Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1076535?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1076535?format=api", "purl": "pkg:rpm/redhat/java-11-openjdk@1:11.0.31.0.11-1?arch=el9", "type": "rpm", "namespace": "redhat", "name": "java-11-openjdk", "version": "1:11.0.31.0.11-1", "qualifiers": { "arch": "el9" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353818?format=api", "vulnerability_id": "VCID-1gha-995s-7qdg", "summary": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22016.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22016.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22016", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09722", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22016" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22016", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22016" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894", "reference_id": "1134894", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460039", "reference_id": "2460039", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460039" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2026.html", "reference_id": "cpuapr2026.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:11:15Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2026.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9254", "reference_id": "RHSA-2026:9254", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9254" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9255", "reference_id": "RHSA-2026:9255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9255" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9256", "reference_id": "RHSA-2026:9256", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9256" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9682", "reference_id": "RHSA-2026:9682", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9682" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9684", "reference_id": "RHSA-2026:9684", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9684" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9685", "reference_id": "RHSA-2026:9685", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9685" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9687", "reference_id": "RHSA-2026:9687", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9687" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9688", "reference_id": "RHSA-2026:9688", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9688" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9690", "reference_id": "RHSA-2026:9690", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9690" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9691", "reference_id": "RHSA-2026:9691", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9691" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9693", "reference_id": "RHSA-2026:9693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9693" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9694", "reference_id": "RHSA-2026:9694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9694" } ], "fixed_packages": [], "aliases": [ "CVE-2026-22016" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1gha-995s-7qdg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64200?format=api", "vulnerability_id": "VCID-41qj-62x6-tqe5", "summary": "giflib: giflib: Denial of Service via buffer overflow in EGifGCBToExtension", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26740.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26740.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-26740", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34086", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34051", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.3405", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34007", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33983", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34017", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34004", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34118", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33978", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.3402", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35498", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35733", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-26740" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26740", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26740" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131368", "reference_id": "1131368", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131368" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448747", "reference_id": "2448747", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448747" }, { "reference_url": "https://github.com/zakkanijia/POC/blob/main/giflib/giftool/giflib_giftool_gce_len_heap_oobwrite_disclosure.md", "reference_id": "giflib_giftool_gce_len_heap_oobwrite_disclosure.md", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T18:43:32Z/" } ], "url": "https://github.com/zakkanijia/POC/blob/main/giflib/giftool/giflib_giftool_gce_len_heap_oobwrite_disclosure.md" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9254", "reference_id": "RHSA-2026:9254", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9254" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9255", "reference_id": "RHSA-2026:9255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9255" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9693", "reference_id": "RHSA-2026:9693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9693" } ], "fixed_packages": [], "aliases": [ "CVE-2026-26740" ], "risk_score": 3.7, "exploitability": "0.5", "weighted_severity": "7.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-41qj-62x6-tqe5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353650?format=api", "vulnerability_id": "VCID-57sd-8y93-qqhu", "summary": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34282.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34282.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34282", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.121", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34282" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34282", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34282" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460044", "reference_id": "2460044", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460044" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2026.html", "reference_id": "cpuapr2026.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:33:23Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2026.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9254", "reference_id": "RHSA-2026:9254", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9254" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9255", "reference_id": "RHSA-2026:9255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9255" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9256", "reference_id": "RHSA-2026:9256", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9256" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9687", "reference_id": "RHSA-2026:9687", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9687" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9688", "reference_id": "RHSA-2026:9688", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9688" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9690", "reference_id": "RHSA-2026:9690", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9690" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9691", "reference_id": "RHSA-2026:9691", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9691" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9693", "reference_id": "RHSA-2026:9693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9693" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9694", "reference_id": "RHSA-2026:9694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9694" } ], "fixed_packages": [], "aliases": [ "CVE-2026-34282" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-57sd-8y93-qqhu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64393?format=api", "vulnerability_id": "VCID-6fzj-746j-bkbc", "summary": "Freetype: Freetype: Information disclosure or denial of service via specially crafted font files", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23865.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23865.