SAP NetWeaver AS Java 跨站脚本漏洞

SAP NetWeaver AS Java is a platform system developed by the German company SAP. SAP NetWeaver AS Java has a cross-site scripting vulnerability, which stems from reflective cross-site scripting and may allow malicious scripts to be executed...

Adobe Experience Manager Forms 跨站脚本漏洞

Adobe Experience Manager Forms is a form content management solution developed by Adobe, a company based in America. This product includes features for form creation, management, publishing, as well as communication management, document security, and integrated analysis. The Adobe Experience...

java-1.8.0-openjdk security update

1.8.0.492.b09-1.0.1 - Update to 8u492-b09 GA Orabug: 39247147CVE-2026-22007CVE-2026-22013 CVE-2026-22016CVE-2026-22018CVE-2026-22021CVE-2026-23865CVE-2026-34268 1.8.0.482.b08-1.0.1 - Update to 8u482-b08 GA. Orabug: 38893614 - Update release notes for 8u482-b08. - Resolves: RHEL-142689 - Resolves:...

APSB26-57 : Security update available for Adobe Experience Manager Forms

Adobe has released a security update for Adobe Experience Manager Forms on Java Enterprise Edition JEE. This update addresses critical and important vulnerabilities that could lead to arbitrary code execution...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a remote code execution vulnerability (CVE-2026-9319)

Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a remote code execution vulnerability when using JAX-WS endpoints with WS-Security. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...

CVE-2026-45581 fabric-chaincode-java: TLS Private Key Password Disclosed in INFO Startup Logs in Chaincode-as-a-Service Mode

fabric-chaincode-java is a Java based implementation of Hyperledger Fabric chaincode shim APIs. From version 2.3.1 to before version 2.5.10, when chaincode is deployed in chaincode-as-a-service mode with TLS enabled, the chaincode server INFO level logging includes the TLS private key password in...

CVE-2026-45581

CVE-2026-45581 affects fabric-chaincode-java (Hyperledger Fabric chaincode runtime). In versions 2.3.1 through 2.5.09, when deployed in chaincode-as-a-service mode with TLS enabled, the chaincode server’s INFO logs include the TLS private key password in plaintext, enabling an attacker with log a...

CVE-2026-45581 fabric-chaincode-java: TLS Private Key Password Disclosed in INFO Startup Logs in Chaincode-as-a-Service Mode

fabric-chaincode-java is a Java based implementation of Hyperledger Fabric chaincode shim APIs. From version 2.3.1 to before version 2.5.10, when chaincode is deployed in chaincode-as-a-service mode with TLS enabled, the chaincode server INFO level logging includes the TLS private key password in...

CVE-2026-45581

fabric-chaincode-java is a Java based implementation of Hyperledger Fabric chaincode shim APIs. From version 2.3.1 to before version 2.5.10, when chaincode is deployed in chaincode-as-a-service mode with TLS enabled, the chaincode server INFO level logging includes the TLS private key password in...

EUVD-2026-35139

fabric-chaincode-java is a Java based implementation of Hyperledger Fabric chaincode shim APIs. From version 2.3.1 to before version 2.5.10, when chaincode is deployed in chaincode-as-a-service mode with TLS enabled, the chaincode server INFO level logging includes the TLS private key password in...

Security Bulletin: Multiple security vulnerabilities in IBM SDK, Java Technology Edition Quarterly CPU - Apr 2026 affects IBM OpenPages

Summary IBM® SDK, Java™ Technology Edition is shipped as a supporting program of IBM OpenPages. Information about a security vulnerability affecting IBM SDK, Java Technology Edition Quarterly CPU - Apr 2026 has been published in multiple security bulletins. These products have addressed the...

Security Bulletin: IBM Technical Support Appliance is affected by a timing channel vulnerability in Bouncy Castle BC-JAVA

Summary IBM Technical Support Appliance TSA includes a vulnerable version of the Bouncy Castle BC-JAVA library bcprov-jdk18on-1.78.1.jar. A flaw in the FrodoEngine component may expose information through a covert timing channel, potentially affecting the confidentiality of cryptographic operatio...

Security Bulletin: Multiple vulnerabilities in IBM Rational Developer for i (CVE-2026-3505, CVE-2025-14813, CVE-2026-0636, CVE-2026-5598, CVE-2026-33671, CVE-2026-33672, CVE-2026-5588, CVE-2026-40175)

Summary IBM Rational Developer for i is affected by an uncontrolled resource consumption vulnerability in Bcpg CVE-2026-3505, a broken or risky cryptographic vulnerability in Bcprov CVE-2025-14813, an LDAP injection vulnerability in Bcprov CVE-2026-0636, a covert timing channel vulnerability in...

Hyperledger Fabric Chaincode Java 日志信息泄露漏洞

Hyperledger Fabric Chaincode Java is an open-source Java-based smart contract development framework developed by the Hyperledger project. In versions 2.3.1 to 2.5.10 of Hyperledger Fabric Chaincode Java, there was a vulnerability involving log information leakage. This vulnerability occurred when...

Cross-site Scripting (XSS)

Overview org.springframework:spring-web is a package that provides a comprehensive programming and configuration model for modern Java-based enterprise applications - on any kind of deployment platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper...

Medium: bouncycastle

Issue Overview: Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all pkix modules. PKIX draft CompositeVerifier accepts empty signature sequence as valid. This issue affects BC-JAVA: from 1.49 before 1.84. CVE-2026-5588 Affected...

Amazon Linux 2023 : bouncycastle, bouncycastle-javadoc, bouncycastle-mail (ALAS2023-2026-1775)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1775 advisory. Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all pkix modules. PKIX draft CompositeVerifier accepts empty signature sequence as...

TencentOS Server 4: java-17-konajdk (TSSA-2026:0329)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0329 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

TencentOS Server 4: java-11-konajdk (TSSA-2026:0330)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0330 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

TencentOS Server 4: java-8-konajdk (TSSA-2026:0331)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0331 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...