Lucene search
K

4459 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:0 a.m.8 views

CVE-2023-29528

XWiki Commons are technical libraries common to several other top level XWiki projects. The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milestone-1 and massively improved in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting...

9CVSS6.7AI score0.01277EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:0 a.m.9 views

CVE-2023-29202

XWiki Commons are technical libraries common to several other top level XWiki projects. The RSS macro that is bundled in XWiki included the content of the feed items without any cleaning in the HTML output when the parameter content was set to true. This allowed arbitrary HTML and in particular...

9CVSS6.5AI score0.01393EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:0 a.m.8 views

CVE-2023-29211

XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights WikiManager.DeleteWiki can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the wiki...

9.9CVSS7.8AI score0.01193EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:0 a.m.11 views

CVE-2023-29208

XWiki Commons are technical libraries common to several other top level XWiki projects. Rights added to a document are not taken into account for viewing it once it's deleted. Note that this vulnerability only impact deleted documents that where containing view rights: the view rights provided on...

7.5CVSS6.6AI score0.00921EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/08 1:15 p.m.5 views

Security Bulletin: IBM SPSS Analytic Server is affected by a vulnerability in Apache Commons Lang (CVE-2025-48924).

Summary IBM SPSS Analytic Server is affected by a vulnerability in Apache Commons Lang CVE-2025-48924. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache...

5.3CVSS6.7AI score0.02164EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/07 12:49 p.m.9 views

Security Bulletin: Denial of Service vulnerability in Apache commons-fileupload may affect IBM Business Automation Workflow - CVE-2025-48976

Summary IBM Business Automation Workflow is vulnerable to a Denial of Service attack. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache...

7.5CVSS6.6AI score0.63258EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/06 12:17 a.m.5 views

Security Bulletin: IBM Event Processing is affected by multiple Vulnerabilities in IBM Operator for Apache Flink

Summary IBM Event Processing is affected by multiple Vulnerabilities in IBM Operator for Apache Flink 1.4.5 Vulnerability Details CVEID:CVE-2025-58056 DESCRIPTION: Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers...

7.5CVSS6AI score0.02164EPSS
Exploits1Affected Software1
GithubExploit
GithubExploit
added 2026/01/02 5:55 a.m.220 views

Exploit for Code Injection in Apache Commons_Text

CVE-2022-42889-text4shell Description This script is a pe...

9.8CVSS7.8AI score0.99931EPSS
Exploits41
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/31 3:31 p.m.6 views

Security Bulletin: IBM Event Streams is vulnerable to Uncontrolled Recursion vulnerability (CVE-2025-48924)

Summary IBM Event Streams is vulnerable to Uncontrolled Recursion vulnerability due to the use of the Apache Commons Lang artifact. This artifact primarily used for utility functions such as string manipulation, object comparison, and handling common operations that simplify Java development...

5.3CVSS6.6AI score0.02164EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/29 6:2 a.m.10 views

Security Bulletin: Multiple Security Vulnerabilities in IBM Sterling Partner Engagement Manager

Summary Multiple vulnerabilities were addressed in IBM Sterling Partner Engagement Manager versions 6.2.3.5 and 6.2.4.2. Vulnerability Details CVEID:CVE-2025-36124 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security...

7.5CVSS8AI score0.93305EPSS
Exploits5Affected Software1
Atlassian
Atlassian
added 2025/12/19 7:27 p.m.21 views

DoS (Denial of Service) org.apache.commons:commons-fileupload2-core Dependency in Crowd Data Center and Server

This High severity DoS Denial of Service vulnerability was introduced in version 7.1.0 of Crowd Data Center and Server. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker to access...

7.5CVSS7.4AI score0.63258EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/17 2:53 p.m.7 views

Security Bulletin: IBM App Connect Enterprise Toolkit and IBM Integration Bus for z/OS Toolkit are vulnerable to Uncontrolled Resource Consumption due to Apache Commons IO (CVE-2024-47554)

Summary IBM App Connect Enterprise Toolkit and IBM Integration Bus for z/OS Toolkit are vulnerable to Uncontrolled Resource Consumption due to Apache Commons IO. Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The...

4.3CVSS6.6AI score0.01249EPSS
Exploits0Affected Software2
Tenable Nessus
Tenable Nessus
added 2025/12/17 12:0 a.m.4 views

Unity Linux 20.1070e Security Update: apache-commons-lang3 (UTSA-2025-991256)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991256 advisory. Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting withcommons-lang:commons-lang2.0 to 2.6, and, from...

5.3CVSS6.4AI score0.02164EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/12/16 11:13 p.m.1 views

commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang

An uncontrolled recursion flaw was found in the Apache Commons Lang library. The ClassUtils.getClass... method can throw a StackOverflowError on very long inputs. Since this error is typically not handled by applications and libraries, a StackOverflowError may lead to the termination of an...

5.3CVSS7.1AI score0.02164EPSS
Exploits0References5
NVD
NVD
added 2025/12/16 6:16 p.m.10 views

CVE-2025-46295

Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused when applications passed untrusted input into the text-substitution API. Because some interpolators could trigger actions like executing commands or accessing external resources, an attacker could...

9.8CVSS0.00919EPSS
Exploits0References1
OSV
OSV
added 2025/12/16 6:16 p.m.4 views

CVE-2025-46295

Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused when applications passed untrusted input into the text-substitution API. Because some interpolators could trigger actions like executing commands or accessing external resources, an attacker could...

9.8CVSS6AI score0.00919EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/16 6:7 p.m.32 views

CVE-2025-46295

Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused when applications passed untrusted input into the text-substitution API. Because some interpolators could trigger actions like executing commands or accessing external resources, an attacker could...

0.00919EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/16 6:7 p.m.5 views

CVE-2025-46295

Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused when applications passed untrusted input into the text-substitution API. Because some interpolators could trigger actions like executing commands or accessing external resources, an attacker could...

7.8AI score0.00919EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/16 10:53 a.m.4 views

Security Bulletin:Vulnerability in Apache Commons HttpClient affects IBM Netezza Appliance

Summary The Apache Commons HttpClient package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2012-5783 Vulnerability Details CVEID:CVE-2012-5783 DESCRIPTION: Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java...

5.8CVSS6.5AI score0.09254EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/16 10:45 a.m.5 views

Security Bulletin:Vulnerability in Apache Commons HttpClient affects IBM Netezza Appliance

Summary The Apache Commons HttpClient package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2012-6153 Vulnerability Details CVEID:CVE-2012-6153 DESCRIPTION: http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not...

4.3CVSS6.4AI score0.05844EPSS
Exploits0Affected Software1
Rows per page
Query Builder