Lucene search
K

4456 matches found

Cvelist
Cvelist
added 2026/06/09 11:47 p.m.35 views

CVE-2026-41695 Denial of Service in Spring Data Commons Property Path Resolution

Spring Data Commons applications may be vulnerable to denial of service through resource exhaustion when attacker-controlled property path strings are passed to MappingContext property path resolution. Affected versions: Spring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through...

7.5CVSS0.00363EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 11:47 p.m.9 views

CVE-2026-41695 Denial of Service in Spring Data Commons Property Path Resolution

Spring Data Commons applications may be vulnerable to denial of service through resource exhaustion when attacker-controlled property path strings are passed to MappingContext property path resolution. Affected versions: Spring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through...

7.5CVSS5.4AI score0.00363EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 11:47 p.m.11 views

EUVD-2026-35891

Spring Data Commons applications may be vulnerable to denial of service through resource exhaustion when attacker-controlled property path strings are passed to MappingContext property path resolution. Affected versions: Spring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through...

7.5CVSS5.4AI score0.00363EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 11:47 p.m.49 views

CVE-2026-41695

Spring Data Commons contains a Denial of Service risk (CVE-2026-41695) caused by resource exhaustion during property path resolution in MappingContext. Affected versions are Spring Data Commons 4.0.0–4.0.5; 3.5.0–3.5.11; 3.4.0–3.4.14. The provided documents describe the issue and affected release...

7.5CVSS5.4AI score0.00363EPSS
Exploits0References1Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 5:24 p.m.10 views

Malicious code in commons-ui-styles (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8b9fb701d18bde61d1dc783f0575a4d83bc0eba2653bd0832d0fc26bc9e85b48 [email protected] is an empty placeholder package index.js exports , description/author blank, version bumped to 99.9.1 — the classic...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/09 5:24 p.m.9 views

MAL-2026-5437 Malicious code in commons-ui-styles (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8b9fb701d18bde61d1dc783f0575a4d83bc0eba2653bd0832d0fc26bc9e85b48 [email protected] is an empty placeholder package index.js exports , description/author blank, version bumped to 99.9.1 — the classic...

5.5AI score
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/09 5:21 a.m.5 views

Security Bulletin: IBM Automation Decision Services for May 2026- Multiple CVEs addressed

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Automation Decision Services. See full list below. Vulnerability Details CVEID:CVE-2025-46295 DESCRIPTION: Apache Commons Text versions prior to 1.10.0 included...

9.8CVSS6.1AI score0.99931EPSS
Exploits42Affected Software1
Spring Security Advisories
Spring Security Advisories
added 2026/06/09 12:0 a.m.6 views

CVE-2026-41721: Spring Data Commons Denial of Service via Data Binding

Spring Data Commons contains a vulnerability that can lead to a Denial of Service DoS condition if Spring Data Web Support is enabled in conjunction with a Controller method using @ProjectedPayload , when an attacker sends a specially crafted HTTP request that causes the application to allocate...

5.9CVSS5.6AI score0.00331EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.14 views

PT-2026-48321

Name of the Vulnerable Software and Affected Versions Spring Data Commons versions 4.0.0 through 4.0.5 Spring Data Commons versions 3.5.0 through 3.5.11 Spring Data Commons versions 3.4.0 through 3.4.14 Spring Data Commons versions 3.3.0 through 3.3.16 Spring Data Commons versions 3.2.0 through...

5.9CVSS5.9AI score0.00331EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.13 views

PT-2026-48316

Name of the Vulnerable Software and Affected Versions Spring Data Commons versions 4.0.0 through 4.0.5 Spring Data Commons versions 3.5.0 through 3.5.11 Spring Data Commons versions 3.4.0 through 3.4.14 Spring Data Commons versions 3.3.0 through 3.3.16 Spring Data Commons versions 3.2.0 through...

