java-25-openjdk-25.0.3.0-1.1 on GA media (moderate)

java-25-openjdk-25.0.3.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10639-1 Rating: moderate Cross-References: CVE-2026-22007 CVE-2026-22008 CVE-2026-22013 CVE-2026-22016 CVE-2026-22018 CVE-2026-22021 CVE-2026-23865 CVE-2026-34268 CVE-2026-34282 CVSS scores: CVE-2026-22007 SUSE : 2.9...

AlmaLinux 10 : java-21-openjdk (ALSA-2026:9689)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:9689 advisory. JDK: Enhance crypto algorithm support CVE-2026-22007 JDK: Improve Kerberos credentialing CVE-2026-22013 JDK: Enhance Path Factories Redux CVE-2026-22016...

appsmith has SQL Injection in FilterDataService via Unsafe DROP TABLE Execution

Summary A SQL injection vulnerability exists in FilterDataServiceCE.java where the dropTable method constructs a SQL DROP TABLE statement using string concatenation with the table name. If the table name is derived from user input, this allows for arbitrary SQL command execution. Details The...

GHSA-PRF8-CF2X-RHX7 fabric-sdk-java has ObjectInputStream.readObject() without ObjectInputFilter, which allows Java deserialization RCE

Summary This advisory covers the deprecated fabric-sdk-java client SDK. Channel.java implements readObject and exposes deSerializeChannel which call ObjectInputStream.readObject on untrusted byte arrays without configuring an ObjectInputFilter. This is the classic Java deserialization RCE pattern...

com.baoquan:verax-sdk (=1.0.0), com.easypayx:easypay-blockchain-java-sdk (>=1.0.0 <=1.0.4) +21 more potentially affected by CVE-2026-41586 via org.hyperledger.fabric-sdk-java:fabric-sdk-java (>=1.0.1 <=2.2.26)

org.hyperledger.fabric-sdk-java:fabric-sdk-java MAVEN version =1.0.1, =1.0.0, =1.0.0-RELEASE, =1.0.0-RELEASE, =0.0.1, =1.0.0, =1.0.0, =1.0, =3.16.1, =1.2.0, =1.3.0, =0.10.1, =0.11.5 and more Source cves: CVE-2026-41586 Source advisory: OSV:GHSA-PRF8-CF2X-RHX7...

fabric-sdk-java has ObjectInputStream.readObject() without ObjectInputFilter, which allows Java deserialization RCE

Summary This advisory covers the deprecated fabric-sdk-java client SDK. Channel.java implements readObject and exposes deSerializeChannel which call ObjectInputStream.readObject on untrusted byte arrays without configuring an ObjectInputFilter. This is the classic Java deserialization RCE pattern...

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: java-25-openjdk: java-25-openjdk-25.0.3.0.9-1.hum1 aarch64, x8664 java-25-openjdk-crypto-adapter-25.0.3.0.9-1.hum1 aarch64, x8664 java-25-openjdk-crypto-adapter-fastdebug-25.0.3.0.9-1.hum1 aarch6...

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: java-25-openjdk-portable: java-25-openjdk-portable-25.0.3.0.9-1.hum1 aarch64, x8664 java-25-openjdk-portable-devel-25.0.3.0.9-1.hum1 aarch64, x8664...

h2database-rce-poc

H2 Console RCE Exploit Toolkit Vulnerability exploitation scr...

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: java-21-openjdk: java-21-openjdk-21.0.11.0.10-1.hum1 aarch64, x8664 java-21-openjdk-demo-21.0.11.0.10-1.hum1 aarch64, x8664 java-21-openjdk-demo-fastdebug-21.0.11.0.10-1.hum1 aarch64, x8664...

Docker_Desktop_POC

Java vulnerable scan POC Minimal Maven project used to comp...

Joern 4.0.529

Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...

OPENSUSE-SU-2026:10656-1 java-1_8_0-openjdk-1.8.0.492-1.1 on GA media

These are all security issues fixed in the java-180-openjdk-1.8.0.492-1.1 package on the GA media of openSUSE Tumbleweed...

AlmaLinux 9 : java-17-openjdk (ALSA-2026:9686)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:9686 advisory. JDK: Enhance crypto algorithm support CVE-2026-22007 JDK: Improve Kerberos credentialing CVE-2026-22013 JDK: Enhance Path Factories Redux CVE-2026-22016...

Linux Distros Unpatched Vulnerability : CVE-2026-22003

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are...

PT-2026-37132

Name of the Vulnerable Software and Affected Versions Hyperledger Fabric versions 1.0.0 through 2.2.26 Description In the deprecated fabric-sdk-java client SDK, the Channel.java file implements readObject and exposes the deSerializeChannel function, both of which call ObjectInputStream.readObject...

CVE-2026-7291

A weakness has been identified in o2oa up to 10.0. This affects the function FileAction of the file FileAction.java of the component URL Fetching. Executing a manipulation of the argument fileUrl can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit ha...

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: java-21-openjdk-portable: java-21-openjdk-portable-21.0.11.0.10-2.hum1 aarch64, x8664 java-21-openjdk-portable-devel-21.0.11.0.10-2.hum1 aarch64, x8664...

CLSA-2026-1777393695 java-11-openjdk: Fix of 6 CVEs

Upgrade to openjdk-11.0.30+7 GA. The following CVEs were fixed: - CVE-2026-21945: enhance certificate checking - CVE-2026-21932: enhance handling of URIs - CVE-2026-21933: improve HttpServer request handling - CVE-2026-21925: improve JMX connections - CVE-2025-64720: update libpng to 1.6.51 -...

Security Bulletin: IBM Transformation Advisor is affected by multiple vulnerabilities found in Java, JavaScript and IBM WebSphere Application Server Liberty

Summary There are multiple vulnerabilities in Java, JavaScript and IBM WebSphere Application Server Liberty used by IBM Transformation Advisor. Vulnerability Details CVEID:CVE-2026-33151 DESCRIPTION: Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prio...