CVE-1999-0141

Java Bytecode Verifier allows malicious applets to execute arbitrary commands as the user of the applet...

CVE-1999-0440

The byte code verifier component of the Java Virtual Machine JVM allows remote execution through malicious web pages...

Denial-of-Service (DoS)

MessagePack for Java is vulnerable to a Denial-Of-Service DoS . The vulnerability is due to unbounded memory allocation during deserialization, where the library trusts attacker-controlled EXT32 payload length metadata and allocates a byte array of that declared size when ExtensionValue.getData i...

PT-2026-1665

Name of the Vulnerable Software and Affected Versions Undertow versions affected versions not specified WildFly versions affected versions not specified JBoss EAP versions affected versions not specified Description A flaw exists in the Undertow HTTP server core, utilized by WildFly, JBoss EAP, a...

Bio-Formats 代码问题漏洞

Bio-Formats is an Open Microscopy Environment open source Java library for reading and writing various microscopy imaging proprietary file formats. A code issue vulnerability exists in Bio-Formats 8.3.0 and prior versions that stems from performing insecure Java deserialization of...

Security Bulletin: IBM Rational® Application Developer for WebSphere® Software is vulnerable to a remote attack to compromise Java SE

Summary IBM® SDK, Java™ Technology Edition, is used by IBM Rational® Application Developer for WebSphere® Software as the runtime and development kit. CVE-2025-53066 Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could...

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2025 - Includes Oracle October 2025 CPU

Summary Db2 Query Management Facility is vulnerable to Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow a remote attacker to cause high confidentiality impact, no integrity impact, and no availability impact...

lz4-java: lz4-java: Out-of-bounds memory operations lead to denial of service and information disclosure

A flaw was found in lz4-java. This vulnerability allows remote attackers to cause denial of service DoS and read adjacent memory via untrusted compressed input. This vulnerability affects only programs using the unsafe LZ4decompressfast API, known as the "fast" decompressor...

lz4-java: lz4-java: Information Disclosure via Insufficient Output Buffer Clearing

A flaw was found in lz4-java. This vulnerability allows disclosure of sensitive data via crafted compressed input due to insufficient clearing of the output buffer in Java-based decompressor implementations...

Important: Red Hat Security Advisory: Red Hat build of Quarkus 3.27.1.SP1 security update

An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more informatio...

lz4-java: lz4-java: Out-of-bounds memory operations lead to denial of service and information disclosure

A flaw was found in lz4-java. This vulnerability allows remote attackers to cause denial of service DoS and read adjacent memory via untrusted compressed input. This vulnerability affects only programs using the unsafe LZ4decompressfast API, known as the "fast" decompressor...

lz4-java: lz4-java: Information Disclosure via Insufficient Output Buffer Clearing

A flaw was found in lz4-java. This vulnerability allows disclosure of sensitive data via crafted compressed input due to insufficient clearing of the output buffer in Java-based decompressor implementations...

Important: Red Hat Security Advisory: Red Hat build of Quarkus 3.20.4.SP1 security update

An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more informatio...

CVE-2025-15449

A vulnerability was determined in cld378632668 JavaMall up to 994f1e2b019378ec9444cdf3fce2d5b5f72d28f0. Affected is the function delete of the file src/main/java/com/macro/mall/controller/MinioController.java. This manipulation of the argument objectName causes path traversal. The attack can be...

CVE-2025-15448

A vulnerability was found in cld378632668 JavaMall up to 994f1e2b019378ec9444cdf3fce2d5b5f72d28f0. This impacts the function Upload of the file src/main/java/com/macro/mall/controller/MinioController.java. The manipulation results in unrestricted upload. It is possible to launch the attack...

This Week in Spring - January 6th, 2026

Hi, Spring fans, to the first installment of This Week in Spring in the new year and , roughly, the fifteenth anniversary edition of this series! I've been writing these blogs since the first week of January of 2011, and I am proud to say that I haven't so far missed a single week! I've always...

ai.stainless:grails-tika (=0.1.0), au.com.turingg:turingg-files (=0.0.1) +488 more potentially affected by CVE-2025-68280 via org.apache.sis.core:sis-metadata (>=0.4 <=1.5)

org.apache.sis.core:sis-metadata MAVEN version =0.4, =1.1.0, =3.6.0, =3.6.1, =3.11.0, =3.19.0 - cloud.testload:jmeter-clickhouse-listener =2.00 and more Source cves: CVE-2025-68280 Source advisory: SNYK:JAVA-ORGAPACHESISCORE-14874786...

ai.stainless:grails-tika (=0.1.0), au.com.turingg:turingg-files (=0.0.1) +488 more potentially affected by CVE-2025-68280 via org.apache.sis.core:sis-metadata (>=0.4 <=1.5)

org.apache.sis.core:sis-metadata MAVEN version =0.4, =1.1.0, =3.6.0, =3.6.1, =3.11.0, =3.19.0 - cloud.testload:jmeter-clickhouse-listener =2.00 and more Source cves: CVE-2025-68280 Source advisory: OSV:GHSA-JQMR-2PG9-VFX7...

MessagePack for Java Vulnerable to Remote DoS via Malicious EXT Payload Allocation

Summary Affected Components: org.msgpack.core.MessageUnpacker.readPayload org.msgpack.core.MessageUnpacker.unpackValue org.msgpack.value.ExtensionValue.getData A denial-of-service vulnerability exists in MessagePack for Java when deserializing .msgpack files containing EXT32 objects with...

EUVD-2026-0750

MessagePack for Java Vulnerable to Remote DoS via Malicious EXT Payload Allocation...