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-23865", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02445", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03111", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03077", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03041", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03017", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03009", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02986", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02993", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03114", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03047", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.0305", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03053", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-23865" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1129606", "reference_id": "1129606", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1129606" }, { "reference_url": "https://sourceforge.net/projects/freetype/files/freetype2/2.14.2/", "reference_id": "2.14.2", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-02T16:25:34Z/" } ], "url": "https://sourceforge.net/projects/freetype/files/freetype2/2.14.2/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443891", "reference_id": "2443891", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443891" }, { "reference_url": "https://www.facebook.com/security/advisories/cve-2026-23865", "reference_id": "cve-2026-23865", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-02T16:25:34Z/" } ], "url": "https://www.facebook.com/security/advisories/cve-2026-23865" }, { "reference_url": "https://gitlab.com/freetype/freetype/-/commit/fc85a255849229c024c8e65f536fe1875d84841c", "reference_id": "fc85a255849229c024c8e65f536fe1875d84841c", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-02T16:25:34Z/" } ], "url": "https://gitlab.com/freetype/freetype/-/commit/fc85a255849229c024c8e65f536fe1875d84841c" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7933", "reference_id": "RHSA-2026:7933", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7933" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9254", "reference_id": "RHSA-2026:9254", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9254" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9255", "reference_id": "RHSA-2026:9255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9255" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9256", "reference_id": "RHSA-2026:9256", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9256" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9682", "reference_id": "RHSA-2026:9682", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9682" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9684", "reference_id": "RHSA-2026:9684", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9684" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9685", "reference_id": "RHSA-2026:9685", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9685" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9687", "reference_id": "RHSA-2026:9687", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9687" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9688", "reference_id": "RHSA-2026:9688", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9688" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9690", "reference_id": "RHSA-2026:9690", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9690" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9691", "reference_id": "RHSA-2026:9691", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9691" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9693", "reference_id": "RHSA-2026:9693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9693" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9694", "reference_id": "RHSA-2026:9694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9694" }, { "reference_url": "https://usn.ubuntu.com/8086-1/", "reference_id": "USN-8086-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8086-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2026-23865" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6fzj-746j-bkbc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353834?format=api", "vulnerability_id": "VCID-6r1k-8y1c-q7fm", "summary": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 2.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22007.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22007.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22007", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01704", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22007" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22007", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22007" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894", "reference_id": "1134894", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460038", "reference_id": "2460038", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460038" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2026.html", "reference_id": "cpuapr2026.html", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:05:16Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2026.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9254", "reference_id": "RHSA-2026:9254", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9254" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9255", "reference_id": "RHSA-2026:9255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9255" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9256", "reference_id": "RHSA-2026:9256", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9256" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9682", "reference_id": "RHSA-2026:9682", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9682" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9684", "reference_id": "RHSA-2026:9684", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9684" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9685", "reference_id": "RHSA-2026:9685", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9685" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9687", "reference_id": "RHSA-2026:9687", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9687" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9688", "reference_id": "RHSA-2026:9688", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9688" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9690", "reference_id": "RHSA-2026:9690", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9690" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9691", "reference_id": "RHSA-2026:9691", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9691" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9693", "reference_id": "RHSA-2026:9693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9693" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9694", "reference_id": "RHSA-2026:9694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9694" } ], "fixed_packages": [], "aliases": [ "CVE-2026-22007" ], "risk_score": 1.3, "exploitability": "0.5", "weighted_severity": "2.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6r1k-8y1c-q7fm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65169?format=api", "vulnerability_id": "VCID-7qam-er5a-gbas", "summary": "libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22801.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22801.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22801", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04618", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04807", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04625", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04633", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04773", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04642", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04654", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04688", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.047", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04692", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04674", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04658", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22801" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22801" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125444", "reference_id": "1125444", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125444" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428824", "reference_id": "2428824", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428824" }, { "reference_url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8", "reference_id": "GHSA-vgjq-8cw5-ggw8", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T19:37:38Z/" } ], "url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3405", "reference_id": "RHSA-2026:3405", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3405" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3551", "reference_id": "RHSA-2026:3551", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3551" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3573", "reference_id": "RHSA-2026:3573", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3573" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3574", "reference_id": "RHSA-2026:3574", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3574" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3575", "reference_id": "RHSA-2026:3575", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3575" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3576", "reference_id": "RHSA-2026:3576", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3576" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3577", "reference_id": "RHSA-2026:3577", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3577" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4306", "reference_id": "RHSA-2026:4306", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4306" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4501", "reference_id": "RHSA-2026:4501", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4501" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4728", "reference_id": "RHSA-2026:4728", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4728" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4729", "reference_id": "RHSA-2026:4729", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4729" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4730", "reference_id": "RHSA-2026:4730", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4730" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4731", "reference_id": "RHSA-2026:4731", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4731" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4732", "reference_id": "RHSA-2026:4732", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4732" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5606", "reference_id": "RHSA-2026:5606", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5606" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6732", "reference_id": "RHSA-2026:6732", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6732" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8746", "reference_id": "RHSA-2026:8746", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8746" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8747", "reference_id": "RHSA-2026:8747", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8747" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8748", "reference_id": "RHSA-2026:8748", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8748" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9254", "reference_id": "RHSA-2026:9254", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9254" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9255", "reference_id": "RHSA-2026:9255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9255" }, { "reference_url": "https://usn.ubuntu.com/7963-1/", "reference_id": "USN-7963-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7963-1/" }, { "reference_url": "https://usn.ubuntu.com/8035-1/", "reference_id": "USN-8035-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8035-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2026-22801" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7qam-er5a-gbas" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63979?format=api", "vulnerability_id": "VCID-dm7h-c7wt-1kbs", "summary": "libpng: libpng: Arbitrary code execution due to use-after-free vulnerability", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33416.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33416.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33416", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10979", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11022", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12874", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12779", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12775", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.13064", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12864", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12943", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12994", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12954", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12919", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15898", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33416" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33416", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33416" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132012", "reference_id": "1132012", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132012" }, { "reference_url": "https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb", "reference_id": "23019269764e35ed8458e517f1897bd3c54820eb", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/" } ], "url": "https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451805", "reference_id": "2451805", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451805" }, { "reference_url": "https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667", "reference_id": "7ea9eea884a2328cc7fdcb3c0c00246a50d90667", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/" } ], "url": "https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667" }, { "reference_url": "https://github.com/pnggroup/libpng/pull/824", "reference_id": "824", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/" } ], "url": "https://github.com/pnggroup/libpng/pull/824" }, { "reference_url": "https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25", "reference_id": "a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/" } ], "url": "https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25" }, { "reference_url": "https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1", "reference_id": "c1b0318b393c90679e6fa5bc1d329fd5d5012ec1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/" } ], "url": "https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1" }, { "reference_url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j", "reference_id": "GHSA-m4pc-p4q3-4c7j", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/" } ], "url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6732", "reference_id": "RHSA-2026:6732", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6732" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7671", "reference_id": "RHSA-2026:7671", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7671" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7672", "reference_id": "RHSA-2026:7672", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7672" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8052", "reference_id": "RHSA-2026:8052", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8052" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8459", "reference_id": "RHSA-2026:8459", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8459" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9254", "reference_id": "RHSA-2026:9254", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9254" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9255", "reference_id": "RHSA-2026:9255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9255" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9345", "reference_id": "RHSA-2026:9345", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9345" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9638", "reference_id": "RHSA-2026:9638", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9638" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9693", "reference_id": "RHSA-2026:9693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9693" } ], "fixed_packages": [], "aliases": [ "CVE-2026-33416" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dm7h-c7wt-1kbs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66390?format=api", "vulnerability_id": "VCID-j7dk-wzkm-tfcr", "summary": "libpng: LIBPNG out-of-bounds read in png_image_read_composite", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66293.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66293.