A week after revealing two Java exposures, a Polish security firm accounted for finding five more in the latest edition of Java. When used collectively, the new holes could bypass the technology’s sandbox in order to run malware on the targeted machine.

Security Explorations gave notice to Oracle Monday of the exposures in Java SE 7 Update 15. Along with details of the flaws, Security Explorations also supplied proof of concept code (POC).

The latest find came after Oracle declined one of the bugs Security Explorations reported Feb. 25. “It made us look into Java SE 7 code and its docs once again, gathering counterargument material,” Adam Gowdiak, chief executive of the company, said in a post on SecLists.org.

Oracle pushed Java SE 7 Update 15 on Feb. 19, bundling patches issued Feb. 1 in an emergency update fixing five additional flaws. The next regularly scheduled update is scheduled for April 16.