Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview org.apache.calcite:calcite-core is a Core Calcite APIs and engine. Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' via user-controled models. An attacker can achieve arbitrary code execution by supplying...

CVE-2026-46718

Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Apache Calcite. This issue affects Apache Calcite: from 1.5.0 before 1.42. Users are recommended to upgrade to version 1.42, which fixes the issue...

CVE-2026-46718 Apache Calcite: A user-controled model can load arbitrary classes, leading to code execution

Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Apache Calcite. This issue affects Apache Calcite: from 1.5.0 before 1.42. Users are recommended to upgrade to version 1.42, which fixes the issue...

EUVD-2026-33906

Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Apache Calcite. This issue affects Apache Calcite: from 1.5.0 before 1.42. Users are recommended to upgrade to version 1.42, which fixes the issue...

CVE-2026-46718 Apache Calcite: A user-controled model can load arbitrary classes, leading to code execution

Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Apache Calcite. This issue affects Apache Calcite: from 1.5.0 before 1.42. Users are recommended to upgrade to version 1.42, which fixes the issue...

CVE-2026-46718

Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Apache Calcite. This issue affects Apache Calcite: from 1.5.0 before 1.42. Users are recommended to upgrade to version 1.42, which fixes the issue...

CVE-2026-46718

Apache Calcite is affected by CVE-2026-46718: Unsafe Reflection via a user-controlled model can load arbitrary classes, enabling code execution. Affected: 1.5.0 up to

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' via the REST API search and collection query endpoints. An attacker can execute arbitrary methods on model objects by supplying crafted queries, potentiall...

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' via the processing of JDBC connection URL parameters. An attacker can execute arbitrary code by supplying a crafted connection URL that causes the loading...

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' in the ToolExecutionMixin.executetool process. An attacker...

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' via the condition process. An attacker can execute arbitrary commands on the server by injecting malicious...

Unsafe Reflection

Overview Affected versions of this package are vulnerable to Unsafe Reflection that leads to arbitrary class instantiation, via the instantiateExtension method in the ExtensionLoader class. An attacker can trigger the static initializer of any class present on the classpath by supplying a model...

Unsafe Reflection

Overview org.apache.opennlp:opennlp-tools is an is a machine learning based toolkit for the processing of natural language text. Affected versions of this package are vulnerable to Unsafe Reflection that leads to arbitrary class instantiation, via the instantiateExtension method in the...

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview org.jenkins-ci.plugins:matrix-auth is a The Jenkins Plugins Parent POM Project Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' via the inheritanceStrategy deserialization path in...

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' via unsafe method invocation during query value resolution. An attacker can cause destruction of data, assets, and user accounts by manipulating query...

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' in the actionFilterHud process. An attacker can execute arbitrary code on the server by supplying a crafted...

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' via the ElementIndexesController and FieldsController components. An attacker can execute arbitrary code by...

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' in the actionApplyOverrideSettings function. An attacker can execute arbitrary code by injecting malicious...

Unsafe Reflection

Overview Scrapy is a high-level web crawling and web scraping framework, used to crawl websites and extract structured data from their pages. Affected versions of this package are vulnerable to Unsafe Reflection via the Referrer-Policy header handled by RefererMiddleware. An attacker can execute...