CVE Daily
← All tags

Tag: Oracle JDK

All CVEs associated with "Oracle JDK". Page 6/43 • 5132 CVEs.

Subscribe CVEs: RSS for “Oracle JDK”  ·  RSS (High+Critical only)

About “Oracle JDK”

A curated feed of “Oracle JDK”-related CVEs appears below. We currently track 5132 CVEs for this tag (all time). In the last 365 days, 784 were published. Average CVSS is 6.7 (all time; 6.3 over 365d), and 48% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').

In our taxonomy this topic maps to a MODERATE impact class. JDK and JVM updates affect TLS, serialization, and performance. Upgrade JDK or JRE, restart dependents, avoid unsupported builds, and consider key or cert rotation if needed. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2025-09-04
Medium

CVE-2025-48524

In isSystem of WifiPermissionsUtil.java, there is a possible permission bypass due to a missing permission check. This could lead to local denial of service with no additional execution privileges ne…

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2025-48523

In onCreate of SelectAccountActivity.java, there is a possible way to add contacts without permission due to a logic error in the code. This could lead to local escalation of privilege with no additi…

CVSS: 7.8 CWE: CWE-863 - Incorrect Authorization View on NVD
High

CVE-2025-48522

In setDisplayName of AssociationRequest.java, there is a possible way for an app to retain CDM association due to a logic error in the code. This could lead to local escalation of privilege with no a…

CVSS: 7.8 CWE: CWE-693 - Protection Mechanism Failure View on NVD
High

CVE-2025-32347

In onStart of BiometricEnrollIntroduction.java, there is a possible way to determine the device's location due to an unsafe PendingIntent. This could lead to local escalation of privilege with no add…

CVSS: 7.8 CWE: CWE-926 - Improper Export of Android Application Components View on NVD
High

CVE-2025-32346

In onActivityResult of VoicemailSettingsActivity.java, there is a possible work profile contact number leak due to a confused deputy. This could lead to local escalation of privilege with no addition…

CVSS: 7.8 CWE: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy') View on NVD
High

CVE-2025-32345

In updateState of ContentProtectionTogglePreferenceController.java, there is a possible way for a secondary user to disable the primary user's deceptive app scanning setting due to a logic error in t…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2025-32331

In showDismissibleKeyguard of KeyguardService.java, there is a possible way to bypass app pinning due to a logic error in the code. This could lead to local escalation of privilege with no additional…

CVSS: 7.8 CWE: CWE-693 - Protection Mechanism Failure View on NVD
Medium

CVE-2025-32330

In generateRandomPassword of LocalBluetoothLeBroadcast.java, there is a possible way to intercept the Auracast audio stream due to an insecure default value. This could lead to remote (proximal/adjac…

CVSS: 5.7 CWE: CWE-1188 - Initialization of a Resource with an Insecure Default View on NVD
High

CVE-2025-32327

In multiple functions of PickerDbFacade.java, there is a possible unauthorized data access due to SQL injection. This could lead to local escalation of privilege with no additional execution privileg…

CVSS: 7.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
High

CVE-2025-32326

In multiple functions of AppRestrictionsFragment.java, there is a possible way to bypass intent security check due to a confused deputy. This could lead to local escalation of privilege with no addi…

CVSS: 7.8 CWE: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy') View on NVD
High

CVE-2025-32324

In onCommand of ActivityManagerShellCommand.java, there is a possible arbitrary activity launch due to a confused deputy. This could lead to local escalation of privilege with no additional execution…

CVSS: 7.8 CWE: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy') View on NVD
High

CVE-2025-32323

In getCallingAppName of Shared.java, there is a possible way to trick users into granting file access via deceptive text in a permission popup due to improper input validation. This could lead to loc…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2025-32321

In isSafeIntent of AccountTypePreferenceLoader.java, there is a possible way to bypass an intent type check due to a confused deputy. This could lead to local escalation of privilege with no addition…

CVSS: 7.8 CWE: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy') View on NVD
High

CVE-2025-26464

In executeAppFunction of AppSearchManagerService.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additi…

CVSS: 7.8 CWE: CWE-693 - Protection Mechanism Failure View on NVD
High

CVE-2025-26454

In validateUriSchemeAndPermission of DisclaimersParserImpl.java , there is a possible way to access data from another user due to a confused deputy. This could lead to local escalation of privilege w…

CVSS: 7.8 CWE: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy') View on NVD
High

CVE-2025-22441

In getContextForResourcesEnsuringCorrectCachedApkPaths of RemoteViews.java, there is a possible way to load arbitrary java code in a privileged context due to a confused deputy. This could lead to lo…

CVSS: 7.3 CWE: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy') View on NVD
High

CVE-2025-32312

In createIntentsList of PackageParser.java , there is a possible way to bypass lazy bundle hardening, allowing modified data to be passed to the next process due to unsafe deserialization. This could…

CVSS: 7.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2025-26462

In AccessibilityServiceConnection.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2025-26458

In multiple functions of LocationProviderManager.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additi…

CVSS: 7.8 CWE: CWE-693 - Protection Mechanism Failure View on NVD
Medium

CVE-2025-26456

In multiple functions of DexUseManagerLocal.java, there is a possible way to crash system server due to a logic error in the code. This could lead to local permanent denial of service with no additio…

CVSS: 5.5 CWE: CWE-703 - Improper Check or Handling of Exceptional Conditions View on NVD
Medium

CVE-2025-26453

In isContentUriForOtherUser of BluetoothOppSendFileInfo.java, there is a possible cross user data leak due to a logic error in the code. This could lead to local information disclosure with no additi…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2025-26452

In loadDrawableForCookie of ResourcesImpl.java, there is a possible way to access task snapshots of other apps due to a confused deputy. This could lead to local escalation of privilege with no addit…

CVSS: 7.8 CWE: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy') View on NVD
High

CVE-2025-26450

In onInputEvent of IInputMethodSessionWrapper.java, there is a possible way for an untrusted app to inject key and motion events to the default IME due to a missing permission check. This could lead…

CVSS: 7.8 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-26445

In offerNetwork of ConnectivityService.java, there is a possible leak of sensitive data due to a missing permission check. This could lead to local information disclosure with no additional execution…

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2025-26444

In onHandleForceStop of VoiceInteractionManagerService.java, there is a bug that could cause the system to incorrectly revert to the default assistant application when a user-selected assistant is fo…

CVSS: 7.8 CWE: CWE-693 - Protection Mechanism Failure View on NVD
High

CVE-2025-26443

In parseHtml of HtmlToSpannedParser.java, there is a possible way to install apps without allowing installation from unknown sources due to a logic error in the code. This could lead to local escalat…

CVSS: 7.3 CWE: CWE-693 - Protection Mechanism Failure View on NVD
Medium

CVE-2025-26442

In onCreate of NotificationAccessConfirmationActivity.java, there is a possible incorrect verification of proper intent filters in NLS due to a logic error in the code. This could lead to local infor…

CVSS: 5.5 CWE: CWE-863 - Incorrect Authorization View on NVD
Medium

CVE-2025-26437

In CredentialManagerServiceStub of CredentialManagerService.java, there is a possible way to retrieve candidate credentials due to a missing permission check. This could lead to local information dis…

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2025-26436

In clearAllowBgActivityStarts of PendingIntentRecord.java, there is a possible way for an application to launch an activity from the background due to BAL Bypass. This could lead to local escalation…

CVSS: 7.8 CWE: CWE-863 - Incorrect Authorization View on NVD
High

CVE-2025-26435

In updateState of ContentProtectionTogglePreferenceController.java, there is a possible way for a secondary user to disable the primary user's deceptive app scanning setting due to a logic error in t…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2025-26429