5.9CVSS5.8AI score0.0028EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.13 views

PT-2026-48311

Name of the Vulnerable Software and Affected Versions Spring Data Commons versions 4.0.0 through 4.0.5 Spring Data Commons versions 3.5.0 through 3.5.11 Spring Data Commons versions 3.4.0 through 3.4.14 Description Applications may be subject to denial of service through resource exhaustion. This...

7.5CVSS5.8AI score0.00363EPSS
Exploits0References4
Spring Security Advisories
Spring Security Advisories
added 2026/06/09 12:0 a.m.6 views

CVE-2026-41695: Denial of Service in Spring Data Commons Property Path Resolution

Spring Data Commons applications may be vulnerable to denial of service through resource exhaustion when attacker-controlled property path strings are passed to MappingContext property path resolution. Specifically, an application is vulnerable when all of the following are true: Spring Data...

7.5CVSS5.8AI score0.00363EPSS
Exploits0References1Affected Software1
Spring Security Advisories
Spring Security Advisories
added 2026/06/09 12:0 a.m.8 views

CVE-2026-41711: Potential Denial of Service through crafted Sort Parameters

Applications using Spring Data Commons may be vulnerable to a Denial of Service DoS attack leading to a StackOverflowException when parsing Sort parameters. This issue can occur if an application explicitly exposes an endpoint that accepts Sort parameters from untrusted sources and passes them on...

5.9CVSS5.8AI score0.0028EPSS
Exploits0References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/08 4:50 p.m.6 views

Security Bulletin: IBM SPSS Modeler is affected by Improper Access Control vulnerability in Apache Commons

Summary IBM SPSS Modeler is affected by Improper Access Control vulnerability in Apache Commons. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class wa...

8.8CVSS7.1AI score0.01495EPSS
Exploits1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.9 views

CVE-2026-45205

Uncontrolled Recursion vulnerability in Apache Commons. When processing an untrusted configuration file, Commons Configuration will throw a StackOverflowError for YAML input with cycles. This issue affects Apache Commons: from 2.2 before 2.15.0. Users are recommended to upgrade to version 2.15.0,...

5.3CVSS5.4AI score0.00487EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.7 views

CVE-2026-40901

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below ship the legacy velocity-1.7.jar, which pulls in commons-collections-3.2.1.jar containing the InvokerTransformer deserialization gadget chain. Quartz 2.3.2, also bundled in the application, deserializ...

9CVSS6.3AI score0.0063EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/04 3:2 a.m.7 views

Security Bulletin: Due to use of spring-webmvc-6.2.17.jar, IBM Sterling Connect:Direct Web Services is affected by Uncontrolled Recursion vulnerability in Apache Commons.

Summary commons-configuration2-2.11.0.jar is used by IBM Sterling Connect:Direct Web Services CVE-2026-45205. Vulnerability Details CVEID:CVE-2026-45205 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons. When processing an untrusted configuration file, Commons Configuration will...

5.3CVSS5.8AI score0.00487EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.15 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : Apache Commons Lang vulnerability (USN-8364-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8364-1 advisory. It was discovered that Apache Commons Lang incorrectly handled recursion in the ClassUtils.getClass...

5.3CVSS6.7AI score0.02164EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2026/06/02 12:42 p.m.11 views

USN-8364-1: Apache Commons Lang vulnerability

It was discovered that Apache Commons Lang incorrectly handled recursion in the ClassUtils.getClass method. An attacker could possibly use this issue to cause Apache Commons Lang to crash, resulting in a denial of service...

5.3CVSS6.6AI score0.02164EPSS
Exploits0
OSV
OSV
added 2026/06/02 12:42 p.m.10 views

USN-8364-1 libcommons-lang-java, libcommons-lang3-java vulnerability

It was discovered that Apache Commons Lang incorrectly handled recursion in the ClassUtils.getClass method. An attacker could possibly use this issue to cause Apache Commons Lang to crash, resulting in a denial of service...

5.3CVSS6.6AI score0.02164EPSS
Exploits0References2
Rows per page
Query Builder