56232 matches found
JeeWMS 访问控制错误漏洞
JeeWMS is a JAVA-based warehouse management system developed by JeeWMS Corporation in China. There is an access control vulnerability in JeeWMS, which stems from issues with the handling of files in the /base-boot/actuator directory within the Boot Actuator Endpoint component. This vulnerability...
CVE-2026-50076
Deserialization of Untrusted Data in the Java replace-resolve path in Apache Fory fory-core Java SDK before 1.1.0 on Java/JVM platforms allows a remote attacker to bypass class registration, TypeChecker, and DisallowedList checks and invoke classpath-present readResolve/readExternal hooks via...
CVE-2026-6620
A vulnerability was found in SonicCloudOrg sonic-server up to 2.0.0. The affected element is the function Upload of the file FileTool.java of the component File Upload Endpoint. The manipulation of the argument Type results in path traversal. The attack may be launched remotely. The exploit has...
CVE-2026-8971
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the Networking: JAR component...
CVE-2026-45682
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the custom CappedConcurrentHashMap introduced for Java TLS state tracking never removes keys from its insertion-order queue when entries are deleted. In long-running...
CVE-2026-22003
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u481 and 8u481-b50; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows low privileged...
CVE-2026-44501
DataHub is an open-source metadata platform. Prior to 1.5.0.3, The DataHub frontend datahub-frontend-react deserializes attacker-controlled Java objects from the REDIRECTURL HTTP cookie during the OIDC callback flow, with no integrity protection no HMAC, no encryption. This is a Deserialization o...
CVE-2026-41433
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From 0.4.0 to before 0.8.0, a flaw in the Java agent injection path allows a local attacker controlling a Java workload to overwrite arbitrary host files when Java injection is enabled and OBI is...
CVE-2026-9319
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to deserialization of untrusted data via JAX-WS endpoints with WS-Security...
GHSA-XXWJ-CPV6-F4HC vulnerabilities
Vulnerabilities for packages: openjdk-21-openj9, openjdk-26-openj9, openjdk-11-openj9, openjdk-25-openj9, openjdk-17-openj9, openjdk-8-openj9...
GHSA-QJHJ-JG8G-7M6H vulnerabilities
Vulnerabilities for packages: openjdk-21-openj9, openjdk-26-openj9, openjdk-11-openj9, openjdk-25-openj9, openjdk-17-openj9, openjdk-8-openj9...
GHSA-9GRW-5H83-65P3 vulnerabilities
Vulnerabilities for packages: openjdk-21-openj9, openjdk-26-openj9, openjdk-11-openj9, openjdk-25-openj9, openjdk-17-openj9, openjdk, openjdk-8-openj9...
GHSA-CPW4-RFMM-H598 vulnerabilities
Vulnerabilities for packages: openjdk-21-openj9, openjdk-26-openj9, openjdk-11-openj9, openjdk-25-openj9, openjdk-17-openj9, openjdk-8-openj9...
GHSA-G75F-42VW-M3XV vulnerabilities
Vulnerabilities for packages: openjdk-21-openj9, openjdk-26-openj9, openjdk-11-openj9, openjdk-25-openj9, openjdk-17-openj9, openjdk-8-openj9...
GHSA-32VR-5HXF-X93F vulnerabilities
Vulnerabilities for packages: openjdk-21-openj9, openjdk-26-openj9, openjdk-11-openj9, openjdk-25-openj9, openjdk-17-openj9, openjdk-8-openj9...
CVE-2008-5348 vulnerabilities
Vulnerabilities for packages: openjdk-21-openj9, openjdk-26-openj9, openjdk-11-openj9, openjdk-25-openj9, openjdk-17-openj9, openjdk-8-openj9...
CVE-2026-6009
Java Deserialisation Vulnerability in Jaspersoft Reports Library leads to Remote Code Execution RCE, potentially allowing code execution on the affected system...
CVE-2026-35229
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.30 and 21.3-21.21. Easily exploitable vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability...
CVE-2026-35568
MCP Java SDK is the official Java SDK for Model Context Protocol servers and clients. Prior to 1.0.0, the java-sdk contains a DNS rebinding vulnerability. This vulnerability allows an attacker to access a locally or network-private java-sdk MCP server via a victims browser that is either local, o...
MINI-JVM4-4MHJ-MJM6
Bulletin has no description...