In collectOps of AppOpsService.java, there is a possible way to cause permanent DoS due to improper input validation. This could lead to local denial of service with no additional execution privilege…

CVSS: 5.5 CWE: CWE-20 - Improper Input Validation View on NVD
Low

CVE-2025-26428

In startLockTaskMode of LockTaskController.java, there is a possible lock screen bypass due to a logic error in the code. This could lead to physical escalation of privilege with no additional execut…

CVSS: 3.2 CWE: CWE-290 - Authentication Bypass by Spoofing View on NVD
Medium

CVE-2025-26426

In BroadcastController.java of registerReceiverWithFeatureTraced, there is a possible way to receive broadcasts meant for the "android" package due to improper input validation. This could lead to lo…

CVSS: 5.1 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2025-26425

In multiple functions of RoleService.java, there is a possible permission squatting vulnerability due to a logic error in the code. This could lead to local escalation of privilege on versions of And…

CVSS: 4.0 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
Medium

CVE-2025-26424

In multiple functions of VpnManager.java, there is a possible cross-user data leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privi…

CVSS: 4.0 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2025-26423

In validateIpConfiguration of WifiConfigurationUtil.java, there is a possible way to trigger a permanent DoS due to a missing bounds check. This could lead to local escalation of privilege with no ad…

CVSS: 6.2 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2025-26422

In dump of WindowManagerService.java, there is a possible way of running dumpsys without the required permission due to a missing permission check. This could lead to local escalation of privilege wi…

CVSS: 4.0 CWE: CWE-279 - Incorrect Execution-Assigned Permissions View on NVD
Medium

CVE-2025-26420

In multiple functions of GrantPermissionsActivity.java , there is a possible way to trick the user into granting the incorrect permission due to permission overload. This could lead to local escalati…

CVSS: 4.4 CWE: CWE-281 - Improper Preservation of Permissions View on NVD
Medium

CVE-2025-22425

In onCreate of InstallStart.java, there is a possible permissions bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges nee…

CVSS: 5.1 CWE: CWE-276 - Incorrect Default Permissions View on NVD
Medium

CVE-2025-0087

In onCreate of UninstallerActivity.java, there is a possible way to uninstall a different user's app due to a missing permission check. This could lead to local escalation of privilege with no additi…

CVSS: 5.1 CWE: CWE-689 - Permission Race Condition During Resource Copy View on NVD
Medium

CVE-2025-0077

In multiple functions of UserController.java, there is a possible lock screen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges…

CVSS: 4.0 CWE: CWE-1223 - Race Condition for Write-Once Attributes View on NVD
High

CVE-2025-7388

It was possible to perform Remote Command Execution (RCE) via Java RMI interface in the OpenEdge AdminServer, allowing authenticated users to inject and execute OS commands under the delegated author…

CVSS: 8.4 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
2025-09-03
Medium

CVE-2025-56608

The SourceCodester Android application "Corona Virus Tracker App India" 1.0 uses MD5 for digest authentication in `OkHttpClientWrapper.java`. The `handleDigest()` function employs `MessageDigest.getI…

CVSS: 4.2 CWE: CWE-290 - Authentication Bypass by Spoofing View on NVD
High

CVE-2025-9785

PaperCut Print Deploy is an optional component that integrates with PaperCut NG/MF which simplifies printer deployment and management. When the component is deployed to an environment, the customer h…

CVSS: 7.7 CWE: CWE-295 - Improper Certificate Validation View on NVD
2025-09-02
High

CVE-2025-22442

In multiple functions of DevicePolicyManagerService.java, there is a possible way to install unauthorized applications into a newly created work profile due to a race condition. This could lead to lo…

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2025-22439

In onLastAccessedStackLoaded of ActionHandler.java , there is a possible way to bypass storage restrictions across apps due to a missing permission check. This could lead to local escalation of privi…

