Security Bulletin: IBM Storage Insights is vulnerable to weaknesses related to IBM® SDK, Java™ Technology Edition

Summary Vulnerabilities in IBM® SDK, Java™ Technology Edition may affect IBM Storage Insights which could allow a remote attacker to cause high confidentiality and high integrity impact. Vulnerability Details CVEID:CVE-2025-50106 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM fo...

Microsoft JDBC driver for MSSQL Detection

Binary data microsoftmssqljdbcdriverinstalled.nbin...

Debian dla-4286 : libcommons-lang3-java - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4286 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4286-1 [email protected] https://www.debian.org/lts/security/...

Spoofing

Microsoft JDBC Driver for SQL Server is vulnerable to Spoofing. The vulnerability is due to improper input validation, allowing an unauthorized network attacker to spoof identities or responses during communication with the SQL Server...

Remote Code Execution (RCE)

Keycloak is vulnerable to Remote Code Execution RCE. The vulnerability is due to insecure default binding of the debug JDWP port to all network interfaces in debug mode, which allows an attacker on the same network to attach a debugger and execute arbitrary code...

aircompressor Snappy and LZ4 Java-based decompressor implementation can leak information from reused output buffer

Summary Incorrect handling of malformed data in Java-based decompressor implementations for Snappy and LZ4 allows remote attackers to read previous buffer contents via crafted compressed input. In applications where the output buffer is reused without being cleared, this may lead to disclosure of...

EUVD-2025-203174

Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. In versions 3.3 and below, incorrect handling of malformed data in Java-based decompressor implementations for Snappy and LZ4 allow remote attackers to read previous buffer contents via...

CVE-2025-67721 Aircompressor's Snappy and LZ4 Java-based decompressor implementation can leak information from reused output buffer

Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. In versions 3.3 and below, incorrect handling of malformed data in Java-based decompressor implementations for Snappy and LZ4 allow remote attackers to read previous buffer contents via...

CVE-2025-67721 Aircompressor's Snappy and LZ4 Java-based decompressor implementation can leak information from reused output buffer

Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. In versions 3.3 and below, incorrect handling of malformed data in Java-based decompressor implementations for Snappy and LZ4 allow remote attackers to read previous buffer contents via...

CVE-2025-67721

CVE-2025-67721 affects Aircompressor (Java) up to version 3.3. Improper handling of malformed data in Java-based Snappy and LZ4 decompressors can cause a read of previous buffer contents when the same output buffer is reused for multiple inputs, e.g., in a web server. This may leak sensitive data...

Aircompressor 安全漏洞

Aircompressor is an airlift open source library that ports the Snappy, LZO, LZ4 and Zstandard compression algorithms to Java. Aircompressor 3.3 and earlier versions contain a security vulnerability that stems from improper handling of malformed data by the Snappy and LZ4 decompressors, which coul...

CVE-2025-67505

Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another...

CVE-2024-58298 Compuware iStrobe Web 20.13 Pre-Auth Remote Code Execution via File Upload

Compuware iStrobe Web 20.13 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to upload malicious JSP files through a path traversal in the file upload form. Attackers can exploit the 'fileName' parameter to upload a web shell and execute...

CVE-2024-58298 Compuware iStrobe Web 20.13 Pre-Auth Remote Code Execution via File Upload

Compuware iStrobe Web 20.13 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to upload malicious JSP files through a path traversal in the file upload form. Attackers can exploit the 'fileName' parameter to upload a web shell and execute...

Exploit for CVE-2020-1938

Ghostcat Scanner - CVE-2020-1938 A powerful Python exploit to...

CVE-2025-14531

Code-projects Rental Management System 2.0 is affected in the Log Handler’s Transaction.java. The issue is a CRLF injection vulnerability that can be triggered remotely; exploitation publicized with PoC in at least one source. Connected advisories confirm an external exploit and remote manipulati...

Security Bulletin: Multiple security vulnerabilities in IBM Business Automation Manager Open Editions.

Summary Multiple vulnerabilities were addressed in IBM Business Automation Manager Open Editions 9.3.1. Vulnerability Details CVEID:CVE-2025-61748 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component:...

Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Tivoli Network Configuration Manager ( CVE-2025-53066, CVE-2025-53057).

Summary Multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8, used by IBM Tivoli Network Configuration Manager IP Edition Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions...

PT-2025-50671

A vulnerability was found in code-projects Rental Management System 2.0. This affects an unknown function of the file Transaction.java of the component Log Handler. Performing manipulation results in crlf injection. The attack can be initiated remotely. The exploit has been made public and could ...

SAP NetWeaver AS Java DoS (December 2025)

The version of SAP NetWeaver Application Server for Java detected on the remote host is affected by a denial of service vulnerability as disclosed in the SAP Security Patch Day December 2025: - SAP NetWeaver remote service for Xcelsius allows an attacker with network access and high privileges to...