Amazon Linux 2 : java-17-amazon-corretto, --advisory ALAS2-2026-3140 (ALAS-2026-3140)

The version of java-17-amazon-corretto installed on the remote host is prior to 17.0.18+9-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3140 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product...

Amazon Linux 2 : java-11-amazon-corretto, --advisory ALAS2-2026-3139 (ALAS-2026-3139)

The version of java-11-amazon-corretto installed on the remote host is prior to 11.0.30+7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3139 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product...

Amazon Linux 2023 : java-21-amazon-corretto, java-21-amazon-corretto-devel, java-21-amazon-corretto-headless (ALAS2023-2026-1387)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1387 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: RMI. Supported versions that are affected are Oracle Java SE...

SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2026:0382-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0382-1 advisory. Security fixes: - CVE-2026-21925: Fixed Oracle Java SE component RMI bsc1257034 - CVE-2026-21932: Fixed Oracle Java SE component AWT and JavaFX...

Amazon Linux 2 : java-1.8.0-amazon-corretto, --advisory ALAS2CORRETTO8-2026-022 (ALASCORRETTO8-2026-022)

The version of java-1.8.0-amazon-corretto installed on the remote host is prior to 1.8.0482.b08-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2CORRETTO8-2026-022 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise...

Important: java-17-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: RMI. Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK:...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in Java SE related to the JAXP component

Summary IBM Watson Discovery Cartridge affected by vulnerability in Java SE related to the JAXP component Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow a remote attacker to cause high confidentiality impac...

CVE-2026-25526

JinJava is a Java-based template engine based on django template syntax, adapted to render jinja templates. Prior to versions 2.7.6 and 2.8.3, JinJava is vulnerable to arbitrary Java execution via bypass through ForTag. This allows arbitrary Java class instantiation and file access bypassing...

CVE-2026-25526 JinJava Bypass through ForTag leads to Arbitrary Java Execution

JinJava is a Java-based template engine based on django template syntax, adapted to render jinja templates. Prior to versions 2.7.6 and 2.8.3, JinJava is vulnerable to arbitrary Java execution via bypass through ForTag. This allows arbitrary Java class instantiation and file access bypassing...

CVE-2026-25526

JinJava is a Java-based template engine based on django template syntax, adapted to render jinja templates. Prior to versions 2.7.6 and 2.8.3, JinJava is vulnerable to arbitrary Java execution via bypass through ForTag. This allows arbitrary Java class instantiation and file access bypassing...

CVE-2026-25526 JinJava Bypass through ForTag leads to Arbitrary Java Execution

JinJava is a Java-based template engine based on django template syntax, adapted to render jinja templates. Prior to versions 2.7.6 and 2.8.3, JinJava is vulnerable to arbitrary Java execution via bypass through ForTag. This allows arbitrary Java class instantiation and file access bypassing...

EUVD-2026-5336

JinJava is a Java-based template engine based on django template syntax, adapted to render jinja templates. Prior to versions 2.7.6 and 2.8.3, JinJava is vulnerable to arbitrary Java execution via bypass through ForTag. This allows arbitrary Java class instantiation and file access bypassing...

CVE-2026-25526

CVE-2026-25526 affects JinJava, a Java-based template engine that renders Jinja-like templates. The vulnerability allows arbitrary Java execution via bypass through the ForTag, enabling instantiation of arbitrary Java classes and filesystem access, bypassing sandbox restrictions. Red Hat and othe...

CVE-2026-25526 JinJava Bypass through ForTag leads to Arbitrary Java Execution

JinJava is a Java-based template engine based on django template syntax, adapted to render jinja templates. Prior to versions 2.7.6 and 2.8.3, JinJava is vulnerable to arbitrary Java execution via bypass through ForTag. This allows arbitrary Java class instantiation and file access bypassing...

lz4-java: lz4-java: Information Disclosure via Insufficient Output Buffer Clearing

A flaw was found in lz4-java. This vulnerability allows disclosure of sensitive data via crafted compressed input due to insufficient clearing of the output buffer in Java-based decompressor implementations...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.1.4 XP 6.0.2.GA release

JBoss EAP XP 6.0.2.GA release on the EAP 8.1 base. See references for release notes. This is a cumulative patch release zip for the JBoss EAP XP 6.0.2 runtime distribution for use with EAP 8.1.4. Security Fixes: lz4-java: lz4-java: Information Disclosure via Insufficient Output Buffer Clearing...

Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: Security fixes: - CVE-2026-21925: Fixed Oracle Java SE component RMI bsc1257034 - CVE-2026-21932: Fixed Oracle Java SE component AWT and JavaFX bsc1257036 - CVE-2026-21933: Fixed Oracle Java SE component Networking bsc1257037 -...

SUSE-SU-2026:0382-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: Security fixes: - CVE-2026-21925: Fixed Oracle Java SE component RMI bsc1257034 - CVE-2026-21932: Fixed Oracle Java SE component AWT and JavaFX bsc1257036 - CVE-2026-21933: Fixed Oracle Java SE component Networking bsc1257037 -...

lz4-java: lz4-java: Out-of-bounds memory operations lead to denial of service and information disclosure

A flaw was found in lz4-java. This vulnerability allows remote attackers to cause denial of service DoS and read adjacent memory via untrusted compressed input. This vulnerability affects only programs using the unsafe LZ4decompressfast API, known as the "fast" decompressor...

lz4-java: lz4-java: Information Disclosure via Insufficient Output Buffer Clearing

A flaw was found in lz4-java. This vulnerability allows disclosure of sensitive data via crafted compressed input due to insufficient clearing of the output buffer in Java-based decompressor implementations...