CVSS: 7.3 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2025-22434

In handleKeyGestureEvent of PhoneWindowManager.java, there is a possible lock screen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execu…

CVSS: 7.8 CWE: CWE-693 - Protection Mechanism Failure View on NVD
High

CVE-2025-22433

In canForward of IntentForwarderActivity.java, there is a possible bypass of the cross profile intent filter most commonly used in Work Profile scenarios due to a logic error in the code. This could…

CVSS: 7.8 CWE: CWE-693 - Protection Mechanism Failure View on NVD
High

CVE-2025-22428

In hasInteractAcrossUsersFullPermission of AppInfoBase.java, there is a possible way to grant permissions to an app on the secondary user from the primary user due to a logic error in the code. This…

CVSS: 7.8 CWE: CWE-863 - Incorrect Authorization View on NVD
High

CVE-2025-22427

In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to grant notification access above the lock screen due to a logic error in the code. This could lead to local escal…

CVSS: 7.3 CWE: CWE-693 - Protection Mechanism Failure View on NVD
High

CVE-2025-22417

In finishTransition of Transition.java, there is a possible way to bypass touch filtering restrictions due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no add…

CVSS: 7.3 CWE: CWE-1021 - Improper Restriction of Rendered UI Layers or Frames View on NVD
High

CVE-2025-22416

In onCreate of ChooserActivity.java , there is a possible way to view other users' images due to a confused deputy. This could lead to local escalation of privilege with no additional execution privi…

CVSS: 7.8 CWE: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy') View on NVD
Medium

CVE-2024-49728

In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possible cross user media disclosure due to a confused deputy. This could lead to local information disclosure with no additional exec…

CVSS: 5.5 CWE: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere View on NVD
Medium

CVE-2024-49722

In showAvatarPicker of EditUserPhotoController.java, there is a possible cross user image leak due to a confused deputy. This could lead to local information disclosure with no additional execution p…

CVSS: 5.5 CWE: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere View on NVD
High

CVE-2024-49720

In multiple functions of Permissions.java, there is a possible way to override the state of the user's location permissions due to a logic error in the code. This could lead to local escalation of pr…

CVSS: 7.8 CWE: CWE-693 - Protection Mechanism Failure View on NVD
High

CVE-2024-40653

In multiple functions of ConnectionServiceWrapper.java, there is a possible way to retain a permission forever in the background due to a logic error in the code. This could lead to local escalation…

CVSS: 7.3 CWE: CWE-287 - Improper Authentication View on NVD
2025-09-01
Low

CVE-2025-9796

A vulnerability was found in thinkgem JeeSite up to 5.12.1. This affects the function decodeUrl2 of the file common/src/main/java/com/jeesite/common/codec/EncodeUtils.java. The manipulation results i…

CVSS: 3.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Critical

CVE-2024-28988

SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. Thi…

CVSS: 9.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
Medium

CVE-2025-9795

A vulnerability has been found in xujeff tianti 天梯 up to 2.3. The impacted element is the function ajaxUploadFile of the file src/main/java/com/jeff/tianti/controller/UploadController.java. The manip…

CVSS: 6.3 CWE: CWE-284 - Improper Access Control View on NVD
2025-08-29
Critical

CVE-2025-44033

SQL injection vulnerability in oa_system oasys v.1.1 allows a remote attacker to execute arbitrary code via the allDirector() method declaration in src/main/java/cn/gson/oasys/mappers/AddressMapper.j…

CVSS: 9.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
Medium

CVE-2025-9650

A vulnerability has been found in yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3. This affects the function removeFileByPath of the file src/main/java/com/yeqifu/sys/utils/AppFileUti…

CVSS: 5.4 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2025-08-26
Medium

CVE-2025-26417

In checkWhetherCallingAppHasAccess of DownloadProvider.java, there is a possible bypass of user consent when opening files in shared storage due to a confused deputy. This could lead to local informa…

