Lucene search
K

4458 matches found

GithubExploit
GithubExploit
added 2026/03/10 10:9 a.m.132 views

Exploit for Code Injection in Apache Commons_Text

No d...

9.8CVSS7.2AI score0.99931EPSS
Exploits41
SUSE Linux
SUSE Linux
added 2026/03/10 5:6 a.m.4 views

Security update for c3p0 and mchange-commons

This update for c3p0 and mchange-commons fixes the following issues: c3p0: Security issues fixed: CVE-2026-27830: Fixed unsafe object deserialization bsc1258942 Fix the null pointer exception in the userOverridesAsString method bsc1259313. mchange-commons: Security issues fixed: CVE-2026-27727:...

9.8CVSS5.8AI score0.00812EPSS
Exploits1References10
OSV
OSV
added 2026/03/10 5:6 a.m.2 views

SUSE-SU-2026:0855-1 Security update for c3p0 and mchange-commons

This update for c3p0 and mchange-commons fixes the following issues: c3p0: - Security issues fixed: - CVE-2026-27830: Fixed unsafe object deserialization bsc1258942 - Fix the null pointer exception in the userOverridesAsString method bsc1259313. mchange-commons: - Security issues fixed: -...

9.8CVSS5.8AI score0.00812EPSS
Exploits1References6
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/09 5:7 p.m.7 views

Security Bulletin: Common vulnerabilities addressed in Cloudera Observability 3.6.2

Summary Security Bulletin: Common vulnerabilities addressed in Cloudera Observability 3.6.2 Vulnerability Details CVEID:CVE-2025-53864 DESCRIPTION: Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a denial of service via a deeply nested...

6.5CVSS7.2AI score0.10608EPSS
Exploits1Affected Software1
Snyk
Snyk
added 2026/03/09 9:30 a.m.4 views

Binding to an Unrestricted IP Address

Overview Affected versions of this package are vulnerable to Binding to an Unrestricted IP Address in the default configuration. An attacker can gain unauthorized access and potentially compromise confidentiality, integrity, and availability by exploiting the default configuration remotely withou...

9.8CVSS5.8AI score0.00584EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/03/09 9:30 a.m.6 views

org.apache.iotdb:client-example (>=2.0.1-beta <=2.0.6), org.apache.iotdb:customize-mqtt-example (=2.0.1-beta) +9 more potentially affected by CVE-2026-24015 via org.apache.iotdb:node-commons (>=2.0.1-beta <=2.0.6)

org.apache.iotdb:node-commons MAVEN version =2.0.1-beta, =2.0.1-beta, =2.0.1-beta, =2.0.6 - org.apache.iotdb:iotdb-distribution =2.0.1-beta - org.apache.iotdb:iotdb-server =2.0.1-beta - org.apache.iotdb:pipe-count-point-processor-example =2.0.1-beta - org.apache.iotdb:trigger-example =2.0.1-beta...

9.8CVSS5.8AI score0.00584EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/09 9:30 a.m.6 views

org.apache.iotdb:client-example (>=1.1.2 <=1.3.6), org.apache.iotdb:customize-mqtt-example (>=1.0.0 <=1.3.3) +17 more potentially affected by CVE-2026-24015 via org.apache.iotdb:node-commons (>=1.0.0 <=1.3.6)

org.apache.iotdb:node-commons MAVEN version =1.0.0, =1.1.2, =1.0.0, =1.2.2, =1.2.2, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.3.0, =1.0.0, =1.1.2 and more Source cves: CVE-2026-24015 Source advisory: SNYK:JAVA-ORGAPACHEIOTDB-15518633...

9.8CVSS5.8AI score0.00584EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/06 2:54 p.m.6 views

Security Bulletin: IBM WebSphere Application Server is affected by a denial of service due to Apache Commons FileUpload used by IBM Master Data Management (CVE-2025-48976)

Summary IBM Master Data Management version 11.6, 12.0 and 14.0 are impacted by vulnerability in WebSphere Application Server which may allocate resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. Vulnerability Details...

7.5CVSS5.8AI score0.63258EPSS
Exploits1Affected Software1
RedHat Linux
RedHat Linux
added 2026/03/05 1:32 p.m.5 views

com.mchange/mchange-commons-java: mchange-commons-java: Arbitrary code execution via JNDI dereferencing of crafted objects

A flaw was found in mchange-commons-java, a Java utility library. An attacker can exploit this vulnerability by providing a maliciously crafted javax.naming.Reference or serialized object to an application using the library. This can provoke the application to download and execute arbitrary...

9.8CVSS6.6AI score0.00812EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2026/03/05 1:32 p.m.6 views

Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.14.4 for Spring Boot release.

Red Hat build of Apache Camel 4.14.4 for Spring Boot patch release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

9.8CVSS8AI score0.01179EPSS
Exploits2References5
OPENSUSE Linux
OPENSUSE Linux
added 2026/03/05 12:0 a.m.2 views

mchange-commons-0.4.0-1.1 on GA media (moderate)

mchange-commons-0.4.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10281-1 Rating: moderate Cross-References: CVE-2026-27727 CVSS scores: CVE-2026-27727 SUSE : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2026-27727 SUSE : 9.2...

9.8CVSS6AI score0.00812EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/04 10:31 a.m.11 views

Security Bulletin: IBM Event Streams is vulnerable to improper access control

Summary IBM Event Streams is vulnerable to improper access control leading to potential classloader access in Apache Commons BeanUtils CVE-2025-48734 Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class w...

8.8CVSS6.2AI score0.01495EPSS
Exploits1Affected Software1
OSV
OSV
added 2026/03/04 12:0 a.m.2 views

OPENSUSE-SU-2026:10281-1 mchange-commons-0.4.0-1.1 on GA media

These are all security issues fixed in the mchange-commons-0.4.0-1.1 package on the GA media of openSUSE Tumbleweed...

9.8CVSS5.8AI score0.00812EPSS
Exploits1References1
Veracode
Veracode
added 2026/02/28 5:2 a.m.6 views

Remote Code Execution (RCE)

mchange-commons-java is vulnerable to Remote Code Execution RCE. The vulnerability is due to its independent JNDI dereferencing implementation allowing remote factoryClassLocation values, which can cause the application to download and execute attacker-controlled code when processing a malicious...

9.8CVSS6.1AI score0.00812EPSS
Exploits1References16Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 4:52 p.m.8 views

Security Bulletin: Multiple vulnerabilities in IBM Rational Developer for i ( CVE-2025-48734, CVE-2025-53057)

Summary IBM Rational Developer for i is affected by an improper access control vulnerability in Apache Commons CVE-2025-48734 and an improper access control vulnerability in Java CVE-2025-53057 as described in the vulnerability details section. Vulnerability Details CVEID:CVE-2025-48734...

8.8CVSS6.2AI score0.01495EPSS
Exploits1Affected Software1
Fedora
Fedora
added 2026/02/27 12:56 a.m.5 views

[SECURITY] Fedora 43 Update: libmaxminddb-1.13.1-1.fc43

The libmaxminddb library provides a C library for reading MaxMind DB files, including the GeoIP2 databases from MaxMind. This is a custom binary format designed to facilitate fast lookups of IP addresses while allowing for great flexibility in the type of data associated with an address. The...

5.9AI score
Exploits0
SUSE CVE
SUSE CVE
added 2026/02/27 12:24 a.m.3 views

SUSE CVE-2026-27727

mchange-commons-java, a library that provides Java utilities, includes code that mirrors early implementations of JNDI functionality, including support for remote factoryClassLocation values, by which code can be downloaded and invoked within a running application. If an attacker can provoke an...

9.8CVSS6.1AI score0.00812EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2026/02/27 12:24 a.m.5 views

SUSE CVE-2026-27830

c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and javax.naming.Reference instances. Several c3p0 ConnectionPoolDataSource implementations have a property called userOverridesAsString which conceptually represents a Map. Prior to...

8CVSS6AI score0.00534EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/26 7:30 p.m.6 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in commons-text-1.3.jar

Summary IBM Watson Discovery Cartridge affected by vulnerability in commons-text-1.3.jar Vulnerability Details CVEID:CVE-2025-46295 DESCRIPTION: Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused when applications passed untrusted input into the...

9.8CVSS6.1AI score0.00919EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/02/26 1:16 a.m.7 views

DEBIAN-CVE-2026-27830

c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and javax.naming.Reference instances. Several c3p0 ConnectionPoolDataSource implementations have a property called userOverridesAsString which conceptually represents a Map. Prior to...

8.9CVSS8.1AI score0.00534EPSS
Exploits0References1
Rows per page
Query Builder