Lucene search
K

9 matches found

OSV
OSV
added 2026/05/04 6:30 p.m.3 views

GHSA-CX4M-2P55-RW7J Apache OpenNLP ExtensionLoader Vulnerable to Arbitrary Class Instantiation via Model Manifest

Arbitrary Class Instantiation via Model Manifest in Apache OpenNLP ExtensionLoader Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The ExtensionLoader.instantiateExtensionClass, String method loads a class by its fully-qualified name via Class.forName and invokes its no-arg...

9.8CVSS6.1AI score0.00692EPSS
Exploits0References4
OSV
OSV
added 2026/05/04 5:16 p.m.3 views

DEBIAN-CVE-2026-42027

Arbitrary Class Instantiation via Model Manifest in Apache OpenNLP ExtensionLoader Versions Affected: before 1.9.5, before 2.5.9, before 3.0.0-M3 Description: The ExtensionLoader.instantiateExtensionClass, String method loads a class by its fully-qualified name via Class.forName and invokes its...

9.8CVSS6AI score0.00692EPSS
Exploits0References1
NVD
NVD
added 2026/05/04 5:16 p.m.14 views

CVE-2026-42027

Arbitrary Class Instantiation via Model Manifest in Apache OpenNLP ExtensionLoader Versions Affected: before 1.9.5, before 2.5.9, before 3.0.0-M3 Description: The ExtensionLoader.instantiateExtensionClass, String method loads a class by its fully-qualified name via Class.forName and invokes its...

9.8CVSS0.00692EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/05/04 5:16 p.m.5 views

CVE-2026-42027

Arbitrary Class Instantiation via Model Manifest in Apache OpenNLP ExtensionLoader Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The ExtensionLoader.instantiateExtensionClass, String method loads a class by its fully-qualified name via Class.forName and invokes its no-arg...

9.8CVSS5.9AI score0.00692EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/04 4:43 p.m.34 views

CVE-2026-42027 Apache OpenNLP: Arbitrary Class Instantiation via Model Manifest in ExtensionLoader

Arbitrary Class Instantiation via Model Manifest in Apache OpenNLP ExtensionLoader Versions Affected: before 1.9.5, before 2.5.9, before 3.0.0-M3 Description: The ExtensionLoader.instantiateExtensionClass, String method loads a class by its fully-qualified name via Class.forName and invokes its...

0.00692EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/05/04 4:43 p.m.7 views

CVE-2026-42027

Arbitrary Class Instantiation via Model Manifest in Apache OpenNLP ExtensionLoader Versions Affected: before 1.9.5, before 2.5.9, before 3.0.0-M3 Description: The ExtensionLoader.instantiateExtensionClass, String method loads a class by its fully-qualified name via Class.forName and invokes its...

9.8CVSS6AI score0.00692EPSS
Exploits0
CVE
CVE
added 2026/05/04 4:43 p.m.24 views

CVE-2026-42027

The CVE-2026-42027 issue affects Apache OpenNLP ExtensionLoader: ExtensionLoader.instantiateExtension(Class, String) uses Class.forName() to load a class name from a model archive manifest and invokes its no-arg constructor. Although the isAssignableFrom check filters types after loading, Class.f...

9.8CVSS6AI score0.00692EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/04 4:43 p.m.7 views

CVE-2026-42027 Apache OpenNLP: Arbitrary Class Instantiation via Model Manifest in ExtensionLoader

Arbitrary Class Instantiation via Model Manifest in Apache OpenNLP ExtensionLoader Versions Affected: before 1.9.5, before 2.5.9, before 3.0.0-M3 Description: The ExtensionLoader.instantiateExtensionClass, String method loads a class by its fully-qualified name via Class.forName and invokes its...

6AI score0.00692EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/04 4:43 p.m.11 views

EUVD-2026-27005

Arbitrary Class Instantiation via Model Manifest in Apache OpenNLP ExtensionLoader Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The ExtensionLoader.instantiateExtensionClass, String method loads a class by its fully-qualified name via Class.forName and invokes its no-arg...

6.1AI score0.00692EPSS
Exploits0References1
Rows per page
Query Builder