CVSS: 4.0 CWE: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere View on NVD
High

CVE-2025-0093

In handleBondStateChanged of AdapterService.java, there is a possible unapproved data access due to a missing permission check. This could lead to remote information disclosure with no additional exe…

CVSS: 7.5 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
Medium

CVE-2025-0092

In handleBondStateChanged of AdapterService.java, there is a possible permission bypass due to misleading or insufficient UI. This could lead to remote (proximal/adjacent) information disclosure with…

CVSS: 6.5 CWE: CWE-345 - Insufficient Verification of Data Authenticity View on NVD
Medium

CVE-2025-0086

In onResult of AccountManagerService.java, there is a possible way to overwrite auth token due to a missing permission check. This could lead to local information disclosure with no additional execut…

CVSS: 6.2 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-0082

In multiple functions of StatusHint.java and TelecomServiceImpl.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure w…

CVSS: 5.5 CWE: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere View on NVD
Medium

CVE-2025-9461

A weakness has been identified in diyhi bbs up to 6.8. The impacted element is an unknown function of the file src/main/java/cms/web/action/filePackage/FilePackageManageAction.java of the component F…

CVSS: 4.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2025-08-25
Medium

CVE-2025-9406

A weakness has been identified in xuhuisheng lemon up to 1.13.0. This affects the function uploadImage of the file CmsArticleController.java of the component com.mossle.cms.web.CmsArticleController.u…

CVSS: 6.3 CWE: CWE-284 - Improper Access Control View on NVD
2025-08-22
Low

CVE-2025-9340

Out-of-bounds Write vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java bc-fips on All (API modules). This vulnerability is associated with program files org/bouncycastle/jcajce/…

CVSS: 0.0 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2025-9341

Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java FIPS bc-fips on All (API modules), Legion of the Bouncy Castle Inc. Bouncy Castle for Java L…

CVSS: 5.9 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
2025-08-21
Medium

CVE-2025-55371

Incorrect access control in the component /controller/PersonController.java of jshERP v3.5 allows unauthorized attackers to obtain all the information of the handler by executing the getAllList metho…

CVSS: 5.3 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2025-55370

Incorrect access control in the component \controller\ResourceController.java of jshERP v3.5 allows unauthorized attackers to obtain all the corresponding ID data by modifying the ID value.

CVSS: 8.8 CWE: CWE-639 - Authorization Bypass Through User-Controlled Key View on NVD
High

CVE-2025-55368

Incorrect access control in the component \controller\RoleController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account.

CVSS: 8.8 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2025-55367

Incorrect access control in the component \controller\SupplierController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account.

CVSS: 5.3 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2025-55366

Incorrect access control in the component \controller\UserController.java of jshERP v3.5 allows attackers to arbitrarily reset user account passwords and execute a horizontal privilege escalation att…

CVSS: 5.3 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2025-9264

A vulnerability was found in Xuxueli xxl-job up to 3.1.1. Affected by this issue is the function remove of the file /src/main/java/com/xxl/job/admin/controller/JobInfoController.java of the component…

CVSS: 5.4 CWE: CWE-99 - Improper Control of Resource Identifiers ('Resource Injection') View on NVD
2025-08-20
Medium

CVE-2025-9263

A vulnerability has been found in Xuxueli xxl-job up to 3.1.1. Affected by this vulnerability is the function getJobsByGroup of the file /src/main/java/com/xxl/job/admin/controller/JobLogController.j…

CVSS: 4.3 CWE: CWE-99 - Improper Control of Resource Identifiers ('Resource Injection') View on NVD
Low

CVE-2025-9239

A vulnerability was identified in elunez eladmin up to 2.7. Affected by this vulnerability is the function EncryptUtils of the file eladmin-common/src/main/java/me/zhengjie/utils/EncryptUtils.java of…

