| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
Known vulnerabilities affecting Java products and systems
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2026-33701 | In versions prior to 2.26.1, the RMI instrumentation registered a custom endpoint that deserialized incoming data without applying serialization filters. An attacker with network access to a JMX or RM... | 9.8 | 717 | Neutral | No | Yes |
| CVE-2026-27727 | ### Impact mchange-commons-java includes code that mirrors early implementations of JNDI functionality, including support for remote `factoryClassLocation` values, by which code can be downloaded and ... | 9.8 | 819 | Neutral | Yes | Yes |
| CVE-2026-25526 | ## Impact **Vulnerability Type**: Sandbox Bypass / Remote Code Execution **Affected Component**: Jinjava **Affected Users**: - Organizations using HubSpot's Jinjava template rendering engine for us... | 9.8 | 690 | Neutral | Yes | Yes |
| CVE-2026-23686 | Due to a CRLF Injection vulnerability in SAP NetWeaver Application Server Java, an authenticated attacker with administrative access could submit specially crafted content to the application. If proce... | 3.4 | 160 | Neutral | No | Yes |
| CVE-2026-23685 | Due to a Deserialization vulnerability in SAP NetWeaver (JMS service), an attacker authenticated as an administrator with local access could submit specially crafted content to the server. If processe... | 4.4 | 218 | Neutral | No | Yes |
| CVE-2026-21975 | Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.29 and 21.3-21.20. Easily exploitable vulnerability allows high privileged attacker... | 4.5 | 84 | Neutral | No | Yes |
| CVE-2026-21452 | ### Summary Affected Components: ``` org.msgpack.core.MessageUnpacker.readPayload() org.msgpack.core.MessageUnpacker.unpackValue() org.msgpack.value.ExtensionValue.getData() ``` A denial-of-service vu... | 7.5 | 487 | Neutral | Yes | Yes |
| CVE-2026-2141 | A security flaw has been discovered in WuKongOpenSource WukongCRM up to 11.3.3. This affects an unknown part of the file gateway/src/main/java/com/kakarote/gateway/service/impl/PermissionServiceImpl.j... | 8.8 | 718 | Neutral | Yes | No |
| CVE-2025-8991 | A vulnerability was identified in linlinjava litemall up to 1.8.0. Affected by this vulnerability is an unknown functionality of the file /admin/config/express of the component Business Logic Handler.... | 4.3 | 99 | Neutral | No | Yes |
| CVE-2025-8974 | A vulnerability was determined in linlinjava litemall up to 1.8.0. Affected by this issue is some unknown functionality of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/util/JwtHel... | 9.8 | 717 | Neutral | No | Yes |
| CVE-2025-8965 | A vulnerability has been found in linlinjava litemall up to 1.8.0. This vulnerability affects the function create of the file litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminSt... | 8.8 | 587 | Neutral | No | Yes |
| CVE-2025-8764 | A vulnerability classified as critical has been found in linlinjava litemall up to 1.8.0. Affected is the function Upload of the file /wx/storage/upload. The manipulation of the argument File leads to... | 5.4 | 269 | Neutral | Yes | No |
| CVE-2025-8753 | A vulnerability, which was classified as critical, has been found in linlinjava litemall up to 1.8.0. Affected by this issue is the function delete of the file /admin/storage/delete of the component F... | 5.4 | 243 | Neutral | No | Yes |
| CVE-2025-67505 | ### Description In the Okta Java SDK, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to inf... | 8.4 | 513 | Neutral | No | Yes |
| CVE-2025-6702 | A vulnerability, which was classified as problematic, was found in linlinjava litemall 1.8.0. Affected is an unknown function of the file /wx/comment/post. The manipulation of the argument adminCommen... | 5.3 | 298 | Neutral | Yes | No |
| CVE-2025-66033 | ### Description In the Okta Java SDK, specific multithreaded implementations may encounter memory issues as threads are not properly cleaned up after requests are completed. Over time, this can degrad... | 5.3 | 117 | Neutral | No | Yes |
| CVE-2025-66021 | ### Summary It is observed that OWASP java html sanitizer is vulnerable to XSS if HtmlPolicyBuilder allows `noscript` and `style` tags with `allowTextIn` inside the style tag. This could lead to XSS i... | 6.1 | 272 | Neutral | No | Yes |
| CVE-2025-6551 | A vulnerability was found in java-aodeng Hope-Boot 1.0.0 and classified as problematic. This issue affects the function Login of the file /src/main/java/com/hope/controller/WebController.java. The man... | 5.4 | 333 | Neutral | Yes | No |
| CVE-2025-61881 | Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.28, 21.3-21.19 and 23.4-23.9. Difficult to exploit vulnerability allows unauthentic... | 5.9 | 198 | Neutral | No | Yes |
| CVE-2025-59340 | ### Summary jinjava’s current sandbox restrictions prevent direct access to dangerous methods such as `getClass()`, and block instantiation of Class objects. However, these protections can be bypasse... | 10.0 | 591 | Neutral | No | Yes |