Java security Archives • Page 2 of 2 • Daily CyberSecurity

Critical 9.3 CVSS RCE Vulnerability Hit in OpenTelemetry Java Agent OpenTelemetry Java Vulnerability Java RCE Exploit

Critical 9.3 CVSS RCE Vulnerability Hit in OpenTelemetry Java Agent

Do Son March 30, 2026

A critical vulnerability has been uncovered in the OpenTelemetry Instrumentation for Java, a popular tool used by...

Critical 9.8 CVSS SpEL Injection and SSRF Flaws Hit Spring AI Framework Spring AI Vulnerability Remote Code Execution (RCE)

Critical 9.8 CVSS SpEL Injection and SSRF Flaws Hit Spring AI Framework

Do Son March 26, 2026

Spring AI, the popular framework for integrating Artificial Intelligence into Java applications, is facing a series of...

High-Severity Spring Cloud Config Flaw Triggers File Leaks and SSRF Spring Cloud Config CVE-2026-22739 Spring Gateway SpEL, STOMP WebSocket CSRF Spring Security, vulnerability CVE-2024-38819 CVE-2025-41243 Spring Cloud Gateway, vulnerability

Spring Cloud Config CVE-2026-22739 Spring Gateway SpEL, STOMP WebSocket CSRF Spring Security, vulnerability CVE-2024-38819 CVE-2025-41243 Spring Cloud Gateway, vulnerability

High-Severity Spring Cloud Config Flaw Triggers File Leaks and SSRF

Do Son March 24, 2026

A significant security flaw has been identified in Spring Cloud Config, a popular framework used to provide...

The Silent Leak: Critical 9.1 CVSS Spring Security Flaw Strips Away Vital HTTP Headers CVE-2024-22234 Spring Security Vulnerability CVE-2026-22732

CVE-2024-22234 Spring Security Vulnerability CVE-2026-22732

The Silent Leak: Critical 9.1 CVSS Spring Security Flaw Strips Away Vital HTTP Headers

Do Son March 20, 2026

A critical-severity security flaw has been identified in Spring Security, the industry-standard framework for securing Java-based enterprise...

Bypassed Boundaries: Two New Vulnerabilities Threaten Spring Framework Apps CVE-2024-22259 Spring Framework Vulnerabilities CVE-2026-22737

Bypassed Boundaries: Two New Vulnerabilities Threaten Spring Framework Apps

Do Son March 20, 2026

Security researchers have identified two distinct vulnerabilities within the widely used Spring Framework, affecting both Spring MVC...

Critical Spring AI Flaws Expose Databases to SQL and JSONPath Injection Spring AI Vulnerability Remote Code Execution (RCE) Spring AI Vulnerability CVE-2026-22730

Spring AI Vulnerability Remote Code Execution (RCE) Spring AI Vulnerability CVE-2026-22730

Critical Spring AI Flaws Expose Databases to SQL and JSONPath Injection

Do Son March 17, 2026

Security researchers have issued a dual-threat alert for developers utilizing the Spring AI framework, a popular tool...

Critical 10.0 CVSS Flaw in pac4j-jwt Lets Hackers Forge Admin Tokens pac4j-jwt Vulnerability CVE-2026-29000

Critical 10.0 CVSS Flaw in pac4j-jwt Lets Hackers Forge Admin Tokens

Do Son March 5, 2026

Cybersecurity researchers have uncovered a critical vulnerability in pac4j-jwt, a popular Java-based library used to secure thousands...

Apache Camel Patches Critical Keycloak & LevelDB Flaws Apache Camel K Vulnerability CVE-2026-45760 Build Deputy Apache Camel Security CVE-2026-23552 CVE-2025-27636 CVE-2025-29891 PoC

Apache Camel K Vulnerability CVE-2026-45760 Build Deputy Apache Camel Security CVE-2026-23552 CVE-2025-27636 CVE-2025-29891 PoC

Apache Camel Patches Critical Keycloak & LevelDB Flaws

Do Son February 19, 2026

Maintainers of Apache Camel, the widely adopted open-source framework that empowers you to quickly and easily integrate...

Signed & Stolen: “Phantom Stealer” Hijacks Java App via Fake DHL Invoice Xloader Malware Information Stealer Phantom Stealer v3.5.0 DLL Sideloading Attack

Xloader Malware Information Stealer Phantom Stealer v3.5.0 DLL Sideloading Attack

Signed & Stolen: “Phantom Stealer” Hijacks Java App via Fake DHL Invoice

Do Son February 2, 2026

A sophisticated new malware campaign is turning the trust of legitimate software against users, weaponizing a signed...

