Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which are vulnerable to CVEs.

Summary BM Maximo Application Suite uses "github.com/opencontainers/runc v1.1.13, java 1.8.0391 , java17" which are vulnerable to "CVE-2025-31133, CVE-2025-52565,CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20922, CVE-2024-20923, CVE-2024-20925, CVE-2024-20926, CVE-2024-20945,...

CVE-2026-3066 HummerRisk Cloud Compliance Scanning PlatformUtils.java fixedCommand command injection

A flaw has been found in HummerRisk up to 1.5.0. This vulnerability affects the function fixedCommand of the file hummer-common/hummer-common-core/src/main/java/com/hummer/common/core/utils/PlatformUtils.java of the component Cloud Compliance Scanning. Executing a manipulation can lead to command...

EUVD-2026-7397

A flaw has been found in HummerRisk up to 1.5.0. This vulnerability affects the function fixedCommand of the file hummer-common/hummer-common-core/src/main/java/com/hummer/common/core/utils/PlatformUtils.java of the component Cloud Compliance Scanning. Executing a manipulation can lead to command...

DotCMS 安全漏洞

DotCMS is an open-source content management system developed by DotCMS Inc., written in Java. It is used to manage content and content-driven websites and applications. DotCMS has a security vulnerability that stems from a sandbox escape issue in the Velocity scripting engine. This vulnerability...

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to IBM Semeru Runtime (CVE-2026-21945,CVE-2026-21932,CVE-2026-21933, CVE-2026-21925 & CVE-2026-1188))

Summary IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to IBM Semeru Runtime. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by an easily exploitable vulnerability issue that allows an remote attacker to cause...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-7.3.1.5)

The version of AOS installed on the remote host is prior to 7.3.1.5. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-7.3.1.5 advisory. - A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elfswapshdr in the library...

CVE-2026-2860

A security vulnerability has been detected in fenghaha/megagao ssm-erp and productionssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. Impacted is an unknown function of the file EmployeeController.java. The manipulation leads to improper authorization. It is possible to initiate the attack...

dst-admin 安全漏洞

dst-admin is a web application developed by Qinming99 using the Java language. Versions of dst-admin prior to 1.5.0 contained security vulnerabilities. These vulnerabilities stemmed from incorrect operations on the deleteBackup function in the FileHandler component within the...

dst-admin 命令注入漏洞

dst-admin is a web program developed by Qinming99, written in the Java language. Versions of dst-admin prior to 1.5.0 have a command injection vulnerability. This vulnerability stems from incorrect handling of the parameter Name in the revertBackup function located in the /home/restore file, whic...

CVE-2026-2860

CVE-2026-2860 affects feng_ha_ha/megagao ssm-erp and production_ssm (up to commit 4288d53bd35757b27f2d070057aefb2c07bdd097). The vulnerability targets an unknown function in EmployeeController.java, causing improper authorization. It can be initiated remotely, and the exploit has been publicly di...

CLSA-2026-1771579201 Update of java-11-openjdk

Fix the FIPS patch...

Oracle Linux 7 : java-11-openjdk (ELSA-2026-0847)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-0847 advisory. - Fixes CVE-2025-64720 CVE-2025-65018 CVE-2026-21925 Tenable has extracted the preceding description block directly from the Oracle Linux security...

CVE-2019-25421 Comodo Dome Firewall 2.7.0 Cross-Site Scripting via policyfw

Comodo Dome Firewall 2.7.0 contains multiple cross-site scripting vulnerabilities that allow attackers to inject malicious scripts through the policyfw endpoint. Attackers can submit POST requests with JavaScript payloads in the mac, target, and remark parameters to execute arbitrary code in...

Important: java-1.8.0-openjdk

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: RMI. Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK:...

Photon OS 4.0: Openjdk11 PHSA-2026-4.0-0961

An update of the openjdk11 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-0961. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Amazon Linux 2 : java-1.8.0-openjdk, --advisory ALAS2-2026-3154 (ALAS-2026-3154)

The version of java-1.8.0-openjdk installed on the remote host is prior to 1.8.0.482.b08-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3154 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product ...

java-11-openjdk security update

1:11.0.31.0.1-1.0.1 - Update to jdk-11.0.31+1 Orabug: 38950473 - Fixes CVE-2025-64720 CVE-2025-65018 CVE-2026-21925 - CVE-2026-21933 CVE-2026-21945...

CVE-2026-2665

A vulnerability was detected in huanzi-qch base-admin up to 57a8126bb3353a004f3c7722089e3b926ea83596. Impacted is the function Upload of the file SysFileController.java of the component JSP Parser. Performing a manipulation of the argument File results in unrestricted upload. The attack can be...

CVE-2026-2665 huanzi-qch base-admin JSP Parser SysFileController.java upload unrestricted upload

A vulnerability was detected in huanzi-qch base-admin up to 57a8126bb3353a004f3c7722089e3b926ea83596. Impacted is the function Upload of the file SysFileController.java of the component JSP Parser. Performing a manipulation of the argument File results in unrestricted upload. The attack can be...

CLSA-2026-1771408532 java-21-openjdk: Fix of 3 CVEs

Update to jdk-21.0.10+7 - CVE-2026-21945: fix possible DOS - CVE-2025-65018: fix libpng heap buffer overflow in pngimagefinishread when processing 16-bit interlaced PNGs with 8-bit output format - CVE-2025-64720: fix libpng out-of-bounds read in pngimagereadcomposite when processing palette...