CVE-2026-6009 is a high-severity Java deserialization vulnerability described in the supplied source corpus as affecting a Jaspersoft Reports Library context and potentially enabling remote code execution on the affected system. The official NVD record was published on 2026-05-19 and was still marked "Awaiting Analysis" in the provided data, so the precise affected product scope should be treated cautious [truncated]
CVE-2025-10492 is a critical Java deserialization vulnerability in a third-party JasperReports/Jaspersoft component used by Hitachi Energy Ellipse for custom reports. According to the advisory, improperly handled externally supplied data could let an attacker execute arbitrary code remotely on affected systems. CISA’s advisory was initially released on 2026-02-24 and republished on 2026-04-02 with the ven [truncated]