EUVD-2026-40084

A flaw was found in the vscode-java extension, which provides Java language support for Visual Studio Code. The extension incorrectly trusts all Markdown content in JavaDoc hovers, allowing a malicious Java file to include hidden commands. If a user clicks a specially crafted link within a JavaDo...

CVE-2026-12856 Vscode-java: vscode: command injection vulnerability in the javadoc hover provider of the vscode-java extension

A flaw was found in the vscode-java extension, which provides Java language support for Visual Studio Code. The extension incorrectly trusts all Markdown content in JavaDoc hovers, allowing a malicious Java file to include hidden commands. If a user clicks a specially crafted link within a JavaDo...

CVE-2026-12856 Vscode-java: vscode: command injection vulnerability in the javadoc hover provider of the vscode-java extension

A flaw was found in the vscode-java extension, which provides Java language support for Visual Studio Code. The extension incorrectly trusts all Markdown content in JavaDoc hovers, allowing a malicious Java file to include hidden commands. If a user clicks a specially crafted link within a JavaDo...

CVE-2026-12856

The CVE-2026-12856 entry concerns the vscode-java extension for Visual Studio Code. The vulnerability arises because the extension trusts all Markdown content in JavaDoc hovers, enabling a malicious Java file to include hidden commands. When a user clicks a specially crafted link in a JavaDoc hov...

CVE-2026-12856

A flaw was found in the vscode-java extension, which provides Java language support for Visual Studio Code. The extension incorrectly trusts all Markdown content in JavaDoc hovers, allowing a malicious Java file to include hidden commands. If a user clicks a specially crafted link within a JavaDo...

org.apache.cxf:apache-cxf (>=4.0.0 <=4.1.5), org.apache.cxf:cxf-distribution-javadoc (>=4.0.0 <=4.1.5) potentially affected by CVE-2026-44618 via org.apache.cxf:cxf-rt-ws-transfer (>=4.0.0 <=4.1.5)

org.apache.cxf:cxf-rt-ws-transfer MAVEN version =4.0.0, =4.0.0, =4.0.0, =4.1.5 Source cves: CVE-2026-44618 Source advisory: SNYK:JAVA-ORGAPACHECXF-17115402...

com.github.vindell:spring-boot-starter-cxf-jaxws-plus (>=1.0.0.RELEASE <=1.0.2.RELEASE), org.apache.cxf:apache-cxf (>=3.3.0 <=3.6.10) +1 more potentially affected by CVE-2026-44618 via org.apache.cxf:cxf-rt-ws-transfer (>=3.2.4 <=3.6.10)

org.apache.cxf:cxf-rt-ws-transfer MAVEN version =3.2.4, =1.0.0.RELEASE, =3.3.0, =3.4.0, =3.6.10 Source cves: CVE-2026-44618 Source advisory: SNYK:JAVA-ORGAPACHECXF-17115402...

openSUSE 15 Security Update : logback (SUSE-SU-2026:0361-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:0361-1 advisory. - CVE-2026-1225: ACE vulnerability in configuration file bsc1257094 Tenable has extracted the preceding description block directly from the SUSE security...

MiracleLinux 7 : java-1.7.0-openjdk-1.7.0.241-2.6.20.0.0.1.el7.AXS7 (AXSA:2019-4366:05)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-4366:05 advisory. OpenJDK: Incorrect handling of nested jar: URLs in Jar URL handler Networking, 8223892 CVE-2019-2978 OpenJDK: Incorrect handling of HTTP proxy...

MiracleLinux 7 : java-1.8.0-openjdk-1.8.0.232.b09-0.el7 (AXSA:2019-4346:06)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-4346:06 advisory. OpenJDK: Improper handling of Kerberos proxy credentials Kerberos, 8220302 CVE-2019-2949 OpenJDK: Unexpected exception thrown during regular...

MiracleLinux 4 : java-1.8.0-openjdk-1.8.0.232.b09-1.AXS4 (AXSA:2019-4356:04)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-4356:04 advisory. OpenJDK: Improper handling of Kerberos proxy credentials Kerberos, 8220302 CVE-2019-2949 OpenJDK: Unexpected exception thrown during regular...

com.vaadin:vaadin (>=23.1.0 <=23.1.17), com.vaadin:vaadin-jandex (>=23.1.0 <=23.1.17) +2 more potentially affected by CVE-2025-15022 via com.vaadin:vaadin-spreadsheet-flow (>=23.1.0 <=23.1.9)

com.vaadin:vaadin-spreadsheet-flow MAVEN version =23.1.0, =23.1.0, =23.1.0, =23.1.0, =2.5.2, =2.5.3 Source cves: CVE-2025-15022 Source advisory: OSV:GHSA-7WWV-79XW-RVVG...

VulnCheck KEV: CVE-2024-36117

Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite v3.5.10 is affected by an Arbitrary File Read vulnerability via path traversal while serving expanded javadoc files. Reposilite has addressed this issue in version...

EUVD-2013-5640

Malware in sbrugna...

EUVD-2007-3487

Malware in sbrugna...

EUVD-2013-5633

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2019-2999

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Java SE product of Oracle Java SE component: Javadoc. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13...

GHSA-82J3-HF72-7X93 Reposilite vulnerable to path traversal while serving javadoc expanded files (arbitrary file read) (`GHSL-2024-074`)

Summary Reposilite v3.5.10 is affected by an Arbitrary File Read vulnerability via path traversal while serving expanded javadoc files. Details The problem lies in the way how the expanded javadoc files are served. The GET /javadoc/repository//raw/ route uses the path parameter to find the file i...

Reposilite vulnerable to path traversal while serving javadoc expanded files (arbitrary file read) (`GHSL-2024-074`)

Summary Reposilite v3.5.10 is affected by an Arbitrary File Read vulnerability via path traversal while serving expanded javadoc files. Details The problem lies in the way how the expanded javadoc files are served. The GET /javadoc/repository//raw/ route uses the path parameter to find the file i...

GHSA-W7C4-5W4F-JM3G Duplicate Advisory: Reposilite Arbitrary File Read vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-82j3-hf72-7x93. This link is maintained to preserve external references. Original description Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM...