ROOT-APP-MAVEN-CVE-2019-10086 CVE-2019-10086 in io.root.commons-beanutils:commons-beanutils - Patched by Root

Root has patched CVE-2019-10086 in the io.root.commons-beanutils:commons-beanutils package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2025-48924 CVE-2025-48924 in io.root.org.apache.commons:commons-lang3 - Patched by Root

Root has patched CVE-2025-48924 in the io.root.org.apache.commons:commons-lang3 package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2024-26308 CVE-2024-26308 in io.root.org.apache.commons:commons-compress - Patched by Root

Root has patched CVE-2024-26308 in the io.root.org.apache.commons:commons-compress package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2024-25710 CVE-2024-25710 in io.root.org.apache.commons:commons-compress - Patched by Root

Root has patched CVE-2024-25710 in the io.root.org.apache.commons:commons-compress package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2021-29425 CVE-2021-29425 in io.root.commons-io:commons-io - Patched by Root

Root has patched CVE-2021-29425 in the io.root.commons-io:commons-io package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2024-47554 CVE-2024-47554 in io.root.commons-io:commons-io - Patched by Root

Root has patched CVE-2024-47554 in the io.root.commons-io:commons-io package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2025-48976 CVE-2025-48976 in io.root.commons-fileupload:commons-fileupload - Patched by Root

Root has patched CVE-2025-48976 in the io.root.commons-fileupload:commons-fileupload package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2015-7501 CVE-2015-7501 in io.root.commons-collections:commons-collections - Patched by Root

Root has patched CVE-2015-7501 in the io.root.commons-collections:commons-collections package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2015-6420 CVE-2015-6420 in io.root.commons-collections:commons-collections - Patched by Root

Root has patched CVE-2015-6420 in the io.root.commons-collections:commons-collections package for Root:Maven. Multiple fixed versions available...

Security Bulletin: Multiple Vulnerabilities in IBM Datacap

Summary Multiple vulnerabilities were addressed in IBM Datacap version 9.1.9 Interim Fix 008. Vulnerability Details CVEID:CVE-2026-45205 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons. When processing an untrusted configuration file, Commons Configuration will throw a...

Security Bulletin: IBM Engineering Systems Design Rhapsody TestConductor was affected by CVE-2025-48924

Summary IBM Engineering Systems Design Rhapsody TestConductor was vulnerable to an uncontrolled recursion on very long inputs. This could cause components using Apache Commons Lang to stop. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache...

Oracle E-Business Suite (April 2026 CPU)

The versions of Oracle E-Business Suite installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2026 CPU advisory. - Vulnerability in the Oracle Advanced Inbound Telephony product of Oracle E-Business Suite component: Setup and Administration. Supported...

Security Bulletin: The Apache Commons Lang library that is shipped with IBM ApplinX is vulnerable to an Uncontrolled Recursion vulnerability (CVE-2025-48924).

Summary The Apache Commons Lang library that is shipped with IBM ApplinX is vulnerable to an Uncontrolled Recursion vulnerability CVE-2025-48924. The version of the Apache Commons Lang library that is shipped with IBM ApplinX has been updated in order to address the vulnerability. Vulnerability...

CVE-2026-41711

Applications using Spring Data Commons may be vulnerable to a Denial of Service DoS attack leading to a StackOverflowException when parsing Sort parameters. Affected versions: Spring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14; 3.3.0 through 3.3.16; 3.2.0 through...

Security Bulletin: IBM SPSS Modeler is affected by vulnerabilities in Apache POI and Apache Commons Lang

Summary IBM SPSS Modeler is affected by vulnerabilities in Apache POI and Apache Commons Lang. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-31672 DESCRIPTION: Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML...

Allocation of Resources Without Limits or Throttling

Overview org.springframework.data:spring-data-commons is a maven plugin to centralize common resources and configuration for Spring Data Maven builds. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the property-lookup cache. An attacke...

Denial of Service (DoS)

Overview org.springframework.data:spring-data-commons is a maven plugin to centralize common resources and configuration for Spring Data Maven builds. Affected versions of this package are vulnerable to Denial of Service DoS via the MappingContext property path resolution. An attacker can cause...

Denial of Service (DoS)

Overview org.springframework.data:spring-data-commons is a maven plugin to centralize common resources and configuration for Spring Data Maven builds. Affected versions of this package are vulnerable to Denial of Service DoS via data binding. An attacker can exhaust system memory resources by...

EUVD-2026-35902

Spring Data Commons contains a vulnerability that can lead to a Denial of Service DoS condition if Spring Data Web Support is enabled in conjunction with a Controller method using @ProjectedPayload, when an attacker sends a specially crafted HTTP request that causes the application to allocate lo...

EUVD-2026-35897

Applications using Spring Data Commons may be vulnerable to a Denial of Service DoS attack leading to a StackOverflowException when parsing Sort parameters. Affected versions: Spring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14; 3.3.0 through 3.3.16; 3.2.0 through...