Lucene search
K

4458 matches found

Vulnrichment
Vulnrichment
added 2026/02/26 12:45 a.m.4 views

CVE-2026-27830 c3p0 vulnerable to Remote Code Execution via unsafe deserialization of userOverridesAsString property

c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and javax.naming.Reference instances. Several c3p0 ConnectionPoolDataSource implementations have a property called userOverridesAsString which conceptually represents a Map. Prior to...

8.9CVSS7.4AI score0.00534EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2026/02/26 12:17 a.m.8 views

ai.hyacinth.framework:core-service-trigger-server (>=0.5.0 <=0.5.24), ai.stainless:grails-tika (=0.1.0) +4918 more potentially affected by CVE-2026-27727 via com.mchange:mchange-commons-java (>=0.2.10 <=0.3.2)

com.mchange:mchange-commons-java MAVEN version =0.2.10, =0.5.0, =0.0.1, =0.2, =0.3, =0.2, =0.2, =0.3, =0.3, =0.3, =0.3, =0.3, =0.2, =0.3, =0.3, =0.6 and more Source cves: CVE-2026-27727 Source advisory: SNYK:JAVA-COMMCHANGE-15353394...

9.8CVSS7.2AI score0.00812EPSS
Exploits1
Snyk
Snyk
added 2026/02/26 12:17 a.m.6 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the factoryClassLocation function. An attacker can achieve arbitrary code execution by provoking the application to read a maliciously...

9.8CVSS6.5AI score0.00812EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2026/02/25 6:20 p.m.8 views

ai.hyacinth.framework:core-service-trigger-server (>=0.5.0 <=0.5.24), ai.stainless:grails-tika (=0.1.0) +4918 more potentially affected by CVE-2026-27727 via com.mchange:mchange-commons-java (>=0.2.10 <=0.3.2)

com.mchange:mchange-commons-java MAVEN version =0.2.10, =0.5.0, =0.0.1, =0.2, =0.3, =0.2, =0.2, =0.3, =0.3, =0.3, =0.3, =0.3, =0.2, =0.3, =0.3, =0.6 and more Source cves: CVE-2026-27727 Source advisory: OSV:GHSA-M2CM-222F-QW44...

9.8CVSS7.2AI score0.00812EPSS
Exploits1
OSV
OSV
added 2026/02/25 6:20 p.m.2 views

GHSA-M2CM-222F-QW44 mchange-commons-java: Remote Code Execution via JNDI Reference Resolution

Impact mchange-commons-java includes code that mirrors early implementations of JNDI functionality, including support for remote factoryClassLocation values, by which code can be downloaded and invoked within a running application. If an attacker can provoke an application to read a maliciously...

8.9CVSS6.2AI score0.00812EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/02/25 6:20 p.m.7 views

mchange-commons-java: Remote Code Execution via JNDI Reference Resolution

Impact mchange-commons-java includes code that mirrors early implementations of JNDI functionality, including support for remote factoryClassLocation values, by which code can be downloaded and invoked within a running application. If an attacker can provoke an application to read a maliciously...

9.8CVSS6AI score0.00812EPSS
Exploits1References6Affected Software1
EUVD
EUVD
added 2026/02/25 6:20 p.m.6 views

EUVD-2026-8683

mchange-commons-java: Remote Code Execution via JNDI Reference Resolution...

8.9CVSS5.5AI score0.00812EPSS
Exploits1References4
NVD
NVD
added 2026/02/25 5:25 p.m.13 views

CVE-2026-27727

mchange-commons-java, a library that provides Java utilities, includes code that mirrors early implementations of JNDI functionality, including support for remote factoryClassLocation values, by which code can be downloaded and invoked within a running application. If an attacker can provoke an...

9.8CVSS0.00812EPSS
Exploits1References14
Cvelist
Cvelist
added 2026/02/25 4:1 p.m.23 views

CVE-2026-27727 mchange-commons-java: Remote Code Execution via JNDI Reference Resolution

mchange-commons-java, a library that provides Java utilities, includes code that mirrors early implementations of JNDI functionality, including support for remote factoryClassLocation values, by which code can be downloaded and invoked within a running application. If an attacker can provoke an...

