java
java
- CVE-2026-13500 - antlr ANTLR4 code injection
- CVE-2026-13528 - YunaiV/zhijiantianya ruoyi-vue-pro path traversal
- CVE-2026-25521 - versions from 2.0.12 to prototype pollution
- CVE-2026-28367 - Undertow HTTP request smuggling
- CVE-2026-28368 - Undertow HTTP request smuggling
- CVE-2026-33228 - flatted security control bypass
- CVE-2026-40993 - An attacker with write security control bypass
- CVE-2026-41838 - IDs for WebSocket sessions security control bypass
- CVE-2026-41848 - Applications may be vulnerable ReDoS
- CVE-2026-41851 - Applications which accept user-supplied denial of service
- CVE-2026-50193 - jackson-databind contains the general-purpose security control bypass
- CVE-2026-53914 - JetBrains Kotlin unsafe deserialization
- CVE-2026-13500 - ANTLR4 grammar action block code injection
- CVE-2026-45051 - OpenAM WebAuthn deserialization RCE
- CVE-2026-45052 - OpenAM Liberty Discovery authz bypass
- CVE-2026-50193 - jackson-databind deeply nested JsonNode denial of service
- CVE-2026-50193 - jackson-databind JsonNode deep nesting denial of service
- CVE-2026-11746 - Central Dogma ZooKeeper replication secret cluster takeover
- CVE-2026-40987 - Spring Integration remote file sync arbitrary write
- CVE-2026-40994 - Spring WS BSP validation disabled by default
- CVE-2026-40998 - Spring WS XPath XXE via StreamSource and SAXSource
- CVE-2026-41003 - Spring Security generated form XSS
- CVE-2026-41842 - Spring versioned resource resolution DoS
- CVE-2026-41849 - Spring SpEL integer overflow DoS
- CVE-2026-41850 - Spring SpEL algorithmic DoS
- CVE-2026-44249 - Netty IPv6 subnet filter bypass
- CVE-2026-44250 - Netty Redis array depth denial of service
- CVE-2026-43515 - Apache Tomcat security constraints authorization bypass
- CVE-2026-40993 - Spring Security JDBC SAML credential deserialization
- CVE-2026-40993 - Spring Security SAML credential BLOB deserialization RCE
- CVE-2026-47691 - Netty DNS bailiwick cache poisoning
- CVE-2026-44632 - Yamcs Janino expression RCE
- CVE-2026-45505 - Apache ActiveMQ Jolokia discovery wrapper bypass
- CVE-2026-39852 - Quarkus matrix-parameter authorization bypass
- CVE-2026-42779 - Apache MINA resolveClass deserialization RCE
- CVE-2021-44228 — Log4Shell
- Java ObjectInputStream and friends