CVSS: 3.7 CWE: CWE-310 View on NVD
Medium

CVE-2024-39954

CWE-918 Server-Side Request Forgery (SSRF) in eventmesh-runtime module in WebhookUtil.java on windows\linux\mac os e.g. allows the attacker can abuse functionality on the server to read or update int…

CVSS: 6.3 CWE: CWE-918 - Server-Side Request Forgery (SSRF) View on NVD
2025-08-19
Medium

CVE-2025-9148

A vulnerability was found in CodePhiliaX Chat2DB up to 0.3.7. This affects an unknown function of the file ai/chat2db/server/web/api/controller/data/source/DataSourceController.java of the component…

CVSS: 6.3 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
2025-08-18
High

CVE-2025-53192

** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Expression/Command Delimiters vulnerability in Apache Commons OGNL. This issue affects Apache Commons OGNL: all versions. When using the…

CVSS: 8.8 CWE: CWE-146 - Improper Neutralization of Expression/Command Delimiters View on NVD
2025-08-16
Low

CVE-2025-9092

Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0 bc-fips (API modules) allows Excessive Allocation. This vulnerability is asso…

CVSS: 1.0 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
2025-08-14
Low

CVE-2025-8974

A vulnerability was determined in linlinjava litemall up to 1.8.0. Affected by this issue is some unknown functionality of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/util/JwtHe…

CVSS: 3.7 CWE: CWE-259 - Use of Hard-coded Password View on NVD
Medium

CVE-2025-8965

A vulnerability has been found in linlinjava litemall up to 1.8.0. This vulnerability affects the function create of the file litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminS…

CVSS: 6.3 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2025-8931

A vulnerability was determined in code-projects Medical Store Management System 1.0. Affected is an unknown function of the file ChangePassword.java. The manipulation of the argument newPassTxt leads…

CVSS: 6.3 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
Medium

CVE-2025-8930

A vulnerability was found in code-projects Medical Store Management System 1.0. This issue affects some unknown processing of the file UpdateCompany.java of the component Update Company Page. The man…

CVSS: 6.3 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
2025-08-13
Medium

CVE-2025-8929

A vulnerability has been found in code-projects Medical Store Management System 1.0. This vulnerability affects unknown code of the file MainPanel.java. The manipulation of the argument searchTxt lea…

CVSS: 6.3 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
Medium

CVE-2025-8928

A vulnerability was identified in code-projects Medical Store Management System 1.0. This affects an unknown part of the file UpdateMedicines.java of the component Update Medicines Page. The manipula…

CVSS: 6.3 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
Medium

CVE-2025-8916

Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcpkix on All (API modules), Legion of the Bouncy Castle Inc. BC Java bcprov on All (API…

CVSS: 6.3 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
2025-08-12
Medium

CVE-2025-8885

Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcprov on All (API modules), Legion of the Bouncy Castle Inc. BC-FJA bc-fips on All allo…

CVSS: 6.3 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
2025-08-11
Medium

CVE-2025-8841

A vulnerability was identified in zlt2000 microservices-platform up to 6.0.0. Affected by this vulnerability is the function Upload of the file zlt-business/file-center/src/main/java/com/central/file…

CVSS: 6.3 CWE: CWE-284 - Improper Access Control View on NVD
2025-08-10
Medium

CVE-2025-8814

A vulnerability was found in atjiu pybbs up to 6.0.0 and classified as problematic. This issue affects the function setCookie of the file src/main/java/co/yiiu/pybbs/util/CookieUtil.java. The manipul…

CVSS: 4.3 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
Low

CVE-2025-8813

A vulnerability has been found in atjiu pybbs up to 6.0.0 and classified as problematic. This vulnerability affects the function changeLanguage of the file src/main/java/co/yiiu/pybbs/controller/fron…

CVSS: 3.5 CWE: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect') View on NVD
2025-08-09
Medium

