4477 matches found
Malicious code in home-mp-commons (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 885b9dad73e9eeb07a1fcb4a94493ec85573f656f7b9347a8682f56db359cfd6 [email protected] is an empty npm package declared main index.js is absent from the tarball whose sole effect on install is to resolve a single...
CVE-2026-41716
A flaw was found in Spring Data Commons. An attacker can exploit this vulnerability by sending repeated requests with specially crafted strings, which are then permanently retained in the internal property-lookup cache. This can lead to heap exhaustion, resulting in a Denial of Service DoS for th...
CVE-2026-41695
A flaw was found in Spring Data Commons. A remote attacker can exploit this vulnerability by providing specially crafted property path strings to the MappingContext property path resolution. This can lead to resource exhaustion, resulting in a denial of service DoS for affected applications...
Security Bulletin: Due to IBM Storage Scale, IBM Cloud Pak System is affected by multiple vulnerabilities [CVE-2025-48976, CVE-2025-30204, CVE-2025-1137].
Summary Execute privileged command and denial of service vulnerabilities found in IBM Storage Scale previously known as IBM Spectrum Scale affect IBM Cloud Pak System. These vulnerabilities were addressed in IBM Cloud Pak System v2.3.6.1 and IBM Cloud Pak System v2.3.5.1 Vulnerability Details...
CVE-2026-55153
A flaw was found in mchange-commons-java, a Java utility library. This vulnerability allows a remote attacker to achieve arbitrary code execution through Java Naming and Directory Interface JNDI injection. The library's JNDI ObjectFactory can construct objects of arbitrary classes and initialize...
Linux Distros Unpatched Vulnerability : CVE-2026-55153
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mchange-commons-java is a Java library of shared utility classes used by mchange projects like the c3p0 connection pool. Prior to version 0.6.0, its JNDI...
Linux Distros Unpatched Vulnerability : CVE-2026-27727
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mchange-commons-java, a library that provides Java utilities, includes code that mirrors early implementations of JNDI functionality, including support for remo...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via unsafe JavaBean materialization in com.mchange.v2.naming.JavaBeanObjectFactory. An attacker can trigger arbitrary class construction and property initialization by supplying a malicious JNDI Referen...
CVE-2026-55153
mchange-commons-java is a Java library of shared utility classes used by mchange projects like the c3p0 connection pool. Prior to version 0.6.0, its JNDI ObjectFactory implementation com.mchange.v2.naming.JavaBeanObjectFactory will construct objects of arbitrary classes and initialize...
UBUNTU-CVE-2026-55153
mchange-commons-java is a Java library of shared utility classes used by mchange projects like the c3p0 connection pool. Prior to version 0.6.0, its JNDI ObjectFactory implementation com.mchange.v2.naming.JavaBeanObjectFactory will construct objects of arbitrary classes and initialize...
CVE-2026-55153 mchange-commons-java contains elements susceptible to abuse via JNDI injection and "deserialization gadgets"
mchange-commons-java is a Java library of shared utility classes used by mchange projects like the c3p0 connection pool. Prior to version 0.6.0, its JNDI ObjectFactory implementation com.mchange.v2.naming.JavaBeanObjectFactory will construct objects of arbitrary classes and initialize...
CVE-2026-55153
CVE-2026-55153 affects mchange-commons-java before 0.6.0, where the JNDI ObjectFactory (com.mchange.v2.naming.JavaBeanObjectFactory) constructs arbitrary JavaBean properties, enabling JNDI injection and deserialization gadget abuse in some classes. An example is setting a Swing JEditorPane’s cont...
CVE-2026-55153
mchange-commons-java is a Java library of shared utility classes used by mchange projects like the c3p0 connection pool. Prior to version 0.6.0, its JNDI ObjectFactory implementation com.mchange.v2.naming.JavaBeanObjectFactory will construct objects of arbitrary classes and initialize...
com.mchange/mchange-commons-java: mchange-commons-java: Arbitrary code execution via JNDI dereferencing of crafted objects
A flaw was found in mchange-commons-java, a Java utility library. An attacker can exploit this vulnerability by providing a maliciously crafted javax.naming.Reference or serialized object to an application using the library. This can provoke the application to download and execute arbitrary...
CVE-2026-41721
A flaw was found in Spring Data Commons. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request when Spring Data Web Support is enabled with a Controller method using @ProjectedPayload. This can cause the application to allocate excessive memory, leading to a...
PT-2026-54850
Name of the Vulnerable Software and Affected Versions mchange-commons-java versions prior to 0.6.0 Description The JNDI ObjectFactory implementation com.mchange.v2.naming.JavaBeanObjectFactory allows the construction of objects from arbitrary classes and the initialization of JavaBean-style...
CVE-2026-55223
c3p0 is a JDBC Connection pooling library. In versions prior to 0.14.0, c3p0 in combination with other libraries, can compose to a "sink" for deserialization gadgets. The JDBC spec's DataSource.getConnection and ConnectionPoolDataSource.getPooledConnection match the getXXX form, so JavaBean...
ROOT-APP-MAVEN-CVE-2025-48924 CVE-2025-48924 in io.root.org.apache.commons:commons-lang3 - Patched by Root
Root has patched CVE-2025-48924 in the io.root.org.apache.commons:commons-lang3 package for Root:Maven. Multiple fixed versions available...
SUSE-SU-2026:2642-1 Security update for apache-commons-configuration2, apache-commons-text
This update for apache-commons-configuration2, apache-commons-text fixes the following issues - CVE-2026-45205: uncontrolled recursion leads to StackOverflowError when processing specially crafted configuration files bsc1265299. Changes for apache-commons-configuration2: - Upgrade to version...
Security Bulletin: IBM Cloud Pak System is vulnerable to an Improper Access Control due to use of Apache Commons BeanUtils [CVE-2025-48734]
Summary Due to use of Apache Commons BeanUtils IBM Cloud Pak System is vulnerable to an Improper Access Control. IBM Cloud Pak System addressed vulnerability. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospecto...