SUSE CVE-2025-48734

Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default...

CVE-2026-9498 Dromara lamp-cloud Message Template GroovyClassLoader.parseClass special elements used in a template engine

A vulnerability has been found in Dromara lamp-cloud up to 5.6.2. Impacted is the function GroovyClassLoader.parseClass of the component Message Template Handler. Such manipulation of the argument DefMsgTemplate.content leads to improper neutralization of special elements used in a template engin...

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal via the resource parameter in the ssx and jsx endpoints when a leading slash is used. An attacker can access sensitive configuration files by crafting a URL that traverses directories. Note: This issue is due to...

TencentOS Server 2: apache-commons-beanutils (TSSA-2025:0654)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0654 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

Security Bulletin: vulerability in IBM Spectrum Symphony with Apache Commons

Summary vulerability in IBM Spectrum Symphony with Apache Commons Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declare...

Security Bulletin: JAVA related vulnerabilities in IBM SP Enterprise Resource Planning (ERP) effected the ERP product dependency with BA client code.

Summary IBM Storage Protect Enterprise Resource Planning can be affected by security flaws mentioned in CVE-2025-48734. : using the "commons-beanutils-1.8.3.jar" can allow the attacker can get control on the declared class property of Java enum objects to get access to the classloader...

Exploit for Code Injection in Vmware Spring_Framework

Python Firewall for Spring4Shell CVE-2022-22965 Mitigation...

EUVD-2009-3852

Malware in sbrugna...

EUVD-2020-3147

Malware in sbrugna...

EUVD-2019-13454

Malware in sbrugna...

EUVD-2010-4320

Malware in sbrugna...

EUVD-2020-0465

Malware in sbrugna...

EUVD-2022-1318

Malicious code in bioql PyPI...

EUVD-2022-7712

Malicious code in bioql PyPI...

EUVD-2022-4176

Malicious code in bioql PyPI...

EUVD-2023-12514

Malicious code in bioql PyPI...

EUVD-2022-3922

Malicious code in bioql PyPI...

EUVD-2022-39607

Malicious code in bioql PyPI...

EUVD-2023-2088

Malicious code in bioql PyPI...

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to improper access control due to the Apache Commons package (CVE-2025-48734)

Summary Apache Commons is used by DataStage on Cloud Pak for Data as part of Java utility functionality. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used t...