CVE-2026-1062

A flaw has been found in xiweicheng TMS up to 2.28.0. This affects the function Summary of the file src/main/java/com/lhjz/portal/util/HtmlUtil.java. This manipulation of the argument url causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been...

CVE-2026-1050 risesoft-y9 Digital-Infrastructure REST Authenticate Endpoint Y9PlatformUtil.java sql injection

A flaw has been found in risesoft-y9 Digital-Infrastructure up to 9.6.7. This affects an unknown function of the file source-code/src/main/java/net/risesoft/util/Y9PlatformUtil.java of the component REST Authenticate Endpoint. Executing a manipulation can lead to sql injection. The attack can be...

OSV-2026-65 Security exception in com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=476179553 Crash type: Security exception Crash state: com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr java.base/sun.nio.cs.UTF8$Encoder.encodeArrayLoop java.base/sun.nio.cs.UTF8$Encoder.encodeLoop...

EUVD-2026-2921

ActiveRecord-JDBC-Adapter AR-JDBC lib/arjdbc/jdbc/adapter.rb sql.gsub Function SQL Injection...

Security Bulletin: Multiple security vulnerabilities in Java may affect IBM Robotic Process Automation

Summary Multiple security vulnerabilities in Java affect IBM Robotic Process Automation. Java is used by IBM Robotic Process Automation as part of metrics and licening, and UMS. This bulletin identifies the fixes required to address these vulnerabilities. Vulnerability Details CVEID:CVE-2025-5305...

Security Bulletin: Confidentiality Vulnerability in IBM Watson Explorer Related to Java SE JAXP

Summary IBM SDK, Java Technology is used within IBM Watson Explorer CVE-2025-53066 Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow a remote attacker to cause high confidentiality impact, no integrity impact,...

Security Bulletin: Vulnerability in Java affects IBM Netezza Appliance

Summary The Java package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-21502 Vulnerability Details CVEID:CVE-2025-21502 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracl...

MiracleLinux 3 : java-1.6.0-openjdk-1.6.0.0-4.1.13.1.AXS3.0.1 (AXSA:2014-244:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2014-244:01 advisory. The OpenJDK runtime environment. Security issues fixed with this release: CVE-2013-5878 Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Ja...

MiracleLinux 7 : java-11-openjdk-11.0.5.10-0.el7 (AXSA:2019-4349:04)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-4349:04 advisory. OpenJDK: Improper handling of Kerberos proxy credentials Kerberos, 8220302 CVE-2019-2949 OpenJDK: Unexpected exception thrown during regular...

MiracleLinux 4 : java-1.6.0-openjdk-1.6.0.0-5.1.13.3.AXS4 (AXSA:2014-272:02)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2014-272:02 advisory. The OpenJDK runtime environment. Security issues fixed with this release: CVE-2014-0429 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u5...

MiracleLinux 7 : java-1.7.0-openjdk-1.7.0.211-2.6.17.1.0.1.el7.AXS7 (AXSA:2019-3841:02)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2019-3841:02 advisory. Security Fix - Oracle Java SE Libraries Java SE CVE-2019-2422 CVEJVNhttp://jvndb.jvn.jp/ Tenable has extracted the preceding description block directly from...

MiracleLinux 4 : java-1.7.0-openjdk-1.7.0.141-2.6.10.1.AXS4 (AXSA:2017-1643:02)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-1643:02 advisory. The OpenJDK runtime environment. Security issues fixed with this release: CVE-2017-3509 Vulnerability in the Java SE, Java SE Embedded component of...

MiracleLinux 7 : java-1.8.0-openjdk-1.8.0.65-2.b17.el7 (AXSA:2015-515:03)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2015-515:03 advisory. The OpenJDK runtime environment. Security issues fixed with this release: CVE-2015-4734 RESERVED This candidate has been reserved by an organization ...

MiracleLinux 7 : java-11-openjdk-11.0.3.7-0.el7 (AXSA:2019-3894:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-3894:02 advisory. OpenJDK: Slow conversion of BigDecimal to long Libraries, 8211936 CVE-2019-2602 OpenJDK: Incorrect skeleton selection in RMI registry server-side...

MiracleLinux 7 : java-1.7.0-openjdk-1.7.0.141-2.6.10.0.0.1.el7.AXS7 (AXSA:2017-1653:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-1653:02 advisory. The OpenJDK runtime environment. Security issues fixed with this release: CVE-2017-3509 Vulnerability in the Java SE, Java SE Embedded component of...

MiracleLinux 4 : icedtea-web-1.2.3-2.0.1.AXS4 (AXSA:2013-414:02)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2013-414:02 advisory. The IcedTea-Web project provides a Java web browser plugin, an implementation of Java Web Start originally based on the Netx project and a settings...

MiracleLinux 7 : xmlrpc-3.1.3-9.el7 (AXSA:2018-3132:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2018-3132:01 advisory. xmlrpc: Deserialization of untrusted Java object through tag CVE-2016-5003 Tenable has extracted the preceding description block directly from the MiracleLin...

MiracleLinux 4 : java-1.6.0-openjdk-1.6.0.41-1.13.13.1.AXS4 (AXSA:2017-1237:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-1237:01 advisory. The OpenJDK runtime environment. Security issues fixed with this release: CVE-2016-5542 Unspecified vulnerability in Oracle Java SE 6u121, 7u111,...

MiracleLinux 7 : java-1.6.0-openjdk-1.6.0.38-1.13.10.0.1.el7.AXS7 (AXSA:2016-069:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-069:01 advisory. The OpenJDK runtime environment. Security issues fixed with this release: CVE-2016-0402 Unspecified vulnerability in the Java SE and Java SE Embedded...

SAP NetWeaver Command Injection (January 2026)

The version of SAP NetWeaver Application Server for Java detected on the remote host is affected by an SAP NetWeaver is affected by a server-side request forgery SSRF vulnerabilityas disclosed in the SAP Security Patch Day January 2026: - Due to an OS Command Injection vulnerability in SAP...