Lucene search
K

10 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/17 2:50 p.m.4 views

Security Bulletin: MongoDB Enterprised Advanced affected by: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CVE-2026-27727)

Summary There are vulnerabilities in mchange-commons-java-0.2.15.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-27727. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2026-27727 DESCRIPTION: mchange-commons-java, a library that provides Java utilities,...

9.8CVSS5.9AI score0.00812EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/26 5:16 p.m.12 views

Security Bulletin: Due to the use of mchange-commons-java, IBM webMethods BPM is vulnerable to malicious code execution (CVE-2026-27727).

Summary IBM webMethods BPM includes the standalone utility which includes the vulnerable component mchange-commons-java. The tool operates as a standalone utility and is not part of the main runtime environments. Vulnerability Details CVEID:CVE-2026-27727 DESCRIPTION: mchange-commons-java, a...

9.8CVSS6.1AI score0.00812EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/16 1:8 p.m.9 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses c3p0-0.11.2.jar and mchange-commons-java-0.3.2.jar which are vulnerable to CVE-2026-27830 and CVE-2026-27727.

Summary IBM Maximo Application Suite - Monitor Component uses c3p0-0.11.2.jar and mchange-commons-java-0.3.2.jar which are vulnerable to CVE-2026-27830 and CVE-2026-27727. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-27727 DESCRIPTION:...

9.8CVSS6.1AI score0.00812EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/30 7:25 a.m.7 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses c3p0-0.11.2.jar and mchange-commons-java-0.3.2.jar which are vulnerable to CVE-2026-27830 and CVE-2026-27727.

Summary IBM Maximo Application Suite - Monitor Component uses c3p0-0.11.2.jar and mchange-commons-java-0.3.2.jar which are vulnerable to CVE-2026-27830 and CVE-2026-27727. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-27830 DESCRIPTION: c3p0...

9.8CVSS6.2AI score0.00812EPSS
Exploits1Affected Software1
OSV
OSV
added 2026/03/20 2:25 p.m.7 views

OESA-2026-1690 mchange-commons security update

General tool, part of c3p0. Security Fixes: mchange-commons-java, a library that provides Java utilities, includes code that mirrors early implementations of JNDI functionality, including support for remote factoryClassLocation values, by which code can be downloaded and invoked within a running...

9.8CVSS6.2AI score0.00812EPSS
Exploits1References2
OPENSUSE Linux
OPENSUSE Linux
added 2026/03/05 12:0 a.m.3 views

c3p0-0.12.0-1.1 on GA media (moderate)

c3p0-0.12.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10279-1 Rating: moderate Cross-References: CVE-2026-27727 CVSS scores: CVE-2026-27727 SUSE : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2026-27727 SUSE : 9.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N...

9.8CVSS6AI score0.00812EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2026/02/27 12:24 a.m.3 views

SUSE CVE-2026-27727

mchange-commons-java, a library that provides Java utilities, includes code that mirrors early implementations of JNDI functionality, including support for remote factoryClassLocation values, by which code can be downloaded and invoked within a running application. If an attacker can provoke an...

9.8CVSS6.1AI score0.00812EPSS
Exploits1References5
vulnersOsv
vulnersOsv
added 2026/02/26 12:17 a.m.8 views

ai.hyacinth.framework:core-service-trigger-server (>=0.5.0 <=0.5.24), ai.stainless:grails-tika (=0.1.0) +4918 more potentially affected by CVE-2026-27727 via com.mchange:mchange-commons-java (>=0.2.10 <=0.3.2)

com.mchange:mchange-commons-java MAVEN version =0.2.10, =0.5.0, =0.0.1, =0.2, =0.3, =0.2, =0.2, =0.3, =0.3, =0.3, =0.3, =0.3, =0.2, =0.3, =0.3, =0.6 and more Source cves: CVE-2026-27727 Source advisory: SNYK:JAVA-COMMCHANGE-15353394...

9.8CVSS7.2AI score0.00812EPSS
Exploits1
NVD
NVD
added 2026/02/25 5:25 p.m.13 views

CVE-2026-27727

mchange-commons-java, a library that provides Java utilities, includes code that mirrors early implementations of JNDI functionality, including support for remote factoryClassLocation values, by which code can be downloaded and invoked within a running application. If an attacker can provoke an...

9.8CVSS0.00812EPSS
Exploits1References15
ATTACKERKB
ATTACKERKB
added 2026/02/25 4:1 p.m.5 views

CVE-2026-27727

mchange-commons-java, a library that provides Java utilities, includes code that mirrors early implementations of JNDI functionality, including support for remote factoryClassLocation values, by which code can be downloaded and invoked within a running application. If an attacker can provoke an...

9.8CVSS6AI score0.00812EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder