GHSA-8JXR-PR72-R468 Java-SDK has a DNS Rebinding Vulnerability

Summary The java-sdk contains a DNS rebinding vulnerability. This vulnerability allows an attacker to access a locally or network-private java-sdk MCP server via a victims browser that is either local, or network adjacent. This allows an attacker to make any tool call to the server as if they wer...

CVE-2026-34197

A flaw was found in Apache ActiveMQ Broker and Apache ActiveMQ. An authenticated attacker can exploit this vulnerability by sending a specially crafted discovery Uniform Resource Identifier URI to the Jolokia JMX-HTTP bridge, which is exposed on the web console. This allows the attacker to bypass...

Apache Kafka Clients: Kafka Producer Message Corruption and Misrouting via Buffer Pool Race Condition

A race condition in the Apache Kafka Java producer client’s buffer pool management can cause messages to be silently delivered to incorrect topics. When a produce batch expires due to delivery.timeout.ms while a network request containing that batch is still in flight, the batch’s ByteBuffer is...

CVE-2026-35554

A race condition in the Apache Kafka Java producer client’s buffer pool management can cause messages to be silently delivered to incorrect topics. When a produce batch expires due to delivery.timeout.ms while a network request containing that batch is still in flight, the batch’s ByteBuffer is...

be.yildiz-games:module-messaging-activemq (=2.0.0), cn.hutool.v7:hutool-extra (>=7.0.0-M2 <=7.0.0-M5) +158 more potentially affected by CVE-2026-33227 via org.apache.activemq:activemq-client (>=6.0.0 <=6.2.1)

org.apache.activemq:activemq-client MAVEN version =6.0.0, =7.0.0-M2, =1.1.0, =2.55.0, =1.0.5, =1.1.0, =1.1.0, =1.1.0, =0.2.0, =1.1.0, =7.0.0, =7.0.0, =7.0.1 and more Source cves: CVE-2026-33227 Source advisory: OSV:GHSA-H2H4-5M64-M273...

PT-2026-31030

Name of the Vulnerable Software and Affected Versions MCP Java SDK versions prior to 1.0.0 Description The MCP Java SDK contains a DNS rebinding vulnerability. This allows an attacker to access a locally or network-private MCP server via a victim's browser. An attacker can then make any tool call...

Apache Kafka 安全漏洞

Apache Kafka is an open-source distributed streaming platform developed by the Apache Foundation in the United States. This platform enables the acquisition of real-time data, allowing for the creation of applications that can respond in real time to changes in data streams. There are security...

MCP Java SDK 访问控制错误漏洞

The MCP Java SDK is an open-source standard protocol SDK developed by Model Context Protocol, designed for integrating AI models and tools with Java applications. Versions of the MCP Java SDK prior to 1.0.0 contained a access control vulnerability, which originated from a DNS rebinding...

OpenAM 代码问题漏洞

OpenAM is an integrated access management solution developed by the OpenAM Consortium. It provides authentication, authorization, and federation features. Versions of OpenAM prior to 16.0.6 have code vulnerabilities due to an insecure Java deserialization issue with the jato.clientSession...

This Week in Spring - April 7th, 2026

Hi Spring fans! Welcome to another installment of This Week in Spring! It's April 7th, 2026, and I'm on the road! I started the journey for the amazing Voxxed Days Amsterdam show and am now winding my way through France. I visited Colmar, a beautiful city from which the animators on Disney's Beau...

Security Bulletin: IBM DataPower Gateway potentially affected by multiple vulnerabilities in JRE

Summary While IBM DataPower Gateway does not itself use Java and is therefore not vulnerable to these CVEs, some bundled components do, hence the JRE has been updated to address the listed issues Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service,...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Demonstration of the Log4jShell Exploit This code may contain...

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues

Summary Multiple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest release and fixpack Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by an easily exploitable vulnerability issue that...

SigCorr 0.1.0

SigCorr detects cross-protocol attack chains spanning SS7/MAP, Diameter S6a, and GTPv2-C interfaces in mobile core networks. It performs unified subscriber identity correlation across protocol boundaries to detect multi-stage attacks that single-interface monitors miss. It is written in Java 17 a...

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: tomcat11: tomcat11-11.0.21-0.1.hum1 noarch tomcat11-admin-webapps-11.0.21-0.1.hum1 noarch tomcat11-docs-webapp-11.0.21-0.1.hum1 noarch tomcat11-el-6.0-api-11.0.21-0.1.hum1 noarch...

Exploit for Deserialization of Untrusted Data in Linuxfoundation Opentelemetry_Instrumentation_For_Java

CVE-2026-33701 — Unsafe Deserialization in OpenTelemetry Java...

CVE-2026-5458

CVE-2026-5458 affects Noelse Individuals & Pro App up to v2.1.7 on Android. The vulnerability references an issue in the file path com/reactnative/antelop/BuildConfig.java within the component com.afone.noelse, where manipulation of the argument SEGMENT_WRITE_KEY results in the use of a hard-code...

CVE-2026-5456

A vulnerability was identified in Align Technology My Invisalign App 3.12.4 on Android. The impacted element is an unknown function of the file com/aligntech/myinvisalign/BuildConfig.java of the component com.aligntech.myinvisalign.emea. The manipulation of the argument CDAACCESSTOKEN leads to us...

Exploit for CVE-2011-3556

Vulnerability Assessment: Java RMI Server Remote Code Executio...

CVE-2026-5453 Rico só vantagem pra investir App br.com.rico.mobile SegmentSettingsModule.java hard-coded key

A vulnerability has been found in Rico só vantagem pra investir App up to 4.58.32.12421 on Android. This issue affects some unknown processing of the file br/com/rico/mobile/di/SegmentSettingsModule.java of the component br.com.rico.mobile. Such manipulation of the argument SEGMENTWRITEKEY leads ...