PatchSiren

swaldman CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH swaldman CVE published 2026-02-26

CVE-2026-27830

The c3p0 JDBC connection pooling library, prior to version 0.12.0, contains a vulnerability that allows attackers to execute arbitrary code via maliciously crafted Java-serialized objects and `javax.naming.Reference` instances. The `userOverridesAsString` property in `ConnectionPoolDataSource` implementations was previously maintained as a hex-encoded serialized object, which could be exploited by attacke [truncated]

HIGH swaldman CVE published 2026-02-25

CVE-2026-27727

The CVE-2026-27727 vulnerability is a high-severity issue in the mchange-commons-java library, which provides Java utilities. The vulnerability is caused by the library's implementation of JNDI functionality, which allows for the download and execution of malicious code. This can be exploited by an attacker who can provoke an application to read a maliciously crafted `javax.naming.Reference` or serialized [truncated]