Lucene search
+L

6 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 1:11 p.m.5 views

Security Bulletin: Vulnerability in node-tar affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in node-tar has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

9.8CVSS7.4AI score0.00812EPSS
Exploits1Affected Software2
RedHat Linux
RedHat Linux
added 2026/03/05 1:32 p.m.5 views

com.mchange/mchange-commons-java: mchange-commons-java: Arbitrary code execution via JNDI dereferencing of crafted objects

A flaw was found in mchange-commons-java, a Java utility library. An attacker can exploit this vulnerability by providing a maliciously crafted javax.naming.Reference or serialized object to an application using the library. This can provoke the application to download and execute arbitrary...

9.8CVSS6.6AI score0.00812EPSS
Exploits1References8
Veracode
Veracode
added 2026/02/28 5:2 a.m.8 views

Remote Code Execution (RCE)

mchange-commons-java is vulnerable to Remote Code Execution RCE. The vulnerability is due to its independent JNDI dereferencing implementation allowing remote factoryClassLocation values, which can cause the application to download and execute attacker-controlled code when processing a malicious...

9.8CVSS6.1AI score0.00812EPSS
Exploits1References17Affected Software1
EUVD
EUVD
added 2026/02/25 6:20 p.m.7 views

EUVD-2026-8683

mchange-commons-java: Remote Code Execution via JNDI Reference Resolution...

8.9CVSS5.5AI score0.00812EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/25 4:1 p.m.5 views

CVE-2026-27727

mchange-commons-java, a library that provides Java utilities, includes code that mirrors early implementations of JNDI functionality, including support for remote factoryClassLocation values, by which code can be downloaded and invoked within a running application. If an attacker can provoke an...

9.8CVSS6AI score0.00812EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.4 views

PT-2026-21943

Name of the Vulnerable Software and Affected Versions mchange-commons-java versions prior to 0.4.0 Description mchange-commons-java, a library providing Java utilities, contains code that replicates early JNDI implementations, including support for remote factoryClassLocation values. This allows...

9.8CVSS6.2AI score0.00812EPSS
Exploits1References38
Rows per page
Query Builder