Lucene search
K

16 matches found

RedhatCVE
RedhatCVE
added 2026/06/10 9:27 p.m.11 views

CVE-2026-5078

A flaw was found in the morgan HTTP request logging middleware. The :remote-user token writes the Basic auth username to access logs without neutralizing CR/LF control characters. An unauthenticated remote attacker can inject forged log lines via a crafted Authorization header, breaking...

5.3CVSS5.8AI score0.00246EPSS
Exploits0References5
NVD
NVD
added 2026/06/03 8:16 a.m.11 views

CVE-2026-5078

Impact: The morgan logging middleware's :remote-user token extracts the Basic auth username from the Authorization request header and writes it to the log stream without neutralizing control characters. An unauthenticated attacker can send a crafted Authorization Basic header containing CR or LF...

5.3CVSS0.00246EPSS
Exploits0References2
OSV
OSV
added 2026/06/03 8:16 a.m.10 views

UBUNTU-CVE-2026-5078

Impact: The morgan logging middleware's :remote-user token extracts the Basic auth username from the Authorization request header and writes it to the log stream without neutralizing control characters. An unauthenticated attacker can send a crafted Authorization Basic header containing CR or LF...

5.3CVSS5.8AI score0.00246EPSS
Exploits0References4
Gentoo Linux
Gentoo Linux
added 2026/01/26 12:0 a.m.11 views

Commons-BeanUtils: Arbitary Code Execution

Background Commons-beanutils provides easy-to-use wrappers around Reflection and Introspection APIs Description Multiple vulnerabilities have been discovered in Commons-BeanUtils. Please review the CVE identifiers referenced below for details. Impact A special BeanIntrospector class was added in...

8.8CVSS5.8AI score0.01548EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.8 views

TencentOS Server 2: apache-commons-beanutils (TSSA-2025:0654)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0654 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

8.8CVSS7AI score0.01548EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/07 4:47 p.m.6 views

Security Bulletin: Improper Access Control vulnerability in Apache Commons may affect IBM Business Automation Workflow - CVE-2025-48734

Summary IBM Business Automation Workflow packages a copy of Apache commons-beanutils. CVE-2025-48734 has been reported for this library. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in...

8.8CVSS7AI score0.01548EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/09 5:23 p.m.3 views

Security Bulletin: IBM SPSS Analytic Server is affected by multiple vulnerabilities in Apache Commons.

Summary IBM SPSS Analytic Server is affected by multiple vulnerabilities in Apache Commons. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was add...

8.8CVSS7.4AI score0.01548EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/23 11:5 a.m.6 views

Security Bulletin: SPSS Collaboration and Deployment Services is affected by vulnerability in Apache Commons ( CVE-2025-48734).

Summary SPSS Collaboration and Deployment Services is affected by vulnerability in Apache Commons CVE-2025-48734. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special...

8.8CVSS8.1AI score0.01548EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/15 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2025-48734

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from...

8.8CVSS7AI score0.01548EPSS
Exploits1References2
OSV
OSV
added 2025/07/04 2:42 p.m.4 views

OESA-2025-1715 apache-commons-beanutils security update

The scope of this package is to create a package of Java utility methods for accessing and modifying the properties of arbitrary JavaBeans. No dependencies outside of the JDK are required, so the use of this package is very lightweight. Security Fixes: A vulnerability, which was classified as...

8.8CVSS6.9AI score0.01548EPSS
Exploits1References2
Amazon
Amazon
added 2025/06/24 12:0 a.m.5 views

Important: apache-commons-beanutils

Issue Overview: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not...

8.8CVSS7.4AI score0.01548EPSS
Exploits1
Snyk
Snyk
added 2024/01/27 3:44 a.m.1 views

Integer Overflow to Buffer Overflow

Overview Affected versions of this package are vulnerable to Integer Overflow to Buffer Overflow in the UTF32Encoding::convert and UTF32Encoding::queryConvert methods. Remediation Upgrade poco to version 1.11.0 or higher. References - GitHub Commit - GitHub Commit - GitHub Diff - GitHub Issue -...

9.8CVSS7AI score0.00851EPSS
Exploits0References2
OSV
OSV
added 2023/01/14 10:15 a.m.2 views

DEBIAN-CVE-2023-22602

When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot 2.6 default to Ant sty...

7.5CVSS7.2AI score0.01553EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/04/13 12:0 a.m.9 views

PT-2022-7286

Name of the Vulnerable Software and Affected Versions git versions prior to 1.11.0 Description The issue is related to Command Injection via git argument injection. When calling the fetchremote = 'origin', opts = function, the remote parameter is passed to the git fetch subcommand in a way that...

9.8CVSS7.9AI score0.04871EPSS
Exploits1References322
Snyk
Snyk
added 2022/03/11 2:19 p.m.2 views

Command Injection

Overview git is a Ruby library that can be used to create, read and manipulate Git repositories by wrapping system calls to the git binary. Affected versions of this package are vulnerable to Command Injection via git argument injection. When calling the fetchremote = 'origin', opts = function, t...

9.8CVSS7.5AI score0.04871EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2021/10/25 7:15 p.m.2 views

CVE-2021-39220

Nextcloud is an open-source, self-hosted productivity platform The Nextcloud Mail application prior to versions 1.10.4 and 1.11.0 does by default not render images in emails to not leak the read state or user IP. The privacy filter failed to filter images with a relative protocol. It is recommend...

3.5CVSS5.9AI score0.00759EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder