Java

CVE-2026-22886 exposes Eclipse OpenMQ to remote takeover via default admin/admin credentials. CVSS 9.8 critical vulnerability requires immediate attention from Java messaging users.

Multiple CVSS 10.0 flaws affect Commerce, Communications, and PeopleSoft. MySQL patches include a critical 9.8-severity bug.

CVE-2025-68493 in the XWork component enables XML External Entity attacks that can leak files, perform SSRF, or crash systems. Patch to version 6.1.1.