| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-34282 | Oracle多款产品 安全漏洞 | Oracle Corporation | Oracle Java SE | High | 7.5 | 2026-04-21 20:35:21 | Deep Dive |
| CVE-2026-34268 | Oracle多款产品 安全漏洞 | Oracle Corporation | Oracle Java SE | Low | 2.9 | 2026-04-21 20:35:14 | Deep Dive |
| CVE-2026-22021 | Oracle多款产品 安全漏洞 | Oracle Corporation | Oracle Java SE | Medium | 5.3 | 2026-04-21 20:35:13 | Deep Dive |
| CVE-2026-22018 | Oracle多款产品 安全漏洞 | Oracle Corporation | Oracle Java SE | Low | 3.7 | 2026-04-21 20:35:11 | Deep Dive |
| CVE-2026-22016 | Oracle多款产品 安全漏洞 | Oracle Corporation | Oracle Java SE | High | 7.5 | 2026-04-21 20:35:10 | Deep Dive |
| CVE-2026-22013 | Oracle多款产品 安全漏洞 | Oracle Corporation | Oracle Java SE | Medium | 5.3 | 2026-04-21 20:35:09 | Deep Dive |
| CVE-2026-22008 | Oracle Java SE 安全漏洞 | Oracle Corporation | Oracle Java SE | Low | 3.7 | 2026-04-21 20:35:06 | Deep Dive |
| CVE-2026-22007 | Oracle多款产品 安全漏洞 | Oracle Corporation | Oracle Java SE | Low | 2.9 | 2026-04-21 20:35:05 | Deep Dive |
| CVE-2026-22003 | Oracle Java SE和Oracle GraalVM Enterprise Edition 安全漏洞 | Oracle Corporation | Oracle Java SE | Medium | 6.0 | 2026-04-21 20:35:03 | Deep Dive |
| CVE-2026-3505 | Unbounded PGP AEAD chunk size leads to pre-auth resource exhaustion. | Legion of the Bouncy Castle Inc. | BC-JAVA | 中危 | - | 2026-04-15 09:06:38 | Deep Dive |
| CVE-2026-5588 | PKIX draft CompositeVerifier accepts empty signature sequence as valid. | Legion of the Bouncy Castle Inc. | BC-JAVA | 中危 | - | 2026-04-15 09:06:16 | Deep Dive |
| CVE-2026-5598 | Non-constant time comparisons risk private key leakage in FrodoKEM. | Legion of the Bouncy Castle Inc. | BC-JAVA | 中危 | - | 2026-04-15 09:05:56 | Deep Dive |
| CVE-2026-0636 | LDAP Injection Vulnerability in LDAPStoreHelper.java | Legion of the Bouncy Castle Inc. | BC-JAVA | 中危 | - | 2026-04-15 08:59:13 | Deep Dive |
| CVE-2025-14813 | GOSTCTR implementation unable to process more than 255 blocks correctly | Legion of the Bouncy Castle Inc. | BC-JAVA | 中危 | - | 2026-04-15 08:56:34 | Deep Dive |
| CVE-2026-27674 | Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java) | SAP_SE | SAP NetWeaver Application Server Java (Web Dynpro Java) | Medium | 6.1 | 2026-04-14 00:06:50 | Deep Dive |
| CVE-2026-35568 | MCP Java-SDK has a DNS Rebinding Vulnerability | modelcontextprotocol | java-sdk | - | - | 2026-04-07 21:06:10 | Deep Dive |
| CVE-2026-34237 | MCP Java SDK has a Hardcoded Wildcard CORS (Access-Control-Allow-Origin: *) | modelcontextprotocol | java-sdk | Medium | 6.1 | 2026-03-31 15:40:01 | Deep Dive |
| CVE-2017-20227 | JAD 1.5.8e-1kali1 Stack-Based Buffer Overflow | Varaneckas | JAD Java Decompiler | Critical | 9.8 | 2026-03-28 11:58:11 | Deep Dive |
| CVE-2016-20049 | JAD 1.5.8e-1kali1 Stack-Based Buffer Overflow Remote Code Execution | Varaneckas | JAD Java Decompiler | Critical | 9.8 | 2026-03-28 11:58:09 | Deep Dive |
| CVE-2026-33728 | dd-trace-java: Unsafe deserialization in RMI instrumentation may lead to remote code execution | DataDog | dd-trace-java | 中危 | - | 2026-03-27 00:25:56 | Deep Dive |