Lucene search
K

415 matches found

RedhatCVE
RedhatCVE
added 2026/07/03 2:36 p.m.7 views

CVE-2026-55223

A flaw was found in c3p0, a JDBC Connection pooling library. This vulnerability allows a remote attacker to potentially execute arbitrary code by crafting a malicious data source object. When an application deserializes this object and automatically resolves its properties, it can trigger...

7.5CVSS6.3AI score0.00284EPSS
Exploits0References5
NVD
NVD
added 2026/06/30 11:17 p.m.10 views

CVE-2026-55223

c3p0 is a JDBC Connection pooling library. In versions prior to 0.14.0, c3p0 in combination with other libraries, can compose to a "sink" for deserialization gadgets. The JDBC spec's DataSource.getConnection and ConnectionPoolDataSource.getPooledConnection match the getXXX form, so JavaBean...

6.3CVSS0.00284EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 11:17 p.m.4 views

UBUNTU-CVE-2026-55223

c3p0 is a JDBC Connection pooling library. In versions prior to 0.14.0, c3p0 in combination with other libraries, can compose to a "sink" for deserialization gadgets. The JDBC spec's DataSource.getConnection and ConnectionPoolDataSource.getPooledConnection match the getXXX form, so JavaBean...

6.3CVSS5.7AI score0.00284EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/25 8:15 p.m.9 views

Security Bulletin: IBM Cloud Pak System is vulnerable to an Improper Access Control due to use of Apache Commons BeanUtils [CVE-2025-48734]

Summary Due to use of Apache Commons BeanUtils IBM Cloud Pak System is vulnerable to an Improper Access Control. IBM Cloud Pak System addressed vulnerability. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospecto...

8.8CVSS6.9AI score0.01548EPSS
Exploits1Affected Software1
OSV
OSV
added 2026/06/21 8:25 a.m.8 views

ROOT-APP-MAVEN-CVE-2025-48734 CVE-2025-48734 in io.root.commons-beanutils:commons-beanutils - Patched by Root

Root has patched CVE-2025-48734 in the io.root.commons-beanutils:commons-beanutils package for Root:Maven. Multiple fixed versions available...

8.8CVSS7.2AI score0.01548EPSS
Exploits1
OSV
OSV
added 2026/06/21 8:25 a.m.12 views

ROOT-APP-MAVEN-CVE-2019-10086 CVE-2019-10086 in io.root.commons-beanutils:commons-beanutils - Patched by Root

Root has patched CVE-2019-10086 in the io.root.commons-beanutils:commons-beanutils package for Root:Maven. Multiple fixed versions available...

7.5CVSS6.7AI score0.28839EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.21 views

Oracle E-Business Suite (April 2026 CPU)

The versions of Oracle E-Business Suite installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2026 CPU advisory. - Vulnerability in the Oracle Advanced Inbound Telephony product of Oracle E-Business Suite component: Setup and Administration. Supported...

9.8CVSS6.3AI score0.01916EPSS
Exploits7References21
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/11 3:38 p.m.5 views

Security Bulletin: Vulnarability in commons-beanutils library (CVE-2019-10086) affects Power HMC.

Summary The commons-beanutils library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2019-10086 DESCRIPTION: In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability...

7.5CVSS6.6AI score0.28839EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/08 4:50 p.m.8 views

Security Bulletin: IBM SPSS Modeler is affected by Improper Access Control vulnerability in Apache Commons

Summary IBM SPSS Modeler is affected by Improper Access Control vulnerability in Apache Commons. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class wa...

8.8CVSS7.1AI score0.01548EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.11 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : Apache Commons BeanUtils vulnerability (USN-8322-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8322-1 advisory. It was discovered that Apache Commons BeanUtils incorrectly allowed access to the declaredClass proper...

8.8CVSS7.1AI score0.01548EPSS
Exploits1References2
OSV
OSV
added 2026/05/27 1:20 p.m.8 views

USN-8322-1 commons-beanutils vulnerability

It was discovered that Apache Commons BeanUtils incorrectly allowed access to the declaredClass property of Java enum objects when handling externally supplied property paths. An attacker could possibly use this issue to execute arbitrary code...

8.8CVSS7.5AI score0.01548EPSS
Exploits1References2
Ubuntu
Ubuntu
added 2026/05/27 1:20 p.m.17 views

USN-8322-1: Apache Commons BeanUtils vulnerability

It was discovered that Apache Commons BeanUtils incorrectly allowed access to the declaredClass property of Java enum objects when handling externally supplied property paths. An attacker could possibly use this issue to execute arbitrary code...

8.8CVSS7.1AI score0.01548EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2026/05/27 2:57 a.m.10 views

SUSE CVE-2025-48734

Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default...

8.8CVSS6.8AI score0.01548EPSS
Exploits1References7
Atlassian
Atlassian
added 2026/04/16 1:5 p.m.23 views

Improper Authorization commons-beanutils:commons-beanutils Dependency in Jira Service Management Data Center

This High severity Improper Authorization vulnerability was introduced in versions 5.12.1, 5.15.2, 5.16.0, 5.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, and 10.7.1 of Jira Service Management Data Center. This Improper Authorization vulnerability, with a CVSS Score of 8.8 and a...

8.8CVSS7.5AI score0.01548EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/10 11:20 p.m.10 views

Security Bulletin: Multiple vulnerabilities in IBM Aspera Enterprise WebApps

Summary Multiple vulnerabilities were addressed in IBM Aspera Enterprise WebApps version 1.0.2 Vulnerability Details CVEID:CVE-2025-64718 DESCRIPTION: js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it's possible for an attacker to modify the prototype of the...

8.8CVSS6.8AI score0.62368EPSS
Exploits3Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/27 8:58 a.m.16 views

Security Bulletin: Multiple secuirty vulnerabilies addressed with IBM Business Automation Workflow (traditional and containers) March 2026

Summary In addition to updating many operating system level packages on container images, IBM Business Automation Workflow fixes address the following vulnerabilities. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special...

8.8CVSS7.2AI score0.01548EPSS
Exploits7Affected Software2
GithubExploit
GithubExploit
added 2026/03/20 6:54 p.m.238 views

Exploit for Missing Authorization in Scshr Hr_Portal

CVE-2025-48734: Apache Commons BeanUtils – enum declaredClass...

8.8CVSS7.8AI score0.01548EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/19 1:24 p.m.14 views

Security Bulletin: IBM Datapower Operations Dashboard may allow remote attackers to access the ClassLoader and execute arbitrary code CVE-2025-48734

Summary Apache Commons is used by the IBM Datapower Operations Dashboard in their Java components utility implementation Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. Th...

8.8CVSS6.1AI score0.01548EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/09 10:9 a.m.5 views

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues

Summary Multiple vulnerabilities affect IBM Sterling Secure Proxy and are addressed in the latest release and fixpack Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons...

8.8CVSS6AI score0.64718EPSS
Exploits2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/05 12:0 a.m.10 views

MiracleLinux 9 : apache-commons-beanutils-1.9.4-10.el9_6 (AXSA:2026-249:01)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2026-249:01 advisory. commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default CVE-2025-48734 Tenable has...

8.8CVSS6AI score0.01548EPSS
Exploits1References2
Rows per page
Query Builder