MicroStrategy Web 10.4 - Information Disclosure

MicroStrategy Web 10.4 is susceptible to information disclosure. The JVM configuration, CPU architecture, installation folder, and other information are exposed through /MicroStrategyWS/happyaxis.jsp. An attacker can use this vulnerability to learn more about the application environment and there...

netty-codec-http2: netty-codec-http2: Denial of Service due to resource leak

A flaw was found in netty-codec-http2. A remote attacker could send specially crafted frames that cause a resource leak within the DelegatingDecompressorFrameListener class. This resource leak could lead to an Out Of Memory Error OOME, potentially causing a Denial of Service DoS by taking down th...

netty-codec-http2: netty-codec-http2: Denial of Service due to resource leak

A flaw was found in netty-codec-http2. A remote attacker could send specially crafted frames that cause a resource leak within the DelegatingDecompressorFrameListener class. This resource leak could lead to an Out Of Memory Error OOME, potentially causing a Denial of Service DoS by taking down th...

CVE-2026-46858

Vulnerability in the APM - Application Performance Management product of Oracle Enterprise Manager component: JADM, JVM Diagnostics. Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

PT-2026-49966

Vulnerability in the APM - Application Performance Management product of Oracle Enterprise Manager component: JADM, JVM Diagnostics. Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

Linux Distros Unpatched Vulnerability : CVE-2026-48043

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is a network application framework for development of protocol servers and clients. In netty-codec- http2 prior to versions 4.1.135.Final and 4.2.15.Final...

GHSA-C2GF-V879-257J netty-codec-http2: ByteBuf Reference-Count Leak in DelegatingDecompressorFrameListener Leads to Memory Exhaustion

Impact The DelegatingDecompressorFrameListener class orchestrates HTTP/2 decompression by embedding a per-stream EmbeddedChannel that runs the appropriate decompression codec gzip, deflate, zstd and forwards decompressed chunks to a wrapped listener. Each decompressed chunk is a pooled ByteBuf...

Joern 4.0.556

Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to improper configuration of the LengthFieldBasedFrameDecoder value. An attacker can cause the application to exhaust JVM heap memory and disrupt service availability by sending...

Apache ActiveMQ 安全漏洞

Apache ActiveMQ is an open-source messaging middleware developed by the Apache Foundation in the United States. It supports Java Message Service, clustering, Spring Framework, etc. There is a security vulnerability in Apache ActiveMQ, which stems from improper input validation and inadequate code...

PT-2026-45385

Name of the Vulnerable Software and Affected Versions Apache Fluss versions prior to 0.9.1 Description The Netty LengthFieldBasedFrameDecoder is configured with Integer.MAX VALUE as the maximum frame length. This allows unauthenticated remote attackers to exhaust JVM heap memory on TabletServer a...

CVE-2026-9801

A flaw was found in Keycloak. A remote attacker with high privileges, such as a realm administrator configuring a malicious Lightweight Directory Access Protocol LDAP server or an attacker compromising an upstream LDAP server, could exploit this vulnerability. By sending a malformed LDAP password...

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak itself. Keycloak has a security vulnerability. This vulnerability allows remote attackers with high privileges—such as domain administrators who configure malicious LDAP servers or attackers who disrupt...

PT-2026-44194

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw allows a remote attacker with high privileges, such as a realm administrator configuring a malicious Lightweight Directory Access Protocol LDAP server or an attacker who has compromis...

Joern 4.0.548

Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...

ai.pipestream:account-service (>=0.0.2 <=0.0.18), ai.pipestream:connector-admin-service (>=0.1.1 <=0.1.18) +412 more potentially affected by CVE-2026-45799 via com.squareup.wire:wire-runtime-jvm (>=3.0.0-alpha03 <=5.3.3)

com.squareup.wire:wire-runtime-jvm MAVEN version =3.0.0-alpha03, =0.0.2, =0.1.1, =0.2.7, =0.2.7, =0.2.7, =0.1.1, =0.2.7, =0.7.21, =0.7.21, =0.7.21, =0.1.7, =0.0.1, =0.7.24 and more Source cves: CVE-2026-45799 Source advisory: OSV:GHSA-7XPR-HC2W-34M9...

ai.looktech.ltrpc.schema:app-server-android (>=2.0.0 <=2.7.0), ai.looktech.ltrpc.schema:app-server-jvm (>=2.0.0 <=2.7.0) +110 more potentially affected by CVE-2026-45799 via com.squareup.wire:wire-runtime-jvm (>=6.0.0-alpha01 <=6.2.0)

com.squareup.wire:wire-runtime-jvm MAVEN version =6.0.0-alpha01, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =1.5.0-alpha05, =1.5.0-alpha05, =1.5.0-alpha05, =1.5.0-alpha05, =1.5.0-alpha05, =2.0.0-alpha04, =2.0.0-alpha04, =2.0.0-alpha04, =2026.03.26.140500-911435f, =2026.03.26.140500-911435f,...

Joern 4.0.542

Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...

CVE-2026-44241

Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. From 4.3.0 to before 4.10.22, TimeConverterRegistrar caches DateTimeFormatter instances in an unbounded ConcurrentHashMap whose key is derived from the @Format annotation...

cybersec-hw1

cybersec-hw1 Homework 1 for Introduction to Computer Securi...