452 matches found
CVE-2026-54712
OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.27.0, the RMI context propagation payload reader limits the number of context entries but does not limit the aggregate size of the strings read from the...
CVE-2026-54712
OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.27.0, the RMI context propagation payload reader limits the number of context entries but does not limit the aggregate size of the strings read from the...
CVE-2026-54712 OpenTelemetry Javaagent RMI context propagation allows resource exhaustion
OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.27.0, the RMI context propagation payload reader limits the number of context entries but does not limit the aggregate size of the strings read from the...
CVE-2026-54712
The CVE pertains to OpenTelemetry Java Instrumentation . In versions prior to 2.27.0 , the RMI context propagation payload reader limits the number of context entries but not the aggregate size of the strings, allowing an attacker who can reach an RMI endpoint on an instrumented JVM to send an ov...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the JMX RMI connector. An attacker can execute arbitrary code on the server by sending specially crafted serialized Java objects prior to authentication. Note: This is only exploitable if the JMX...
CVE-2026-46778
Vulnerability in the Oracle WebCenter Enterprise Capture product of Oracle Fusion Middleware component: Client Bundle. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via RMI to compromise...
CVE-2026-46781
Vulnerability in the Oracle WebCenter Enterprise Capture product of Oracle Fusion Middleware component: Client Bundle. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via RMI to compromise...
Vulnerabilities in Oracle Fusion Middleware products
Oracle has identified several vulnerabilities in various products within the Oracle Fusion Middleware suite, including WebLogic Server, WebCenter Content, WebCenter Sites, WebCenter Portal, WebCenter Enterprise Capture, Identity Manager, Identity Manager Connector, Access Manager, Coherence,...
PT-2026-49908
Name of the Vulnerable Software and Affected Versions Oracle Unified Directory version 12.2.1.4.0 Oracle Unified Directory version 14.1.2.1.0 Description An issue exists in the OUD Core component of the Oracle Unified Directory product of Oracle Fusion Middleware. An unauthenticated attacker with...
PT-2026-49914
Name of the Vulnerable Software and Affected Versions Oracle WebCenter Enterprise Capture versions 12.2.1.4.0 Oracle WebCenter Enterprise Capture versions 14.1.2.0.0 Description An issue in the Client Bundle component of Oracle WebCenter Enterprise Capture allows an unauthenticated attacker with...
CVE-2026-52751
Affected software : Ghidra before 12.1. Vulnerability : Unsafe deserialization in client-side Shared-Project RMI connection code enables unauthenticated remote code execution when a crafted ghidra:// project file is opened via File → Open Project. The attack deserializes untrusted objects using a...
CVE-2025-7389
A vulnerability in the AdminServer component of OpenEdge on all supported platforms grants its authenticated users OS-level access to the server through the adopted authority of the AdminServer process itself. The delegated authority of the AdminServer could allow its users the ability to read...
Astra Linux – Vulnerability in openjdk-11
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: RMI. The supported versions affected by this vulnerability are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM fo...
CVE-2026-8217
A security flaw has been discovered in Industrial Application Software IAS Canias ERP 8.03. Impacted is the function Runtime.getRuntime.exec of the component RMI Interface. Performing a manipulation of the argument troiaCode results in os command injection. The attack may be initiated remotely. T...
CVE-2026-8241
A vulnerability has been found in Industrial Application Software IAS Canias ERP 8.03. The affected element is the function iasGetServerInfoEvent of the component RMI Interface. Such manipulation leads to improper authorization. The attack can be executed remotely. The exploit has been disclosed ...
EUVD-2026-28989
A vulnerability has been found in Industrial Application Software IAS Canias ERP 8.03. The affected element is the function iasGetServerInfoEvent of the component RMI Interface. Such manipulation leads to improper authorization. The attack can be executed remotely. The exploit has been disclosed ...
CVE-2026-8241
A vulnerability has been found in Industrial Application Software IAS Canias ERP 8.03. The affected element is the function iasGetServerInfoEvent of the component RMI Interface. Such manipulation leads to improper authorization. The attack can be executed remotely. The exploit has been disclosed ...
CVE-2026-8244 Industrial Application Software IAS Canias ERP Login RMI improper authentication
A vulnerability was identified in Industrial Application Software IAS Canias ERP 8.03. This impacts an unknown function of the component Login RMI Interface. The manipulation of the argument clientVersion leads to improper authentication. It is possible to initiate the attack remotely. The exploi...
CVE-2026-8244
CVE-2026-8244 affects Industrial Application Software IAS Canias ERP 8.03, specifically the Login RMI Interface. The vulnerability arises from manipulation of the clientVersion argument, leading to improper authentication. Attacks can be initiated remotely, and exploits are publicly available. Th...
CVE-2026-8242 Industrial Application Software IAS Canias ERP Login RMI doAction response discrepancy
A vulnerability was found in Industrial Application Software IAS Canias ERP 8.03. The impacted element is the function doAction of the component Login RMI Interface. Performing a manipulation results in observable response discrepancy. The attack is possible to be carried out remotely. A high...