Lucene search
K

4 matches found

Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.9 views

PT-2026-55881

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.15.0 through 4.18.2 Description An argument injection issue exists in the Apache Camel Docling component. The component uses java.lang.ProcessBuilder to execute the external docling command-line tool. When custom CLI...

9.1CVSS6AI score0.01569EPSS
Exploits2References4
Github Security Blog
Github Security Blog
added 2026/04/27 9:34 a.m.14 views

Apache MINA vulnerable to Deserialization of Untrusted Data

Apache MINA's AbstractIoBuffer.resolveClass contains two branches, one of them for static classes or primitive types does not check the class at all, bypassing the classname allowlist and allowing arbitrary code to be executed. The fix checks if the class is present in the accepted class...

9.8CVSS6AI score0.0064EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/04/27 9:20 a.m.5 views

EUVD-2026-25809

The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject was incomplete. The classname allowlist of classes allowed to be deserialized was applied too late after a static initializer in a class to be read might already have been executed. Affected versions are Apache MINA 2.0.0 =...

10CVSS7.4AI score0.23932EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/01/30 9:31 p.m.2 views

CVE-2026-25153

Backstage is an open framework for building developer portals, and @backstage/plugin-techdocs-node provides common node.js functionalities for TechDocs. In versions of @backstage/plugin-techdocs-node prior to 1.13.11 and 1.14.1, when TechDocs is configured with runIn: local, a malicious actor who...

7.7CVSS6.2AI score0.00541EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder