Ubuntu 25.10 : CRaC JDK 17 vulnerabilities (USN-7997-1)

The remote Ubuntu 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7997-1 advisory. It was discovered that the RMI component of CRaC JDK 17 would establish RMI TCP endpoint connections to a remote host without setting an endpoint...

RHEL 9 : Red Hat JBoss Enterprise Application Platform 8.1.4 (RHSA-2026:1871)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:1871 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release o...

Ubuntu: Security Advisory (USN-7997-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

JinJava Bypass through ForTag leads to Arbitrary Java Execution

Impact Vulnerability Type: Sandbox Bypass / Remote Code Execution Affected Component: Jinjava Affected Users: - Organizations using HubSpot's Jinjava template rendering engine for user-provided template content - Any system that renders untrusted Jinja templates using HubSpot's Jinjava...

Important: Red Hat Security Advisory: JMC bug fix and enhancement update

An update for JDK Mission Control JMC is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. JDK Mission Control JMC is a powerful profiler for HotSpot JVMs and has an advanced set of tools that enables efficient and detailed analysis of the extensive data collected by JDK...

lz4-java: lz4-java: Information Disclosure via Insufficient Output Buffer Clearing

A flaw was found in lz4-java. This vulnerability allows disclosure of sensitive data via crafted compressed input due to insufficient clearing of the output buffer in Java-based decompressor implementations...

CLSA-2026-1770118623 java-1.8.0-openjdk: Fix of CVE-2026-21945

Update to openjdk-shenandoah-jdk8u-shenandoah-jdk8u482-b03. - CVE-2026-21945: Security component vulnerability allowing unauthenticated attacker with network access to cause hang or crash DoS...

CLSA-2026-1770115899 java-17-openjdk: Fix of 5 CVEs

Update to jdk-17.0.18+8 GA - CVE-2026-21925: improve JMX connections - CVE-2026-21933: improve HttpServer Request handling - CVE-2026-21945: enhance Certificate Checking - CVE-2025-64720: libpng: fix buffer overflow - CVE-2025-65018: libpng: fix heap buffer overflow...

Security update for java-21-openjdk

This update for java-21-openjdk fixes the following issues: Update to upstream tag jdk-21.0.10+7 January 2026 CPU Security fixes: CVE-2026-21925: Fixed Oracle Java SE component RMI bsc1257034. CVE-2026-21932: Fixed Oracle Java SE component AWT and JavaFX bsc1257036. CVE-2026-21933: Fixed Oracle...

SUSE-SU-2026:0363-1 Security update for java-21-openjdk

This update for java-21-openjdk fixes the following issues: Update to upstream tag jdk-21.0.10+7 January 2026 CPU Security fixes: - CVE-2026-21925: Fixed Oracle Java SE component RMI bsc1257034. - CVE-2026-21932: Fixed Oracle Java SE component AWT and JavaFX bsc1257036. - CVE-2026-21933: Fixed...

Security Bulletin: Vulnerabilities in IBM Semeru SDK (CVE-2025-53057, CVE-2025-53066) affect Power HMC.

Summary The IBM Semeru SDK is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-53057 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow a remote attacker to cause no...

I Can't Believe It's Not a Valid Exploit

Recently Large Language Models LLMs have been used in security vulnerability detection tasks including generating proof-of-concept PoC exploits. A PoC exploit is a program used to demonstrate how a vulnerability can be exploited. Several approaches suggest that supporting LLMs with additional...

OPENSUSE-SU-2026:10133-1 java-11-openj9-11.0.30.0-1.1 on GA media

These are all security issues fixed in the java-11-openj9-11.0.30.0-1.1 package on the GA media of openSUSE Tumbleweed...

Linux Distros Unpatched Vulnerability : CVE-2026-21933

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versio...

MiracleLinux 9 : java-1.8.0-openjdk-1.8.0.482.b08-1.el9.ML.1 (AXSA:2026-130:04)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-130:04 advisory. JDK: Improve JMX connections CVE-2026-21925 JDK: Improve HttpServer Request handling CVE-2026-21933 JDK: Enhance Certificate Checking CVE-2026-21945...

OPENSUSE-SU-2026:10138-1 java-25-openj9-25.0.2.0-1.1 on GA media

These are all security issues fixed in the java-25-openj9-25.0.2.0-1.1 package on the GA media of openSUSE Tumbleweed...

MiracleLinux 8 : java-21-openjdk-21.0.10.0.7-1.el8.ML.1 (AXSA:2026-129:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-129:02 advisory. JDK: Improve JMX connections CVE-2026-21925 JDK: Improve HttpServer Request handling CVE-2026-21933 JDK: Enhance Certificate Checking CVE-2026-21945...

Linux Distros Unpatched Vulnerability : CVE-2026-21932

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: AWT, JavaFX. Supported...

Security update for java-17-openjdk (important)

openSUSE security update: security update for java-17-openjdk ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20134-1 Rating: important References: bsc1255446 bsc1257034 bsc1257036 bsc1257037 bsc1257038 Cross-References: CVE-2026-21925 CVE-2026-2193...

OPENSUSE-SU-2026:10136-1 java-1_8_0-openjdk-1.8.0.482-1.1 on GA media

These are all security issues fixed in the java-180-openjdk-1.8.0.482-1.1 package on the GA media of openSUSE Tumbleweed...