1605 matches found
openjdk: Enhance Path Factories Redux (Oracle CPU 2026-04)
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 a...
openjdk: Enhance certificate chain validation (Oracle CPU 2026-04)
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 a...
PT-2026-35029
Name of the Vulnerable Software and Affected Versions OpenPrinting CUPS versions prior to 2.4.17 Description A network-adjacent attacker can send a crafted SNMP response to the CUPS SNMP backend, leading to an out-of-bounds read of up to 176 bytes past a stack buffer. The leaked memory is convert...
.net: .NET: Denial of Service via out-of-bounds read
A flaw was found in .NET. An unauthorized attacker can exploit an out-of-bounds read vulnerability over a network, leading to a Denial of Service DoS. This can prevent legitimate users from accessing the affected service...
CVE-2026-40881 Zebra: addr/addrv2 Deserialization Resource Exhaustion
ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-network version 5.0.1, when deserializing addr or addrv2 messages, which contain vectors of addresses, Zebra would fully deserialize them up to a maximum length over 233,000 that was derived from the 2 MiB...
Microsoft ASP.NET Core 数据伪造问题漏洞
Microsoft ASP.NET Core is a cross-platform open-source framework developed by Microsoft. This framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. Microsoft ASP.NET Core has a vulnerability related to data manipulation, caused by...
RHEL 9 : grafana (RHSA-2026:8881)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:8881 advisory. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: net/url: Incorrect...
CVE-2026-32225
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network...
CVE-2026-30616
CVE-2026-30616 relates to Jaaz 1.0.30, with a remote code execution vulnerability in the MCP STDIO command handling. An attacker can send crafted network requests to the network-accessible Jaaz application, leading to attacker-controlled commands executed in the Jaaz service process and potential...
CVE-2026-33827 Windows TCP/IP Remote Code Execution Vulnerability
...
Synology SSL VPN Client 安全漏洞
The Synology SSL VPN Client is a VPN client software developed by Synology, a Chinese company, used for secure connection to Synology NAS devices. Versions of the Synology SSL VPN Client prior to 1.4.5-0684 contained security vulnerabilities. These vulnerabilities stemmed from externally accessib...
Juniper Networks CTP OS 安全漏洞
Juniper Networks CTP OS is an operating system used by Juniper Networks for migrating from circuit-to-packet networks. There are security vulnerabilities in Juniper Networks CTP OS versions 9.2R1 and 9.2R2. These vulnerabilities stem from weak password requirements in the password management...
PocketMine-MP: Network amplification vulnerability with `ActorEventPacket`
Impact The server handles ActorEventPacket to trigger consuming animations from vanilla clients when they eat food or drink potions. This can be abused to make the server spam other clients, and to waste server CPU and memory. For every ActorEventPacket sent by the client, an animation event will...
BIT-DOTNET-2026-26127 .NET Denial of Service Vulnerability
Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network...
Microsoft Azure AI Foundry 授权问题漏洞
Microsoft Azure AI Foundry is a platform tool developed by the American company Microsoft, used for building, managing, and deploying enterprise-level AI models and services. There is an authorization issue vulnerability in Microsoft Azure AI Foundry; this vulnerability stems from improper...
K000160507: Oracle Java SE vulnerability CVE-2026-21933
Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1;...
EUVD-2026-16586
Path Traversal vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to wtite over any file via network...
EUVD-2026-16589
Hidden Functionality vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to enable telnet via network...
EUVD-2026-16587
OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network...
CVE-2026-4622
OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network...