Important: jmc security update

JDK Mission Control is a powerful profiler for HotSpot JVMs and has an advanced set of tools that enables efficient and detailed analysis of the extensive data collected by JDK Flight Recorder. The tool chain enables developers and administrators to collect and analyze data from Java applications...

MiracleLinux 3 : java-1.6.0-openjdk-1.6.0.0-1.41.1.11.11.90.0.1.AXS3 (AXSA:2013-553:03)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2013-553:03 advisory. The OpenJDK runtime environment. Security issues fixed with this release: CVE-2013-1500 Unspecified vulnerability in the Java Runtime Environment JRE...

CVE-2026-1122 Yonyou KSOA HTTP GET Parameter work_info.jsp sql injection

A vulnerability was determined in Yonyou KSOA 9.0. This impacts an unknown function of the file /worksheet/workinfo.jsp of the component HTTP GET Parameter Handler. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been publicly...

OSV-2026-86 Security exception in java.base/java.util.Arrays.copyOfRange

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=476431399 Crash type: Security exception Crash state: java.base/java.util.Arrays.copyOfRange org.apache.poi.util.IOUtils.safelyClone org.apache.poi.ddf.EscherBlipRecord.setPictureData...

PublicCMS Authorization Issue Vulnerability

PublicCMS is an open-source content management system CMS developed by PublicCMS Company in China using the Java language. Versions of PublicCMS 5.202506.d and earlier have a vulnerability related to authorization. This vulnerability stems from incorrect handling of the ids parameter in the delet...

EUVD-2026-3129

A vulnerability was found in bastillion-io Bastillion up to 4.0.1. This issue affects some unknown processing of the file src/main/java/io/bastillion/manage/control/SystemKtrl.java of the component System Management Module. Performing a manipulation results in command injection. The attack can be...

CVE-2026-1062

A flaw has been found in xiweicheng TMS up to 2.28.0. This affects the function Summary of the file src/main/java/com/lhjz/portal/util/HtmlUtil.java. This manipulation of the argument url causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been...

CVE-2026-1050 risesoft-y9 Digital-Infrastructure REST Authenticate Endpoint Y9PlatformUtil.java sql injection

A flaw has been found in risesoft-y9 Digital-Infrastructure up to 9.6.7. This affects an unknown function of the file source-code/src/main/java/net/risesoft/util/Y9PlatformUtil.java of the component REST Authenticate Endpoint. Executing a manipulation can lead to sql injection. The attack can be...

OSV-2026-65 Security exception in com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=476179553 Crash type: Security exception Crash state: com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr java.base/sun.nio.cs.UTF8$Encoder.encodeArrayLoop java.base/sun.nio.cs.UTF8$Encoder.encodeLoop...

EUVD-2026-2921

ActiveRecord-JDBC-Adapter AR-JDBC lib/arjdbc/jdbc/adapter.rb sql.gsub Function SQL Injection...

Security Bulletin: Multiple security vulnerabilities in Java may affect IBM Robotic Process Automation

Summary Multiple security vulnerabilities in Java affect IBM Robotic Process Automation. Java is used by IBM Robotic Process Automation as part of metrics and licening, and UMS. This bulletin identifies the fixes required to address these vulnerabilities. Vulnerability Details CVEID:CVE-2025-5305...

Security Bulletin: Confidentiality Vulnerability in IBM Watson Explorer Related to Java SE JAXP

Summary IBM SDK, Java Technology is used within IBM Watson Explorer CVE-2025-53066 Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow a remote attacker to cause high confidentiality impact, no integrity impact,...

Security Bulletin: Vulnerability in Java affects IBM Netezza Appliance

Summary The Java package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-21502 Vulnerability Details CVEID:CVE-2025-21502 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracl...

MiracleLinux 4 : java-1.7.0-openjdk-1.7.0.191-2.6.15.4.AXS4 (AXSA:2018-3267:05)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2018-3267:05 advisory. OpenJDK: insufficient index validation in PatternSyntaxException getMessage Concurrency, 8199547 CVE-2018-2952 Tenable has extracted the preceding descriptio...

MiracleLinux 4 : java-1.6.0-openjdk-1.6.0.0-1.57.1.11.9.AXS4 (AXSA:2013-202:02)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2013-202:02 advisory. The OpenJDK runtime environment. Security issues fixed with this release: CVE-2013-0809 Unspecified vulnerability in the 2D component in the Java...

MiracleLinux 4 : kernel-2.6.32-696.6.3.el6 (AXSA:2017-1749:05)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2017-1749:05 advisory. The kernel package contains the Linux kernel vmlinuz, the core of any Linux operating system. The kernel handles the basic functions of the operating system:...

MiracleLinux 4 : java-1.8.0-openjdk-1.8.0.91-0.b14.AXS4 (AXSA:2016-213:03)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-213:03 advisory. The OpenJDK runtime environment. Security issues fixed with this release: CVE-2016-0686 RESERVED This candidate has been reserved by an organization ...

MiracleLinux 7 : java-1.7.0-openjdk-1.7.0.121-2.6.8.0.0.1.el7.AXS7 (AXSA:2016-890:04)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-890:04 advisory. The OpenJDK runtime environment. Security issues fixed with this release: CVE-2016-5542 Unspecified vulnerability in Oracle Java SE 6u121, 7u111,...

MiracleLinux 7 : pki-core-10.5.1-13.1.el7 (AXSA:2018-3231:02)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2018-3231:02 advisory. pki-core: Mishandled ACL configuration in AAclAuthz.java reverses rules that allow and deny access CVE-2018-1080 Tenable has extracted the preceding...

MiracleLinux 7 : java-1.7.0-openjdk-1.7.0.211-2.6.17.1.0.1.el7.AXS7 (AXSA:2019-3841:02)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2019-3841:02 advisory. Security Fix - Oracle Java SE Libraries Java SE CVE-2019-2422 CVEJVNhttp://jvndb.jvn.jp/ Tenable has extracted the preceding description block directly from...