Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.1.4 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 8.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

lz4-java: lz4-java: Out-of-bounds memory operations lead to denial of service and information disclosure

A flaw was found in lz4-java. This vulnerability allows remote attackers to cause denial of service DoS and read adjacent memory via untrusted compressed input. This vulnerability affects only programs using the unsafe LZ4decompressfast API, known as the "fast" decompressor...

lz4-java: lz4-java: Information Disclosure via Insufficient Output Buffer Clearing

A flaw was found in lz4-java. This vulnerability allows disclosure of sensitive data via crafted compressed input due to insufficient clearing of the output buffer in Java-based decompressor implementations...

java-1_8_0-openjdk-1.8.0.482-1.1 on GA media (moderate)

java-180-openjdk-1.8.0.482-1.1 on GA media Announcement ID: openSUSE-SU-2026:10136-1 Rating: moderate Cross-References: CVE-2026-21925 CVE-2026-21932 CVE-2026-21933 CVE-2026-21945 CVSS scores: CVE-2026-21925 SUSE : 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2026-21932 SUSE : 7.4...

java-1_8_0-openj9-1.8.0.482-1.1 on GA media (moderate)

java-180-openj9-1.8.0.482-1.1 on GA media Announcement ID: openSUSE-SU-2026:10135-1 Rating: moderate Cross-References: CVE-2026-21925 CVE-2026-21933 CVSS scores: CVE-2026-21925 SUSE : 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2026-21933 SUSE : 6.1...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : java-21-openjdk (SUSE-SU-2026:0363-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0363-1 advisory. Update to upstream tag jdk-21.0.10+7 January 2026 CPU Security fixes: - CVE-2026-21925: Fixed...

RHEL 9 : Red Hat JBoss Enterprise Application Platform 8.1.4 (RHSA-2026:1871)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:1871 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release o...

RHEL 8 : Red Hat JBoss Enterprise Application Platform 8.1.4 (RHSA-2026:1870)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:1870 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release o...

java-21-openj9-21.0.10.0-1.1 on GA media (moderate)

java-21-openj9-21.0.10.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10137-1 Rating: moderate Cross-References: CVE-2026-21925 CVE-2026-21933 CVSS scores: CVE-2026-21925 SUSE : 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2026-21933 SUSE : 6.1...

java-17-openj9-17.0.18.0-1.1 on GA media (moderate)

java-17-openj9-17.0.18.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10134-1 Rating: moderate Cross-References: CVE-2026-21925 CVE-2026-21933 CVSS scores: CVE-2026-21925 SUSE : 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2026-21933 SUSE : 6.1...

HubSpot Jinjava 安全漏洞

HubSpot Jinjava is an application developed by a personal developer at HubSpot in the United States. It provides a Java-based template engine and Django template syntax, suitable for rendering Jinja templates. There were security vulnerabilities in versions of HubSpot Jinjava prior to 2.7.6 and...

Ubuntu 25.10 : CRaC JDK 17 vulnerabilities (USN-7997-1)

The remote Ubuntu 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7997-1 advisory. It was discovered that the RMI component of CRaC JDK 17 would establish RMI TCP endpoint connections to a remote host without setting an endpoint...

Ubuntu: Security Advisory (USN-7997-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 9 : JMC update (Important) (RHSA-2026:1823)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:1823 advisory. JDK Mission Control JMC is a powerful profiler for HotSpot JVMs and has an advanced set of tools that enables efficient and detailed analysis of the...

Ubuntu 25.10 : CRaC JDK 25 vulnerabilities (USN-7996-1)

The remote Ubuntu 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7996-1 advisory. It was discovered that the RMI component of CRaC JDK 25 would establish RMI TCP endpoint connections to a remote host without setting an endpoint...

java-11-openj9-11.0.30.0-1.1 on GA media (moderate)

java-11-openj9-11.0.30.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10133-1 Rating: moderate Cross-References: CVE-2026-21925 CVE-2026-21933 CVSS scores: CVE-2026-21925 SUSE : 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2026-21933 SUSE : 6.1...

openSUSE 16 Security Update : java-17-openjdk (openSUSE-SU-2026:20134-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20134-1 advisory. Upgrade to upstream tag jdk-17.0.18+8 January 2026 CPU Security fixes: - CVE-2026-21925: Fixed Oracle Java SE component RMI bsc1257034. -...

openSUSE 16 Security Update : java-25-openjdk (openSUSE-SU-2026:20143-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20143-1 advisory. Update to upstream tag jdk-25.0.2+10 January 2026 CPU Security fixes: - CVE-2026-21925: Fixed Oracle Java SE component RMI bsc1257034. -...

SUSE SLES16 Security Update : java-17-openjdk (SUSE-SU-2026:20199-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:20199-1 advisory. Upgrade to upstream tag jdk-17.0.18+8 January 2026 CPU Security fixes: - CVE-2026-21925: Fixed Oracle Java SE component RMI...

JinJava Bypass through ForTag leads to Arbitrary Java Execution

Impact Vulnerability Type: Sandbox Bypass / Remote Code Execution Affected Component: Jinjava Affected Users: - Organizations using HubSpot's Jinjava template rendering engine for user-provided template content - Any system that renders untrusted Jinja templates using HubSpot's Jinjava...