CVE-2025-8755

A vulnerability was found in macrozheng mall up to 1.0.3 and classified as problematic. This issue affects the function detail of the file UmsMemberController.java of the component com.macro.mall.por…

CVSS: 5.3 CWE: CWE-285 - Improper Authorization View on NVD
2025-08-08
Low

CVE-2025-8737

A vulnerability, which was classified as problematic, was found in zlt2000 microservices-platform up to 6.0.0. This affects the function onLogoutSuccess of the file src/main/java/com/central/oauth/ha…

CVSS: 3.5 CWE: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect') View on NVD
Medium

CVE-2025-8708

A vulnerability was found in Antabot White-Jotter 0.22. It has been declared as critical. This vulnerability affects the function CookieRememberMeManager of the file ShiroConfiguration.java of the co…

CVSS: 5.0 CWE: CWE-20 - Improper Input Validation View on NVD
2025-08-05
Low

CVE-2025-8549

A vulnerability was found in atjiu pybbs up to 6.0.0. It has been classified as critical. Affected is the function update of the file src/main/java/co/yiiu/pybbs/controller/admin/UserAdminController.…

CVSS: 3.7 CWE: CWE-521 - Weak Password Requirements View on NVD
Low

CVE-2025-8548

A vulnerability was found in atjiu pybbs up to 6.0.0 and classified as problematic. This issue affects the function sendEmailCode of the file src/main/java/co/yiiu/pybbs/controller/api/SettingsApiCon…

CVSS: 3.7 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2025-08-04
Medium

CVE-2025-8529

A vulnerability classified as critical was found in cloudfavorites favorites-web up to 1.3.0. Affected by this vulnerability is the function getCollectLogoUrl of the file app/src/main/java/com/favori…

CVSS: 6.3 CWE: CWE-918 - Server-Side Request Forgery (SSRF) View on NVD
Medium

CVE-2025-8527

A vulnerability was found in Exrick xboot up to 3.3.4. It has been rated as critical. This issue affects some unknown processing of the file xboot-fast/src/main/java/cn/exrick/xboot/modules/base/cont…

CVSS: 6.3 CWE: CWE-918 - Server-Side Request Forgery (SSRF) View on NVD
Medium

CVE-2025-8526

A vulnerability was found in Exrick xboot up to 3.3.4. It has been declared as critical. This vulnerability affects the function Upload of the file xboot-fast/src/main/java/cn/exrick/xboot/modules/ba…

CVSS: 6.3 CWE: CWE-284 - Improper Access Control View on NVD
2025-07-31
Medium

CVE-2025-8192

There exists a TOCTOU race condition in TvSettings AppRestrictionsFragment.java that lead to start of attacker supplied activity in Settings’ context, i.e. system-uid context, thus lead to launchAnyW…

CVSS: 6.9 CWE: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition View on NVD
Medium

CVE-2025-8344

A vulnerability classified as critical has been found in openviglet shio up to 0.3.8. Affected is the function shStaticFileUpload of the file shio-app/src/main/java/com/viglet/shio/api/staticfile/ShS…

CVSS: 6.3 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2025-8343

A vulnerability was found in openviglet shio up to 0.3.8. It has been rated as critical. This issue affects the function shStaticFilePreUpload of the file shio-app/src/main/java/com/viglet/shio/api/s…

CVSS: 4.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2025-07-27
Medium

CVE-2025-8223

A vulnerability, which was classified as problematic, was found in jerryshensjf JPACookieShop 蛋糕商城JPA版 up to 24a15c02b4f75042c9f7f615a3fed2ec1cefb999. This affects an unknown part of the file AdminTy…

CVSS: 4.3 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
Low

CVE-2025-8222

A vulnerability, which was classified as problematic, has been found in jerryshensjf JPACookieShop 蛋糕商城JPA版 up to 24a15c02b4f75042c9f7f615a3fed2ec1cefb999. Affected by this issue is some unknown func…

