EUVD-2020-30929

AirControl 1.4.2 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through malicious Java expression injection. Attackers can exploit the /.seam endpoint by crafting a specially constructed URL with embedde...

SUSE SLES12 Security Update : java-11-openjdk (SUSE-SU-2026:0341-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0341-1 advisory. Upgrade to upstream tag jdk-11.0.30+7 January 2026 CPU Security fixes: - CVE-2026-21925: Fixed Oracle Java SE component RMI bsc1257034. -...

Fedora 43 : java-21-openjdk / java-25-openjdk / java-latest-openjdk (2026-5c70cd99f4)

The remote Fedora 43 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-5c70cd99f4 advisory. January 2026 annual updates ---- January 2026 security update Tenable has extracted the preceding description block directly from the Fedora security advisor...

SUSE SLED15 / SLES15 Security Update : java-25-openjdk (SUSE-SU-2026:0342-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0342-1 advisory. Update to upstream tag jdk-25.0.2+10 January 2026 CPU Security fixes: - CVE-2026-21925: Fixed Oracle Java SE...

CVE-2020-37052

AirControl 1.4.2 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through malicious Java expression injection. Attackers can exploit the /.seam endpoint by crafting a specially constructed URL with embedde...

CVE-2020-37052 AirControl 1.4.2 - PreAuth Remote Code Execution

AirControl 1.4.2 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through malicious Java expression injection. Attackers can exploit the /.seam endpoint by crafting a specially constructed URL with embedde...

CVE-2020-37052

AirControl 1.4.2 is affected by a pre‑authentication remote code execution vulnerability. An unauthenticated attacker can exploit the /.seam (and /seam) endpoint by crafting URLs with embedded Java expressions to execute arbitrary system commands with the application's privileges. Root cause is J...

CVE-2020-37052 AirControl 1.4.2 - PreAuth Remote Code Execution

AirControl 1.4.2 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through malicious Java expression injection. Attackers can exploit the /.seam endpoint by crafting a specially constructed URL with embedde...

CVE-2020-37052

AirControl 1.4.2 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through malicious Java expression injection. Attackers can exploit the /.seam endpoint by crafting a specially constructed URL with embedde...

Security Bulletin: Multiple vulnerabilities in IBM® SDK Java™ affect IBM Cloud Pak System

Summary Multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition were addressed in IBM Cloud Pak System version 2.3.6.1. Vulnerability Details CVEID:CVE-2025-30754 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Orac...

CLEANSTART-2026-FN12833 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security)

Multiple security vulnerabilities affect the openjdk8-jdk-azul package. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. See references for individual vulnerability details...

OPENSUSE-SU-2026:20143-1 Security update for java-25-openjdk

This update for java-25-openjdk fixes the following issues: Update to upstream tag jdk-25.0.2+10 January 2026 CPU Security fixes: - CVE-2026-21925: Fixed Oracle Java SE component RMI bsc1257034. - CVE-2026-21932: Fixed Oracle Java SE component AWT and JavaFX bsc1257036. - CVE-2026-21933: Fixed...

africa.absa:inception-application (>=1.0.0 <=1.2.0), app.fmgp:scala-did-docs_3 (>=0.1.0-M16 <=0.1.0-M33) +2472 more potentially affected by CVE-2024-4027 via io.undertow:undertow-core (>=2.0.0.Alpha1 <=2.2.38.Final)

io.undertow:undertow-core MAVEN version =2.0.0.Alpha1, =1.0.0, =0.1.0-M16, =1.0.0, =1.0.1, =1.0.2, =1.0.0, =1.2.1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.1 and more Source cves: CVE-2024-4027 Source advisory: SNYK:JAVA-IOUNDERTOW-15166617...

nanshihui__PocCollect.e13e1379

PocCollect !Build Statushttp://nanshihui.github.io/public...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses lz4-java-1.8.0.jar which is vulnerable to CVE-2025-12183, CVE-2025-66566.

Summary IBM Maximo Application Suite - Monitor Component uses lz4-java-1.8.0.jar which is vulnerable to CVE-2025-12183, CVE-2025-66566. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-66566 DESCRIPTION: yawkat LZ4 Java provides...

PT-2026-5489

Name of the Vulnerable Software and Affected Versions AirControl version 1.4.2 Description AirControl version 1.4.2 has a pre-authentication remote code execution issue. Unauthenticated attackers can execute arbitrary system commands by injecting malicious Java expressions. The issue is exploitab...

MiracleLinux 8 : java-1.8.0-openjdk-1.8.0.482.b08-1.el8 (AXSA:2026-109:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-109:02 advisory. JDK: Improve JMX connections CVE-2026-21925 JDK: Improve HttpServer Request handling CVE-2026-21933 JDK: Enhance Certificate Checking CVE-2026-21945...

Mageia: Security Advisory (MGASA-2026-0024)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Uncovering Hidden Inclusions of Vulnerable Dependencies in Real-World Java Projects

Open-source software OSS dependencies are a dominant component of modern software code bases. Using proven and well-tested OSS components lets developers reduce development time and cost while improving quality. However, heavy reliance on open-source software also introduces significant security...

MiracleLinux 9 : java-21-openjdk-21.0.10.0.7-1.el9.ML.1 (AXSA:2026-098:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-098:01 advisory. JDK: Improve JMX connections CVE-2026-21925 JDK: Improve HttpServer Request handling CVE-2026-21933 JDK: Enhance Certificate Checking CVE-2026-21945...