Security Bulletin: IBM Application Modernization Accelerator is affected by multiple vulnerabilities found in Java, JavaScript and IBM WebSphere Application Server Liberty

Summary There are multiple vulnerabilities in Java, JavaScript and IBM WebSphere Application Server Liberty used by IBM Application Modernization Accelerator. Vulnerability Details CVEID:CVE-2026-33671 DESCRIPTION: Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, an...

SUSE-SU-2026:1639-1 Security update for bouncycastle

This update for bouncycastle fixes the following issues: Update to version 1.84. Security issues fixed: - CVE-2025-14813: GOSTCTR implementation unable to process more than 255 blocks correctly bsc1262225. - CVE-2026-0636: LDAP injection in LDAPStoreHelper.java leads to information disclosure...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager (CVE-2026-21945, CVE-2026-21932, CVE-2026-21933, CVE-2026-21925))

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition used by IBM Tivoli System Automation Application Manager. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by an easily exploitable vulnerability issue that...

CVE-2026-41603

CVE-2026-41603 : This vulnerability is in Apache Thrift, specifically an improper validation of a certificate when the host name mismatches during TLS. It affects Apache Thrift versions before 0.23.0. The recommended fix is to upgrade to version 0.23.0, which resolves the issue. The available sou...

com.okta.spring.examples:okta-spring-boot-hosted-code-flow-example (=3.0.7), com.okta.spring.examples:okta-spring-boot-redirect-code-flow-example (=3.0.7) +21 more potentially affected by CVE-2026-40972 via org.springframework.boot:spring-boot-devtools (>=3.3.0 <=3.3.1)

org.springframework.boot:spring-boot-devtools MAVEN version =3.3.0, =1.6.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.1 - org.bremersee:common-exception-spring-boot-autoconfigure =1.1.0 - org.bremersee:common-exception-spring-boot-web-starter =1.1.0 -...

java-21-openjdk security update

An update is available for java-21-openjdk. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The OpenJDK 21 packages provide the OpenJDK 21 Java Runtime Environme...

OPENSUSE-SU-2026:10638-1 java-21-openjdk-21.0.11.0-1.1 on GA media

These are all security issues fixed in the java-21-openjdk-21.0.11.0-1.1 package on the GA media of openSUSE Tumbleweed...

PT-2026-35685

Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

This Week in Spring - April 28th, 2026

Hi Spring fans! Welcome to another installment of This Week in Spring! As I write this, I'm on PTO in beautiful Santorini, Greece, catching up on some news and about to cruise the islands for some sightseeing. There's nothing quite like springtime in the Mediterranean! I couldn't dream of enjoyin...

CVE-2026-22020

updated libpng in Oracle Java...

io.crossplane.compositefunctions:crossplane-function-example (>=1.20-alpha <=2.0.5), io.crossplane.compositefunctions:crossplane-function-springboot-starter (>=1.20-alpha <=2.0.5) +19 more potentially affected by CVE-2026-40969 via org.springframework.grpc:spring-grpc-core (>=1.0.0-RC1 <=1.0.2)

org.springframework.grpc:spring-grpc-core MAVEN version =1.0.0-RC1, =1.20-alpha, =1.20-alpha, =2026.01, =0.8.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =1.0.0, =1.0.0, =1.0.2 - org.springframew...

UBUNTU-CVE-2026-22020

updated libpng in Oracle Java...

Oracle Linux 10 / 8 / 9 : java-21-openjdk (ELSA-2026-9689)

The remote Oracle Linux 10 / 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-9689 advisory. 1:21.0.11.0.10-1.0.1 - Add Oracle vendor bug URL Orabug: 34340155 1:21.0.11.0.10-1 - Update to jdk-21.0.11+10 GA - Update release notes to...

OPENSUSE-SU-2026:10637-1 java-17-openjdk-17.0.19.0-1.1 on GA media

These are all security issues fixed in the java-17-openjdk-17.0.19.0-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10636-1 java-11-openjdk-11.0.31.0-1.1 on GA media

These are all security issues fixed in the java-11-openjdk-11.0.31.0-1.1 package on the GA media of openSUSE Tumbleweed...

Security Bulletin: Multiple vulnerabilities in IBM® Semeru Runtime and IBM SDK, Java™ Technology Edition affect IBM Virtualization Engine TS7700

Summary IBM Virtualization Engine TS7700 is susceptible to Denial of Service CVE-2026-21945, Tampering CVE-2026-21932, Information Disclosure CVE-2026-21933, CVE-2026-21925 and Elevation of Privilege CVE-2026-1188 threats due to the use of IBM Semeru Runtime and IBM SDK, Java Technology Edition...

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and WebSphere Application Server Liberty due to the April 2026 Java CPU

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVEs listed in this document might affect some configurations of IBM WebSphere Application Server traditiona...

GHSA-4XWX-HVV7-7PRJ Apache Camel-Infinispan Component Vulnerable to Deserialization of Untrusted Data

The camel-infinispan component's ProtoStream-based remote aggregation repository deserializes data read from a remote Infinispan cache using java.io.ObjectInputStream without applying any ObjectInputFilter. An attacker who can write to the Infinispan cache used by a Camel application can inject a...

com.github.niupengyu.schedule:ahead-schedule-distributed (>=1.2.6-RELEASE <=1.2.8-RELEASE), com.github.niupengyu:ahead-frame-socket (>=1.2.1-RELEASE <=1.2.3-RELEASE) +40 more potentially affected by CVE-2024-52046 +1 more via org.apache.mina:mina-core (>=2.1.0 <=2.1.10)

org.apache.mina:mina-core MAVEN version =2.1.0, =1.2.6-RELEASE, =1.2.1-RELEASE, =2.2.1, =2.2.1, =3.0.0, =1.0.0, =3.0.11, =3.6.7, =3.6.7, =3.6.7, =3.6.10 and more Source cves: CVE-2024-52046, CVE-2026-41409 Source advisory: SNYK:JAVA-ORGAPACHEMINA-16322973...

Improper Handling of Case Sensitivity

Overview Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity due to a flaw in the default filtering mechanism HeaderFilterStrategy that only blocks headers starting with specific prefixes. An attacker can execute arbitrary code and write files by injecting...