CVSS: 3.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-8221

A vulnerability classified as problematic was found in jerryshensjf JPACookieShop 蛋糕商城JPA版 up to 24a15c02b4f75042c9f7f615a3fed2ec1cefb999. Affected by this vulnerability is the function goodsSearch o…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2025-07-26
Low

CVE-2025-8211

A vulnerability was found in Roothub up to 2.6. It has been declared as problematic. Affected by this vulnerability is the function Edit of the file src/main/java/cn/roothub/web/admin/SystemConfigAdm…

CVSS: 3.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2025-07-21
Medium

CVE-2025-7939

A vulnerability was found in jerryshensjf JPACookieShop 蛋糕商城JPA版 1.0. It has been classified as critical. Affected is the function addGoods of the file GoodsController.java. The manipulation leads to…

CVSS: 6.3 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2025-7938

A vulnerability was found in jerryshensjf JPACookieShop 蛋糕商城JPA版 1.0 and classified as critical. This issue affects the function updateGoods of the file GoodsController.java. The manipulation leads t…

CVSS: 4.3 CWE: CWE-285 - Improper Authorization View on NVD
Medium

CVE-2025-7936

A vulnerability has been found in fuyang_lipengjun platform up to ca9aceff6902feb7b0b6bf510842aea88430796a and classified as critical. Affected by this vulnerability is the function queryPage of the…

CVSS: 6.3 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
Medium

CVE-2025-7935

A vulnerability, which was classified as critical, was found in fuyang_lipengjun platform up to ca9aceff6902feb7b0b6bf510842aea88430796a. Affected is the function SysLogController of the file platfor…

CVSS: 6.3 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
Medium

CVE-2025-7934

A vulnerability, which was classified as critical, has been found in fuyang_lipengjun platform up to ca9aceff6902feb7b0b6bf510842aea88430796a. This issue affects the function queryPage of the file pl…

CVSS: 6.3 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
2025-07-20
Medium

CVE-2025-7906

A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1 and classified as critical. This issue affects the function uploadFile of the file ruoyi-admin/src/main/java/com/ruoyi/web/controller/comm…

CVSS: 6.3 CWE: CWE-284 - Improper Access Control View on NVD
Low

CVE-2025-7902

A vulnerability classified as problematic has been found in yangzongzhuan RuoYi up to 4.8.1. Affected is the function addSave of the file com/ruoyi/web/controller/system/SysNoticeController.java. The…

CVSS: 3.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-7888

A vulnerability was found in TDuckCloud tduck-platform 5.1 and classified as critical. This issue affects the function UserFormDataMapper of the file src/main/java/com/tduck/cloud/form/mapper/UserFor…

CVSS: 6.3 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
Low

CVE-2025-7865

A vulnerability was found in thinkgem JeeSite up to 5.12.0. It has been declared as problematic. This vulnerability affects the function xssFilter of the file src/main/java/com/jeesite/common/codec/E…

CVSS: 3.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-7864

A vulnerability was found in thinkgem JeeSite up to 5.12.0. It has been classified as critical. This affects the function Upload of the file src/main/java/com/jeesite/modules/file/web/FileUploadContr…

CVSS: 6.3 CWE: CWE-284 - Improper Access Control View on NVD
Low

CVE-2025-7863

A vulnerability was found in thinkgem JeeSite up to 5.12.0 and classified as problematic. Affected by this issue is the function redirectUrl of the file src/main/java/com/jeesite/common/web/http/Serv…

CVSS: 3.5 CWE: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect') View on NVD
2025-07-18
Low

CVE-2025-7789

A vulnerability was found in Xuxueli xxl-job up to 3.1.1 and classified as problematic. Affected by this issue is the function makeToken of the file src/main/java/com/xxl/job/admin/controller/IndexCo…

CVSS: 3.7 CWE: CWE-326 - Inadequate Encryption Strength View on NVD