116 matches found
CVE-2017-4560
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none...
CVE-2026-24656
Deserialization of Untrusted Data vulnerability in Apache Karaf Decanter. The Decanter log socket collector exposes the port 4560, without authentication. If the collector exposes allowed classes property, this configuration can be bypassed. It means that the log socket collector is vulnerable to...
Apache Karaf Decanter has Deserialization of Untrusted Data in its Log Socket Collector
Deserialization of Untrusted Data vulnerability in Apache Karaf Decanter. The Decanter Log Socket Collector exposes port 4560 without authentication. If the collector exposes allowed classes property, this configuration can be bypassed. The Log Socket Collector is vulnerable to deserialization of...
GHSA-JMW5-58C7-587H Apache Karaf Decanter has Deserialization of Untrusted Data in its Log Socket Collector
Deserialization of Untrusted Data vulnerability in Apache Karaf Decanter. The Decanter Log Socket Collector exposes port 4560 without authentication. If the collector exposes allowed classes property, this configuration can be bypassed. The Log Socket Collector is vulnerable to deserialization of...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the log-socket collector process. An attacker can execute arbitrary code or cause a denial of service by sending specially crafted serialized objects to the exposed port 4560 when the allowed classe...
CVE-2026-24656
Deserialization of Untrusted Data vulnerability in Apache Karaf Decanter. The Decanter log socket collector exposes the port 4560, without authentication. If the collector exposes allowed classes property, this configuration can be bypassed. It means that the log socket collector is vulnerable to...
CVE-2026-24656
Deserialization of Untrusted Data vulnerability in Apache Karaf Decanter. The Decanter log socket collector exposes the port 4560, without authentication. If the collector exposes allowed classes property, this configuration can be bypassed. It means that the log socket collector is vulnerable to...
CVE-2026-24656
Concretely, CVE-2026-24656 affects Apache Karaf Decanter before 2.12.0, specifically the Decanter log socket collector that exposes port 4560 without authentication. If the collector exposes the allowed-classes property, this configuration can be bypassed, allowing deserialization of untrusted da...
CVE-2026-24656
Deserialization of Untrusted Data vulnerability in Apache Karaf Decanter. The Decanter log socket collector exposes the port 4560, without authentication. If the collector exposes allowed classes property, this configuration can be bypassed. It means that the log socket collector is vulnerable to...
CVE-2026-24656 Apache Karaf: Decanter log-socket collector has deserialization vulnerability
Deserialization of Untrusted Data vulnerability in Apache Karaf Decanter. The Decanter log socket collector exposes the port 4560, without authentication. If the collector exposes allowed classes property, this configuration can be bypassed. It means that the log socket collector is vulnerable to...
EUVD-2026-4680
Deserialization of Untrusted Data vulnerability in Apache Karaf Decanter. The Decanter log socket collector exposes the port 4560, without authentication. If the collector exposes allowed classes property, this configuration can be bypassed. It means that the log socket collector is vulnerable to...
PT-2026-4647
Name of the Vulnerable Software and Affected Versions Apache Karaf Decanter versions prior to 2.12.0 Description The Decanter log socket collector in Apache Karaf has a deserialization issue. The collector operates on port 4560 without authentication. If the allowed classes property is exposed, i...
EUVD-2026-4560
The Administrative Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'login' and 'logout' shortcode attributes in all versions up to, and including, 0.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
EUVD-2006-0114
Malware in sbrugna...
CVE-2025-4560
The ISOinsight from Netvision has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access certain system functions. These functions include viewing the administrator list, viewing and editing IP settings, and uploading files...
CVE-2025-4560
creationtimestamp| type| source ---|---|--- 2025-05-12 10:15:36+00:00| seen| https://t.me/cvedetector/25067...
RHSA-2025:4560
creationtimestamp| type| source ---|---|--- 2025-05-09 20:26:05+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/15833 2025-05-09 20:26:07+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/15835...
Oracle Linux 7 : java-1.8.0-openjdk (ELSA-2024-4560)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-4560 advisory. - CVE-2024-21131 Improve-UTF8-String-supports - CVE-2024-21138 Better-symbol-storage - CVE-2024-21140 Improved-loop-handling - CVE-2024-21144...
CVE-2024-4560 Kognetiks Chatbot for WordPress <= 1.9.9 - Unauthenticated Arbitrary File Upload via chatbot_chatgpt_upload_file_to_assistant Function
The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the chatbotchatgptuploadfiletoassistant function in all versions up to, and including, 1.9.9. This makes it possible for unauthenticated attackers, with to uploa...
CVE-2024-4560 Kognetiks Chatbot for WordPress <= 1.9.9 - Unauthenticated Arbitrary File Upload via chatbot_chatgpt_upload_file_to_assistant Function
The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the chatbotchatgptuploadfiletoassistant function in all versions up to, and including, 1.9.9. This makes it possible for unauthenticated attackers, with to uploa...