bouncycastle: BC-JAVA: GOSTCTR implementation unable to process more than 255 blocks correctly

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcprov. The GOSTCTR implementation is unable to securely process more than 255 blocks of data due to keystream reuse. This issue allows an attacker to break the fundamental confidentiality of any data protected by the G3413CTRBlockCiphe...

bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix. The PKIX draft CompositeVerifier implementation improperly accepts an empty signature sequence as a valid cryptographic signature. This issue allows a remote attacker to bypass signature verification mechanisms, potentially...

bouncycastle: BC-JAVA: GOSTCTR implementation unable to process more than 255 blocks correctly

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcprov. The GOSTCTR implementation is unable to securely process more than 255 blocks of data due to keystream reuse. This issue allows an attacker to break the fundamental confidentiality of any data protected by the G3413CTRBlockCiphe...

CLSA-2026-1777943705 java-1.8.0-openjdk: Fix of CVE-2026-22016

CVE-2026-22016: fix Path Factories Redux...

CLSA-2026-1777943369 java-1.8.0-openjdk: Fix of CVE-2026-22016

CVE-2026-22016: fix Path Factories Redux...

CLSA-2026-1777942551 java-1.8.0-openjdk: Fix of CVE-2026-22016

CVE-2026-22016: fix Path Factories Redux...

Eclipse BaSyx Java Server SDK 代码问题漏洞

Eclipse BaSyx Java Server SDK is an industrial digitalization development toolkit from the Eclipse Foundation. Versions of Eclipse BaSyx Java Server SDK prior to 2.0.0-milestone-10 contained code vulnerabilities. These vulnerabilities stemmed from the Operation Delegation feature not verifying th...

Joern 4.0.533

Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...

Generating Proof-Of-Vulnerability Tests to Help Enhance the Security of Complex Software

Developers create modern software applications Apps on top of third-party libraries Libs. When library vulnerabilities are reachable through application code, the applications can be vulnerable to software supply chain attacks. Prior work shows that developers often require concrete and executabl...

Eclipse BaSyx Java Server SDK 路径遍历漏洞

Eclipse BaSyx Java Server SDK is an industrial digital development toolkit from the Eclipse Foundation. Versions of Eclipse BaSyx Java Server SDK prior to 2.0.0-milestone-10 contained a path traversal vulnerability. This vulnerability stemmed from insufficient path normalization in the Submodel...

ae.teletronics.nlp:entityextraction (=1.3), ai.aletyx.kogito:aletyx-kogito-ai-addons-quarkus-adhoc-subprocess (>=0.1.0 <=0.2.0) +1738 more potentially affected by CVE-2026-40682 via org.apache.opennlp:opennlp-tools (>=1.5.2-incubating <=2.5.8)

org.apache.opennlp:opennlp-tools MAVEN version =1.5.2-incubating, =0.1.0, =0.1.0, =2.12.1, =2.12.1, =19.9.0, =19.9.1, =19.9.1, =19.9.0, =19.9.0, =19.9.0, =19.9.0, =26.3.2 and more Source cves: CVE-2026-40682 Source advisory: OSV:GHSA-4V8G-86X5-3VRC...

ai.aletyx.kogito:aletyx-kogito-ai-addons-quarkus-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-quarkus-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +817 more potentially affected by CVE-2026-40682 via org.apache.opennlp:opennlp-tools (>=2.0.0 <=2.5.8)

org.apache.opennlp:opennlp-tools MAVEN version =2.0.0, =0.1.0, =0.1.0, =2.12.1, =2.12.1, =22.9.0, =22.9.0, =22.9.0, =22.9.0, =22.9.0, =22.9.0, =22.9.0, =22.9.0, =22.9.0, =0.0.6, =0.1.1 and more Source cves: CVE-2026-40682 Source advisory: SNYK:JAVA-ORGAPACHEOPENNLP-16419377...

ai.aletyx.kogito:aletyx-kogito-ai-addons-quarkus-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-quarkus-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +817 more potentially affected by CVE-2026-42027 via org.apache.opennlp:opennlp-tools (>=2.0.0 <=2.5.8)

org.apache.opennlp:opennlp-tools MAVEN version =2.0.0, =0.1.0, =0.1.0, =2.12.1, =2.12.1, =22.9.0, =22.9.0, =22.9.0, =22.9.0, =22.9.0, =22.9.0, =22.9.0, =22.9.0, =22.9.0, =0.0.6, =0.1.1 and more Source cves: CVE-2026-42027 Source advisory: SNYK:JAVA-ORGAPACHEOPENNLP-16419373...

CVE-2026-40860

A flaw was found in Apache Camel. A remote attacker could exploit a deserialization vulnerability by sending a specially crafted Java Message Service JMS ObjectMessage to a Camel application acting as a JMS consumer. This vulnerability arises because the application deserializes the message paylo...

Security Bulletin: Vulnerability in Apache Avro Java SDK affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Apache Avro Java SDK has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

OPENSUSE-SU-2026:20672-1 Security update for java-25-openjdk

This update for java-25-openjdk fixes the following issues: Update to upstream tag jdk-25.0.3+9 April 2026 CPU. Security issues fixed: - CVE-2026-22007: Security: unauthenticated attacker with logon to the infrastructure where java executes can gain unauthorized read access to a subset of...

Improper Input Validation

org.apache.activemq, activemq-broker is vulnerable to Improper Input Validation. The vulnerability is due to insufficient validation in HTTP Discovery transport handling, which allows an authenticated attacker to bypass previous fixes and exploit broker configuration loading to execute arbitrary...

Spring Office Hours Podcast: S5E14 - Spec Driven Development with Simon Martinelli

Join Dan Vega and DaShaun Carter for the latest updates from the Spring Ecosystem. In this episode, Dan and DaShaun are joined by Java Champion, Vaadin Champion, and Oracle ACE Pro Simon Martinelli to talk about Spec-Driven Development. With AI reshaping how we write code, Simon makes the case th...

MiracleLinux 8 : java-1.8.0-openjdk-1.8.0.492.b09-1.el8 (AXSA:2026-545:07)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-545:07 advisory. JDK: Enhance crypto algorithm support CVE-2026-22007 JDK: Improve Kerberos credentialing CVE-2026-22013 JDK: Enhance Path Factories Redux...

Astra Linux – Vulnerability in openjdk-11

Vulnerability in the Oracle Java SE and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Serialization. The supported versions affected by this vulnerability include Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. This...