SUSE SLED15 / SLES15 Security Update : bouncycastle (SUSE-SU-2026:1639-1)

"The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1639-1 advisory. Update to version 1.84. Security issues fixed: - CVE-2025-14813: GOSTCTR implementation unable to process mor...

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: capstone: capstone-5.0.7-0.1.hum1 aarch64, x8664 capstone-devel-5.0.7-0.1.hum1 aarch64, x8664 capstone-java-5.0.7-0.1.hum1 noarch capstone-static-5.0.7-0.1.hum1 aarch64, x8664...

ai.h2o:sparkling-water-core_2.11 (>=3.46.0.1-1-2.3 <=3.46.0.6-1-2.4), ai.h2o:sparkling-water-core_2.12 (>=3.46.0.1-1-3.0 <=3.46.0.6-1-3.5) +761 more potentially affected by CVE-2026-42779 via org.apache.mina:mina-core (>=2.2.0 <=2.2.6)

org.apache.mina:mina-core MAVEN version =2.2.0, =3.46.0.1-1-2.3, =3.46.0.1-1-3.0, =3.46.0.1-1-2.3, =3.46.0.1-1-3.0, =3.46.0.1-1-2.3, =3.46.0.1-1-3.0, =3.46.0.1-1-2.3, =3.46.0.1-1-3.0, =1.5.4.RELEASE, =0.0.2, =3.0.0, =1.0.9, =1.6.9, =1.2.5, =1.1.7, =1.2.8 and more Source cves: CVE-2026-42779 Sourc...

ai.platon.pulsar:pulsar-persist (>=1.9.0 <=1.10.23), be.eliwan:eoddata-client (=1.0) +2282 more potentially affected by CVE-2026-42404 via org.apache.neethi:neethi (>=3.0.0 <=3.2.1)

org.apache.neethi:neethi MAVEN version =3.0.0, =1.9.0, =1.1.7, =1.1.9, =1.2.5, =3.00.4, =3.00.3, =4.00.10, =11.4-37, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.1.0.RELEASE and more Source cves: CVE-2026-42404 Source advisory: SNYK:JAVA-ORGAPACHENEETHI-16354029...

Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy normalization

Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy normalization. Specially crafted WS-Policy documents can trigger an exponential Cartesian cross-product expansion during the normalization process, causing unbounded memory allocation that exhausts...

CVE-2026-42402 Apache Neethi: Policy Normalization Unbounded Resource Allocation DoS

Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy normalization. Specially crafted WS-Policy documents can trigger an exponential Cartesian cross-product expansion during the normalization process, causing unbounded memory allocation that exhausts...

EUVD-2026-26485

Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy normalization. Specially crafted WS-Policy documents can trigger an exponential Cartesian cross-product expansion during the normalization process, causing unbounded memory allocation that exhausts...

Exploit for CVE-2026-31431

Porting CVE-2026-31431 "Copy Fail" to a Constrained Java Run...

java-1_8_0-openjdk-1.8.0.492-1.1 on GA media (moderate)

java-180-openjdk-1.8.0.492-1.1 on GA media Announcement ID: openSUSE-SU-2026:10656-1 Rating: moderate Cross-References: CVE-2026-22007 CVE-2026-22013 CVE-2026-22016 CVE-2026-22018 CVE-2026-22021 CVE-2026-23865 CVE-2026-34268 CVSS scores: CVE-2026-22007 SUSE : 2.9...

openjdk: Improve Kerberos credentialing (Oracle CPU 2026-04)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JGSS. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 a...

openjdk: Enhance Path Factories Redux (Oracle CPU 2026-04)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 a...

Security Bulletin: Vulnerability in Java SE (CVE-2024-29371) affects IBM PowerVM Novalink.

Summary Java SE is used by IBM PowerVM Novalink. IBM PowerVM Novalink has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by an easily exploitable vulnerability issue that allows an remote attacker to cause...

CVE-2026-40453

A flaw was found in Apache Camel. A remote attacker with Java Message Service JMS producer access could exploit a vulnerability in how certain header filter strategies process case-variant internal headers. This discrepancy, where filtering is case-sensitive but header processing is not, allows f...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.24 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

bouncycastle: BC-JAVA: private key leakage via non-constant time comparisons

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA core. A covert timing channel vulnerability, caused by non-constant time comparisons, risks the leakage of private keys in the FrodoKEM implementation. An unauthenticated, remote attacker can potentially exploit this timing discrepancy ...

bouncycastle: BC-JAVA: private key leakage via non-constant time comparisons

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA core. A covert timing channel vulnerability, caused by non-constant time comparisons, risks the leakage of private keys in the FrodoKEM implementation. An unauthenticated, remote attacker can potentially exploit this timing discrepancy ...

Apache Thrift: Java TSSLTransportFactory hostname verification

...

K000161050: Multiple Oracle Java vulnerabilities

Security Advisory Description CVE-2026-22003 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u481 and 8u481-b50; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to...

Shopizer 路径遍历漏洞

Shopizer is an open-source e-commerce solution developed by the Shopizer team, based on Java. Version 3.2.5 of Shopizer contains a path traversal vulnerability. This vulnerability stems from the /content/images/add endpoint, where path traversal is possible, allowing attackers to write arbitrary...

java-25-openjdk-25.0.3.0-1.1 on GA media (moderate)

java-25-openjdk-25.0.3.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10639-1 Rating: moderate Cross-References: CVE-2026-22007 CVE-2026-22008 CVE-2026-22013 CVE-2026-22016 CVE-2026-22018 CVE-2026-22021 CVE-2026-23865 CVE-2026-34268 CVE-2026-34282 CVSS scores: CVE-2026-22007 SUSE : 2.9...