Lucene search
K

4459 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/12/16 7:1 a.m.6 views

Security Bulletin: Vulnerability in commons-lang;commons-lang3 affects IBM Netezza Appliance

Summary The commons-lang;commons-lang3 package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-48924 Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache...

5.3CVSS6.5AI score0.02164EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.8 views

PT-2025-51764

Name of the Vulnerable Software and Affected Versions Apache Commons Text versions prior to 1.10.0 FileMaker Server versions prior to 22.0.4 Description Apache Commons Text versions prior to 1.10.0 contain interpolation features that could be exploited when applications process untrusted input...

10CVSS7.9AI score0.00919EPSS
Exploits0References17
Redos
Redos
added 2025/12/16 12:0 a.m.2 views

ROS-20251216-7311

A vulnerability in the ClassUtils.getClass function of the Apache Commons Lang library for the Java programming language involves uncontrolled recursion. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

5.3CVSS6.7AI score0.02164EPSS
Exploits0
Redos
Redos
added 2025/12/16 12:0 a.m.2 views

ROS-20251216-7307

A vulnerability in the FTP Client component of the Apache Commons Net library is related to the use of open redirection with insufficient input data validation during PASV response processing. Exploitation of the vulnerability could allow a remote attacker to gain unauthorized access to protected...

6.5CVSS7AI score0.01858EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/12/16 12:0 a.m.6 views

Apache Commons FileUpload < 1.6 , 2.0.0-M1 < 2.0.0-M4 Denial of Service (CVE-2025-48976)

The version of Apache Commons FileUpload on the remote host is 1.6 , 2.0.0-M1 2.0.0-M4. It is, therefore, affected by a denial of service vulnerability due to allocation of resources for multipart headers with insufficient limits. Note that Nessus has not tested for these issues but has instead...

7.5CVSS7.3AI score0.63258EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/15 11:19 a.m.5 views

Security Bulletin: due to the use of Apache Commons Lang, IBM Transformation Extender Advanced is vulnerable to Uncontrolled Recursion vulnerability

Summary Apache Commons Lang is used by IBM Transformation Extender Advanced also known as IBM Standards Processing Engine as part of common utility helpers . CVE-2024-47554 Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This...

5.3CVSS6.2AI score0.02164EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/15 11:18 a.m.8 views

Security Bulletin: due to the use of Apache Commons FileUpload, IBM Transformation Extender Advanced is vulnerable to DoS vulnerability

Summary Apache Commons FileUpload is used by IBM Transformation Extender Advanced also known as IBM Standards Processing Engine as part of common utility helpers. CVE-2024-47554 Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient...

7.5CVSS6.6AI score0.63258EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/12/15 12:0 a.m.2 views

SUSE SLES12 Security Update : apache-commons-lang3 (SUSE-SU-2025:02786-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2025:02786-1 advisory. - CVE-2025-48924: Fixed an uncontrolled recursion vulnerability that may lead to a DoS. bsc1246397 Tenable has extracted the preceding description blo...

5.3CVSS6.4AI score0.02164EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/12/15 12:0 a.m.3 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : apache-commons-lang3 (SUSE-SU-2025:02785-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:02785-1 advisory. - CVE-2025-48924: Fixed an uncontrolled recursion vulnerability that may lead to a DoS. bsc1246397 Tenab...

5.3CVSS6.4AI score0.02164EPSS
Exploits0References4
Veracode
Veracode
added 2025/12/13 5:3 a.m.10 views

Uncontrolled Resource Consumption

Apache Commons Configuration is vulnerable to Uncontrolled Resource Consumption. The vulnerability is due to multiple design issues in the configuration loading and processing logic, where loading untrusted configuration files or allowing attacker-controlled usage patterns can trigger excessive C...

7.3CVSS6.8AI score0.02054EPSS
Exploits0References4Affected Software1
Atlassian
Atlassian
added 2025/12/11 10:27 p.m.15 views

XXE (XML External Entity Injection) org.apache.jackrabbit:jackrabbit-spi-commons Dependency in Confluence Data Center and Server

This High severity XXE XML External Entity Injection vulnerability was introduced in versions 7.13 of Confluence Data Center and Server. This XXE XML External Entity Injection vulnerability, with a CVSS Score of 8.8 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H allows an...

8.8CVSS5.4AI score0.00466EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2025/12/11 8:15 p.m.5 views

commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang

An uncontrolled recursion flaw was found in the Apache Commons Lang library. The ClassUtils.getClass... method can throw a StackOverflowError on very long inputs. Since this error is typically not handled by applications and libraries, a StackOverflowError may lead to the termination of an...

5.3CVSS7.1AI score0.02164EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/12/10 12:0 a.m.7 views

Apache Commons FileUpload JAR Detection

Binary data apachecommonsfileuploadjardetect.nbin...

7AI score
Exploits0References1
Atlassian
Atlassian
added 2025/12/09 10:50 p.m.17 views

DoS (Denial of Service) commons-fileupload:commons-fileupload Dependency in Jira Software Data Center and Server

This High severity DoS Denial of Service vulnerability known as CVE-2025-48976 was introduced in 9.12.1 of Jira Software Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker to take...

7.5CVSS6.7AI score0.63258EPSS
Exploits1
GithubExploit
GithubExploit
added 2025/12/06 10:58 a.m.205 views

Exploit for Code Injection in Pivotal_Software Spring_Data_Commons

SpringBoot-Toolkit An interactive penetration-testing tool de...

10CVSS8.7AI score0.99939EPSS
Exploits188
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/05 1:44 p.m.7 views

Security Bulletin: DoS vulnerability in Apache Commons FileUpload vulnerability in WebSphere Application Server Liberty affects IBM Spectrum Protect Operations Center (CVE-2025-48976)

Summary IBM WebSphere Application Server Liberty is vulnerable to DoS in Apache Commons FileUpload attack which can affect IBM Spectrum Protect formerly Tivoli Storage Manager Operations Center. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers...

7.5CVSS6.4AI score0.63258EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/03 11:8 a.m.6 views

Security Bulletin: Multiple vulnerabilities in IBM Disconnected Log Collector

Summary Multiple vulnerabilities were addressed in IBM Disconnected Log Collector version 2.0.0. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop...

8.8CVSS9.2AI score0.08665EPSS
Exploits2Affected Software1
Redos
Redos
added 2025/12/03 12:0 a.m.14 views

ROS-20251203-05

A vulnerability in the Java library for handling Apache Commons Configuration files is related to the fact that, the application does not properly control internal resource consumption when loading a specially crafted configuration file. created configuration file. Exploitation of the vulnerabili...

6.5CVSS6AI score0.01663EPSS
Exploits0
OSV
OSV
added 2025/12/01 7:8 p.m.5 views

CLSA-2025-1764580671 pki-servlet-engine: Fix of 2 CVEs

CVE-2024-50379: fix TOCTOU vulnerability in JSP compilation to prevent RCE on case insensitive file systems - CVE-2024-38286: fix issue of resource allocation without limits or throttling vulnerability in TLS handshake process - Apply skip-common-daemon patch to remove the commons-daemon.jar copy...

9.8CVSS7.3AI score0.43663EPSS
Exploits13References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/01 9:43 a.m.11 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which is affected by a denial of service due to Apache Commons FileUpload and vulnerable to CVE-2025-48976.

Summary IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which is affected by a denial of service due to Apache Commons FileUpload and vulnerable to CVE-2025-48976. This bulletin contains information regarding the vulnerability and its fixture...

7.5CVSS6.6AI score0.63258EPSS
Exploits1Affected Software1
Rows per page
Query Builder