD
added 2026/06/26 4:16 p.m.12 views

CVE-2025-11919

The default JVM can access files and directories under /tmp/ including the $TemporaryDirectory of other users on the same cloud instance /tmp/UserTemporaryFiles/. The -init file for the the JVM initialization exists in the vulnerable directory during the startup of the JVM. An attacker with acces...

9.6CVSS0.004EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/24 5:40 p.m.7 views

Security Bulletin: Java Updates for the April 2026 Vulnerability Advisory

Summary This interim fix addresses all applicable Java SE CVEs published by OpenJDK as part of their April 2026 Vulnerability Advisory: CVE-2026-34282, CVE-2026-22016, CVE-2026-23865, CVE-2026-22021, CVE-2026-22013, CVE-2026-22018, CVE-2026-22008, CVE-2026-34268, CVE-2026-22007, CVE-2026-6918...

8.7CVSS6AI score0.00702EPSS
Exploits1Affected Software1
SUSE Linux
SUSE Linux
added 2026/05/29 9:30 a.m.22 views

Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues CVE-2026-22007: APIs in the specified component can lead to an unauthorized read access bsc1262490. CVE-2026-22013: unauthenticated attacker with network access can access to critical data bsc1262494. CVE-2026-22016: APIs in the specified...

8.7CVSS7.3AI score0.00702EPSS
Exploits0References30
OSV
OSV
added 2026/05/28 7:51 p.m.20 views

USN-8341-1 openjdk-26 vulnerabilities

Thomas Beckers discovered that the JAXP component of OpenJDK 26 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of...

7.5CVSS7.2AI score0.00702EPSS
Exploits0References10
OSV
OSV
added 2026/05/28 3:51 p.m.15 views

USN-8339-1 openjdk-25 vulnerabilities

Thomas Beckers discovered that the JAXP component of OpenJDK 25 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of...

7.5CVSS7.2AI score0.00702EPSS
Exploits0References10
Ubuntu
Ubuntu
added 2026/05/28 11:38 a.m.33 views

USN-8330-1: OpenJDK 8 vulnerabilities

Thomas Beckers discovered that the JAXP component of OpenJDK 8 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the JSSE component of OpenJDK 8 d...

7.5CVSS7.2AI score0.00702EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/27 2:2 p.m.16 views

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in IBM Semeru Runtime Quarterly CPU - Apr 2026

Summary IBM Sterling Control Center is affected by vulnerabilities CVE-2026-34282, CVE-2026-22016, CVE-2026-23865, CVE-2026-22021, CVE-2026-22013, CVE-2026-22018, CVE-2026-22008, CVE-2026-34268, CVE-2026-22007, CVE-2026-6918 reported for IBM Semeru Runtime Quarterly CPU - Apr 2026 - Includes...

8.7CVSS7.5AI score0.00702EPSS
Exploits1Affected Software1
vulnersOsv
vulnersOsv
added 2026/05/25 11:19 p.m.6 views

ca.ibodrov.concord:mcp-for-concord (>=0.0.1 <=0.0.2), ca.ibodrov.concord:testcontainers-concord-core (>=2.0.3 <=2.0.5) +296 more potentially affected by CVE-2026-43827 via org.apache.shiro:shiro-core (>=2.0.0-alpha-1 <=2.1.0)

org.apache.shiro:shiro-core MAVEN version =2.0.0-alpha-1, =0.0.1, =2.0.3, =0.0.27, =0.0.27, =0.0.27, =6.0.0, =8.0.0, =8.0.0, =2.2.0, =1.0.2, =3.4.0, =3.3.0, =3.3.0, =3.3.0, =3.8.0 and more Source cves: CVE-2026-43827 Source advisory: SNYK:JAVA-ORGAPACHESHIRO-17116505...

6.5CVSS5.7AI score0.00412EPSS
Exploits0
Redos
Redos
added 2026/05/24 12:0 a.m.32 views

ROS-20260524-73-0024

A vulnerability in the Security component of the Oracle Java SE software platform, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is related to insufficient protection of proprietary data. Exploitation of the vulnerability could allow an attacker to gain access to...

2.9CVSS7.2AI score0.00122EPSS
Exploits0
Redos
Redos
added 2026/05/24 12:0 a.m.15 views

ROS-20260524-73-0025

A vulnerability in the Security component of the Oracle Java SE software platform, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is related to insufficient protection of proprietary data. Exploitation of the vulnerability could allow an attacker to gain access to...

2.9CVSS7.2AI score0.00122EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.13 views

Unity Linux 20.1060e / 20.1070e Security Update: derby (UTSA-2026-016640)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016640 advisory. In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and...

5.3CVSS7.2AI score0.04504EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/18 8:12 p.m.18 views

OpenTelemetry eBPF Instrumentation: Java TLS ioctl kprobe allows kernel memory disclosure

Summary The Java TLS ioctl probe reads user-controlled ioctl pointers with bpfproberead instead of bpfprobereaduser. An instrumented local process can therefore point OBI at kernel memory and cause that memory to be copied into telemetry. Details The vulnerable path is in...

3.8CVSS5.8AI score0.00174EPSS
Exploits1References4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/14 1:55 p.m.11 views

Security Bulletin: Security vulnerability in Java affects IBM Robotic Process Automation

Summary A security vulnerability in Java affects IBM Robotic Process Automation. Java is used by IBM Robotic Process Automation as part of its deployment. This bulletin identifies the fixes required to resolve the vulnerabilities. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is...

9.8CVSS7AI score0.00864EPSS
Exploits1Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/05/13 12:0 a.m.3 views

The vulnerability of the JGSS component of the Oracle Java SE software platform, as well as of the Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines, allows attackers to gain unauthorized access to protected information.

The vulnerability of the JGSS component of the Oracle Java SE software platform, as well as of the Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines, is related to a breach of data protection mechanisms. Exploiting this vulnerability can allow an attacker, operating...

5.4CVSS7.2AI score0.0028EPSS
Exploits0References8Affected Software8
Tenable Nessus
Tenable Nessus
added 2026/05/12 12:0 a.m.19 views

MiracleLinux 9 : java-1.8.0-openjdk-1.8.0.492.b09-2.el9.ML.1 (AXSA:2026-610:09)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-610:09 advisory. JDK: Enhance crypto algorithm support CVE-2026-22007 JDK: Improve Kerberos credentialing CVE-2026-22013 JDK: Enhance Path Factories Redux...

7.5CVSS7.3AI score0.00702EPSS
Exploits0References8
OSV
OSV
added 2026/05/11 8:48 a.m.16 views

CLSA-2026-1778489316 java-1.8.0-openjdk: Fix of 8 CVEs

Update to shenandoah-jdk8u492-b09 - Security fixes from OpenJDK 8u492-b09: - CVE-2026-22003: enhance behavior of some intrinsics - CVE-2026-22007: enhance crypto algorithm support - CVE-2026-22013: improve Kerberos credentialing - CVE-2026-22018: enhance Zip file reading - CVE-2026-22021: enhance...

7.5CVSS7.2AI score0.00702EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/08 10:30 a.m.16 views

Security Bulletin: Multiple vulnerabilities affect IBM® Semeru Runtime (CVE-2026-34282, CVE-2026-22016, CVE-2026-23865, CVE-2026-22021, CVE-2026-22013, CVE-2026-20018, CVE-2026-22008, CVE-2026-34268, CVE-2026-22007, CVE-2026-6918)

Summary This bulletin for IBM Semeru Runtime covers all applicable Java SE CVEs published by OpenJDK as part of their April 2026 Vulnerability Advisory, plus CVE-2026-6918. For more information please refer to OpenJDK's April 2026 Vulnerability Advisory and the CVE links below. Vulnerability...

8.7CVSS7.4AI score0.00702EPSS
Exploits1Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.12 views

PT-2026-38738

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacke...

5.3CVSS5.8AI score0.06886EPSS
Exploits0References14
SUSE Linux
SUSE Linux
added 2026/05/07 12:43 a.m.10 views

Security update for java-17-openjdk

This update for java-17-openjdk fixes the following issues: Upgrade to upstream tag jdk-17.0.19+10 April 2026 CPU. Security issues fixed: CVE-2026-22007: Security: unauthenticated attacker with logon to the infrastructure where java executes can gain unauthorized read access to a subset of...

8.7CVSS5.9AI score0.00702EPSS
Exploits0References34
Rows per page
Query Builder