CVSS: 8.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-50106 – openjdk: Glyph out-of-memory access and crash (Oracle CPU 2025-07)
https://notcve.org/view.php?id=CVE-2025-50106
15 Jul 2025 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1; Oracle GraalVM Enterprise Edition: 21.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Orac... • https://www.oracle.com/security-alerts/cpujul2025.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.6EPSS: 0%CPEs: 8EXPL: 0CVE-2025-50059 – openjdk: Improve HTTP client header handling (Oracle CPU 2025-07)
https://notcve.org/view.php?id=CVE-2025-50059
15 Jul 2025 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1; Oracle GraalVM Enterprise Edition: 21.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracl... • https://www.oracle.com/security-alerts/cpujul2025.html • CWE-201: Insertion of Sensitive Information Into Sent Data CWE-284: Improper Access Control •
CVSS: 4.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-30754 – openjdk: Enhance TLS protocol support (Oracle CPU 2025-07)
https://notcve.org/view.php?id=CVE-2025-30754
15 Jul 2025 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1; Oracle GraalVM Enterprise Edition: 21.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM En... • https://www.oracle.com/security-alerts/cpujul2025.html • CWE-284: Improper Access Control CWE-325: Missing Cryptographic Step •
CVSS: 8.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-30749 – openjdk: Better Glyph drawing (Oracle CPU 2025-07)
https://notcve.org/view.php?id=CVE-2025-30749
15 Jul 2025 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1; Oracle GraalVM Enterprise Edition: 21.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Orac... • https://www.oracle.com/security-alerts/cpujul2025.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 5.6EPSS: 0%CPEs: 9EXPL: 0CVE-2025-30698 – openjdk: Enhance Buffered Image handling (Oracle CPU 2025-04)
https://notcve.org/view.php?id=CVE-2025-30698
15 Apr 2025 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle GraalVM for JDK: 17.0.14, 21.0.6, 24; Oracle GraalVM Enterprise Edition: 20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Ora... • https://www.oracle.com/security-alerts/cpuapr2025.html • CWE-122: Heap-based Buffer Overflow CWE-284: Improper Access Control •
CVSS: 7.4EPSS: 0%CPEs: 9EXPL: 0CVE-2025-21587 – openjdk: Better TLS connection support (Oracle CPU 2025-04)
https://notcve.org/view.php?id=CVE-2025-21587
15 Apr 2025 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE:8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle GraalVM for JDK:17.0.14, 21.0.6, 24; Oracle GraalVM Enterprise Edition:20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Orac... • https://www.oracle.com/security-alerts/cpuapr2025.html • CWE-208: Observable Timing Discrepancy CWE-284: Improper Access Control •