CVE-2025-70952

pf4j before 20c2f80 has a path traversal vulnerability in the extract function of Unzip.java, where improper handling of zip entry names can allow directory traversal or Zip Slip attacks, due to a lack of proper path normalization and validation...

Security Bulletin: IBM Sterling Connect:Direct FTP+ is vulnerable to various attacks due to IBM Runtime Environment Java Technology Edition Version 17

Summary IBM Java 17 is used by IBM Sterling Connect:Direct FTP+ on AIX, Linux, and Windows platforms in product configuration and data transmission. IBM Sterling Connect:Direct FTP+ on AIX, Linux, and Windows platforms is impacted by vulnerabilities in IBM Java 17. IBM Sterling Connect:Direct FTP...

Security Bulletin: Communications Server (CS) for Data Center Deployment and CS for AIX are affected by: IBM Java: Buffer overflow vulnerability in OMR allows denial-of-service

Summary Communications Server CS for Data Center Deployment and CS for AIX install a local Java JRE in its product directories. This JRE is used solely for the IBM Key Manager ikeyman tool which is called by the snakeyman script used for managing the SSL key database used by the TN3270 Server and...

Security Bulletin: Communications Server (CS) for Data Center Deployment, CS for Linux, and CS for Linux on System z are affected by: IBM Java: Buffer overflow vulnerability in OMR allows denial-of-service

Summary Communications Server CS for Data Center Deployment, CS for Linux, and CS for Linux on System z install a local Java JRE in its product directories. This JRE is used solely for the IBM Key Manager ikeyman tool which is called by the snakeyman script used for managing the SSL key database...

com.io7m.jsay:com.io7m.jsay (=0.0.2), com.jkoolcloud.tnt4j.streams:tnt4j-streams-jms (>=1.14.2 <=2.3.0) +5 more potentially affected by CVE-2026-32642 via org.apache.activemq:artemis-openwire-protocol (>=2.0.0 <=2.4.0)

org.apache.activemq:artemis-openwire-protocol MAVEN version =2.0.0, =1.14.2, =0.1.0, =0.1.0, =2.0.0, =2.31.1, =2.29.0, =2.44.0 Source cves: CVE-2026-32642 Source advisory: SNYK:JAVA-ORGAPACHEACTIVEMQ-15791526...

EUVD-2026-14708

Deserialization of Untrusted Data vulnerability in DTStack chunjun ‎chunjun-core/src/main/java/com/dtstack/chunjun/util modules. This vulnerability is associated with program files GsonUtil.Java. This issue affects chunjun: before 1.16.1...

CVE-2026-4741

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in TeamJCD JoyConDroid app/src/main/java/com/rdapps/gamepad/util modules. This vulnerability is associated with program files UnzipUtil.Java‎. This issue affects JoyConDroid: through 1.0.93...

CVE-2026-4741

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in TeamJCD JoyConDroid app/src/main/java/com/rdapps/gamepad/util modules. This vulnerability is associated with program files UnzipUtil.Java‎. This issue affects JoyConDroid: through 1.0.93...

CVE-2026-4741

The CVE-2026-4741 entry applies to JoyConDroid, affecting the UnzipUtil.Java component in the app/src/main/java/com/rdapps/gamepad/util modules. The underlying issue is an improper limitation of a pathname to a restricted directory (path traversal) within JoyConDroid versions up to and including ...

CVE-2026-4735

Deserialization of Untrusted Data vulnerability in DTStack chunjun ‎chunjun-core/src/main/java/com/dtstack/chunjun/util modules. This vulnerability is associated with program files GsonUtil.Java. This issue affects chunjun: before 1.16.1...

CVE-2026-4735

CVE-2026-4735 affects DTStack chunjun (chunjun-core/util) with a deserialization of untrusted data in GsonUtil.Java, leading to a stack overflow/DoS for versions before 1.16.1. Multiple sources corroborate the issue in chunjun up to 1.16.0, with Red Hat and PT-Security entries aligning on the vul...

UBUNTU-CVE-2026-33306

bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt password hashing algorithm. Prior to version 3.1.22, an integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in the strengthening loop. Impacted applications must be setting the cost to 31 to see this happen. T...

Joy-Con Droid 安全漏洞

Joy-Con Droid is an open-source application developed by TeamJCD that transforms Android devices into game controllers. Versions of Joy-Con Droid prior to 1.0.93 contained security vulnerabilities, which were caused by path traversal attacks. These vulnerabilities could lead to issues with the...

PT-2026-27313

Name of the Vulnerable Software and Affected Versions chunjun versions prior to 1.16.1 Description An unreliable data deserialization issue exists in DTStack chunjun, specifically within the chunjun-core/src/main/java/com/dtstack/chunjun/util modules. The problem is linked to the GsonUtil.Java...

ChunJun 安全漏洞

ChunJun is an open-source Flink-based framework for synchronization and processing of heterogeneous data sources developed by Kangaroo Cloud. Versions of ChunJun prior to 1.16.1 contained security vulnerabilities. These vulnerabilities stemmed from the deserialization of untrusted data, which cou...

This Week in Spring - March 24th, 2026

Hi, Spring fans! Welcome to yet another rip-roarin' installment of This Week in Spring. As usual, we've got a ton to look into, so let's dive right in! Happy 22nd birthday to Spring Framework, released this day 22 years ago! and of course, next week, 1 April 2026, marks 12 years since Spring Boot...

xyz.erupt:erupt-sample (>=1.13.2 <=1.13.3) potentially affected by CVE-2026-4593 via xyz.erupt:erupt-ai (>=1.13.2 <=1.13.3)

xyz.erupt:erupt-ai MAVEN version =1.13.2, =1.13.2, =1.13.3 Source cves: CVE-2026-4593 Source advisory: SNYK:JAVA-XYZERUPT-15812217...

com.braimanm:uitaf (>=3.0.0 <=3.2.3), com.braimanm:uitaf-playwright (>=1.0.0-alpha <=1.0.1-alpha) +7 more potentially affected by CVE-2026-33166 via io.qameta.allure:allure-generator (>=2.10.0 <=2.37.0)

io.qameta.allure:allure-generator MAVEN version =2.10.0, =3.0.0, =1.0.0-alpha, =1.1.0, =0.1.17, =0.1.17, =1.0-RC1, =2.10.0, =2.37.0 - org.uitaf:uitaf-playwright =1.0.1 Source cves: CVE-2026-33166 Source advisory: SNYK:JAVA-IOQAMETAALLURE-15763503...

Security Bulletin: IBM Sterling Connect:Direct for Unix is impacted by vulnerabilities due to IBM Java 17

Summary IBM Java 17 is used by IBM Sterling Connect:Direct for UNIX in product configuration and data transmission. IBM Sterling Connect:Direct for UNIX is impacted by vulnerabilities in IBM Java 17. IBM Sterling Connect:Direct for UNIX has upgraded IBM Java 17 to address the issues. Vulnerabilit...

OESA-2026-1690 mchange-commons security update

General tool, part of c3p0. Security Fixes: mchange-commons-java, a library that provides Java utilities, includes code that mirrors early implementations of JNDI functionality, including support for remote factoryClassLocation values, by which code can be downloaded and invoked within a running...