Lucene search
K

4456 matches found

RedHat Linux
RedHat Linux
added 2026/05/07 6:0 p.m.6 views

com.mchange/mchange-commons-java: mchange-commons-java: Arbitrary code execution via JNDI dereferencing of crafted objects

A flaw was found in mchange-commons-java, a Java utility library. An attacker can exploit this vulnerability by providing a maliciously crafted javax.naming.Reference or serialized object to an application using the library. This can provoke the application to download and execute arbitrary...

9.8CVSS8AI score0.00812EPSS
Exploits1References8
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/06 3:18 p.m.7 views

Security Bulletin: EDB PGAI Hybrid Management with IBM is affected by Multiple Vulnerabilities.

Summary Multiple Vulnerabilities found in EDB PGAI products - 1 EDB PGAI AI Factory with IBM 1.3.0, 2 EDB PGAI Analytics Accelerator 1.3.0, and 3 EDB PGAI Hybrid Data Management 1.3.0. The vulnerabilities have been addressed in 1.3.4 version. Hence, IBM strongly recommends upgrading to 1.3.4...

8.6CVSS7.8AI score0.07022EPSS
Exploits3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.10 views

RHCOS 4 : OpenShift Container Platform 4.9.19 (RHSA-2022:0339)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0339 advisory. - jenkins: no POST request is required for the endpoint handling manual build requests which could result in CSRF CVE-2022-20612 -...

8.8CVSS6AI score0.02277EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.13 views

RHCOS 4 : OpenShift Container Platform 4.7.43 (RHSA-2022:0491)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0491 advisory. - jenkins: no POST request is required for the endpoint handling manual build requests which could result in CSRF CVE-2022-20612 -...

8.8CVSS6AI score0.02277EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.13 views

RHCOS 4 : OpenShift Container Platform 4.8.31 (RHSA-2022:0483)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0483 advisory. - jenkins: no POST request is required for the endpoint handling manual build requests which could result in CSRF CVE-2022-20612 -...

8.8CVSS6AI score0.02277EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.9 views

RHCOS 3 : OpenShift Container Platform 3.11.634 (RHSA-2022:0555)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0555 advisory. - jenkins: no POST request is required for the endpoint handling manual build requests which could result in CSRF CVE-2022-20612 -...

8.8CVSS6AI score0.02277EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.10 views

RHCOS 4 : OpenShift Container Platform 4.6.55 (RHSA-2022:0565)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0565 advisory. - jenkins: no POST request is required for the endpoint handling manual build requests which could result in CSRF CVE-2022-20612 -...

8.8CVSS6AI score0.02277EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.10 views

RHCOS 2 : Red Hat OpenShift Enterprise 2.2.10 (RHSA-2016:1773)

The remote Red Hat Enterprise Linux CoreOS 2 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:1773 advisory. - CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix CVE-2014-3577 - apache-commons-collections: InvokerTransformer...

10CVSS7.7AI score0.83274EPSS
Exploits32References41
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.13 views

RHCOS 3 : Red Hat OpenShift Enterprise 3.1.1 update (Important) (RHSA-2016:0070)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:0070 advisory. - commons-fileupload: Arbitrary file upload via deserialization CVE-2013-2186 - stapler-adjunct-zeroclipboard: multiple cross-site...

10CVSS5.7AI score0.86829EPSS
Exploits12References102
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/29 9:3 a.m.4 views

Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is impacted by vulnerabilities in Apache Commons IO

Summary A vulnerability has been identified in Apache Commons IO, which is used in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The...

4.3CVSS6.1AI score0.01249EPSS
Exploits0Affected Software1
GithubExploit
GithubExploit
added 2026/04/29 5:48 a.m.103 views

Docker_Desktop_POC

Java vulnerable scan POC Minimal Maven project used to comp...

9.8CVSS7.5AI score0.99931EPSS
Exploits41
Tenable Nessus
Tenable Nessus
added 2026/04/24 12:0 a.m.5 views

Oracle Business Process Management Suite (14.1.2.0.0) (April 2026 CPU)

The version of Oracle Business Process Management Suite installed on the remote host is affected by a vulnerability, as referenced in the April 2026 CPU advisory: - Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware component: Composer Apache Commons...

5.3CVSS5.4AI score0.02164EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.7 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : Apache Commons IO vulnerability (USN-8191-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8191-1 advisory. It was discovered that Apache Commons IO's XmlStreamReader class could excessively consume CPU resourc...

4.3CVSS5.8AI score0.01249EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2026/04/21 11:36 a.m.11 views

USN-8191-1: Apache Commons IO vulnerability

It was discovered that Apache Commons IO's XmlStreamReader class could excessively consume CPU resources under certain circumstances. An attacker could possibly use this issue to cause Apache Commons IO to crash, resulting in a denial of service...

4.3CVSS5.8AI score0.01249EPSS
Exploits0
OSV
OSV
added 2026/04/21 11:36 a.m.8 views

USN-8191-1 commons-io vulnerability

It was discovered that Apache Commons IO's XmlStreamReader class could excessively consume CPU resources under certain circumstances. An attacker could possibly use this issue to cause Apache Commons IO to crash, resulting in a denial of service...

4.3CVSS6.5AI score0.01249EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/20 9:6 p.m.4 views

Security Bulletin: IBM Engineering Lifecycle Management - Engineering Test Management is impacted by vulnerabilities in commons-io library

Summary Vulnerabilities have been identified in commons-io library, which is used in IBM Engineering Lifecycle Management - Engineering Test Management Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The...

4.3CVSS5.7AI score0.01249EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/20 1:40 p.m.4 views

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of Apache Commons Lang

Summary Due to use of Apache Commons Lang, DevOps Test Performance and Rational Performance Tester contain a potential Denial of Service DoS vulnerability. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apach...

5.3CVSS5.7AI score0.02164EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/04/16 8:57 p.m.6 views

EUVD-2026-23310

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below ship the legacy velocity-1.7.jar, which pulls in commons-collections-3.2.1.jar containing the InvokerTransformer deserialization gadget chain. Quartz 2.3.2, also bundled in the application, deserializ...

9CVSS6.3AI score0.0063EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/16 1:8 p.m.8 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses c3p0-0.11.2.jar and mchange-commons-java-0.3.2.jar which are vulnerable to CVE-2026-27830 and CVE-2026-27727.

Summary IBM Maximo Application Suite - Monitor Component uses c3p0-0.11.2.jar and mchange-commons-java-0.3.2.jar which are vulnerable to CVE-2026-27830 and CVE-2026-27727. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-27727 DESCRIPTION:...

9.8CVSS6.1AI score0.00812EPSS
Exploits1Affected Software1
Atlassian
Atlassian
added 2026/04/16 1:5 p.m.22 views

Improper Authorization commons-beanutils:commons-beanutils Dependency in Jira Service Management Data Center

This High severity Improper Authorization vulnerability was introduced in versions 5.12.1, 5.15.2, 5.16.0, 5.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, and 10.7.1 of Jira Service Management Data Center. This Improper Authorization vulnerability, with a CVSS Score of 8.8 and a...

8.8CVSS7.5AI score0.01495EPSS
Exploits1
Rows per page
Query Builder