CVE-2026-4242

CVE-2026-4242 affects the Android version of BabyChakra Pregnancy & Parenting App up to 5.4.3.0. The issue is located in the function of the file app/babychakra/babychakra/Configuration.java (component: app.babychakra.babychakra). Manipulating the SEGMENT_WRITE_KEY argument leads to unprotected s...

CVE-2026-4219

CVE-2026-4219 affects INDEX Conferences & Exhibitions Organization YWF BPOF APGCS App up to version 1.0.2 on Android. The vulnerability concerns the file com/index/event/BuildConfig.java of the ae.index.apgcs component, where manipulating the arguments ACCESS_KEY and HASH_KEY can reveal hard-code...

CodePhiliaX Chat2DB SQL注入漏洞

CodePhiliaX Chat2DB is an open-source AI-driven SQL client developed by CodePhiliaX. Versions of CodePhiliaX Chat2DB 0.3.7 and earlier contain a SQL injection vulnerability. This vulnerability arises from improper handling of parameters in the functions exportTable, exportTableColumnComment,...

PT-2026-25811

🚨 FRESH TOP THREAT ALERT 🚨 Critical RCE in Apache Tomcat March 16, 2026: CVE-2026-89102 – CVSS 9.8! Unauthenticated attackers can send one crafted request to trigger a deserialization flaw and execute arbitrary code on the server. Hits thousands of Java web apps worldwide. Remediation: Upgrade...

java-1.8.0-openjdk: Fix of 5 CVEs

Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u482-b08. That fixes following CVEs: - CVE-2025-53057: Security: enforce proper access control in certificate handling to prevent data tampering - CVE-2025-53066: JAXP: restrict data access in Path Factory processing to prevent information...

CLSA-2026-1773506438 java-1.8.0-openjdk: Fix of 5 CVEs

Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u482-b08. That fixes following CVEs: - CVE-2025-53057: Security: enforce proper access control in certificate handling to prevent data tampering - CVE-2025-53066: JAXP: restrict data access in Path Factory processing to prevent information...

TencentOS Server 4: java-11-konajdk (TSSA-2026:0143)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0143 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

org.webjars.npm:actions__core (>=1.10.0 <=1.11.1), org.webjars.npm:actions__http-client (>=2.2.1 <=2.2.3) +14 more potentially affected by CVE-2026-1526 via org.webjars.npm:undici (>=4.12.2 <=5.29.0)

org.webjars.npm:undici MAVEN version =4.12.2, =1.10.0, =2.2.1, =0.1.16, =0.1.28 - org.webjars.npm:elasticelasticsearch =8.6.0 - org.webjars.npm:elastictransport =8.3.1 - org.webjars.npm:firebase =10.13.0 - org.webjars.npm:firebaseauth =1.7.7 - org.webjars.npm:firebaseauth-compat =0.5.12 -...

org.webjars.npm:actions__core (>=1.10.0 <=1.11.1), org.webjars.npm:actions__http-client (>=2.2.1 <=2.2.3) +14 more potentially affected by CVE-2026-1527 via org.webjars.npm:undici (>=4.12.2 <=5.29.0)

org.webjars.npm:undici MAVEN version =4.12.2, =1.10.0, =2.2.1, =0.1.16, =0.1.28 - org.webjars.npm:elasticelasticsearch =8.6.0 - org.webjars.npm:elastictransport =8.3.1 - org.webjars.npm:firebase =10.13.0 - org.webjars.npm:firebaseauth =1.7.7 - org.webjars.npm:firebaseauth-compat =0.5.12 -...

Security Bulletin: IBM Security Directory Suite is affected by multiple vulnerabilities (CVE-2025-48976, CVE-2025-36047, CVE-2025-53066, CVE-2025-53057)

Summary IBM Security Directory Suite is affected by WebSphere Liberty vulnerabilities CVE‑2025‑48976, CVE‑2025‑36047 and Java vulnerabilities CVE‑2025‑53066, CVE‑2025‑53057. These vulnerabilities have been addressed with an update. Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An...

CVE-2026-3968 AutohomeCorp frostmourne Oracle Nashorn JavaScript ExpressionRule.java scriptEngine.eval code injection

A vulnerability has been found in AutohomeCorp frostmourne up to 1.0. This affects the function scriptEngine.eval of the file ExpressionRule.java of the component Oracle Nashorn JavaScript Engine. Such manipulation of the argument EXPRESSION leads to code injection. The attack can be executed...

CVE-2026-3968

A vulnerability has been found in AutohomeCorp frostmourne up to 1.0. This affects the function scriptEngine.eval of the file ExpressionRule.java of the component Oracle Nashorn JavaScript Engine. Such manipulation of the argument EXPRESSION leads to code injection. The attack can be executed...

OSV-2026-384 Security exception in com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=491529466 Crash type: Security exception Crash state: com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr java.base/java.nio.CharBuffer.wrap java.base/sun.nio.cs.StreamEncoder.implWrite...

Alfresco Activiti 代码问题漏洞

Alfresco Activiti is a workflow automation platform developed by the British company Alfresco. Versions of Alfresco Activiti 7.19/8.8.0 and earlier contained code vulnerabilities. These vulnerabilities stemmed from an operation in the function deserialize/createObjectInputStream located in the fi...

EUVD-2026-11405

A flaw has been found in xierongwkhd weimai-wetapp up to 5fe9e8225be4f73f2c5087f134aff657bdf1c6f2. This vulnerability affects the function getLikeMovieList of the file source-code/src/main/java/com/moke/wp/wxweimai/controller/HomeController.java of the component Endpoint. Executing a manipulation...

CVE-2026-3957

CVE-2026-3957 affects xierongwkhd weimai-wetapp (Endpoint, getLikeMovieList in HomeController.java). The flaw allows SQL injection via manipulation of the argument cat, with remote execution and a published exploit. Product uses rolling releases, so affected version details are unavailable. No re...

Security Bulletin: Multiple Vulnerabilities in IBM Workload Scheduler component of IBM Workload Automation

Summary Multiple vulnerabilities were addressed in IBM Workload Scheduler component of IBM Workload Automation 10.2.5 Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause no confidentiali...

SUSE CVE-2025-12183

Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input...

com.mchange/mchange-commons-java: mchange-commons-java: Arbitrary code execution via JNDI dereferencing of crafted objects

A flaw was found in mchange-commons-java, a Java utility library. An attacker can exploit this vulnerability by providing a maliciously crafted javax.naming.Reference or serialized object to an application using the library. This can provoke the application to download and execute arbitrary...

Important: Red Hat Security Advisory: Red Hat build of Debezium 3.2.7 release

Red Hat build of Debezium connectors in version 3.2.7 are now available for Red Hat Application Foundations. Debezium is a distributed platform that turns your existing databases into event streams, so applications can see and respond immediately to each row-level change in the databases. Debeziu...