Oracle is set to release a patch set for Java SE that targets 40 security vulnerabilities.
Thirty-seven of the weaknesses can be exploited over a network without requiring an attacker to have a username or password, Oracle said.
Affected products covered in the patch batch, which is set for release Tuesday, include Java SE as well as a number of versions of JDK (Java Development Kit), JRE (Java Runtime Environment) and the JavaFX rich-client development platform, according to Oracle's announcement.
Oracle is recommending that customers apply the patches as soon as possible "due to the threat posed by a successful attack."
The Java SE patch set comes after Oracle released some 128 fixes for its database, middleware and applications in April.
Oracle came under fire in recent months over Java security after a spate of high-profile vulnerabilities.
The company subsequently pledged it would work to shore up Java's security measures, as well as do more outreach with community members.
Oracle revealed some specifics of its planned security improvements last month.
Chris Kanaracus covers enterprise software and general technology breaking news for The IDG News Service. Chris' email address is Chris_Kanaracus@idg.com