Lucene search
K

196 matches found

NVD
NVD
added 2026/07/06 9:16 a.m.13 views

CVE-2026-43865

Deserialization of Untrusted Data vulnerability in Apache Camel Hazelcast component. The camel-hazelcast component creates and manages Hazelcast instances using a default configuration that applies no Java deserialization filter. When Camel builds the Hazelcast Config itself - that is, when no...

8.1CVSS0.00804EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/07/06 7:55 a.m.37 views

CVE-2026-43865 Apache Camel: Camel-Hazelcast: Unsafe Java deserialization in default-configured managed Hazelcast instances enables remote code execution

Deserialization of Untrusted Data vulnerability in Apache Camel Hazelcast component. The camel-hazelcast component creates and manages Hazelcast instances using a default configuration that applies no Java deserialization filter. When Camel builds the Hazelcast Config itself - that is, when no...

0.00804EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.12 views

PT-2026-55883

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.14.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description An issue exists where the default ObjectInputFilter pattern used for deserialization filtering in...

8.1CVSS6.1AI score0.00546EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.9 views

PT-2026-55884

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.0.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description The camel-hazelcast component manages Hazelcast instances using a default configuration that lacks a...

8.1CVSS6.5AI score0.00804EPSS
Exploits1References6
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/16 5:2 p.m.7 views

Security Bulletin: MongoDB Enterprised Advanced affected by: Improper Control of Generation of Code ('Code Injection') (CVE-2026-27830)

Summary There are vulnerabilities in c3p0-0.9.5.4.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-27830. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2026-27830 DESCRIPTION: c3p0, a JDBC Connection pooling library, is vulnerable to attack via...

8.9CVSS6.1AI score0.00534EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2026/05/18 12:12 p.m.13 views

com.mchange/mchange-commons-java: mchange-commons-java: Arbitrary code execution via JNDI dereferencing of crafted objects

A flaw was found in mchange-commons-java, a Java utility library. An attacker can exploit this vulnerability by providing a maliciously crafted javax.naming.Reference or serialized object to an application using the library. This can provoke the application to download and execute arbitrary...

9.8CVSS8AI score0.00812EPSS
Exploits1References8
OSV
OSV
added 2026/05/06 2:42 p.m.8 views

BIT-JAVA-MIN-2020-2756

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

4.3CVSS6.7AI score0.04211EPSS
Exploits0References16
Vulnrichment
Vulnrichment
added 2026/04/27 9:59 a.m.12 views

CVE-2026-27172 Apache Camel: Unsafe Java deserialization in camel-consul ConsulRegistry allows arbitrary code execution via malicious values read from the Consul KV store

The ConsulRegistry in the camel-consul component class org.apache.camel.component.consul.ConsulRegistry and its inner ConsulRegistryUtils.deserialize method read Java-serialized values from the Consul KV store and passed them to ObjectInputStream.readObject without configuring an ObjectInputFilte...

6.2AI score0.00667EPSS
Exploits1References1
CVE
CVE
added 2026/04/27 9:38 a.m.33 views

CVE-2026-40858

CVE-2026-40858 – Apache Camel: Camel-Infinispan insecure deserialization The camel-infinispan component’s ProtoStream-based remote aggregation repository deserializes data read from a remote Infinispan cache using java.io.ObjectInputStream without ObjectInputFilter. An attacker who can write to t...

8.8CVSS6.6AI score0.00711EPSS
Exploits2References6Affected Software1
SUSE CVE
SUSE CVE
added 2026/02/27 12:24 a.m.16 views

SUSE CVE-2026-27830

c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and javax.naming.Reference instances. Several c3p0 ConnectionPoolDataSource implementations have a property called userOverridesAsString which conceptually represents a Map. Prior to...

8CVSS6AI score0.00534EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/02/26 12:0 a.m.6 views

CVE-2026-27830

c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and javax.naming.Reference instances. Several c3p0 ConnectionPoolDataSource implementations have a property called userOverridesAsString which conceptually represents a Map. Prior to...

8.9CVSS6.2AI score0.00534EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.9 views

PT-2026-22063

Name of the Vulnerable Software and Affected Versions c3p0 versions prior to 0.12.0 Description c3p0, a JDBC Connection pooling library, is susceptible to attack through maliciously crafted Java-serialized objects and javax.naming.Reference instances. Specifically, the userOverridesAsString...

9.8CVSS6.3AI score0.00812EPSS
Exploits1References23
RedhatCVE
RedhatCVE
added 2026/01/09 11:27 a.m.8 views

CVE-2021-33806

The BDew BdLib library before 1.16.1.7 for Minecraft allows remote code execution because it deserializes untrusted data in ObjectInputStream.readObject as part of its use of Java serialization...

9.8CVSS8AI score0.02981EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:50 a.m.6 views

CVE-2020-24164

A deserialization flaw is present in Taoensso Nippy before 2.14.2. In some circumstances, it is possible for an attacker to create a malicious payload that, when deserialized, will allow arbitrary code to be executed. This occurs because there is automatic use of the Java Serializable interface...

7.8CVSS7.3AI score0.01114EPSS
Exploits0References1
NVD
NVD
added 2025/12/28 3:15 a.m.13 views

CVE-2025-15117

A weakness has been identified in Dromara Sa-Token up to 1.44.0. This affects the function ObjectInputStream.readObject of the file SaJdkSerializer.java. Executing manipulation can lead to deserialization. The attack may be launched remotely. This attack is characterized by high complexity. It is...

3.1CVSS0.00271EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/19 12:0 a.m.15 views

PT-2025-52439

Name of the Vulnerable Software and Affected Versions Apache NiFi versions 1.20.0 through 2.6.0 Description The GetAsanaObject Processor in Apache NiFi utilizes a Distribute Map Cache Client Service for state management. This processor employs Java Object serialization and deserialization without...

8.8CVSS6.3AI score0.00435EPSS
Exploits0References13
EUVD
EUVD
added 2025/10/07 12:30 a.m.18 views

EUVD-2017-18298

Malware in sbrugna...

9.8CVSS9.5AI score0.03291EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.51 views

EUVD-2021-1660

Malware in sbrugna...

9.8CVSS9.4AI score0.04115EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2018-18092

Malware in sbrugna...

9.8CVSS9.5AI score0.02452EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-20483

Malware in sbrugna...

9.8CVSS9.4AI score0.02981EPSS
Exploits0References5
Rows per page
Query Builder