| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-33701 | OpenTelemetry: Unsafe Deserialization in RMI Instrumentation may Lead to Remote Code Execution | open-telemetry | opentelemetry-java-instrumentation | 中危 | - | 2026-03-27 00:01:12 | Deep Dive |
| CVE-2026-32735 | Unpacking Arbitrary Mustache Template Files via `maven-dependency-plugin` | Chrimle | openapi-to-java-records-mustache-templates-parent | 中危 | - | 2026-03-18 22:13:40 | Deep Dive |
| CVE-2026-27727 | mchange-commons-java: Remote Code Execution via JNDI Reference Resolution | swaldman | mchange-commons-java | - | - | 2026-02-25 16:01:04 | Deep Dive |
| CVE-2025-33042 | Apache Avro Java SDK: Code injection on Java generated code | Apache Software Foundation | Apache Avro Java SDK | 中危 | - | 2026-02-13 11:47:04 | Deep Dive |
| CVE-2026-23686 | CRLF Injection vulnerability in SAP NetWeaver Application Server Java | SAP_SE | SAP NetWeaver Application Server Java | Low | 3.4 | 2026-02-10 03:02:37 | Deep Dive |
| CVE-2026-21947 | Oracle Java SE 安全漏洞 | Oracle Corporation | Oracle Java SE | Low | 3.1 | 2026-01-20 21:56:29 | Deep Dive |
| CVE-2026-21945 | Oracle Java SE 安全漏洞 | Oracle Corporation | Oracle Java SE | High | 7.5 | 2026-01-20 21:56:28 | Deep Dive |
| CVE-2026-21933 | Oracle Java SE 安全漏洞 | Oracle Corporation | Oracle Java SE | Medium | 6.1 | 2026-01-20 21:56:24 | Deep Dive |
| CVE-2026-21932 | Oracle Java SE 安全漏洞 | Oracle Corporation | Oracle Java SE | High | 7.4 | 2026-01-20 21:56:24 | Deep Dive |
| CVE-2026-21925 | Oracle Java SE 安全漏洞 | Oracle Corporation | Oracle Java SE | Medium | 4.8 | 2026-01-20 21:56:21 | Deep Dive |
| CVE-2026-0510 | Obsolete Encryption Algorithm Used in NW AS Java UME User Mapping | SAP_SE | NW AS Java UME User Mapping | Low | 3.0 | 2026-01-13 01:15:44 | Deep Dive |
| CVE-2026-21452 | MessagePack-Java Vulnerable to Remote Denial of Service via Malicious .msgpack Model File Triggering Unbounded EXT Payload Allocation | msgpack | msgpack-java | High | 7.5 | 2026-01-02 20:47:45 | Deep Dive |
| CVE-2025-15135 | joey-zhou xiaozhi-esp32-server-java Cookie AuthenticationInterceptor.java tryAuthenticateWithCookies improper authentication | joey-zhou | xiaozhi-esp32-server-java | Medium | 6.3 | 2025-12-28 12:02:07 | Deep Dive |
| CVE-2025-14763 | Amazon S3 Encryption Client 安全漏洞 | AWS | S3 Encryption Client for Java | Medium | 5.3 | 2025-12-17 20:18:34 | Deep Dive |
| CVE-2025-67505 | Race condition in the Okta Java SDK | okta | okta-sdk-java | High | 8.4 | 2025-12-10 22:19:21 | Deep Dive |
| CVE-2025-66033 | Improper Memory Cleanup in the Okta Java SDK | okta | okta-sdk-java | Medium | 5.3 | 2025-12-10 21:46:13 | Deep Dive |
| CVE-2025-66566 | yawkat LZ4 Java has a possible information leak in Java safe decompressor | yawkat | lz4-java | 高危 | - | 2025-12-05 18:10:16 | Deep Dive |
| CVE-2025-66021 | OWASP Java HTML Sanitizer is vulnerable to XSS via noscript tag and improper style tag sanitization | OWASP | java-html-sanitizer | - | - | 2025-11-26 01:53:38 | Deep Dive |
| CVE-2025-42919 | Information Disclosure vulnerability in SAP NetWeaver Application Server Java | SAP_SE | SAP NetWeaver Application Server Java | Medium | 5.3 | 2025-11-11 00:20:18 | Deep Dive |
| CVE-2025-64518 | CycloneDX Core (Java): BOM validation is vulnerable to XML External Entity injection | CycloneDX | cyclonedx-core-java | High | 7.5 | 2025-11-10 22:08:06 | Deep Dive |