US-CERT has released Vulnerability Note VU#636312 to address a vulnerability in Oracle Java Runtime Environment (JRE) 1.7. This vulnerability may allow an attacker to execute arbitrary code on a vulnerable system.
US-CERT encourages users and administrators to review Vulnerability Note VU#636312. This advisory includes possible workarounds that help mitigate the risk against known attack vectors by disabling the Java plug-in.
Update: Oracle has released an out-of-band patch to address this vulnerability. US-CERT encourages users and administrators to review the Oracle Security Alert for CVE-2012-4681 and apply any necessary updates to help mitigate the risk.
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-3502 TrueConf Client…