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-66293", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24185", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30216", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30323", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30382", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30416", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30418", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30374", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30326", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30342", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30324", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30279", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30511", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-66293" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66293", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66293" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121877", "reference_id": "1121877", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121877" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711", "reference_id": "2418711", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711" }, { "reference_url": "https://github.com/pnggroup/libpng/issues/764", "reference_id": "764", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T20:52:13Z/" } ], "url": "https://github.com/pnggroup/libpng/issues/764" }, { "reference_url": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1", "reference_id": "788a624d7387a758ffd5c7ab010f1870dea753a1", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T20:52:13Z/" } ], "url": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1" }, { "reference_url": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a", "reference_id": "a05a48b756de63e3234ea6b3b938b8f5f862484a", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T20:52:13Z/" } ], "url": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a" }, { "reference_url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f", "reference_id": "GHSA-9mpm-9pxh-mg4f", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T20:52:13Z/" } ], "url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0125", "reference_id": "RHSA-2026:0125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0210", "reference_id": "RHSA-2026:0210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0211", "reference_id": "RHSA-2026:0211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0211" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0212", "reference_id": "RHSA-2026:0212", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0212" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0216", "reference_id": "RHSA-2026:0216", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0216" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0234", "reference_id": "RHSA-2026:0234", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0234" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0237", "reference_id": "RHSA-2026:0237", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0237" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0238", "reference_id": "RHSA-2026:0238", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0238" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0241", "reference_id": "RHSA-2026:0241", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0241" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0313", "reference_id": "RHSA-2026:0313", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0313" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0321", "reference_id": "RHSA-2026:0321", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0321" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0322", "reference_id": "RHSA-2026:0322", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0322" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0323", "reference_id": "RHSA-2026:0323", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0323" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0414", "reference_id": "RHSA-2026:0414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2072", "reference_id": "RHSA-2026:2072", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2072" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2633", "reference_id": "RHSA-2026:2633", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2633" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2659", "reference_id": "RHSA-2026:2659", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2659" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2671", "reference_id": "RHSA-2026:2671", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2671" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2974", "reference_id": "RHSA-2026:2974", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2974" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3415", "reference_id": "RHSA-2026:3415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3861", "reference_id": "RHSA-2026:3861", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4419", "reference_id": "RHSA-2026:4419", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4419" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6732", "reference_id": "RHSA-2026:6732", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6732" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9254", "reference_id": "RHSA-2026:9254", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9254" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9255", "reference_id": "RHSA-2026:9255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9255" }, { "reference_url": "https://usn.ubuntu.com/7963-1/", "reference_id": "USN-7963-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7963-1/" }, { "reference_url": "https://usn.ubuntu.com/8035-1/", "reference_id": "USN-8035-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8035-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2025-66293" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j7dk-wzkm-tfcr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353681?format=api", "vulnerability_id": "VCID-jxgd-j4wr-tyb7", "summary": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 2.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34268.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34268.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34268", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01704", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34268" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34268", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34268" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894", "reference_id": "1134894", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460043", "reference_id": "2460043", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460043" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2026.html", "reference_id": "cpuapr2026.html", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T13:55:07Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2026.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9254", "reference_id": "RHSA-2026:9254", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9254" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9255", "reference_id": "RHSA-2026:9255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9255" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9256", "reference_id": "RHSA-2026:9256", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9256" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9682", "reference_id": "RHSA-2026:9682", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9682" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9684", "reference_id": "RHSA-2026:9684", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9684" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9685", "reference_id": "RHSA-2026:9685", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9685" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9687", "reference_id": "RHSA-2026:9687", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9687" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9688", "reference_id": "RHSA-2026:9688", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9688" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9690", "reference_id": "RHSA-2026:9690", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9690" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9691", "reference_id": "RHSA-2026:9691", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9691" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9693", "reference_id": "RHSA-2026:9693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9693" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9694", "reference_id": "RHSA-2026:9694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9694" } ], "fixed_packages": [], "aliases": [ "CVE-2026-34268" ], "risk_score": 1.3, "exploitability": "0.5", "weighted_severity": "2.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jxgd-j4wr-tyb7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63978?format=api", "vulnerability_id": "VCID-ptgq-884e-mkft", "summary": "libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33636.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33636.