Lucene search
+L

15946 matches found

OSV
OSV
added 2026/07/07 12:35 p.m.2 views

OPENSUSE-SU-2026:21247-1 Security update for docker-compose

This update for docker-compose fixes the following issues - CVE-2025-0495: buildx: credential leakage to telemetry endpoints when credentials allowed to be set as attribute values in cache-to/cache-from configuration bsc1239766. - CVE-2025-22869: golang.org/x/crypto/ssh: Denial of Service in the...

9.6CVSS6.8AI score0.00868EPSS
Exploits0References8
Circl
Circl
added 2026/07/07 7:30 a.m.10 views

CVE-2026-4375

creationtimestamp| type| source ---|---|--- 2026-07-07 07:30:27+00:00| seen| https://infosec.exchange/users/offseq/statuses/116877520158002101 2026-07-07 07:30:28+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mq23iqtn2r2u 2026-07-07 14:12:06+00:00| seen|...

9CVSS5.9AI score0.00248EPSS
Exploits0References4
Circl
Circl
added 2026/07/06 9:16 p.m.7 views

CVE-2026-25268

creationtimestamp| type| source ---|---|--- 2026-07-06 21:16:39+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116875106650288268 2026-07-06 21:17:22+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpyzah6sux2v 2026-07-07 16:45:20+00:00| seen|...

8.8CVSS5.9AI score0.00072EPSS
Exploits0References4
Circl
Circl
added 2026/07/06 9:3 p.m.8 views

CVE-2026-21369

creationtimestamp| type| source ---|---|--- 2026-07-06 21:03:20+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116875054272966899...

5.3CVSS5.9AI score0.0006EPSS
Exploits0References1
Circl
Circl
added 2026/07/06 8:49 p.m.8 views

CVE-2025-59617

creationtimestamp| type| source ---|---|--- 2026-07-06 20:49:38+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116875000406618760...

7.3CVSS5.9AI score0.00065EPSS
Exploits0References1
Circl
Circl
added 2026/07/06 8:36 p.m.9 views

CVE-2026-21384

creationtimestamp| type| source ---|---|--- 2026-07-06 20:36:11+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116874947514751520...

5.3CVSS5.9AI score0.00056EPSS
Exploits0References1
Snyk
Snyk
added 2026/07/06 10:36 a.m.7 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the JmsBinding.extractBodyFromJms process when handling JMS ObjectMessages with the mapJmsMessage option enabled. An attacker can inject arbitrary Exchange state by publishing a crafted ObjectMessage...

9.8CVSS6AI score0.00504EPSS
Exploits2References2
Snyk
Snyk
added 2026/07/06 10:36 a.m.5 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the JmsBinding.extractBodyFromJms process when handling JMS ObjectMessages with the mapJmsMessage option enabled. An attacker can inject arbitrary Exchange state by publishing a crafted ObjectMessage...

9.8CVSS6AI score0.00504EPSS
Exploits2References2
Snyk
Snyk
added 2026/07/06 10:36 a.m.5 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the JmsBinding.extractBodyFromJms process when handling JMS ObjectMessages with the mapJmsMessage option enabled. An attacker can inject arbitrary Exchange state by publishing a crafted ObjectMessage...

9.8CVSS6AI score0.00504EPSS
Exploits2References2
Circl
Circl
added 2026/07/06 10:30 a.m.7 views

CVE-2026-12686

creationtimestamp| type| source ---|---|--- 2026-07-06 10:30:28+00:00| seen| https://infosec.exchange/users/offseq/statuses/116872565768512647 2026-07-06 10:30:30+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mpxv3qz2ph2g 2026-07-06 12:08:04+00:00| seen|...

9.3CVSS5.9AI score0.00309EPSS
Exploits0References4
NVD
NVD
added 2026/07/06 9:16 a.m.8 views

CVE-2026-43866

Deserialization of Untrusted Data vulnerability in Apache Camel, Apache Camel JMS component. JmsBinding.extractBodyFromJms in camel-jms - and the equivalent JmsBinding in camel-sjms - deserializes the payload of an incoming JMS ObjectMessage via jakarta.jms.ObjectMessage.getObject whenever the...

