Java

Multiple vulnerabilities have been discovered in Apereo Java CAS client versions prior to 4.1.1, potentially leading to data confidentiality breaches as detailed in the casc-jwt-vuln security bulletin.

The `pullArtifact` methods in `Registry` and `OCILayout` use the `org.opencontainers.image.title` annotation from a pulled manifest as a filename, resolving it against the caller supplied output directory without normalization or a containment check, allowing a manifest publisher to write blobs outside of the intended target directory.

CVE-2026-8759 is a remote code execution vulnerability in xiandafu beetl up to 3.20.2, stemming from improper neutralization of special elements within the SpELFunction component, enabling remote exploitation.

A remote attacker, either anonymous or authenticated, can exploit multiple vulnerabilities in Oracle Java SE to compromise confidentiality, integrity, and availability.

The deprecated fabric-sdk-java client SDK is vulnerable to Java deserialization RCE due to the use of ObjectInputStream.readObject() without an ObjectInputFilter in Channel.java, allowing remote code execution if an attacker can supply crafted serialized Channel bytes to the client application.

CVE-2026-34282 is a remotely exploitable vulnerability in the Networking component of Oracle Java SE and GraalVM that allows an unauthenticated attacker to cause a complete denial of service.

This rule detects a potential JAVA/JNDI exploitation attempt by identifying outbound network connections by JAVA to LDAP, RMI, or DNS standard ports followed by suspicious JAVA child processes such as shell interpreters and scripting languages, which may indicate a Java Naming and Directory Interface (JNDI) injection vulnerability exploitation attempt.

The execution of a Linux shell process from a Java JAR application following an incoming network connection may indicate reverse shell activity.