CLSA-2025-1767098038 Update of java-11-openjdk

Upgrade to openjdk-11.0.29+7 GA...

CVE-2025-15222

A vulnerability has been found in Dromara Sa-Token up to 1.44.0. This issue affects the function ObjectInputStream.readObject of the file SaSerializerTemplateForJdkUseBase64.java. Such manipulation leads to deserialization. The attack can be executed remotely. This attack is characterized by high...

Apache Tika JAR Detection

Binary data apachetikajardetect.nbin...

Sa-Token 代码问题漏洞

Sa-Token is a lightweight Java authentication framework open source by dromara. A code issue vulnerability exists in Sa-Token 1.44.0 and earlier versions, which stems from a misuse of the function ObjectInputStream.readObject in the file SaSerializerTemplateForJdkUseBase64.java, which could lead ...

CVE-2025-15203

SohuTV CacheCloud up to 3.2.0 is affected by a cross-site scripting flaw in the index function of ResourceController.java (src/main/java/com/sohu/cache/web/controller/ResourceController.java). Manipulation of the index function allows remote attackers to trigger XSS, with a public exploit availab...

CLSA-2025-1767028399 java-11-openjdk: Fix of 5 CVEs

Upgrade to openjdk-11.0.29+7 GA. The following CVEs were fixed: - CVE-2023-48161: fix buffer overflow vulnerability - CVE-2024-21147: RangeCheckElimination array index overflow - CVE-2025-21587: fix TLS connection support to avoid unauthorized access to critical data - CVE-2025-53057: enhance...

CacheCloud 代码注入漏洞

CacheCloud is a Redis cloud management platform open-sourced by SohuTV. A code injection vulnerability exists in CacheCloud 3.2.0 and earlier versions, which stems from the incorrect operation of function doAppList/appCommandAnalysis in file...

EUVD-2025-205508

A weakness has been identified in joey-zhou xiaozhi-esp32-server-java up to 3.0.0. This impacts the function tryAuthenticateWithCookies of the file AuthenticationInterceptor.java of the component Cookie Handler. Executing manipulation can lead to improper authentication. The attack can be launche...

CVE-2025-15134 yourmaileyes MOOC Submission MainController.java subreview cross site scripting

A security flaw has been discovered in yourmaileyes MOOC up to 1.17. This affects the function subreview of the file mooc/controller/MainController.java of the component Submission Handler. Performing manipulation of the argument review results in cross site scripting. The attack can be initiated...

CVE-2025-15117

A weakness has been identified in Dromara Sa-Token up to 1.44.0. This affects the function ObjectInputStream.readObject of the file SaJdkSerializer.java. Executing manipulation can lead to deserialization. The attack may be launched remotely. This attack is characterized by high complexity. It is...

CVE-2025-15117

CVE-2025-15117 affects Dromara Sa-Token up to 1.44.0. The flaw is in SaJdkSerializer.java, specifically ObjectInputStream.readObject, enabling a deserialization attack. The description notes remote-launch potential with high attack complexity and difficult exploitability. Multiple sources corrobo...

Xiaozhi ESP32 Server Java 授权问题漏洞

Xiaozhi ESP32 Server Java is a Java enterprise management platform for joey individual developers. An authorization issue vulnerability exists in Xiaozhi ESP32 Server Java 3.0.0 and earlier versions, which stems from a misbehavior of the function tryAuthenticateWithCookies in the file...

sunkaifei FlyCms 代码注入漏洞

sunkaifei FlyCms is a sunkaifei open source application . A similar to Zhihu to Q&A based completely open source JAVA language development of social networking site building program. A code injection vulnerability exists in sunkaifei FlyCms, which originates from a misbehavior of the userLogin...

CVE-2024-58335

OpenXRechnungToolbox through 2024-10-05-3.0.0 before 6c50e89 allows XXE because the disallow-doctype-decl feature is not enabled in visualization/VisualizerImpl.java...

CVE-2024-57521

SQL Injection vulnerability in RuoYi v.4.7.9 and before allows a remote attacker to execute arbitrary code via the createTable function in SqlUtil.java...

Security Bulletin: Multiple vulnerabilities affect CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition (CVE-2025-53057 and CVE-2025-53066).

Summary Due to the use of IBM® Runtime Environment Java™, CICS Transaction Gateway Desktop Edition and CICS Transaction Gateway for Multiplatforms are vulnerable to a multiple vulnerabilities CVE-2025-53057 and CVE-2025-53066. CICS Transaction Gateway for Multiplatforms and CICS Transaction Gatew...

Security Bulletin: Security vulnerabilities in Java SE shipped with IBM CICS TX Advanced (CVE-2025-53066 and CVE-2025-53057)

Summary There are multiple vulnerabilities in the Java SE version shipped with IBM CICS TX Advanced CVE-2025-53066 and CVE-2025-53057. An update to IBM CICS TX Advanced has been released to address these vulnerabilities. Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified...

Security Bulletin: Security vulnerabilities in Java SE shipped with TXSeries for Multiplatforms (CVE-2025-53066 and CVE-2025-53057)

Summary There are multiple vulnerabilities in the Java SE version shipped with TXSeries for Multiplatforms CVE-2025-53066 and CVE-2025-53057. An update to TXSeries for Multiplatforms has been released to address these vulnerabilities. Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An...

Security Bulletin: Security vulnerabilities in Java SE shipped with IBM CICS TX Standard (CVE-2025-53066 and CVE-2025-53057)

Summary There are multiple vulnerabilities in the Java SE version shipped with IBM CICS TX Standard CVE-2025-53066 and CVE-2025-53057. An update to IBM CICS TX Standard has been released to address these vulnerabilities. Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2® Big SQL

Summary Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime 8 affect IBM® Db2® Big SQL 7.x on Cloud Pak for Data 4.x Vulnerability Details CVEID:CVE-2023-38264 DESCRIPTION: The IBM SDK, Java Technology Edition's Object Request Broker ORB 7.1.0.0 through 7.1.5.21 and 8.0.0.0 through...