4456 matches found
CVE-2026-55223
c3p0 is a JDBC Connection pooling library. In versions prior to 0.14.0, c3p0 in combination with other libraries, can compose to a "sink" for deserialization gadgets. The JDBC spec's DataSource.getConnection and ConnectionPoolDataSource.getPooledConnection match the getXXX form, so JavaBean...
ROOT-APP-MAVEN-CVE-2025-48924 CVE-2025-48924 in io.root.org.apache.commons:commons-lang3 - Patched by Root
Root has patched CVE-2025-48924 in the io.root.org.apache.commons:commons-lang3 package for Root:Maven. Multiple fixed versions available...
Security Bulletin: IBM Cloud Pak System is vulnerable to an Improper Access Control due to use of Apache Commons BeanUtils [CVE-2025-48734]
Summary Due to use of Apache Commons BeanUtils IBM Cloud Pak System is vulnerable to an Improper Access Control. IBM Cloud Pak System addressed vulnerability. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospecto...
Security Bulletin: Vulnerability in node-tar affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in node-tar has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...
ROOT-APP-MAVEN-CVE-2019-10086 CVE-2019-10086 in io.root.commons-beanutils:commons-beanutils - Patched by Root
Root has patched CVE-2019-10086 in the io.root.commons-beanutils:commons-beanutils package for Root:Maven. Multiple fixed versions available...
Astra Linux – Vulnerability in libcommons-compress-java
There is a vulnerability related to the “Unreachable Exit Condition” „Infinite Loop“ in Apache Commons Compress. This issue affects Apache Commons Compress versions from 1.3 to 1.25.0. Users are recommended to upgrade to version 1.26.0, which fixes this issue...
Astra Linux – Vulnerability in commons-io
In Apache Commons IO before version 2.7, when the FileNameUtils.normalize method was called with an improper input string, such as “//../foo” or “\..\foo”, the result would be the same value. This potentially allowed access to files in the parent directory, but not further up the path thus...
Astra Linux – Vulnerability in xmlgraphics-commons
Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. Users...
Astra Linux – Vulnerability in bcel
Apache Commons BCEL includes several APIs that typically only allow modifying specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to generate arbitrary bytecode. This could lead to abuse in applications that send attacker-controllable data to tho...
Security Bulletin: MongoDB Enterprised Advanced affected by: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CVE-2026-27727)
Summary There are vulnerabilities in mchange-commons-java-0.2.15.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-27727. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2026-27727 DESCRIPTION: mchange-commons-java, a library that provides Java utilities,...
ROOT-APP-MAVEN-CVE-2024-25710 CVE-2024-25710 in io.root.org.apache.commons:commons-compress - Patched by Root
Root has patched CVE-2024-25710 in the io.root.org.apache.commons:commons-compress package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2024-26308 CVE-2024-26308 in io.root.org.apache.commons:commons-compress - Patched by Root
Root has patched CVE-2024-26308 in the io.root.org.apache.commons:commons-compress package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2021-29425 CVE-2021-29425 in io.root.commons-io:commons-io - Patched by Root
Root has patched CVE-2021-29425 in the io.root.commons-io:commons-io package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2024-47554 CVE-2024-47554 in io.root.commons-io:commons-io - Patched by Root
Root has patched CVE-2024-47554 in the io.root.commons-io:commons-io package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2025-48976 CVE-2025-48976 in io.root.commons-fileupload:commons-fileupload - Patched by Root
Root has patched CVE-2025-48976 in the io.root.commons-fileupload:commons-fileupload package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2015-6420 CVE-2015-6420 in io.root.commons-collections:commons-collections - Patched by Root
Root has patched CVE-2015-6420 in the io.root.commons-collections:commons-collections package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2015-7501 CVE-2015-7501 in io.root.commons-collections:commons-collections - Patched by Root
Root has patched CVE-2015-7501 in the io.root.commons-collections:commons-collections package for Root:Maven. Multiple fixed versions available...
Security Bulletin: Multiple Vulnerabilities in IBM Datacap
Summary Multiple vulnerabilities were addressed in IBM Datacap version 9.1.9 Interim Fix 008. Vulnerability Details CVEID:CVE-2026-45205 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons. When processing an untrusted configuration file, Commons Configuration will throw a...
Security Bulletin: IBM Engineering Systems Design Rhapsody TestConductor was affected by CVE-2025-48924
Summary IBM Engineering Systems Design Rhapsody TestConductor was vulnerable to an uncontrolled recursion on very long inputs. This could cause components using Apache Commons Lang to stop. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache...
Oracle E-Business Suite (April 2026 CPU)
The versions of Oracle E-Business Suite installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2026 CPU advisory. - Vulnerability in the Oracle Advanced Inbound Telephony product of Oracle E-Business Suite component: Setup and Administration. Supported...