Security Bulletin: Communications Server (CS) for Data Center Deployment and CS for AIX are affected by: IBM Java: Buffer overflow vulnerability in OMR allows denial-of-service

Summary Communications Server CS for Data Center Deployment and CS for AIX install a local Java JRE in its product directories. This JRE is used solely for the IBM Key Manager ikeyman tool which is called by the snakeyman script used for managing the SSL key database used by the TN3270 Server and...

Security Bulletin: Communications Server (CS) for Data Center Deployment, CS for Linux, and CS for Linux on System z are affected by: IBM Java: Buffer overflow vulnerability in OMR allows denial-of-service

Summary Communications Server CS for Data Center Deployment, CS for Linux, and CS for Linux on System z install a local Java JRE in its product directories. This JRE is used solely for the IBM Key Manager ikeyman tool which is called by the snakeyman script used for managing the SSL key database...

com.io7m.jsay:com.io7m.jsay (=0.0.2), com.jkoolcloud.tnt4j.streams:tnt4j-streams-jms (>=1.14.2 <=2.3.0) +5 more potentially affected by CVE-2026-32642 via org.apache.activemq:artemis-openwire-protocol (>=2.0.0 <=2.4.0)

org.apache.activemq:artemis-openwire-protocol MAVEN version =2.0.0, =1.14.2, =0.1.0, =0.1.0, =2.0.0, =2.31.1, =2.29.0, =2.44.0 Source cves: CVE-2026-32642 Source advisory: SNYK:JAVA-ORGAPACHEACTIVEMQ-15791526...

EUVD-2026-14708

Deserialization of Untrusted Data vulnerability in DTStack chunjun ‎chunjun-core/src/main/java/com/dtstack/chunjun/util modules. This vulnerability is associated with program files GsonUtil.Java. This issue affects chunjun: before 1.16.1...

CVE-2026-4741

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in TeamJCD JoyConDroid app/src/main/java/com/rdapps/gamepad/util modules. This vulnerability is associated with program files UnzipUtil.Java‎. This issue affects JoyConDroid: through 1.0.93...

CVE-2026-4741

The CVE-2026-4741 entry applies to JoyConDroid, affecting the UnzipUtil.Java component in the app/src/main/java/com/rdapps/gamepad/util modules. The underlying issue is an improper limitation of a pathname to a restricted directory (path traversal) within JoyConDroid versions up to and including ...

CVE-2026-4741

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in TeamJCD JoyConDroid app/src/main/java/com/rdapps/gamepad/util modules. This vulnerability is associated with program files UnzipUtil.Java‎. This issue affects JoyConDroid: through 1.0.93...

CVE-2026-4735

CVE-2026-4735 affects DTStack chunjun (chunjun-core/util) with a deserialization of untrusted data in GsonUtil.Java, leading to a stack overflow/DoS for versions before 1.16.1. Multiple sources corroborate the issue in chunjun up to 1.16.0, with Red Hat and PT-Security entries aligning on the vul...

CVE-2026-4735

Deserialization of Untrusted Data vulnerability in DTStack chunjun ‎chunjun-core/src/main/java/com/dtstack/chunjun/util modules. This vulnerability is associated with program files GsonUtil.Java. This issue affects chunjun: before 1.16.1...

UBUNTU-CVE-2026-33306

bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt password hashing algorithm. Prior to version 3.1.22, an integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in the strengthening loop. Impacted applications must be setting the cost to 31 to see this happen. T...

Joy-Con Droid 安全漏洞

Joy-Con Droid is an open-source application developed by TeamJCD that transforms Android devices into game controllers. Versions of Joy-Con Droid prior to 1.0.93 contained security vulnerabilities, which were caused by path traversal attacks. These vulnerabilities could lead to issues with the...

This Week in Spring - March 24th, 2026

Hi, Spring fans! Welcome to yet another rip-roarin' installment of This Week in Spring. As usual, we've got a ton to look into, so let's dive right in! Happy 22nd birthday to Spring Framework, released this day 22 years ago! and of course, next week, 1 April 2026, marks 12 years since Spring Boot...

ChunJun 安全漏洞

ChunJun is an open-source Flink-based framework for synchronization and processing of heterogeneous data sources developed by Kangaroo Cloud. Versions of ChunJun prior to 1.16.1 contained security vulnerabilities. These vulnerabilities stemmed from the deserialization of untrusted data, which cou...

PT-2026-27313

Name of the Vulnerable Software and Affected Versions chunjun versions prior to 1.16.1 Description An unreliable data deserialization issue exists in DTStack chunjun, specifically within the chunjun-core/src/main/java/com/dtstack/chunjun/util modules. The problem is linked to the GsonUtil.Java...

com.braimanm:uitaf (>=3.0.0 <=3.2.3), com.braimanm:uitaf-playwright (>=1.0.0-alpha <=1.0.1-alpha) +7 more potentially affected by CVE-2026-33166 via io.qameta.allure:allure-generator (>=2.10.0 <=2.37.0)

io.qameta.allure:allure-generator MAVEN version =2.10.0, =3.0.0, =1.0.0-alpha, =1.1.0, =0.1.17, =0.1.17, =1.0-RC1, =2.10.0, =2.37.0 - org.uitaf:uitaf-playwright =1.0.1 Source cves: CVE-2026-33166 Source advisory: SNYK:JAVA-IOQAMETAALLURE-15763503...

Security Bulletin: IBM Sterling Connect:Direct for Unix is impacted by vulnerabilities due to IBM Java 17

Summary IBM Java 17 is used by IBM Sterling Connect:Direct for UNIX in product configuration and data transmission. IBM Sterling Connect:Direct for UNIX is impacted by vulnerabilities in IBM Java 17. IBM Sterling Connect:Direct for UNIX has upgraded IBM Java 17 to address the issues. Vulnerabilit...

OESA-2026-1690 mchange-commons security update

General tool, part of c3p0. Security Fixes: mchange-commons-java, a library that provides Java utilities, includes code that mirrors early implementations of JNDI functionality, including support for remote factoryClassLocation values, by which code can be downloaded and invoked within a running...

Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is impacted by vulnerabilities in Eclipse Paho Java client library

Summary A vulnerability has been identified in Eclipse Paho Java client library, which is used in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2019-11777 DESCRIPTION: In the Eclipse Paho Java client library version 1.2.0, when connecting to an MQTT serve...

CVE-2026-32939

DataEase is an open source data visualization analysis tool. Versions 2.10.19 and below have inconsistent Locale handling between the JDBC URL validation logic and the H2 JDBC engine's internal parsing. DataEase uses String.toUpperCase without specifying an explicit Locale, causing its security...

ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (>=0.2.0 <=0.28.0), ai.ancf.lmos:lmos-operator (>=0.0.4 <=0.6.0) +9908 more potentially affected by CVE-2026-22737 via org.springframework:spring-webmvc (>=6.0.0 <=6.2.16)

org.springframework:spring-webmvc MAVEN version =6.0.0, =0.2.0, =0.0.4, =0.5.0, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.7.5, =0.8.3, =0.7.0, =0.5.0, =0.5.0, =0.8.7 and more Source cves: CVE-2026-22737 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORK-15701845...