Lucene search
K

253443 matches found

RedhatCVE
RedhatCVE
added yesterday3 views

CVE-2026-12481

A flaw was found in the Keras deep learning library. This vulnerability allows a remote attacker to execute arbitrary code on the system by exploiting improper handling of deserialization in the Lambda layer. Specifically, a security safeguard designed to prevent unsafe deserialization is bypasse...

8.8CVSS6.5AI score0.00402EPSS
Exploits0References4
NVD
NVD
added yesterday6 views

CVE-2026-53913

Improper Authentication, Missing Authentication for Critical Function, Not Failing Securely 'Failing Open' vulnerability in Apache Camel Keycloak Component. The KeycloakSecurityPolicy of camel-keycloak guards a route by running KeycloakSecurityProcessor.beforeProcess, which performs three checks ...

0.00291EPSS
Exploits0References1
NVD
NVD
added yesterday7 views

CVE-2026-43865

Deserialization of Untrusted Data vulnerability in Apache Camel Hazelcast component. The camel-hazelcast component creates and manages Hazelcast instances using a default configuration that applies no Java deserialization filter. When Camel builds the Hazelcast Config itself - that is, when no...

8.1CVSS0.00493EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added yesterday4 views

openssl: Heap Use-After-Free in OpenSSL PKCS7_verify()

A flaw was found in OpenSSL. When processing a specially crafted PKCS7 or S/MIME Secure/Multipurpose Internet Mail Extensions signed message, a heap use-after-free vulnerability in the PKCS7verify function can be triggered. This occurs if the SignedData digestAlgorithms field is present as an emp...

8.8CVSS6.7AI score0.02719EPSS
Exploits0References4
NVD
NVD
added yesterday5 views

CVE-2026-11962

The FileOrganizer WordPress plugin before 1.2.0 does not validate the file type on several of its file-management operations, allowing authenticated users who have been granted file-manager access — which its premium add-on can extend to sub-administrator roles — to upload arbitrary PHP files and...

8.8CVSS0.00203EPSS
Exploits0References1
CVE
CVE
added yesterday13 views

CVE-2026-53913

Apache Camel Keycloak (camel-keycloak) CVE-2026-53913 describes a defect where KeycloakSecurityPolicy only verifies the bearer token inside role/permissions checks. With default settings (requiredRoles/requiredPermissions empty), the policy rejects missing tokens but accepts any non-null Authoriz...

6.4AI score0.00291EPSS
Exploits0References1
EUVD
EUVD
added yesterday9 views

EUVD-2026-41847

Improper Authentication, Missing Authentication for Critical Function, Not Failing Securely 'Failing Open' vulnerability in Apache Camel Keycloak Component. The KeycloakSecurityPolicy of camel-keycloak guards a route by running KeycloakSecurityProcessor.beforeProcess, which performs three checks ...

6.4AI score0.00291EPSS
Exploits0References1
EUVD
EUVD
added yesterday4 views

EUVD-2026-41826

Deserialization of Untrusted Data vulnerability in Apache Camel Hazelcast component. The camel-hazelcast component creates and manages Hazelcast instances using a default configuration that applies no Java deserialization filter. When Camel builds the Hazelcast Config itself - that is, when no...

8.1CVSS6.3AI score0.00493EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday13 views

CVE-2026-43865 Apache Camel: Camel-Hazelcast: Unsafe Java deserialization in default-configured managed Hazelcast instances enables remote code execution

Deserialization of Untrusted Data vulnerability in Apache Camel Hazelcast component. The camel-hazelcast component creates and manages Hazelcast instances using a default configuration that applies no Java deserialization filter. When Camel builds the Hazelcast Config itself - that is, when no...

0.00493EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-43865

Deserialization of Untrusted Data vulnerability in Apache Camel Hazelcast component. The camel-hazelcast component creates and manages Hazelcast instances using a default configuration that applies no Java deserialization filter. When Camel builds the Hazelcast Config itself - that is, when no...

6.3AI score0.00493EPSS
Exploits0References2Affected Software1
CVE
CVE
added yesterday8 views

CVE-2026-43865

CVE-2026-43865 — Apache Camel Hazelcast deserialization risk The Camel Hazelcast component, when using default configuration, does not enable a Java deserialization filter, causing objects received over the Hazelcast cluster protocol to be deserialized inside Hazelcast before Camel processes them...

8.1CVSS6.3AI score0.00493EPSS
Exploits0References2
EUVD
EUVD
added yesterday4 views

EUVD-2026-41824

Deserialization of Untrusted Data vulnerability in Apache Camel. The camel-vertx-http component deserializes HTTP response bodies carrying the Content-Type application/x-java-serialized-object using a raw java.io.ObjectInputStream, without applying any ObjectInputFilter...

8.1CVSS6.7AI score0.00394EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday12 views

CVE-2026-40859 Apache Camel: Camel-Vertx-Http: Unsafe Java deserialization of HTTP response bodies via a raw ObjectInputStream when transferException is enabled

Deserialization of Untrusted Data vulnerability in Apache Camel. The camel-vertx-http component deserializes HTTP response bodies carrying the Content-Type application/x-java-serialized-object using a raw java.io.ObjectInputStream, without applying any ObjectInputFilter...

0.00394EPSS
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-40859

CVE-2026-40859 – Apache Camel Camel-Vertx-Http deserialization vulnerability : The camel-vertx-http component deserializes HTTP response bodies with Content-Type application/x-java-serialized-object using a raw java.io.ObjectInputStream without an ObjectInputFilter, when transferException=true (o...

8.1CVSS6.7AI score0.00394EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-40859

Deserialization of Untrusted Data vulnerability in Apache Camel. The camel-vertx-http component deserializes HTTP response bodies carrying the Content-Type application/x-java-serialized-object using a raw java.io.ObjectInputStream, without applying any ObjectInputFilter...

6.7AI score0.00394EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added yesterday4 views

EUVD-2026-41821

The FileOrganizer WordPress plugin before 1.2.0 does not validate the file type on several of its file-management operations, allowing authenticated users who have been granted file-manager access — which its premium add-on can extend to sub-administrator roles — to upload arbitrary PHP files and...

8.8CVSS6.3AI score0.00203EPSS
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-11962

The FileOrganizer WordPress plugin before 1.2.0 does not validate file types on several file-management operations, enabling authenticated users with file-manager access — extended to sub-administrator roles via the premium add‑on — to upload arbitrary PHP files and achieve remote code execution....

8.8CVSS6.3AI score0.00203EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday7 views

Pinger 1.0 - Remote Code Execution

Pinger 1.0 contains a remote code execution vulnerability that allows attackers to inject shell commands through the ping and socket parameters. Attackers can exploit the unsanitized input in ping.php to write arbitrary PHP files and execute system commands by appending shell metacharacters. id:...

9.8CVSS6.7AI score0.03135EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday12 views

ThinkCMF X2.2.2 - Remote Code Execution

ThinkCMF X2.2.2 and below contain a remote code execution caused by processing crafted packets, letting attackers execute arbitrary code remotely, exploit requires sending malicious packets. id: CVE-2020-20601 info: name: ThinkCMF X2.2.2 - Remote Code Execution author: pikpikcu severity: critical...

9.8CVSS8AI score0.07598EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday29 views

vBulletin 5.0.0-6.0.3 - Authentication Bypass

vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 contain an authentication bypass caused by unauthenticated access to protected API controllers on PHP 8.1 or later, letting unauthenticated attackers invoke protected methods remotely.Starting from PHP 8.1, due to an internal adjustment to...

10CVSS7.4AI score0.68915EPSS
Exploits4References2
Rows per page
Query Builder