Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/java-1.8.0-openjdk@1:1.8.0.492.b09-1?arch=el7_9

Type rpm

Namespace redhat

Name java-1.8.0-openjdk

Version 1:1.8.0.492.b09-1

Qualifiers

arch	el7_9

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-1gha-995s-7qdg

vulnerability_id

VCID-1gha-995s-7qdg

summary

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22016.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22016.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-22016

reference_id

reference_type

scores

value	0.00033
scoring_system	epss
scoring_elements	0.09722
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-22016

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22016
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22016

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894
reference_id	1134894
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2460039
reference_id	2460039
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2460039

reference_url

https://www.oracle.com/security-alerts/cpuapr2026.html

reference_id

cpuapr2026.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:11:15Z/

url

https://www.oracle.com/security-alerts/cpuapr2026.html

reference_url	https://access.redhat.com/errata/RHSA-2026:9254
reference_id	RHSA-2026:9254
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9254

reference_url	https://access.redhat.com/errata/RHSA-2026:9255
reference_id	RHSA-2026:9255
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9255

reference_url	https://access.redhat.com/errata/RHSA-2026:9256
reference_id	RHSA-2026:9256
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9256

reference_url	https://access.redhat.com/errata/RHSA-2026:9682
reference_id	RHSA-2026:9682
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9682

reference_url	https://access.redhat.com/errata/RHSA-2026:9684
reference_id	RHSA-2026:9684
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9684

reference_url	https://access.redhat.com/errata/RHSA-2026:9685
reference_id	RHSA-2026:9685
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9685

reference_url	https://access.redhat.com/errata/RHSA-2026:9687
reference_id	RHSA-2026:9687
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9687

reference_url	https://access.redhat.com/errata/RHSA-2026:9688
reference_id	RHSA-2026:9688
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9688

reference_url	https://access.redhat.com/errata/RHSA-2026:9690
reference_id	RHSA-2026:9690
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9690

reference_url	https://access.redhat.com/errata/RHSA-2026:9691
reference_id	RHSA-2026:9691
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9691

reference_url	https://access.redhat.com/errata/RHSA-2026:9693
reference_id	RHSA-2026:9693
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9693

reference_url	https://access.redhat.com/errata/RHSA-2026:9694
reference_id	RHSA-2026:9694
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9694

fixed_packages

aliases

CVE-2026-22016

risk_score

3.4

exploitability

0.5

weighted_severity

6.8

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-1gha-995s-7qdg

url

VCID-6fzj-746j-bkbc

vulnerability_id

VCID-6fzj-746j-bkbc

summary

Freetype: Freetype: Information disclosure or denial of service via specially crafted font files

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23865.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23865.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-23865

reference_id

reference_type

scores

value	0.00014
scoring_system	epss
scoring_elements	0.02445
published_at	2026-04-02T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03111
published_at	2026-04-24T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03077
published_at	2026-04-09T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03041
published_at	2026-04-11T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03017
published_at	2026-04-12T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03009
published_at	2026-04-13T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.02986
published_at	2026-04-16T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.02993
published_at	2026-04-18T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03114
published_at	2026-04-21T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03047
published_at	2026-04-04T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.0305
published_at	2026-04-07T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03053
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-23865

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1129606
reference_id	1129606
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1129606

reference_url

https://sourceforge.net/projects/freetype/files/freetype2/2.14.2/

reference_id

2.14.2

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-02T16:25:34Z/

url

https://sourceforge.net/projects/freetype/files/freetype2/2.14.2/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2443891
reference_id	2443891
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2443891

reference_url

https://www.facebook.com/security/advisories/cve-2026-23865

reference_id

cve-2026-23865

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-02T16:25:34Z/

url

https://www.facebook.com/security/advisories/cve-2026-23865

reference_url

https://gitlab.com/freetype/freetype/-/commit/fc85a255849229c024c8e65f536fe1875d84841c

reference_id

fc85a255849229c024c8e65f536fe1875d84841c

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-02T16:25:34Z/

url

https://gitlab.com/freetype/freetype/-/commit/fc85a255849229c024c8e65f536fe1875d84841c

reference_url	https://access.redhat.com/errata/RHSA-2026:7933
reference_id	RHSA-2026:7933
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7933

reference_url	https://access.redhat.com/errata/RHSA-2026:9254
reference_id	RHSA-2026:9254
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9254

reference_url	https://access.redhat.com/errata/RHSA-2026:9255
reference_id	RHSA-2026:9255
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9255

reference_url	https://access.redhat.com/errata/RHSA-2026:9256
reference_id	RHSA-2026:9256
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9256

reference_url	https://access.redhat.com/errata/RHSA-2026:9682
reference_id	RHSA-2026:9682
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9682

reference_url	https://access.redhat.com/errata/RHSA-2026:9684
reference_id	RHSA-2026:9684
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9684

reference_url	https://access.redhat.com/errata/RHSA-2026:9685
reference_id	RHSA-2026:9685
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9685

reference_url	https://access.redhat.com/errata/RHSA-2026:9687
reference_id	RHSA-2026:9687
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9687

reference_url	https://access.redhat.com/errata/RHSA-2026:9688
reference_id	RHSA-2026:9688
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9688

reference_url	https://access.redhat.com/errata/RHSA-2026:9690
reference_id	RHSA-2026:9690
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9690

reference_url	https://access.redhat.com/errata/RHSA-2026:9691
reference_id	RHSA-2026:9691
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9691

reference_url	https://access.redhat.com/errata/RHSA-2026:9693
reference_id	RHSA-2026:9693
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9693

reference_url	https://access.redhat.com/errata/RHSA-2026:9694
reference_id	RHSA-2026:9694
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9694

reference_url	https://usn.ubuntu.com/8086-1/
reference_id	USN-8086-1
reference_type
scores
url	https://usn.ubuntu.com/8086-1/

fixed_packages

aliases

CVE-2026-23865

risk_score

2.4

exploitability

0.5

weighted_severity

4.8

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-6fzj-746j-bkbc

url

VCID-6r1k-8y1c-q7fm

vulnerability_id

VCID-6r1k-8y1c-q7fm

summary

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 2.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22007.json

reference_id

reference_type

scores

value	2.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22007.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-22007

reference_id

reference_type

scores

value	0.00012
scoring_system	epss
scoring_elements	0.01704
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-22007

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22007
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22007

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	2.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894
reference_id	1134894
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2460038
reference_id	2460038
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2460038

reference_url

https://www.oracle.com/security-alerts/cpuapr2026.html

reference_id

cpuapr2026.html

reference_type

scores

value	2.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:05:16Z/

url

https://www.oracle.com/security-alerts/cpuapr2026.html

reference_url	https://access.redhat.com/errata/RHSA-2026:9254
reference_id	RHSA-2026:9254
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9254

reference_url	https://access.redhat.com/errata/RHSA-2026:9255
reference_id	RHSA-2026:9255
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9255

reference_url	https://access.redhat.com/errata/RHSA-2026:9256
reference_id	RHSA-2026:9256
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9256

reference_url	https://access.redhat.com/errata/RHSA-2026:9682
reference_id	RHSA-2026:9682
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9682

reference_url	https://access.redhat.com/errata/RHSA-2026:9684
reference_id	RHSA-2026:9684
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9684

reference_url	https://access.redhat.com/errata/RHSA-2026:9685
reference_id	RHSA-2026:9685
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9685

reference_url	https://access.redhat.com/errata/RHSA-2026:9687
reference_id	RHSA-2026:9687
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9687

reference_url	https://access.redhat.com/errata/RHSA-2026:9688
reference_id	RHSA-2026:9688
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9688

reference_url	https://access.redhat.com/errata/RHSA-2026:9690
reference_id	RHSA-2026:9690
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9690

reference_url	https://access.redhat.com/errata/RHSA-2026:9691
reference_id	RHSA-2026:9691
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9691

reference_url	https://access.redhat.com/errata/RHSA-2026:9693
reference_id	RHSA-2026:9693
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9693

reference_url	https://access.redhat.com/errata/RHSA-2026:9694
reference_id	RHSA-2026:9694
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9694

fixed_packages

aliases

CVE-2026-22007

risk_score

1.3

exploitability

0.5

weighted_severity

2.6

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-6r1k-8y1c-q7fm

url

VCID-jxgd-j4wr-tyb7

vulnerability_id

VCID-jxgd-j4wr-tyb7

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34268.json

reference_id

reference_type

scores

value	2.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34268.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-34268

reference_id

reference_type

scores

value	0.00012
scoring_system	epss
scoring_elements	0.01704
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-34268

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34268
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34268

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	2.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894
reference_id	1134894
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2460043
reference_id	2460043
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2460043

reference_url

https://www.oracle.com/security-alerts/cpuapr2026.html

reference_id

cpuapr2026.html

reference_type

scores

value	2.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T13:55:07Z/

url

https://www.oracle.com/security-alerts/cpuapr2026.html

reference_url	https://access.redhat.com/errata/RHSA-2026:9254
reference_id	RHSA-2026:9254
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9254

reference_url	https://access.redhat.com/errata/RHSA-2026:9255
reference_id	RHSA-2026:9255
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9255

reference_url	https://access.redhat.com/errata/RHSA-2026:9256
reference_id	RHSA-2026:9256
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9256

reference_url	https://access.redhat.com/errata/RHSA-2026:9682
reference_id	RHSA-2026:9682
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9682

reference_url	https://access.redhat.com/errata/RHSA-2026:9684
reference_id	RHSA-2026:9684
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9684

reference_url	https://access.redhat.com/errata/RHSA-2026:9685
reference_id	RHSA-2026:9685
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9685

reference_url	https://access.redhat.com/errata/RHSA-2026:9687
reference_id	RHSA-2026:9687
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9687

reference_url	https://access.redhat.com/errata/RHSA-2026:9688
reference_id	RHSA-2026:9688
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9688

reference_url	https://access.redhat.com/errata/RHSA-2026:9690
reference_id	RHSA-2026:9690
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9690

reference_url	https://access.redhat.com/errata/RHSA-2026:9691
reference_id	RHSA-2026:9691
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9691

reference_url	https://access.redhat.com/errata/RHSA-2026:9693
reference_id	RHSA-2026:9693
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9693

reference_url	https://access.redhat.com/errata/RHSA-2026:9694
reference_id	RHSA-2026:9694
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9694

fixed_packages

aliases

CVE-2026-34268

risk_score

1.3

exploitability

0.5

weighted_severity

2.6

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-jxgd-j4wr-tyb7

url

VCID-sz6r-65q1-q3bh

vulnerability_id

VCID-sz6r-65q1-q3bh

summary

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22021.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22021.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-22021

reference_id

reference_type

scores

value	0.00039
scoring_system	epss
scoring_elements	0.11666
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-22021

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22021
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22021

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894
reference_id	1134894
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2460042
reference_id	2460042
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2460042

reference_url

https://www.oracle.com/security-alerts/cpuapr2026.html

reference_id

cpuapr2026.html

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T13:58:16Z/

url

https://www.oracle.com/security-alerts/cpuapr2026.html

reference_url	https://access.redhat.com/errata/RHSA-2026:9254
reference_id	RHSA-2026:9254
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9254

reference_url	https://access.redhat.com/errata/RHSA-2026:9255
reference_id	RHSA-2026:9255
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9255

reference_url	https://access.redhat.com/errata/RHSA-2026:9256
reference_id	RHSA-2026:9256
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9256

reference_url	https://access.redhat.com/errata/RHSA-2026:9682
reference_id	RHSA-2026:9682
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9682

reference_url	https://access.redhat.com/errata/RHSA-2026:9684
reference_id	RHSA-2026:9684
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9684

reference_url	https://access.redhat.com/errata/RHSA-2026:9685
reference_id	RHSA-2026:9685
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9685

reference_url	https://access.redhat.com/errata/RHSA-2026:9687
reference_id	RHSA-2026:9687
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9687

reference_url	https://access.redhat.com/errata/RHSA-2026:9688
reference_id	RHSA-2026:9688
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9688

reference_url	https://access.redhat.com/errata/RHSA-2026:9690
reference_id	RHSA-2026:9690
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9690

reference_url	https://access.redhat.com/errata/RHSA-2026:9691
reference_id	RHSA-2026:9691
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9691

reference_url	https://access.redhat.com/errata/RHSA-2026:9693
reference_id	RHSA-2026:9693
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9693

reference_url	https://access.redhat.com/errata/RHSA-2026:9694
reference_id	RHSA-2026:9694
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9694

fixed_packages

aliases

CVE-2026-22021

risk_score

2.4

exploitability

0.5

weighted_severity

4.8

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-sz6r-65q1-q3bh

url

VCID-xte1-h9nn-4bbk

vulnerability_id

VCID-xte1-h9nn-4bbk

summary

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22018.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22018.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-22018

reference_id

reference_type

scores

value	0.00039
scoring_system	epss
scoring_elements	0.11666
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-22018

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22018
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22018

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894
reference_id	1134894
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2460041
reference_id	2460041
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2460041

reference_url

https://www.oracle.com/security-alerts/cpuapr2026.html

reference_id

cpuapr2026.html

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:05:52Z/

url

https://www.oracle.com/security-alerts/cpuapr2026.html

reference_url	https://access.redhat.com/errata/RHSA-2026:9254
reference_id	RHSA-2026:9254
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9254

reference_url	https://access.redhat.com/errata/RHSA-2026:9255
reference_id	RHSA-2026:9255
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9255

reference_url	https://access.redhat.com/errata/RHSA-2026:9256
reference_id	RHSA-2026:9256
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9256

reference_url	https://access.redhat.com/errata/RHSA-2026:9682
reference_id	RHSA-2026:9682
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9682

reference_url	https://access.redhat.com/errata/RHSA-2026:9684
reference_id	RHSA-2026:9684
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9684

reference_url	https://access.redhat.com/errata/RHSA-2026:9685
reference_id	RHSA-2026:9685
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9685

reference_url	https://access.redhat.com/errata/RHSA-2026:9687
reference_id	RHSA-2026:9687
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9687

reference_url	https://access.redhat.com/errata/RHSA-2026:9688
reference_id	RHSA-2026:9688
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9688

reference_url	https://access.redhat.com/errata/RHSA-2026:9690
reference_id	RHSA-2026:9690
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9690

reference_url	https://access.redhat.com/errata/RHSA-2026:9691
reference_id	RHSA-2026:9691
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9691

reference_url	https://access.redhat.com/errata/RHSA-2026:9693
reference_id	RHSA-2026:9693
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9693

reference_url	https://access.redhat.com/errata/RHSA-2026:9694
reference_id	RHSA-2026:9694
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9694

fixed_packages

aliases

CVE-2026-22018

risk_score

1.6

exploitability

0.5

weighted_severity

3.3

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-xte1-h9nn-4bbk

url

VCID-zsun-4q6p-8fek

vulnerability_id

VCID-zsun-4q6p-8fek

summary

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22013.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22013.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-22013

reference_id

reference_type

scores

value	0.0004
scoring_system	epss
scoring_elements	0.12118
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-22013

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22013
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22013

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894
reference_id	1134894
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2460040
reference_id	2460040
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2460040

reference_url

https://www.oracle.com/security-alerts/cpuapr2026.html

reference_id

cpuapr2026.html

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:09:34Z/

url

https://www.oracle.com/security-alerts/cpuapr2026.html

reference_url	https://access.redhat.com/errata/RHSA-2026:9254
reference_id	RHSA-2026:9254
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9254

reference_url	https://access.redhat.com/errata/RHSA-2026:9255
reference_id	RHSA-2026:9255
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9255

reference_url	https://access.redhat.com/errata/RHSA-2026:9256
reference_id	RHSA-2026:9256
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9256

reference_url	https://access.redhat.com/errata/RHSA-2026:9682
reference_id	RHSA-2026:9682
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9682

reference_url	https://access.redhat.com/errata/RHSA-2026:9684
reference_id	RHSA-2026:9684
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9684

reference_url	https://access.redhat.com/errata/RHSA-2026:9685
reference_id	RHSA-2026:9685
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9685

reference_url	https://access.redhat.com/errata/RHSA-2026:9687
reference_id	RHSA-2026:9687
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9687

reference_url	https://access.redhat.com/errata/RHSA-2026:9688
reference_id	RHSA-2026:9688
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9688

reference_url	https://access.redhat.com/errata/RHSA-2026:9690
reference_id	RHSA-2026:9690
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9690

reference_url	https://access.redhat.com/errata/RHSA-2026:9691
reference_id	RHSA-2026:9691
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9691

reference_url	https://access.redhat.com/errata/RHSA-2026:9693
reference_id	RHSA-2026:9693
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9693

reference_url	https://access.redhat.com/errata/RHSA-2026:9694
reference_id	RHSA-2026:9694
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9694

fixed_packages

aliases

CVE-2026-22013

risk_score

2.4

exploitability

0.5

weighted_severity

4.8

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-zsun-4q6p-8fek

Fixing_vulnerabilities

Risk_score 3.4

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/java-1.8.0-openjdk@1:1.8.0.492.b09-1%3Farch=el7_9

Package Instance