CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

9 matches found

OSV•added 2026/05/04 6:30 p.m.•2 views

GHSA-CX4M-2P55-RW7J Apache OpenNLP ExtensionLoader Vulnerable to Arbitrary Class Instantiation via Model Manifest

Arbitrary Class Instantiation via Model Manifest in Apache OpenNLP ExtensionLoader Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The ExtensionLoader.instantiateExtensionClass, String method loads a class by its fully-qualified name via Class.forName and invokes its no-arg...

9.8CVSS6.1AI score0.00693EPSS

Exploits0References4

NVD•added 2026/05/04 5:16 p.m.•10 views

CVE-2026-42027

Arbitrary Class Instantiation via Model Manifest in Apache OpenNLP ExtensionLoader Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The ExtensionLoader.instantiateExtensionClass, String method loads a class by its fully-qualified name via Class.forName and invokes its no-arg...

9.8CVSS0.00693EPSS

Exploits0References2

OSV•added 2026/05/04 5:16 p.m.•2 views

DEBIAN-CVE-2026-42027

Arbitrary Class Instantiation via Model Manifest in Apache OpenNLP ExtensionLoader Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The ExtensionLoader.instantiateExtensionClass, String method loads a class by its fully-qualified name via Class.forName and invokes its no-arg...

9.8CVSS6.1AI score0.00693EPSS

Exploits0References1

UbuntuCve•added 2026/05/04 5:16 p.m.•2 views

CVE-2026-42027

Arbitrary Class Instantiation via Model Manifest in Apache OpenNLP ExtensionLoader Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The ExtensionLoader.instantiateExtensionClass, String method loads a class by its fully-qualified name via Class.forName and invokes its no-arg...

9.8CVSS5.9AI score0.00693EPSS

Exploits0References4

CVE•added 2026/05/04 4:43 p.m.•18 views

CVE-2026-42027

The CVE-2026-42027 issue affects Apache OpenNLP ExtensionLoader: ExtensionLoader.instantiateExtension(Class, String) uses Class.forName() to load a class name from a model archive manifest and invokes its no-arg constructor. Although the isAssignableFrom check filters types after loading, Class.f...

9.8CVSS6.1AI score0.00693EPSS

Exploits0References2Affected Software1

EUVD•added 2026/05/04 4:43 p.m.•6 views

EUVD-2026-27005

Arbitrary Class Instantiation via Model Manifest in Apache OpenNLP ExtensionLoader Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The ExtensionLoader.instantiateExtensionClass, String method loads a class by its fully-qualified name via Class.forName and invokes its no-arg...

6.1AI score0.00693EPSS

Exploits0References1

Vulnrichment•added 2026/05/04 4:43 p.m.•3 views

CVE-2026-42027 Apache OpenNLP: Arbitrary Class Instantiation via Model Manifest in ExtensionLoader

Arbitrary Class Instantiation via Model Manifest in Apache OpenNLP ExtensionLoader Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The ExtensionLoader.instantiateExtensionClass, String method loads a class by its fully-qualified name via Class.forName and invokes its no-arg...

6.1AI score0.00693EPSS

Exploits0References1

Cvelist•added 2026/05/04 4:43 p.m.•32 views

CVE-2026-42027 Apache OpenNLP: Arbitrary Class Instantiation via Model Manifest in ExtensionLoader

Arbitrary Class Instantiation via Model Manifest in Apache OpenNLP ExtensionLoader Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The ExtensionLoader.instantiateExtensionClass, String method loads a class by its fully-qualified name via Class.forName and invokes its no-arg...

Exploits0References1

Debian CVE•added 2026/05/04 4:43 p.m.•6 views

CVE-2026-42027

Arbitrary Class Instantiation via Model Manifest in Apache OpenNLP ExtensionLoader Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The ExtensionLoader.instantiateExtensionClass, String method loads a class by its fully-qualified name via Class.forName and invokes its no-arg...

9.8CVSS6.1AI score0.00693EPSS

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by