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33636", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09433", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09521", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09508", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09555", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09569", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.0954", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09524", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09418", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.0942", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10217", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15153", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15193", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33636" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33636", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33636" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132013", "reference_id": "1132013", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132013" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451819", "reference_id": "2451819", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451819" }, { "reference_url": "https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869", "reference_id": "7734cda20cf1236aef60f3bbd2267c97bbb40869", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:45:14Z/" } ], "url": "https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869" }, { "reference_url": "https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3", "reference_id": "aba9f18eba870d14fb52c5ba5d73451349e339c3", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:45:14Z/" } ], "url": "https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3" }, { "reference_url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2", "reference_id": "GHSA-wjr5-c57x-95m2", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:45:14Z/" } ], "url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6732", "reference_id": "RHSA-2026:6732", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6732" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7671", "reference_id": "RHSA-2026:7671", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7671" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7672", "reference_id": "RHSA-2026:7672", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7672" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8052", "reference_id": "RHSA-2026:8052", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8052" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8459", "reference_id": "RHSA-2026:8459", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8459" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9254", "reference_id": "RHSA-2026:9254", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9254" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9255", "reference_id": "RHSA-2026:9255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9255" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9345", "reference_id": "RHSA-2026:9345", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9345" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9638", "reference_id": "RHSA-2026:9638", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9638" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9693", "reference_id": "RHSA-2026:9693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9693" } ], "fixed_packages": [], "aliases": [ "CVE-2026-33636" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ptgq-884e-mkft" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65170?format=api", "vulnerability_id": "VCID-rm7f-ybuf-dyfq", "summary": "libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22695.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22695.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22695", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08627", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08702", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08678", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08597", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08671", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08696", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08673", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.0866", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08548", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08535", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08689", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22695" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22695", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22695" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125443", "reference_id": "1125443", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125443" }, { "reference_url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea", "reference_id": "218612ddd6b17944e21eda56caf8b4bf7779d1ea", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T14:13:00Z/" } ], "url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428825", "reference_id": "2428825", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428825" }, { "reference_url": "https://github.com/pnggroup/libpng/issues/778", "reference_id": "778", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T14:13:00Z/" } ], "url": "https://github.com/pnggroup/libpng/issues/778" }, { "reference_url": "https://github.com/pnggroup/libpng/commit/e4f7ad4ea2", "reference_id": "e4f7ad4ea2", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T14:13:00Z/" } ], "url": "https://github.com/pnggroup/libpng/commit/e4f7ad4ea2" }, { "reference_url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp", "reference_id": "GHSA-mmq5-27w3-rxpp", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T14:13:00Z/" } ], "url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3405", "reference_id": "RHSA-2026:3405", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3405" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3551", "reference_id": "RHSA-2026:3551", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3551" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3573", "reference_id": "RHSA-2026:3573", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3573" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3574", "reference_id": "RHSA-2026:3574", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3574" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3575", "reference_id": "RHSA-2026:3575", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3575" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3576", "reference_id": "RHSA-2026:3576", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3576" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3577", "reference_id": "RHSA-2026:3577", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3577" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4306", "reference_id": "RHSA-2026:4306", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4306" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4501", "reference_id": "RHSA-2026:4501", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4501" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4728", "reference_id": "RHSA-2026:4728", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4728" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4729", "reference_id": "RHSA-2026:4729", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4729" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4730", "reference_id": "RHSA-2026:4730", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4730" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4731", "reference_id": "RHSA-2026:4731", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4731" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4732", "reference_id": "RHSA-2026:4732", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4732" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5606", "reference_id": "RHSA-2026:5606", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5606" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6732", "reference_id": "RHSA-2026:6732", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6732" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8746", "reference_id": "RHSA-2026:8746", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8746" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8747", "reference_id": "RHSA-2026:8747", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8747" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8748", "reference_id": "RHSA-2026:8748", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8748" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9254", "reference_id": "RHSA-2026:9254", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9254" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9255", "reference_id": "RHSA-2026:9255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9255" }, { "reference_url": "https://usn.ubuntu.com/7963-1/", "reference_id": "USN-7963-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7963-1/" }, { "reference_url": "https://usn.ubuntu.com/8035-1/", "reference_id": "USN-8035-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8035-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2026-22695" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rm7f-ybuf-dyfq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353829?format=api", "vulnerability_id": "VCID-sz6r-65q1-q3bh", "summary": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22021.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22021.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22021", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11666", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22021" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22021", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22021" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894", "reference_id": "1134894", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460042", "reference_id": "2460042", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460042" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2026.html", "reference_id": "cpuapr2026.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T13:58:16Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2026.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9254", "reference_id": "RHSA-2026:9254", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9254" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9255", "reference_id": "RHSA-2026:9255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9255" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9256", "reference_id": "RHSA-2026:9256", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9256" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9682", "reference_id": "RHSA-2026:9682", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9682" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9684", "reference_id": "RHSA-2026:9684", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9684" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9685", "reference_id": "RHSA-2026:9685", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9685" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9687", "reference_id": "RHSA-2026:9687", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9687" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9688", "reference_id": "RHSA-2026:9688", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9688" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9690", "reference_id": "RHSA-2026:9690", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9690" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9691", "reference_id": "RHSA-2026:9691", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9691" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9693", "reference_id": "RHSA-2026:9693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9693" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9694", "reference_id": "RHSA-2026:9694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9694" } ], "fixed_packages": [], "aliases": [ "CVE-2026-22021" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sz6r-65q1-q3bh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353832?format=api", "vulnerability_id": "VCID-xte1-h9nn-4bbk", "summary": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22018.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22018.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22018", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11666", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22018" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22018", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22018" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894", "reference_id": "1134894", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460041", "reference_id": "2460041", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460041" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2026.html", "reference_id": "cpuapr2026.html", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:05:52Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2026.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9254", "reference_id": "RHSA-2026:9254", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9254" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9255", "reference_id": "RHSA-2026:9255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9255" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9256", "reference_id": "RHSA-2026:9256", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9256" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9682", "reference_id": "RHSA-2026:9682", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9682" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9684", "reference_id": "RHSA-2026:9684", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9684" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9685", "reference_id": "RHSA-2026:9685", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9685" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9687", "reference_id": "RHSA-2026:9687", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9687" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9688", "reference_id": "RHSA-2026:9688", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9688" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9690", "reference_id": "RHSA-2026:9690", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9690" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9691", "reference_id": "RHSA-2026:9691", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9691" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9693", "reference_id": "RHSA-2026:9693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9693" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9694", "reference_id": "RHSA-2026:9694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9694" } ], "fixed_packages": [], "aliases": [ "CVE-2026-22018" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xte1-h9nn-4bbk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64639?format=api", "vulnerability_id": "VCID-xyhj-84d1-dqh3", "summary": "libpng: LIBPNG has a heap buffer overflow in png_set_quantize", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25646.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25646.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25646", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23049", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22976", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23103", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23122", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23085", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23029", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23042", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23035", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.2376", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.23645", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26176", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26135", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25646" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25646", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25646" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88", "reference_id": "01d03b8453eb30ade759cd45c707e5a1c7277d88", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:31:50Z/" } ], "url": "https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127566", "reference_id": "1127566", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127566" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438542", "reference_id": "2438542", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438542" }, { "reference_url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3", "reference_id": "GHSA-g8hp-mq4h-rqm3", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:31:50Z/" } ], "url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3031", "reference_id": "RHSA-2026:3031", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3031" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3405", "reference_id": "RHSA-2026:3405", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3405" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3551", "reference_id": "RHSA-2026:3551", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3551" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3573", "reference_id": "RHSA-2026:3573", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3573" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3574", "reference_id": "RHSA-2026:3574", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3574" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3575", "reference_id": "RHSA-2026:3575", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3575" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3576", "reference_id": "RHSA-2026:3576", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3576" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3577", "reference_id": "RHSA-2026:3577", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3577" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3968", "reference_id": "RHSA-2026:3968", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3968" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3969", "reference_id": "RHSA-2026:3969", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3969" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4221", "reference_id": "RHSA-2026:4221", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4221" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4222", "reference_id": "RHSA-2026:4222", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4222" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4306", "reference_id": "RHSA-2026:4306", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4306" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4501", "reference_id": "RHSA-2026:4501", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4501" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4728", "reference_id": "RHSA-2026:4728", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4728" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4729", "reference_id": "RHSA-2026:4729", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4729" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4730", "reference_id": "RHSA-2026:4730", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4730" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4731", "reference_id": "RHSA-2026:4731", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4731" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4732", "reference_id": "RHSA-2026:4732", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4732" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4756", "reference_id": "RHSA-2026:4756", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4756" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5606", "reference_id": "RHSA-2026:5606", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5606" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6439", "reference_id": "RHSA-2026:6439", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6439" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6445", "reference_id": "RHSA-2026:6445", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6445" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6466", "reference_id": "RHSA-2026:6466", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6466" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6467", "reference_id": "RHSA-2026:6467", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6467" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6468", "reference_id": "RHSA-2026:6468", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6468" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6469", "reference_id": "RHSA-2026:6469", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6469" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6553", "reference_id": "RHSA-2026:6553", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6553" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6732", "reference_id": "RHSA-2026:6732", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6732" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7032", "reference_id": "RHSA-2026:7032", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7032" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7033", "reference_id": "RHSA-2026:7033", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7033" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7034", "reference_id": "RHSA-2026:7034", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7034" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7035", "reference_id": "RHSA-2026:7035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7035" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7036", "reference_id": "RHSA-2026:7036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7036" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7239", "reference_id": "RHSA-2026:7239", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7239" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7243", "reference_id": "RHSA-2026:7243", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7243" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8746", "reference_id": "RHSA-2026:8746", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8746" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8747", "reference_id": "RHSA-2026:8747", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8747" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8748", "reference_id": "RHSA-2026:8748", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8748" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9254", "reference_id": "RHSA-2026:9254", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9254" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9255", "reference_id": "RHSA-2026:9255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9255" }, { "reference_url": "https://usn.ubuntu.com/8035-1/", "reference_id": "USN-8035-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8035-1/" }, { "reference_url": "https://usn.ubuntu.com/8039-1/", "reference_id": "USN-8039-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8039-1/" }, { "reference_url": "https://usn.ubuntu.com/8081-1/", "reference_id": "USN-8081-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8081-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2026-25646" ], "risk_score": 3.8, "exploitability": "0.5", "weighted_severity": "7.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xyhj-84d1-dqh3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/353820?format=api", "vulnerability_id": "VCID-zsun-4q6p-8fek", "summary": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22013.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22013.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22013", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12118", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22013" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22013", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22013" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894", "reference_id": "1134894", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134894" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460040", "reference_id": "2460040", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460040" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2026.html", "reference_id": "cpuapr2026.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:09:34Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2026.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9254", "reference_id": "RHSA-2026:9254", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9254" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9255", "reference_id": "RHSA-2026:9255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9255" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9256", "reference_id": "RHSA-2026:9256", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9256" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9682", "reference_id": "RHSA-2026:9682", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9682" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9684", "reference_id": "RHSA-2026:9684", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9684" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9685", "reference_id": "RHSA-2026:9685", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9685" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9687", "reference_id": "RHSA-2026:9687", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9687" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9688", "reference_id": "RHSA-2026:9688", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9688" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9690", "reference_id": "RHSA-2026:9690", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9690" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9691", "reference_id": "RHSA-2026:9691", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9691" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9693", "reference_id": "RHSA-2026:9693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9693" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9694", "reference_id": "RHSA-2026:9694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9694" } ], "fixed_packages": [], "aliases": [ "CVE-2026-22013" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zsun-4q6p-8fek" } ], "fixing_vulnerabilities": [], "risk_score": "3.8", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/java-11-openjdk@1:11.0.31.0.11-1%3Farch=el9" }