The XML Trap: Critical Struts 2 Flaw CVE-2025-68493 Exposes Data Apache Struts 2 Vulnerability CVE-2025-68493 CVE-2021-31805 Struts DoS, File Upload Leak

Apache Struts 2 Vulnerability CVE-2025-68493 CVE-2021-31805 Struts DoS, File Upload Leak

The XML Trap: Critical Struts 2 Flaw CVE-2025-68493 Exposes Data

Do Son January 12, 2026

A new flaw has appeared in the foundation of one of the web’s most popular Java frameworks....

The 9.6 Crack in Java’s Foundation: Critical Undertow Flaw CVE-2025-12543 Undertow Vulnerability CVE-2025-12543 CVE-2025-0107: PoC Exploit Code Undersea Cable Security, China Tech Ban

Undertow Vulnerability CVE-2025-12543 CVE-2025-0107: PoC Exploit Code Undersea Cable Security, China Tech Ban

The 9.6 Crack in Java’s Foundation: Critical Undertow Flaw CVE-2025-12543

Do Son January 9, 2026

A foundational crack has been discovered in the bedrock of the Java web ecosystem. Undertow, the high-performance...

Apache SIS Patch Blocks XML Attack That Leaks Server Files Apache SIS, CVE-2025-68280

Apache SIS Patch Blocks XML Attack That Leaks Server Files

Do Son January 6, 2026

The Apache Software Foundation has issued a security advisory for the Apache Spatial Information System (SIS), a...

“Prefix Swap” Panic: Sophisticated “Jackson” Imposter Infiltrates Maven Central Maven Prefix Swap, jackson-databind Malware Effective Malware Cleaner

Maven Prefix Swap, jackson-databind Malware Effective Malware Cleaner

“Prefix Swap” Panic: Sophisticated “Jackson” Imposter Infiltrates Maven Central

Do Son December 29, 2025

The Java ecosystem, long considered a fortress compared to the wild west of npm, has been breached...

Apache NiFi’s Data Leak: How a High-Severity Deserialization Flaw Puts Your Asana Workflows at Risk Apache NiFi RCE CVE-2026-39816 Apache NiFi Vulnerability CVE-2026-25903 Apache NiFi Deserialization, GetAsanaObject Vulnerability CVE-2024-52067 - CVE-2024-56512 CVE-2025-27017

Apache NiFi RCE CVE-2026-39816 Apache NiFi Vulnerability CVE-2026-25903 Apache NiFi Deserialization, GetAsanaObject Vulnerability CVE-2024-52067 - CVE-2024-56512 CVE-2025-27017

Apache NiFi’s Data Leak: How a High-Severity Deserialization Flaw Puts Your Asana Workflows at Risk

Do Son December 22, 2025

The Apache Software Foundation has issued a security advisory for Apache NiFi, the powerful data processing engine...

Log4j’s Security Blind Spot: New TLS Flaw Lets Attackers Intercept Sensitive Logs Despite Encryption CVE-2022-23307 Log4j TLS Bypass, Socket Appender Vulnerability

Log4j’s Security Blind Spot: New TLS Flaw Lets Attackers Intercept Sensitive Logs Despite Encryption

Do Son December 19, 2025

The Apache Software Foundation has released a security update for its widely used Log4j logging library, addressing...

CVE-2025-46295 (CVSS 9.8): Critical Apache Commons Text Flaw Risks Total Server Takeover Apache Commons Text RCE, FileMaker Server Patch

CVE-2025-46295 (CVSS 9.8): Critical Apache Commons Text Flaw Risks Total Server Takeover

Do Son December 18, 2025

A critical vulnerability has been fixed in Apache Commons Text, a ubiquitous Java library used for text...

High-Severity lz4-java Flaw (CVE-2025-66566) Leaks Uninitialized Memory During Decompression lz4-java Out-of-bounds Read, Library EOL

High-Severity lz4-java Flaw (CVE-2025-66566) Leaks Uninitialized Memory During Decompression

Do Son December 8, 2025

A high-severity vulnerability has been unearthed in lz4-java, a widely used Java library for the LZ4 compression...

Popular Selenium Library WebDriverManager Hit by Critical XXE Bug (CVE-2025-4641, CVSS 9.3) WebDriverManager, CVE-2025-4641

Popular Selenium Library WebDriverManager Hit by Critical XXE Bug (CVE-2025-4641, CVSS 9.3)

Do Son May 16, 2025

A critical XML External Entity (XXE) injection vulnerability has been identified in WebDriverManager, an essential Java library...

Critical Alert 1 Active Exploit Detected Today