CVE-2026-23686

Due to a CRLF Injection vulnerability in SAP NetWeaver Application Server Java, an authenticated attacker with administrative access could submit specially crafted content to the application. If processed by the application, this content enables injection of untrusted entries into generated...

CVE-2026-23686 CRLF Injection vulnerability in SAP NetWeaver Application Server Java

Due to a CRLF Injection vulnerability in SAP NetWeaver Application Server Java, an authenticated attacker with administrative access could submit specially crafted content to the application. If processed by the application, this content enables injection of untrusted entries into generated...

CVE-2026-23686

CVE-2026-23686 concerns SAP NetWeaver Application Server Java. It describes a CRLF Injection vulnerability where an authenticated, admin-level attacker can submit crafted content to the application, allowing injection of untrusted entries into generated configuration and manipulation of applicati...

CVE-2026-23685 Insecure Deserialization vulnerability in SAP NetWeaver (JMS service)

Due to a Deserialization vulnerability in SAP NetWeaver JMS service, an attacker authenticated as an administrator with local access could submit specially crafted content to the server. If processed by the application, this content could trigger unintended behavior during internal logic executio...

[SECURITY] Fedora 42 Update: java-25-openjdk-25.0.2.0.10-2.fc42

The OpenJDK 25 runtime environment...

[SECURITY] Fedora 42 Update: java-latest-openjdk-26.0.0.0.32-0.0.1.ea.fc42

The OpenJDK 26 runtime environment...

[SECURITY] Fedora 42 Update: java-21-openjdk-21.0.10.0.7-2.fc42

The OpenJDK 21 runtime environment...

Intel VTune Profiler和Intel oneAPI Toolkits 代码问题漏洞

Intel VTune Profiler and Intel oneAPI Toolkits are products of Intel Corporation, a US company. Intel VTune Profiler is a performance testing tool designed to optimize software. This software can be used for performance testing in IoT embedded applications, media software, Java applications, and...

This Week in Spring - February 10th, 2026

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's February 10th, 2026, as I write this from lovely London, UK. I spoke at the local Java User Group here last night, had a wonderful time. Tomorrow, I'm going home. It's been fun, but it's time to conclude this roller...

📄 Oracle Access Manager 12.2.1.4.0 Insecure Deserialization

Proof of concept exploit for an unauthenticated Java deserialization vulnerability in the OpenSSO Agent component of Oracle Access Manager that allows remote attackers to execute arbitrary commands without authentication. The vulnerability exists in the session handling mechanism of the OpenSSO...

Oracle Linux 7 : java-1.8.0-openjdk (ELSA-2026-0931)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-0931 advisory. - Fixes CVE-2026-21925 CVE-2026-21933 CVE-2026-21945 - Fixes CVE-2025-53057 CVE-2025-53066 - Fixed CVE-2025-21587, CVE-2025-30691 and CVE-2025-30698...

Fedora 42 : java-21-openjdk / java-25-openjdk / java-latest-openjdk (2026-1ad57632f2)

The remote Fedora 42 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-1ad57632f2 advisory. January 2026 annual updates ---- January 2026 security update Tenable has extracted the preceding description block directly from the Fedora security advisor...

Fedora: Security Advisory (FEDORA-2026-1ad57632f2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Exploit for CVE-2026-25747

LevelDB Deserialization Vulnerability Reproducer This project...

MiracleLinux 9 : java-25-openjdk-25.0.2.0.10-1.el9.ML.1 (AXSA:2026-154:04)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-154:04 advisory. JDK: Improve JMX connections CVE-2026-21925 JDK: Improve HttpServer Request handling CVE-2026-21933 JDK: Enhance Certificate Checking CVE-2026-21945...

java-1.8.0-openjdk security update

1.8.0.482.b08-1.0.1 - Update to 8u482-b08 GA. Orabug: 38893614 - Update release notes for 8u482-b08. - Resolves: RHEL-142689 - Resolves: RHEL-139521 - Resolves: RHEL-131446 - Resolves: RHEL-131459 - Resolves: RHEL-142865 - Resolves: RHEL-142696 - Fixes CVE-2026-21925 CVE-2026-21933 CVE-2026-21945...

OESA-2026-1319 xmpcore security update

The XMP Library for Java is based on the C++ XMPCore library and the API is similar. Security Fixes: XMPCore in Adobe XMP Toolkit for Java before 5.1.3 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference,...

CVE-2026-25526

JinJava is a Java-based template engine based on django template syntax, adapted to render jinja templates. Prior to versions 2.7.6 and 2.8.3, JinJava is vulnerable to arbitrary Java execution via bypass through ForTag. This allows arbitrary Java class instantiation and file access bypassing...

PublicCMS 授权问题漏洞

PublicCMS is an open-source content management system CMS developed by PublicCMS Company in China using the Java language. There is an authorization issue in PublicCMS; this issue stems from a mistake in the parameter paymentId of the function Paid within the component Trade Payment Handler,...

SUSE SLES15 / openSUSE 15 Security Update : java-1_8_0-ibm (SUSE-SU-2026:0390-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0390-1 advisory. Security fixes: - CVE-2026-21925: Fixed Oracle Java SE component RMI bsc1257034 - CVE-2026-21932: Fixed Oracle Java S...