java-maven
java-maven
- CVE-2026-44795 - Spinnaker is an open source, multi-cloud continuous delivery platform
- CVE-2026-55405 - LangChain4j is a Java library for building LLM-powered applications on the JVM
- CVE-2026-49485 - org.hl7.fhir.core: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint
- CVE-2026-59826 - Metabase is an open-source business intelligence and embedded analytics tool
- CVE-2026-59827 - Metabase is an open-source business intelligence and embedded analytics tool
- CVE-2026-49464 - NL Portal: IDOR allows any authenticated user to complete and tamper with another user's taak
- CVE-2026-49832 - DSpace has possible Remote Code Execution (RCE) through Velocity Templates used by LDN
- CVE-2026-55470 - HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java
- CVE-2026-55471 - HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java
- CVE-2026-55760 - Handlebars.java provides logic-less and semantic Mustache templates with Java
- CVE-2026-34151 - XWiki Platform Old Core: Resource path traversal via /skin/ action endpoint in Jetty 12+
- CVE-2026-14265 - Deserialization of untrusted data in the RemoteQueryCachePlugin in Amazon Web Services AWS Advanced JDBC Wrapp
- CVE-2026-39379 - GeoNetwork has reflected XSS through client-side template injection
- CVE-2026-46487 - GeoNetwork has ACL bypass on Elasticsearch search when request body omits query field
- CVE-2026-12856 - A flaw was found in the vscode-java extension, which provides Java language support for Visual Studio Code
- CVE-2026-47424 - OpenAM Authenticated RCE via Groovy Sandbox Escape
- CVE-2026-47426 - OpenAM OAuth Client Impersonation via JWKS Resolver Cache
- CVE-2026-2053 - The WSO2 API Manager's message flow component, when processing WS-Addressing headers, does not sufficiently va
- CVE-2026-46619 - OpenAM Authentication Bypass via MSISDN LDAP Injection
- CVE-2026-46623 - OpenAM Account Takeover via Unverified Password Change in OAuth2 Module
- CVE-2026-12569 - PTC Windchill and FlexPLM Improper Input Validation Vulnerability
- CVE-2026-12975 - A flaw was found in Apicurio Registry. The ContentTypeUtil.isParsableXml() method creates a SAXParserFactory w
- CVE-2026-12992 - A flaw was found in Apicurio Registry. The WSDLReaderAccessor creates a wsdl4j WSDLReader without disabling th
- CVE-2026-50559 - Quarkus is a Java framework for building cloud-native applications
- CVE-2026-47065 - ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy Assessm
- CVE-2026-35563 - Apache Directory LDAP API lacks server certificate verification for LDAP hostnames
- CVE-2026-42588 - Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ have a Code Injection issue
- CVE-2026-44825 - Apache Solr has hardcoded credentials in the Basic Authentication setup tool
- CVE-2026-48827 - Apache MINA SSHD bundle sshd-git has a path traversal vulnerability
- CVE-2026-49157 - Apache ActiveMQ has an Incorrect Default Permissions vulnerability
- CVE-2026-49361 - Apache Fluss: Unauthenticated remote attackers can exhaust JVM heap memory using crafted frame headers via TabletServer/
- CVE-2026-42782 - Apache Syncope has an Improper Isolation or Compartmentalization vulnerability
- CVE-2026-44417 - Apache CXF: Untrusted JMS configuration can lead to RCE
- CVE-2026-44930 - Apache CXF has an LDAP injection vulnerability
- CVE-2026-6009 - Jaspersoft Reports: Java Deserialization Vulnerability Lleads to Remote Code Execution (RCE)
- CVE-2026-7504 - A flaw was found in Keycloak's URL validation logic during redirect operations
- CVE-2026-42582 - Netty HTTP/3 QPACK literal unbounded allocation
- CVE-2026-44241 - Micronaut has unbounded formattersCache in TimeConverterRegistrar that Allows Memory Exhaustion via Accept-Language Head
- CVE-2026-27172 - The ConsulRegistry in the camel-consul component (class org.apache.camel.component.consul.ConsulRegistry and i
- CVE-2026-40473 - The camel-mina component's MinaConverter.toObjectInput(IoBuffer) type converter wraps an IoBuffer in a java.io
- CVE-2026-40858 - The camel-infinispan component's ProtoStream-based remote aggregation repository deserializes data read from a
- CVE-2026-40860 - JmsBinding.extractBodyFromJms() in camel-jms, and the equivalent JmsBinding class in camel-sjms, deserialized
- CVE-2026-22016 - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Orac
- CVE-2026-34282 - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Orac
- CVE-2025-14813 - Bouncy Castle for Java GOST 28147 CTR mode reuses keystream after 255 blocks
- CVE-2026-40477 - Thymeleaf is a server-side Java template engine for web and standalone environments
- CVE-2026-40478 - Thymeleaf is a server-side Java template engine for web and standalone environments
- CVE-2026-3505 - Allocation of resources without limits or throttling, Uncontrolled Resource Consumption vulnerability in Legio
- CVE-2026-5588 - Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc
- CVE-2026-5598 - Covert timing channel vulnerability in Legion of the Bouncy Castle Inc
- CVE-2026-33701 - OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries f
- CVE-2026-33180 - HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java
- CVE-2026-29062 - jackson-core contains core low-level incremental (streaming) parser and generator abstractions used by Jacks
- CVE-2026-27830 - c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objec
- CVE-2026-27727 - mchange-commons-java, a library that provides Java utilities, includes code that mirrors early implementations
- CVE-2026-25747 - Deserialization of Untrusted Data vulnerability in Apache Camel LevelDB component
- CVE-2026-21932 - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Orac
- CVE-2026-21945 - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Orac
- CVE-2025-12543 - A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applica
- CVE-2025-9784 - Undertow MadeYouReset HTTP/2 DDoS Vulnerability
- CVE-2024-38286 - Apache Tomcat Allocation of Resources Without Limits or Throttling vulnerability
- CVE-2022-21952 - A Missing Authentication for Critical Function vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUS
- CVE-2015-1778 - Opendaylight will authenticate any username and password combination
- CVE-2016-0750 - Infinispan: Deserialization of untrusted data in the Hot Rod Java client via automatic byte-array deserialization
- CVE-2022-23913 - Apache ActiveMQ Artemis Uncontrolled Resource Consumption (DoS)
- CVE-2021-26118 - Apache ActiveMQ Artemis vulnerable to Improper Access Control
- CVE-2019-16869 - HTTP Request Smuggling in Netty
- CVE-2017-8046 - Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), ve