4458 matches found
CVE-2026-27830 c3p0 vulnerable to Remote Code Execution via unsafe deserialization of userOverridesAsString property
c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and javax.naming.Reference instances. Several c3p0 ConnectionPoolDataSource implementations have a property called userOverridesAsString which conceptually represents a Map. Prior to...
ai.hyacinth.framework:core-service-trigger-server (>=0.5.0 <=0.5.24), ai.stainless:grails-tika (=0.1.0) +4918 more potentially affected by CVE-2026-27727 via com.mchange:mchange-commons-java (>=0.2.10 <=0.3.2)
com.mchange:mchange-commons-java MAVEN version =0.2.10, =0.5.0, =0.0.1, =0.2, =0.3, =0.2, =0.2, =0.3, =0.3, =0.3, =0.3, =0.3, =0.2, =0.3, =0.3, =0.6 and more Source cves: CVE-2026-27727 Source advisory: SNYK:JAVA-COMMCHANGE-15353394...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the factoryClassLocation function. An attacker can achieve arbitrary code execution by provoking the application to read a maliciously...
ai.hyacinth.framework:core-service-trigger-server (>=0.5.0 <=0.5.24), ai.stainless:grails-tika (=0.1.0) +4918 more potentially affected by CVE-2026-27727 via com.mchange:mchange-commons-java (>=0.2.10 <=0.3.2)
com.mchange:mchange-commons-java MAVEN version =0.2.10, =0.5.0, =0.0.1, =0.2, =0.3, =0.2, =0.2, =0.3, =0.3, =0.3, =0.3, =0.3, =0.2, =0.3, =0.3, =0.6 and more Source cves: CVE-2026-27727 Source advisory: OSV:GHSA-M2CM-222F-QW44...
GHSA-M2CM-222F-QW44 mchange-commons-java: Remote Code Execution via JNDI Reference Resolution
Impact mchange-commons-java includes code that mirrors early implementations of JNDI functionality, including support for remote factoryClassLocation values, by which code can be downloaded and invoked within a running application. If an attacker can provoke an application to read a maliciously...
mchange-commons-java: Remote Code Execution via JNDI Reference Resolution
Impact mchange-commons-java includes code that mirrors early implementations of JNDI functionality, including support for remote factoryClassLocation values, by which code can be downloaded and invoked within a running application. If an attacker can provoke an application to read a maliciously...
EUVD-2026-8683
mchange-commons-java: Remote Code Execution via JNDI Reference Resolution...
CVE-2026-27727
mchange-commons-java, a library that provides Java utilities, includes code that mirrors early implementations of JNDI functionality, including support for remote factoryClassLocation values, by which code can be downloaded and invoked within a running application. If an attacker can provoke an...
CVE-2026-27727 mchange-commons-java: Remote Code Execution via JNDI Reference Resolution
mchange-commons-java, a library that provides Java utilities, includes code that mirrors early implementations of JNDI functionality, including support for remote factoryClassLocation values, by which code can be downloaded and invoked within a running application. If an attacker can provoke an...
CVE-2026-27727
mchange-commons-java, a library that provides Java utilities, includes code that mirrors early implementations of JNDI functionality, including support for remote factoryClassLocation values, by which code can be downloaded and invoked within a running application. If an attacker can provoke an...
CVE-2026-27727 mchange-commons-java: Remote Code Execution via JNDI Reference Resolution
mchange-commons-java, a library that provides Java utilities, includes code that mirrors early implementations of JNDI functionality, including support for remote factoryClassLocation values, by which code can be downloaded and invoked within a running application. If an attacker can provoke an...
CVE-2026-27727 mchange-commons-java: Remote Code Execution via JNDI Reference Resolution
mchange-commons-java, a library that provides Java utilities, includes code that mirrors early implementations of JNDI functionality, including support for remote factoryClassLocation values, by which code can be downloaded and invoked within a running application. If an attacker can provoke an...
mchange-commons-java 注入漏洞
mchange-commons-java is a software developed by Steve Waldman. Versions of mchange-commons-java prior to 0.4.0 had a injection vulnerability. This vulnerability stemmed from the library’s inclusion of an independently implemented JNDI dereferencing function, which could allow attackers to trigger...
Security Bulletin: Vulnerabilities in commons-codec-1.11.jar affecting MongoDB Enterprised Advanced (CVE-2020-15250, CVE-2025-48924)
Summary There are 2 vulnerabilities in commons-codec-1.11.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2020-15250, CVE-2025-48924. The vulnerabilities have been addressed. Vulnerability Details IBM X-Force ID: 177835 DESCRIPTION: Apache Commons Codec could allow a remote attack...
Security Bulletin: Vulnerability in Apache Commons IO (CVE-2024-47554) affects IBM WebSphere Service Registry and Repository.
Summary An Uncontrolled Resource Consumption vulnerability in Apache Commons IO CVE-2024-47554 affects IBM WebSphere Service Registry and Repository. Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The...
Atlassian Confluence 7.19.x < 9.2.7 / 9.3.1 < 9.5.3 / 10.0.2 / 10.1.0 / 10.2.0 (CONFSERVER-102193)
The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-102193 advisory. - Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affec...
Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow traditional - CVE-2025-46392
Summary IBM Business Automation Workflow embedded Navigator packages a vulnerable version of Apache commons-configuration. Vulnerability Details CVEID:CVE-2025-46392 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons Configuration 1.x. There are a number of issues in...
Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues
Summary Multiple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest release and fixpack Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow a remote attacker to...
Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues
Summary Multiple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest release and fixpack Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang:...
Security Bulletin: IBM Sterling Secure Proxy is vulnerable to uncontrolled recursion due to Apache Commons Lang.
Summary The methods ClassUtils.getClass... in Apache Commons Lang can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a StackOverflowError could cause an application to stop. IBM Sterling Secure Proxy has addressed the applicabl...