Lucene search
K

4456 matches found

NVD
NVD
added yesterday6 views

CVE-2026-55223

c3p0 is a JDBC Connection pooling library. In versions prior to 0.14.0, c3p0 in combination with other libraries, can compose to a "sink" for deserialization gadgets. The JDBC spec's DataSource.getConnection and ConnectionPoolDataSource.getPooledConnection match the getXXX form, so JavaBean...

6.3CVSS
Exploits0References2
OSV
OSV
added 5 days ago8 views

ROOT-APP-MAVEN-CVE-2025-48924 CVE-2025-48924 in io.root.org.apache.commons:commons-lang3 - Patched by Root

Root has patched CVE-2025-48924 in the io.root.org.apache.commons:commons-lang3 package for Root:Maven. Multiple fixed versions available...

6.5CVSS5.9AI score0.02164EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 6 days ago9 views

Security Bulletin: IBM Cloud Pak System is vulnerable to an Improper Access Control due to use of Apache Commons BeanUtils [CVE-2025-48734]

Summary Due to use of Apache Commons BeanUtils IBM Cloud Pak System is vulnerable to an Improper Access Control. IBM Cloud Pak System addressed vulnerability. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospecto...

8.8CVSS6.9AI score0.01495EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 1:11 p.m.4 views

Security Bulletin: Vulnerability in node-tar affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in node-tar has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

9.8CVSS7.4AI score0.00812EPSS
Exploits1Affected Software2
OSV
OSV
added 2026/06/21 8:25 a.m.10 views

ROOT-APP-MAVEN-CVE-2019-10086 CVE-2019-10086 in io.root.commons-beanutils:commons-beanutils - Patched by Root

Root has patched CVE-2019-10086 in the io.root.commons-beanutils:commons-beanutils package for Root:Maven. Multiple fixed versions available...

7.5CVSS6.7AI score0.28839EPSS
Exploits1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in libcommons-compress-java

There is a vulnerability related to the “Unreachable Exit Condition” „Infinite Loop“ in Apache Commons Compress. This issue affects Apache Commons Compress versions from 1.3 to 1.25.0. Users are recommended to upgrade to version 1.26.0, which fixes this issue...

8.1CVSS6.6AI score0.00441EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in commons-io

In Apache Commons IO before version 2.7, when the FileNameUtils.normalize method was called with an improper input string, such as “//../foo” or “\..\foo”, the result would be the same value. This potentially allowed access to files in the parent directory, but not further up the path thus...

5.8CVSS6.6AI score0.10608EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in xmlgraphics-commons

Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. Users...

8.2CVSS7.2AI score0.0665EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in bcel

Apache Commons BCEL includes several APIs that typically only allow modifying specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to generate arbitrary bytecode. This could lead to abuse in applications that send attacker-controllable data to tho...

9.8CVSS6.9AI score0.02836EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/17 2:50 p.m.4 views

Security Bulletin: MongoDB Enterprised Advanced affected by: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CVE-2026-27727)

Summary There are vulnerabilities in mchange-commons-java-0.2.15.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-27727. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2026-27727 DESCRIPTION: mchange-commons-java, a library that provides Java utilities,...

9.8CVSS5.9AI score0.00812EPSS
Exploits1Affected Software1
OSV
OSV
added 2026/06/17 1:25 p.m.8 views

ROOT-APP-MAVEN-CVE-2024-25710 CVE-2024-25710 in io.root.org.apache.commons:commons-compress - Patched by Root

Root has patched CVE-2024-25710 in the io.root.org.apache.commons:commons-compress package for Root:Maven. Multiple fixed versions available...

5.9CVSS5.4AI score0.00441EPSS
Exploits0
OSV
OSV
added 2026/06/17 1:25 p.m.3 views

ROOT-APP-MAVEN-CVE-2024-26308 CVE-2024-26308 in io.root.org.apache.commons:commons-compress - Patched by Root

Root has patched CVE-2024-26308 in the io.root.org.apache.commons:commons-compress package for Root:Maven. Multiple fixed versions available...

5.5CVSS6.6AI score0.00898EPSS
Exploits0
OSV
OSV
added 2026/06/17 12:34 p.m.9 views

ROOT-APP-MAVEN-CVE-2021-29425 CVE-2021-29425 in io.root.commons-io:commons-io - Patched by Root

Root has patched CVE-2021-29425 in the io.root.commons-io:commons-io package for Root:Maven. Multiple fixed versions available...

5.8CVSS5.4AI score0.10608EPSS
Exploits1
OSV
OSV
added 2026/06/17 12:34 p.m.8 views

ROOT-APP-MAVEN-CVE-2024-47554 CVE-2024-47554 in io.root.commons-io:commons-io - Patched by Root

Root has patched CVE-2024-47554 in the io.root.commons-io:commons-io package for Root:Maven. Multiple fixed versions available...

7.5CVSS6.5AI score0.01249EPSS
Exploits0
OSV
OSV
added 2026/06/17 12:31 p.m.5 views

ROOT-APP-MAVEN-CVE-2025-48976 CVE-2025-48976 in io.root.commons-fileupload:commons-fileupload - Patched by Root

Root has patched CVE-2025-48976 in the io.root.commons-fileupload:commons-fileupload package for Root:Maven. Multiple fixed versions available...

7.5CVSS5.3AI score0.63258EPSS
Exploits1
OSV
OSV
added 2026/06/17 12:26 p.m.4 views

ROOT-APP-MAVEN-CVE-2015-6420 CVE-2015-6420 in io.root.commons-collections:commons-collections - Patched by Root

Root has patched CVE-2015-6420 in the io.root.commons-collections:commons-collections package for Root:Maven. Multiple fixed versions available...

9.8CVSS7.1AI score0.18763EPSS
Exploits1
OSV
OSV
added 2026/06/17 12:26 p.m.4 views

ROOT-APP-MAVEN-CVE-2015-7501 CVE-2015-7501 in io.root.commons-collections:commons-collections - Patched by Root

Root has patched CVE-2015-7501 in the io.root.commons-collections:commons-collections package for Root:Maven. Multiple fixed versions available...

10CVSS6.8AI score0.83274EPSS
Exploits8
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/16 4:1 p.m.5 views

Security Bulletin: Multiple Vulnerabilities in IBM Datacap

Summary Multiple vulnerabilities were addressed in IBM Datacap version 9.1.9 Interim Fix 008. Vulnerability Details CVEID:CVE-2026-45205 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons. When processing an untrusted configuration file, Commons Configuration will throw a...

7.5CVSS5AI score0.00743EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 10:14 a.m.10 views

Security Bulletin: IBM Engineering Systems Design Rhapsody TestConductor was affected by CVE-2025-48924

Summary IBM Engineering Systems Design Rhapsody TestConductor was vulnerable to an uncontrolled recursion on very long inputs. This could cause components using Apache Commons Lang to stop. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache...

5.3CVSS6.2AI score0.02164EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.16 views

Oracle E-Business Suite (April 2026 CPU)

The versions of Oracle E-Business Suite installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2026 CPU advisory. - Vulnerability in the Oracle Advanced Inbound Telephony product of Oracle E-Business Suite component: Setup and Administration. Supported...

9.8CVSS6.3AI score0.01916EPSS
Exploits7References21
Rows per page
Query Builder