4 articles tagged with "Java"
CVE-2026-40478 bypasses Thymeleaf's expression protections, allowing attackers to execute arbitrary Java code through crafted template input. Upgrade to 3.1.4.RELEASE now.
CVE-2026-22886 exposes Eclipse OpenMQ to remote takeover via default admin/admin credentials. CVSS 9.8 critical vulnerability requires immediate attention from Java messaging users.
Multiple CVSS 10.0 flaws affect Commerce, Communications, and PeopleSoft. MySQL patches include a critical 9.8-severity bug.
CVE-2025-68493 in the XWork component enables XML External Entity attacks that can leak files, perform SSRF, or crash systems. Patch to version 6.1.1.