openjdk: Enhance Path Factories (Oracle CPU 2025-10)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracle...

openjdk: Enhance String handling (Oracle CPU 2025-10)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 21.0.8 and 25; Oracle GraalVM for JDK: 21.0.8; Oracle GraalVM Enterprise Edition: 21.3.15...

openjdk: Enhance certificate handling (Oracle CPU 2025-10)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracl...

Moderate: Red Hat Security Advisory: java-25-openjdk security update

An update for java-25-openjdk is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

CVE-2025-13268

CVE-2025-13268 affects Dromara dataCompare up to 1.0.1, targeting the JDBC URL Handler component. The root cause is an issue in the DbConfig function of DbconfigServiceImpl.java that can be exploited to perform injection remotely. Multiple sources verify the vulnerability and note that an exploit...

Security Bulletin: IBM Maximo Application Suite - Manage Component uses openjdk 17.0.14 and Python 3.11.11 which is vulnerable to CVEs listed in Summary.

Summary IBM Maximo Application Suite - Manage Component uses openjdk 17.0.14 which is vulnerable to CVE-2025-21587 ,CVE-2025-30698 , CVE-2025-2900 and Python 3.11.11 which is vulnerable to CVE-2025-4435,CVE- 2024-12718,CVE-2025-4330, CVE-2025-45. This bulletin contains information regarding the...

CVE-2025-13265

A weakness has been identified in lsfusion platform up to 6.1. This vulnerability affects the function unpackFile of the file server/src/main/java/lsfusion/server/physics/dev/integration/external/to/file/ZipUtils.java. This manipulation causes path traversal. It is possible to initiate the attack...

CVE-2025-13261

A vulnerability was found in lsfusion platform up to 6.1. Affected is the function DownloadFileRequestHandler of the file web-client/src/main/java/lsfusion/http/controller/file/DownloadFileRequestHandler.java. Performing manipulation of the argument Version results in path traversal. Remote...

Alibaba Cloud Linux 3 : 0174: java-1.8.0-openjdk (ALINUX3-SA-2025:0174)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2025:0174 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-53057: Vulnerability in the Oracl...

Alibaba Cloud Linux 3 : 0175: java-17-openjdk (ALINUX3-SA-2025:0175)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2025:0175 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-53057: Vulnerability in the Oracl...

Security Bulletin: IBM® Engineering Lifecycle Management products affected by multiple vulnerabilities in IBM® SDK, Java™ Technology Edition (CVE-2025-53066, CVE-2025-53057)

Summary Multiple vulnerabilities within IBM SDK Java Technology affect IBM Engineering Lifecycle Management products. IBM Engineering Lifecycle Optimization - Engineering Insights, IBM Engineering Workflow Management, Jazz Foundation, IBM Engineering Test Management, Global Configuration...

EUVD-2024-26050

SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability was found by the ZDI team after researching a previous vulnerability and providing...

Security Bulletin: A vulnerability in WebSphere Application Server Liberty affects IBM Enterprise Application Service for Java (CVE-2020-36732)

Summary IBM Enterprise Application Service for Java is affected by a vulnerability in WebSphere Application Server Liberty. Vulnerability Details CVEID:CVE-2020-36732 DESCRIPTION: The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an...

K000157848: Oracle Java vulnerability CVE-2017-10109

Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Serialization. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability...

org.webjars.npm:vega-embed (=6.21.0) potentially affected by CVE-2025-59840 via org.webjars.npm:vega-interpreter (=1.0.4)

org.webjars.npm:vega-interpreter MAVEN version =1.0.4 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:vega-interpreter and may be impacted: - org.webjars.npm:vega-embed =6.21.0 Source cves: CVE-2025-59840 Source advisory:...

Binding to an Unrestricted IP Address

Overview Affected versions of this package are vulnerable to Binding to an Unrestricted IP Address due to the insecure default binding of the Java Debug Wire Protocol JDWP port to all network interfaces when debug mode is enabled. An attacker can gain unauthorized access to the Java virtual machi...

Duplicate Advisory: Keycloak allows Binding to an Unrestricted IP Address

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-j4vq-q93m-4683. This link is maintained to preserve external references. Original Description A vulnerability exists in Keycloak's server distribution where enabling debug mode --debug insecurely defaults to...

GHSA-7M9G-PMXF-M9M8 Duplicate Advisory: Keycloak allows Binding to an Unrestricted IP Address

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-j4vq-q93m-4683. This link is maintained to preserve external references. Original Description A vulnerability exists in Keycloak's server distribution where enabling debug mode --debug insecurely defaults to...

CVE-2025-11538

A vulnerability exists in Keycloak's server distribution where enabling debug mode --debug insecurely defaults to binding the Java Debug Wire Protocol JDWP port to all network interfaces 0.0.0.0. This exposes the debug port to the local network, allowing an attacker on the same network segment to...

CVE-2025-11538

Keycloak is affected by CVE-2025-11538 in versions prior to 26.4.4 where enabling debug mode (--debug) binds the JDWP port to all interfaces (0.0.0.0), exposing the debug port on the local network. This potentially allows a local-network attacker to attach a remote debugger and achieve remote cod...