CVE-2026-27727 mchange-commons-java: Remote Code Execution via JNDI Reference Resolution

mchange-commons-java, a library that provides Java utilities, includes code that mirrors early implementations of JNDI functionality, including support for remote factoryClassLocation values, by which code can be downloaded and invoked within a running application. If an attacker can provoke an...

CVE-2026-27727

CVE-2026-27727 is confirmed in multiple IBM advisories as affecting the mchange-commons-java library used by IBM Maximo Monitor Component and related IBM products. The vulnerability stems from JNDI dereferencing code in mchange-commons-java, which can allow an attacker to cause download and execu...

CVE-2023-2001

An issue has been discovered in GitLab CE/EE affecting all versions before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An attacker was able to spoof protected tags, which could potentially lead a victim to download malicious code...

CVE-2022-41156

Remote code execution vulnerability due to insufficient verification of URLs, etc. in OndiskPlayerAgent. A remote attacker could exploit the vulnerability to cause remote code execution by causing an arbitrary user to download and execute malicious code...