CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2992 matches found

IBM Security Bulletins•added 2025/10/21 5:59 p.m.•4 views

Security Bulletin: Vulnerability in Apache Commons Lang (CVE-2025-48924) affects IBM PowerVM Novalink.

Summary Apache Commons Lang is used by IBM PowerVM Novalink. IBM PowerVM Novalink has addressed the applicable CVE CVE-2025-48924. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting...

5.3CVSS8.7AI score0.02164EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2025/10/17 2:8 p.m.•3 views

Security Bulletin: IBM Application Modernization Accelerator Developer Tools is affected by an Uncontrolled Recursion vulnerability due to Apache Commons Lang (CVE-2025-48924)

Summary There is a vulnerability in Apache Commons Lang used by IBM Application Modernization Accelerator Developer Tools. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with...

5.3CVSS6.6AI score0.02164EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2025/10/15 2:47 p.m.•14 views

Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

Summary QRadar Suite Software includes components with known vulnerabilities. These have been addressed in the update. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons...

7.5CVSS8.7AI score0.63258EPSS

Exploits2Affected Software1

IBM Security Bulletins•added 2025/10/14 6:10 p.m.•7 views

Security Bulletin: Multiple vulnerabilities reported in YAJSW service shipped in IBM WebSphere eXtreme Scale Liberty Deployment

Summary YAJSWYet Another Java Service Wrapper uses Apache Commons and Netty to manage services, launch and monitor application etc. WebSphere eXtreme Scale Liberty deployments, uses YAJSW to register services with the operating system. CVE-2025-27553, CVE-2025-30474 and CVE-2025-25193...

7.5CVSS6.6AI score0.01189EPSS

Exploits0Affected Software1

Tenable Nessus•added 2025/10/14 12:0 a.m.•5 views

IBM WebSphere eXtreme Scale 8.6.1.0 < 8.6.1.6 (7247893)

The version of IBM WebSphere eXtreme Scale installed on the remote host is prior to 8.6.1.6 IBM. It is, therefore, affected by a vulnerability as referenced in the 7247893 advisory. - Relative Path Traversal vulnerability in Apache Commons VFS before 2.10.0. The FileObject API in Commons VFS has ...

7.5CVSS6.7AI score0.01189EPSS

Exploits0References2

IBM Security Bulletins•added 2025/10/09 6:58 a.m.•15 views

Security Bulletin: Due to use of Apache Commons, IBM Operations Analytics - Log Analysis is affected by Improper Handling of Untrusted Input During Deserialization

Summary Apache Commons is used by IBM Operations Analytics - Log Analysis as part of the configuration parsing in Apache Solr CVE-2017-15708, CVE-2019-13116 and Java Deserialization CVE-2015-4852, CVE-2015-6420, CVE-2015-7501 Vulnerability Details CVEID:CVE-2015-4852 DESCRIPTION: The WLS Security...

10CVSS9.8AI score0.96032EPSS

Exploits26Affected Software1

Tenable Nessus•added 2025/10/09 12:0 a.m.•5 views

AlmaLinux 10 : tomcat9 (ALSA-2025:14178)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:14178 advisory. tomcat: Apache Tomcat DoS in multipart upload CVE-2025-48988 tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources CVE-2025-49125...

7.5CVSS7.6AI score0.63258EPSS

Exploits1References9

IBM Security Bulletins•added 2025/10/08 11:16 a.m.•4 views

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing - Uncontrolled Recursion vulnerability in Apache Commons Lang

Summary Apache Commons Lang, Apache Commons Lang: ClassUtils.getClass... Can Throw A StackOverflowError On Very Long Inputs. Following IBM® Engineering Lifecycle Management product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Lifecycle Optimization -...

5.3CVSS6.7AI score0.02164EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2025/10/07 4:47 p.m.•5 views

Security Bulletin: Improper Access Control vulnerability in Apache Commons may affect IBM Business Automation Workflow - CVE-2025-48734

Summary IBM Business Automation Workflow packages a copy of Apache commons-beanutils. CVE-2025-48734 has been reported for this library. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in...

8.8CVSS7AI score0.01495EPSS

Exploits1Affected Software2

IBM Security Bulletins•added 2025/10/07 11:1 a.m.•6 views

Security Bulletin: There is a vulnerability in commons-lang3-3.4.jar used by IBM Maximo Asset Management application (CVE-2025-48924)

Summary There is a vulnerability in commons-lang3-3.4.jarused by IBM Maximo Asset Management application CVE-2025-48924 Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with...

5.3CVSS6.3AI score0.02164EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2025/10/07 7:57 a.m.•8 views

Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is impacted by vulnerabilities in Apache Commons Compress

Summary Vulnerabilities have been identified in Apache Commons Compress, which is used in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2024-25710 DESCRIPTION: Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Apache Commons...

8.1CVSS9.2AI score0.00898EPSS

Exploits0Affected Software1