CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/03/25 9:27 p.m.•3 views

GHSA-XW7X-H9FJ-P2C7 OpenTelemetry: Unsafe Deserialization in RMI Instrumentation may Lead to Remote Code Execution

In versions prior to 2.26.1, the RMI instrumentation registered a custom endpoint that deserialized incoming data without applying serialization filters. An attacker with network access to a JMX or RMI port on an instrumented JVM could exploit this to potentially achieve remote code execution. Al...

9.3CVSS6.6AI score0.00214EPSS

Exploits1References5

RedHat Linux•added 2026/03/18 1:54 p.m.•8 views

org.apache.cxf/cxf: CXF JMS Code Execution Vulnerability

A flaw was found in org.apache.cxf/cxf, where untrusted users can configure JMS to allow the specification of RMI or LDAP URLs, possibly leading to code execution. This vulnerability allows an attacker to provide malicious protocol URLs during JMS configuration...

9.8CVSS6.7AI score0.00186EPSS

Exploits0References5

RedHat Linux•added 2026/03/18 1:17 p.m.•3 views

org.apache.cxf/cxf: CXF JMS Code Execution Vulnerability

9.8CVSS6.7AI score0.00186EPSS

Exploits0References5

RedHat Linux•added 2026/03/18 1:17 p.m.•1 views

org.apache.cxf/cxf: CXF JMS Code Execution Vulnerability

9.8CVSS6.7AI score0.00186EPSS

Exploits0References5

Redos•added 2026/02/16 12:0 a.m.•4 views

ROS-20260216-73-0029

A vulnerability in the RMI component of the Oracle Java SE software platform, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely t...

4.8CVSS5.8AI score0.00055EPSS

Redos•added 2026/02/16 12:0 a.m.•3 views

ROS-20260216-73-0030

4.8CVSS5.8AI score0.00055EPSS

Redos•added 2026/02/16 12:0 a.m.•6 views

ROS-20260216-73-0027

4.8CVSS5.8AI score0.00055EPSS

OSV•added 2026/02/13 2:24 p.m.•1 views

SUSE-SU-2026:0504-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: - CVE-2026-21925: Fixed a vulnerability in the Oracle Java SE component RMI. bsc1257034 - CVE-2026-21932: Fixed a vulnerability in the Oracle Java SE component AWT and JavaFX. bsc1257036 - CVE-2026-21933: Fixed a vulnerability in the...

7.5CVSS6.4AI score0.00089EPSS

Tenable Nessus•added 2026/02/13 12:0 a.m.•7 views

Alibaba Cloud Linux 3 : 0034: java-17-openjdk (ALINUX3-SA-2026:0034)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0034 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-64720: LIBPNG is a reference...

SUSE Linux•added 2026/02/11 9:43 a.m.•3 views

Exploits5References6

Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: CVE-2026-21925: Fixed a vulnerability in the Oracle Java SE component RMI. bsc1257034 CVE-2026-21932: Fixed a vulnerability in the Oracle Java SE component AWT and JavaFX. bsc1257036 CVE-2026-21933: Fixed a vulnerability in the Oracle...

7.5CVSS5.5AI score0.00089EPSS

Exploits0References18

OSV•added 2026/02/11 9:43 a.m.•1 views

SUSE-SU-2026:0441-1 Security update for java-1_8_0-openjdk

Tenable Nessus•added 2026/02/06 12:0 a.m.•5 views

SUSE SLES15 / openSUSE 15 Security Update : java-1_8_0-ibm (SUSE-SU-2026:0390-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0390-1 advisory. Security fixes: - CVE-2026-21925: Fixed Oracle Java SE component RMI bsc1257034 - CVE-2026-21932: Fixed Oracle Java S...

7.5CVSS5.5AI score0.00089EPSS

Exploits0References14

OSV•added 2026/02/05 2:23 p.m.•1 views

SUSE-SU-2026:0390-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: Security fixes: - CVE-2026-21925: Fixed Oracle Java SE component RMI bsc1257034 - CVE-2026-21932: Fixed Oracle Java SE component AWT and JavaFX bsc1257036 - CVE-2026-21933: Fixed Oracle Java SE component Networking bsc1257037 -...

SUSE Linux•added 2026/02/05 2:22 p.m.•9 views

Exploits0References10

Security update for java-1_8_0-openj9

This update for java-180-openj9 fixes the following issues: CVE-2026-21925: Fixed a vulnerability in the Oracle Java SE component RMI. bsc1257034 CVE-2026-21932: Fixed a vulnerability in the Oracle Java SE component AWT and JavaFX. bsc1257036 CVE-2026-21933: Fixed a vulnerability in the Oracle Ja...

7.5CVSS5.3AI score0.00089EPSS

Exploits0References18

OSV•added 2026/02/05 2:22 p.m.•2 views

SUSE-SU-2026:0389-1 Security update for java-1_8_0-openj9

This update for java-180-openj9 fixes the following issues: - CVE-2026-21925: Fixed a vulnerability in the Oracle Java SE component RMI. bsc1257034 - CVE-2026-21932: Fixed a vulnerability in the Oracle Java SE component AWT and JavaFX. bsc1257036 - CVE-2026-21933: Fixed a vulnerability in the...

Amazon•added 2026/02/05 12:0 a.m.•5 views

Important: java-1.8.0-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: RMI. Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK:...

7.5CVSS5.7AI score0.00089EPSS

Amazon•added 2026/02/05 12:0 a.m.•3 views

Important: java-1.8.0-amazon-corretto

7.5CVSS5.6AI score0.00089EPSS

Amazon•added 2026/02/05 12:0 a.m.•3 views

Important: java-25-amazon-corretto

7.5CVSS5.6AI score0.00089EPSS