Apache Commons Beanutils — known CVE vulnerabilities
Every CVE whose affected-product data names Apache Commons Beanutils, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2025-48734 — CVSS 8.8 (high): Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to…
CVE-2014-0114 — CVSS 7.5 (high): Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products…
CVE-2019-10086 — CVSS 7.3 (high): In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to…