15946 matches found
OPENSUSE-SU-2026:21247-1 Security update for docker-compose
This update for docker-compose fixes the following issues - CVE-2025-0495: buildx: credential leakage to telemetry endpoints when credentials allowed to be set as attribute values in cache-to/cache-from configuration bsc1239766. - CVE-2025-22869: golang.org/x/crypto/ssh: Denial of Service in the...
CVE-2026-4375
creationtimestamp| type| source ---|---|--- 2026-07-07 07:30:27+00:00| seen| https://infosec.exchange/users/offseq/statuses/116877520158002101 2026-07-07 07:30:28+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mq23iqtn2r2u 2026-07-07 14:12:06+00:00| seen|...
CVE-2026-25268
creationtimestamp| type| source ---|---|--- 2026-07-06 21:16:39+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116875106650288268 2026-07-06 21:17:22+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpyzah6sux2v 2026-07-07 16:45:20+00:00| seen|...
CVE-2026-21369
creationtimestamp| type| source ---|---|--- 2026-07-06 21:03:20+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116875054272966899...
CVE-2025-59617
creationtimestamp| type| source ---|---|--- 2026-07-06 20:49:38+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116875000406618760...
CVE-2026-21384
creationtimestamp| type| source ---|---|--- 2026-07-06 20:36:11+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116874947514751520...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the JmsBinding.extractBodyFromJms process when handling JMS ObjectMessages with the mapJmsMessage option enabled. An attacker can inject arbitrary Exchange state by publishing a crafted ObjectMessage...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the JmsBinding.extractBodyFromJms process when handling JMS ObjectMessages with the mapJmsMessage option enabled. An attacker can inject arbitrary Exchange state by publishing a crafted ObjectMessage...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the JmsBinding.extractBodyFromJms process when handling JMS ObjectMessages with the mapJmsMessage option enabled. An attacker can inject arbitrary Exchange state by publishing a crafted ObjectMessage...
CVE-2026-12686
creationtimestamp| type| source ---|---|--- 2026-07-06 10:30:28+00:00| seen| https://infosec.exchange/users/offseq/statuses/116872565768512647 2026-07-06 10:30:30+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mpxv3qz2ph2g 2026-07-06 12:08:04+00:00| seen|...
CVE-2026-43866
Deserialization of Untrusted Data vulnerability in Apache Camel, Apache Camel JMS component. JmsBinding.extractBodyFromJms in camel-jms - and the equivalent JmsBinding in camel-sjms - deserializes the payload of an incoming JMS ObjectMessage via jakarta.jms.ObjectMessage.getObject whenever the...
CVE-2026-43866
Deserialization of Untrusted Data vulnerability in Apache Camel, Apache Camel JMS component. JmsBinding.extractBodyFromJms in camel-jms - and the equivalent JmsBinding in camel-sjms - deserializes the payload of an incoming JMS ObjectMessage via jakarta.jms.ObjectMessage.getObject whenever the...
EUVD-2026-41855
Deserialization of Untrusted Data vulnerability in Apache Camel, Apache Camel JMS component. JmsBinding.extractBodyFromJms in camel-jms - and the equivalent JmsBinding in camel-sjms - deserializes the payload of an incoming JMS ObjectMessage via jakarta.jms.ObjectMessage.getObject whenever the...
CVE-2026-43866 Apache Camel, Apache Camel: Camel JMS - CVE-2026-40860 fix bypass via DefaultExchangeHolder
Deserialization of Untrusted Data vulnerability in Apache Camel, Apache Camel JMS component. JmsBinding.extractBodyFromJms in camel-jms - and the equivalent JmsBinding in camel-sjms - deserializes the payload of an incoming JMS ObjectMessage via jakarta.jms.ObjectMessage.getObject whenever the...
CVE-2026-43866
Summary : CVE-2026-43866 is a deserialization bypass in Apache Camel JMS components. When mapJmsMessage is enabled, camel-jms (and camel-sjms and JMS-family components) deserialize JMS ObjectMessage payloads via ObjectMessage.getObject(). Although a post-deserialization allow-list was added in CV...
CVE-2026-43866 Apache Camel, Apache Camel: Camel JMS - CVE-2026-40860 fix bypass via DefaultExchangeHolder
Deserialization of Untrusted Data vulnerability in Apache Camel, Apache Camel JMS component. JmsBinding.extractBodyFromJms in camel-jms - and the equivalent JmsBinding in camel-sjms - deserializes the payload of an incoming JMS ObjectMessage via jakarta.jms.ObjectMessage.getObject whenever the...
CVE-2026-43866 Apache Camel, Apache Camel: Camel JMS - CVE-2026-40860 fix bypass via DefaultExchangeHolder
Deserialization of Untrusted Data vulnerability in Apache Camel, Apache Camel JMS component. JmsBinding.extractBodyFromJms in camel-jms - and the equivalent JmsBinding in camel-sjms - deserializes the payload of an incoming JMS ObjectMessage via jakarta.jms.ObjectMessage.getObject whenever the...
CVE-2026-49099
Summary: CVE-2026-49099 affects the Apache Camel Salesforce component. Non-Camel header constants (e.g., sObjectQuery, apexUrl) bypass the HTTP header filter, allowing an unauthenticated HTTP client to influence internal behavior by setting operation parameters (SOQL/SOSL, SObject name/id, Apex U...
CVE-2026-49099 Apache Camel Salesforce: Non-Camel-prefixed Exchange header constants bypass the HTTP header filter, allowing an HTTP client to influence internal behaviour
Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection', Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel Salesforce Component. The camel-salesforce producer resolves its operation parameters - the SOQL query, the SOSL search,...
CVE-2026-14807
creationtimestamp| type| source ---|---|--- 2026-07-06 08:02:04+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mpxmsdqm5f2s 2026-07-06 08:14:51+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpxnj6vp2d2n 2026-07-06 09:00:30+00:00| seen|...