7.3CVSS0.00504EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2026/07/06 8:35 a.m.8 views

CVE-2026-43866

Deserialization of Untrusted Data vulnerability in Apache Camel, Apache Camel JMS component. JmsBinding.extractBodyFromJms in camel-jms - and the equivalent JmsBinding in camel-sjms - deserializes the payload of an incoming JMS ObjectMessage via jakarta.jms.ObjectMessage.getObject whenever the...

9.8CVSS6AI score0.00881EPSS
Exploits2References2Affected Software1
EUVD
EUVD
added 2026/07/06 8:35 a.m.6 views

EUVD-2026-41855

Deserialization of Untrusted Data vulnerability in Apache Camel, Apache Camel JMS component. JmsBinding.extractBodyFromJms in camel-jms - and the equivalent JmsBinding in camel-sjms - deserializes the payload of an incoming JMS ObjectMessage via jakarta.jms.ObjectMessage.getObject whenever the...

7.3CVSS6AI score0.00504EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2026/07/06 8:35 a.m.9 views

CVE-2026-43866 Apache Camel, Apache Camel: Camel JMS - CVE-2026-40860 fix bypass via DefaultExchangeHolder

Deserialization of Untrusted Data vulnerability in Apache Camel, Apache Camel JMS component. JmsBinding.extractBodyFromJms in camel-jms - and the equivalent JmsBinding in camel-sjms - deserializes the payload of an incoming JMS ObjectMessage via jakarta.jms.ObjectMessage.getObject whenever the...

6AI score0.00881EPSS
Exploits2References1
CVE
CVE
added 2026/07/06 8:35 a.m.20 views

CVE-2026-43866

Summary : CVE-2026-43866 is a deserialization bypass in Apache Camel JMS components. When mapJmsMessage is enabled, camel-jms (and camel-sjms and JMS-family components) deserialize JMS ObjectMessage payloads via ObjectMessage.getObject(). Although a post-deserialization allow-list was added in CV...

7.3CVSS6AI score0.00881EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2026/07/06 8:35 a.m.34 views

CVE-2026-43866 Apache Camel, Apache Camel: Camel JMS - CVE-2026-40860 fix bypass via DefaultExchangeHolder

Deserialization of Untrusted Data vulnerability in Apache Camel, Apache Camel JMS component. JmsBinding.extractBodyFromJms in camel-jms - and the equivalent JmsBinding in camel-sjms - deserializes the payload of an incoming JMS ObjectMessage via jakarta.jms.ObjectMessage.getObject whenever the...

0.00504EPSS
Exploits2References1
OSV
OSV
added 2026/07/06 8:35 a.m.6 views

CVE-2026-43866 Apache Camel, Apache Camel: Camel JMS - CVE-2026-40860 fix bypass via DefaultExchangeHolder

Deserialization of Untrusted Data vulnerability in Apache Camel, Apache Camel JMS component. JmsBinding.extractBodyFromJms in camel-jms - and the equivalent JmsBinding in camel-sjms - deserializes the payload of an incoming JMS ObjectMessage via jakarta.jms.ObjectMessage.getObject whenever the...

7.3CVSS6.1AI score0.00504EPSS
Exploits2References4
CVE
CVE
added 2026/07/06 8:11 a.m.14 views

CVE-2026-49099

Summary: CVE-2026-49099 affects the Apache Camel Salesforce component. Non-Camel header constants (e.g., sObjectQuery, apexUrl) bypass the HTTP header filter, allowing an unauthenticated HTTP client to influence internal behavior by setting operation parameters (SOQL/SOSL, SObject name/id, Apex U...

5.3CVSS6AI score0.00341EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/07/06 8:11 a.m.4 views

CVE-2026-49099 Apache Camel Salesforce: Non-Camel-prefixed Exchange header constants bypass the HTTP header filter, allowing an HTTP client to influence internal behaviour

Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection', Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel Salesforce Component. The camel-salesforce producer resolves its operation parameters - the SOQL query, the SOSL search,...

5.3CVSS6.1AI score0.00341EPSS
Exploits0References5
Circl
Circl
added 2026/07/06 8:2 a.m.9 views

CVE-2026-14807

creationtimestamp| type| source ---|---|--- 2026-07-06 08:02:04+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mpxmsdqm5f2s 2026-07-06 08:14:51+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpxnj6vp2d2n 2026-07-06 09:00:30+00:00| seen|...

9.8CVSS5.9AI score0.00463EPSS
Exploits0References6
Rows per page
Query Builder