8.9CVSS0.00812EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/25 4:1 p.m.5 views

CVE-2026-27727

mchange-commons-java, a library that provides Java utilities, includes code that mirrors early implementations of JNDI functionality, including support for remote factoryClassLocation values, by which code can be downloaded and invoked within a running application. If an attacker can provoke an...

9.8CVSS6AI score0.00812EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/25 4:1 p.m.4 views

CVE-2026-27727 mchange-commons-java: Remote Code Execution via JNDI Reference Resolution

mchange-commons-java, a library that provides Java utilities, includes code that mirrors early implementations of JNDI functionality, including support for remote factoryClassLocation values, by which code can be downloaded and invoked within a running application. If an attacker can provoke an...

8.9CVSS6AI score0.00812EPSS
Exploits1References4
OSV
OSV
added 2026/02/25 4:1 p.m.9 views

CVE-2026-27727 mchange-commons-java: Remote Code Execution via JNDI Reference Resolution

mchange-commons-java, a library that provides Java utilities, includes code that mirrors early implementations of JNDI functionality, including support for remote factoryClassLocation values, by which code can be downloaded and invoked within a running application. If an attacker can provoke an...

8.9CVSS6.2AI score0.00812EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.18 views

mchange-commons-java 注入漏洞

mchange-commons-java is a software developed by Steve Waldman. Versions of mchange-commons-java prior to 0.4.0 had a injection vulnerability. This vulnerability stemmed from the library’s inclusion of an independently implemented JNDI dereferencing function, which could allow attackers to trigger...

9.8CVSS7.4AI score0.00812EPSS
Exploits1References5
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/24 7:12 p.m.11 views

Security Bulletin: Vulnerabilities in commons-codec-1.11.jar affecting MongoDB Enterprised Advanced (CVE-2020-15250, CVE-2025-48924)

Summary There are 2 vulnerabilities in commons-codec-1.11.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2020-15250, CVE-2025-48924. The vulnerabilities have been addressed. Vulnerability Details IBM X-Force ID: 177835 DESCRIPTION: Apache Commons Codec could allow a remote attack...

5.5CVSS5.6AI score0.02164EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/20 3:54 p.m.7 views

Security Bulletin: Vulnerability in Apache Commons IO (CVE-2024-47554) affects IBM WebSphere Service Registry and Repository.

Summary An Uncontrolled Resource Consumption vulnerability in Apache Commons IO CVE-2024-47554 affects IBM WebSphere Service Registry and Repository. Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The...

4.3CVSS5.5AI score0.01249EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/02/20 12:0 a.m.8 views

Atlassian Confluence 7.19.x < 9.2.7 / 9.3.1 < 9.5.3 / 10.0.2 / 10.1.0 / 10.2.0 (CONFSERVER-102193)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-102193 advisory. - Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affec...

7.5CVSS5.6AI score0.63258EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/18 11:30 a.m.24 views

Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow traditional - CVE-2025-46392

Summary IBM Business Automation Workflow embedded Navigator packages a vulnerable version of Apache commons-configuration. Vulnerability Details CVEID:CVE-2025-46392 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons Configuration 1.x. There are a number of issues in...

6.5CVSS6.3AI score0.01663EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/17 2:17 p.m.11 views

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues

Summary Multiple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest release and fixpack Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow a remote attacker to...

8.8CVSS6.1AI score0.01495EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/17 12:4 p.m.12 views

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues

Summary Multiple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest release and fixpack Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang:...

7.5CVSS6.5AI score0.03026EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/10 5:7 p.m.15 views

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to uncontrolled recursion due to Apache Commons Lang.

Summary The methods ClassUtils.getClass... in Apache Commons Lang can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a StackOverflowError could cause an application to stop. IBM Sterling Secure Proxy has addressed the applicabl...

5.3CVSS5.5AI score0.02164EPSS
Exploits0Affected Software1
Rows per page
Query Builder