7.5

CVSS3.1

CVE-2026-34282 - openjdk: OpenJDK: Enhance TLS connection handling (Oracle CPU 2026-04)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10โ€ฆ

๐Ÿ“… Published: April 21, 2026, 8 p.m. ๐Ÿ”„ Last Modified: April 22, 2026, 9:24 p.m.

5.3

CVSS3.1

CVE-2026-22021 - openjdk: OpenJDK: Enhance certificate chain validation (Oracle CPU 2026-04)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 โ€ฆ

๐Ÿ“… Published: April 21, 2026, 8 p.m. ๐Ÿ”„ Last Modified: April 22, 2026, 9:24 p.m.

2.9

CVSS3.1

CVE-2026-34268 - openjdk: OpenJDK: Enhance key generation (Oracle CPU 2026-04)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0โ€ฆ

๐Ÿ“… Published: April 21, 2026, 8 p.m. ๐Ÿ”„ Last Modified: April 22, 2026, 9:24 p.m.

3.7

CVSS3.1

CVE-2026-22018 - openjdk: OpenJDK: Enhance Zip file reading (Oracle CPU 2026-04)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.โ€ฆ

๐Ÿ“… Published: April 21, 2026, 8 p.m. ๐Ÿ”„ Last Modified: April 22, 2026, 9:24 p.m.

3.7

CVSS3.1

CVE-2026-22008 - openjdk: OpenJDK: Improved Arena allocations (Oracle CPU 2026-04)

Vulnerability in Oracle Java SE (component: Libraries). The supported version that is affected is Oracle Java SE: 25.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulneraโ€ฆ

๐Ÿ“… Published: April 21, 2026, 8 p.m. ๐Ÿ”„ Last Modified: April 23, 2026, 3:03 p.m.

2.9

CVSS3.1

CVE-2026-22007 - openjdk: OpenJDK: Enhance crypto algorithm support (Oracle CPU 2026-04)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0โ€ฆ

๐Ÿ“… Published: April 21, 2026, 8 p.m. ๐Ÿ”„ Last Modified: April 22, 2026, 9:24 p.m.

5.3

CVSS3.1

CVE-2026-22013 - openjdk: OpenJDK: Improve Kerberos credentialing (Oracle CPU 2026-04)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 โ€ฆ

๐Ÿ“… Published: April 21, 2026, 8 p.m. ๐Ÿ”„ Last Modified: April 22, 2026, 9:24 p.m.

7.5

CVSS3.1

CVE-2026-22016 - openjdk: OpenJDK: Enhance Path Factories Redux (Oracle CPU 2026-04)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 โ€ฆ

๐Ÿ“… Published: April 21, 2026, 8 p.m. ๐Ÿ”„ Last Modified: April 22, 2026, 9:24 p.m.

6.9

CVSS4.0

CVE-2026-40895 - follow-redirects: Custom Authentication Headers Leaked to Cross-Domain Redirect Targets

follow-redirects is an open source, drop-in replacement for Node's `http` and `https` modules that automatically follows redirects. Prior to 1.16.0, when an HTTP request follows a cross-domain redirect (301/302/307/308), follow-redirects only strips authorization, proxy-authorization, and cookie heโ€ฆ

๐Ÿ“… Published: April 21, 2026, 7:59 p.m. ๐Ÿ”„ Last Modified: April 23, 2026, 3:54 p.m.

8.3

CVSS3.1

CVE-2026-40925 - WWBN AVideo has CSRF in configurationUpdate.json.php Enables Full Site Configuration Takeover Incluโ€ฆ

WWBN AVideo is an open source video platform. In versions 29.0 and prior, `objects/configurationUpdate.json.php` (also routed via `/updateConfig`) persists dozens of global site settings from `$_POST` but protects the endpoint only with `User::isAdmin()`. It does not call `forbidIfIsUntrustedRequesโ€ฆ

๐Ÿ“… Published: April 21, 2026, 7:58 p.m. ๐Ÿ”„ Last Modified: April 24, 2026, 4:46 p.m.
Total resulsts: 346563
Page 97 of 34,657
ยซ previous page ยป next page
Filters