Security Bulletin: Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition (CVE-2025-53066, CVE-2025-53057)

Summary This bulletin for IBM SDK, Java Technology Edition covers all applicable Java SE CVEs published by Oracle as part of their October 2025 Critical Patch Update. For more information please refer to Oracle's October 2025 CPU Advisory and the CVE links referenced below. Vulnerability Details...

Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates

Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 12.0.17 LTS and 12.17.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...

OPENSUSE-SU-2025:15693-1 java-21-openj9-21.0.9.0-1.1 on GA media

These are all security issues fixed in the java-21-openj9-21.0.9.0-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:15694-1 java-25-openj9-25.0.1.0-1.1 on GA media

These are all security issues fixed in the java-25-openj9-25.0.1.0-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:15690-1 java-11-openj9-11.0.29.0-1.1 on GA media

These are all security issues fixed in the java-11-openj9-11.0.29.0-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:15691-1 java-17-openj9-17.0.17.0-1.1 on GA media

These are all security issues fixed in the java-17-openj9-17.0.17.0-1.1 package on the GA media of openSUSE Tumbleweed...

IBM WebSphere eXtreme Scale 8.6.1.0 < 8.6.1.6 (7249244)

The version of IBM WebSphere eXtreme Scale installed on the remote host is prior to 8.6.1.6. It is, therefore, affected by a vulnerability as referenced in the 7249244 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Scripting...

IBM Java 7.1 < 7.1.5.28 / 8.0 < 8.0.8.55 Multiple Vulnerabilities

The version of IBM Java installed on the remote host is 7.1 prior to 7.1.5.28 / 8.0 prior to 8.0.8.55. It is, therefore, affected by multiple vulnerabilities as referenced in the Oracle October 21 2025 CPU advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM...

OPENSUSE-SU-2025:15692-1 java-1_8_0-openj9-1.8.0.472-1.1 on GA media

These are all security issues fixed in the java-180-openj9-1.8.0.472-1.1 package on the GA media of openSUSE Tumbleweed...

Unity Linux 20.1070e Security Update: ongres-scram (UTSA-2025-988625)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988625 advisory. SCRAM Salted Challenge Response Authentication Mechanism is part of the family of Simple Authentication and Security Layer SASL, RFC 4422 authentication mechanisms...

Unity Linux 20.1070e Security Update: xml-security (UTSA-2025-988626)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988626 advisory. All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key...

CVE-2025-64135

Jenkins Eggplant Runner Plugin 0.0.1.301.v963cffe8ddb8 and earlier sets the Java system property jdk.http.auth.tunneling.disabledSchemes to an empty value, disabling a protection mechanism of the Java runtime...

Security Bulletin: Multiple Vulnerabilities in IBM Application Performance Management Core Framework.

Summary Multiple vulnerabilities were addressed in IBM Application Performance Management 8.1.4.0 Core Framework IF29 patch. Vulnerability Details CVEID:CVE-2025-1470 DESCRIPTION: In Eclipse OMR, from the initial contribution to version 0.4.0, some OMR internal port library and utilities consumer...

CVE-2025-53883

CVE-2025-53883 - Summary (concrete details from connected docs): A reflected XSS vulnerability arises from improper neutralization of script-related HTML tags in a web page’s search fields, enabling arbitrary JavaScript execution. Affected products and versions from the sources include: SUSE Mana...

CVE-2025-53883 spacewalk-java has various XSS issues on search page

A Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability allows attackers to run arbitrary javascript via a reflected XSS issue in the search fields.This issue affects Container suse/manager/5.0/x8664/server:latest: from ? before 5.0.28-150600.3.36.8; SUSE Manag...

CVE-2025-53883 spacewalk-java has various XSS issues on search page

A Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability allows attackers to run arbitrary javascript via a reflected XSS issue in the search fields.This issue affects Container suse/manager/5.0/x8664/server:latest: from ? before 5.0.28-150600.3.36.8; SUSE Manag...

PT-2025-44429

Name of the Vulnerable Software and Affected Versions PerfreeBlog version 4.0.11 Description The software contains a Server-Side Request Forgery condition resulting from a missing authorization check. This issue affects the uploadAttachByUrl API endpoint located in the AttachController.java file...

PerfreeBlog 安全漏洞

PerfreeBlog is PerfreeBlog open source, a java-based blog/CMS builder. A security vulnerability exists in PerfreeBlog version 4.0.11, which stems from a lack of authorization checking in the uploadAttachByUrl API endpoint, which could lead to server-side request forgery...

SUSE: Security Advisory (SUSE-SU-2025:3835-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AlmaLinux 9 : java-17-openjdk (ALSA-2025:18821)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:18821 advisory. JDK: Enhance Path Factories CVE-2025-53066 JDK: Enhance Certificate Handling CVE-2025-53057 Bug Fixes: Since the 8.8 release of AlmaLinuxand the 9.2...