Important: java-1.8.0-openjdk

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: RMI. Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK:...

java-11-openjdk security update

1:11.0.31.0.1-1.0.1 - Update to jdk-11.0.31+1 Orabug: 38950473 - Fixes CVE-2025-64720 CVE-2025-65018 CVE-2026-21925 - CVE-2026-21933 CVE-2026-21945...

Amazon Linux 2 : java-1.8.0-openjdk, --advisory ALAS2-2026-3154 (ALAS-2026-3154)

The version of java-1.8.0-openjdk installed on the remote host is prior to 1.8.0.482.b08-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3154 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product ...

Photon OS 4.0: Openjdk11 PHSA-2026-4.0-0961

An update of the openjdk11 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-0961. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

CVE-2026-2665

A vulnerability was detected in huanzi-qch base-admin up to 57a8126bb3353a004f3c7722089e3b926ea83596. Impacted is the function Upload of the file SysFileController.java of the component JSP Parser. Performing a manipulation of the argument File results in unrestricted upload. The attack can be...

CVE-2026-2665 huanzi-qch base-admin JSP Parser SysFileController.java upload unrestricted upload

A vulnerability was detected in huanzi-qch base-admin up to 57a8126bb3353a004f3c7722089e3b926ea83596. Impacted is the function Upload of the file SysFileController.java of the component JSP Parser. Performing a manipulation of the argument File results in unrestricted upload. The attack can be...

CLSA-2026-1771408532 java-21-openjdk: Fix of 3 CVEs

Update to jdk-21.0.10+7 - CVE-2026-21945: fix possible DOS - CVE-2025-65018: fix libpng heap buffer overflow in pngimagefinishread when processing 16-bit interlaced PNGs with 8-bit output format - CVE-2025-64720: fix libpng out-of-bounds read in pngimagereadcomposite when processing palette...

Security Bulletin: IBM Sterling Transformation Extender is affected by multiple IBM Java 8 vulnerabilities

Summary IBM Sterling Transformation Extender uses IBM SDK, Java Technology Edition, Version 8 and is affected by multiple vulnerabilities CVE-2026-21945, CVE-2026-21932, CVE-2026-21933 and CVE-2026-21925. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of...

CVE-2025-70828

An issue in Datart v1.0.0-rc.3 allows attackers to execute arbitrary code via the url parameter in the JDBC configuration...

sms-ssm 授权问题漏洞

SMS-SSM is a student management system personally developed by HackHuang. There are authorization-related vulnerabilities in SMS-SSM; these vulnerabilities stem from improper authorization in the preHandle function within the LoginInterceptor.java file...

CVE-2025-27898

CVE-2025-27898 is supported by connected documentation: IBM Db2 Recovery Expert for Linux, UNIX and Windows (DB2 Recovery Expert LUW) versions affected include 5.5 with IF 2. The bulletin states the vulnerability arises from the product not invalidating a session after a timeout, which could allo...

CVE-2025-27898 Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 does not invalidate session after a timeout which could allow an authenticated user to impersonate another user on the system...

CVE-2025-27898 Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 does not invalidate session after a timeout which could allow an authenticated user to impersonate another user on the system...

CVE-2025-27899 Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 discloses sensitive information in an environment variable that could aid in further attacks against the system...

CVE-2025-27899

CVE-2025-27899 is an IBM Db2 Recovery Expert for Linux, UNIX and Windows vulnerability where sensitive information is disclosed in an environment variable. The IBM security bulletin in connected documents confirms the affected product as DB2 Recovery Expert for LUW and states the issue arises fro...

CVE-2025-27899 Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 discloses sensitive information in an environment variable that could aid in further attacks against the system...

CVE-2025-27900 Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a...

CVE-2025-27900

CVE-2025-27900 is tied to IBM Db2 Recovery Expert for Linux, UNIX and Windows. The connected IBM security bulletin describes a remote open-redirect vulnerability in Db2 Recovery Expert, enabling an attacker to craft a URL that could spoof the user’s experience and facilitate further attacks (e.g....

CVE-2025-27901

IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to HTTP header injection (improper validation of HOST headers). Exploitation could enable cross-site scripting, cache poisoning, or session hijacking. Affected product/version: DB2 Recovery Expert for LUW 5.5 IF 2. Remediation: upg...

CVE-2025-27903 Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows transmits data in a cleartext communication channel that could allow an attacker to obtain sensitive information using man in the middle techniques...