Unsafe Reflection

Overview Affected versions of this package are vulnerable to Unsafe Reflection that leads to arbitrary class instantiation, via the instantiateExtension method in the ExtensionLoader class. An attacker can trigger the static initializer of any class present on the classpath by supplying a model...

CVE-2026-42027

Arbitrary Class Instantiation via Model Manifest in Apache OpenNLP ExtensionLoader Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The ExtensionLoader.instantiateExtensionClass, String method loads a class by its fully-qualified name via Class.forName and invokes its no-arg...

EUVD-2025-29428

Malicious code in bioql PyPI...

Measured is vulnerable to Path Traversal attacks during class initialization

Impact A path traversal vulnerability exists where an attacker with access to manipulate inputs when initializing the Measured::Cache::Json class would be able to instruct the library to read arbitrary files. Patches Users should update to the latest version...

GHSA-29G5-M8V7-V564 Measured is vulnerable to Path Traversal attacks during class initialization

Impact A path traversal vulnerability exists where an attacker with access to manipulate inputs when initializing the Measured::Cache::Json class would be able to instruct the library to read arbitrary files. Patches Users should update to the latest version...

Eclipse OpenJ9 安全漏洞

Eclipse OpenJ9 is a Java application engine from the Eclipse Foundation. The product is primarily used to run Java applications. A security vulnerability exists in Eclipse Openj9 version 0.25, which stems from the fact that the jdk.internal.reflect.ConstantPool API causes the JVM to pre-parse...

Security update for java-11-openjdk (important)

openSUSE Security Update: Security update for java-11-openjdk Announcement ID: openSUSE-SU-2019:0161-1 Rating: important References: 1120431 1122293 1122299 Cross-References: CVE-2018-11212 CVE-2019-2422 CVE-2019-2426 Affected Products: openSUSE Leap 15.0 An update that fixes three vulnerabilitie...