[SECURITY] Fedora 42 Update: java-latest-openjdk-26.0.0.0.32-0.0.1.ea.fc42

The OpenJDK 26 runtime environment...

[SECURITY] Fedora 42 Update: java-25-openjdk-25.0.2.0.10-2.fc42

The OpenJDK 25 runtime environment...

[SECURITY] Fedora 42 Update: java-21-openjdk-21.0.10.0.7-2.fc42

The OpenJDK 21 runtime environment...

📄 Oracle Access Manager 12.2.1.4.0 Insecure Deserialization

Proof of concept exploit for an unauthenticated Java deserialization vulnerability in the OpenSSO Agent component of Oracle Access Manager that allows remote attackers to execute arbitrary commands without authentication. The vulnerability exists in the session handling mechanism of the OpenSSO...

Oracle Linux 7 : java-1.8.0-openjdk (ELSA-2026-0931)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-0931 advisory. - Fixes CVE-2026-21925 CVE-2026-21933 CVE-2026-21945 - Fixes CVE-2025-53057 CVE-2025-53066 - Fixed CVE-2025-21587, CVE-2025-30691 and CVE-2025-30698...

Fedora 42 : java-21-openjdk / java-25-openjdk / java-latest-openjdk (2026-1ad57632f2)

The remote Fedora 42 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-1ad57632f2 advisory. January 2026 annual updates ---- January 2026 security update Tenable has extracted the preceding description block directly from the Fedora security advisor...

Intel VTune Profiler和Intel oneAPI Toolkits 代码问题漏洞

Intel VTune Profiler and Intel oneAPI Toolkits are products of Intel Corporation, a US company. Intel VTune Profiler is a performance testing tool designed to optimize software. This software can be used for performance testing in IoT embedded applications, media software, Java applications, and...

This Week in Spring - February 10th, 2026

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's February 10th, 2026, as I write this from lovely London, UK. I spoke at the local Java User Group here last night, had a wonderful time. Tomorrow, I'm going home. It's been fun, but it's time to conclude this roller...

Fedora: Security Advisory (FEDORA-2026-1ad57632f2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Exploit for CVE-2026-25747

LevelDB Deserialization Vulnerability Reproducer This project...

MiracleLinux 9 : java-25-openjdk-25.0.2.0.10-1.el9.ML.1 (AXSA:2026-154:04)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-154:04 advisory. JDK: Improve JMX connections CVE-2026-21925 JDK: Improve HttpServer Request handling CVE-2026-21933 JDK: Enhance Certificate Checking CVE-2026-21945...

java-1.8.0-openjdk security update

1.8.0.482.b08-1.0.1 - Update to 8u482-b08 GA. Orabug: 38893614 - Update release notes for 8u482-b08. - Resolves: RHEL-142689 - Resolves: RHEL-139521 - Resolves: RHEL-131446 - Resolves: RHEL-131459 - Resolves: RHEL-142865 - Resolves: RHEL-142696 - Fixes CVE-2026-21925 CVE-2026-21933 CVE-2026-21945...

OESA-2026-1319 xmpcore security update

The XMP Library for Java is based on the C++ XMPCore library and the API is similar. Security Fixes: XMPCore in Adobe XMP Toolkit for Java before 5.1.3 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference,...

CVE-2026-25526

JinJava is a Java-based template engine based on django template syntax, adapted to render jinja templates. Prior to versions 2.7.6 and 2.8.3, JinJava is vulnerable to arbitrary Java execution via bypass through ForTag. This allows arbitrary Java class instantiation and file access bypassing...

SUSE SLES15 / openSUSE 15 Security Update : java-1_8_0-openj9 (SUSE-SU-2026:0389-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0389-1 advisory. - CVE-2026-21925: Fixed a vulnerability in the Oracle Java SE component RMI. bsc1257034 - CVE-2026-21932: Fixed a vulnerability i...

SUSE SLES15 / openSUSE 15 Security Update : java-1_8_0-ibm (SUSE-SU-2026:0390-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0390-1 advisory. Security fixes: - CVE-2026-21925: Fixed Oracle Java SE component RMI bsc1257034 - CVE-2026-21932: Fixed Oracle Java S...

PublicCMS 授权问题漏洞

PublicCMS is an open-source content management system CMS developed by PublicCMS Company in China using the Java language. There is an authorization issue in PublicCMS; this issue stems from a mistake in the parameter paymentId of the function Paid within the component Trade Payment Handler,...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Virtualization Engine TS7700

Summary IBM Virtualization Engine TS7700 is susceptible to information Disclosure CVE-2025-53066 and one Tampering CVE-2025-53057 unauthorized data access due to the use of IBM® SDK Java™ Technology Edition, Version 8 Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified...

ongres-scram: Timing Attack Vulnerability in SCRAM Authentication

A timing attack vulnerability exists in the SCRAM Java implementation. The issue arises because Arrays.equals was used to compare secret values such as client proofs and server signatures. Since Arrays.equals performs a short-circuit comparison, the execution time varies depending on how many...

ongres-scram: Timing Attack Vulnerability in SCRAM Authentication

A timing attack vulnerability exists in the SCRAM Java implementation. The issue arises because Arrays.equals was used to compare secret values such as client proofs and server signatures. Since Arrays.equals performs a short-circuit comparison, the execution time varies depending on how many...