11 matches found
CVE-2026-56303 Capgo - Unauthenticated API Key Metadata Disclosure via SECURITY DEFINER RPC Function
Capgo before 12.128.2 contains an information disclosure vulnerability in the findapikeybyvalue PostgreSQL function marked SECURITY DEFINER and executable by the anon role. Unauthenticated attackers can call this function via the /rest/v1/rpc/findapikeybyvalue endpoint to retrieve sensitive API k...
CVE-2026-56303
Capgo before 12.128.2 contains an information disclosure in the PostgreSQL function find_apikey_by_value (marked SECURITY DEFINER) that can be executed by the anon role. An unauthenticated caller can hit the /rest/v1/rpc/find_apikey_by_value endpoint to retrieve API key metadata such as user_id, ...
EUVD-2026-43171
Capgo before 12.128.2 contains an information disclosure vulnerability in the findapikeybyvalue PostgreSQL function marked SECURITY DEFINER and executable by the anon role. Unauthenticated attackers can call this function via the /rest/v1/rpc/findapikeybyvalue endpoint to retrieve sensitive API k...
CVE-2026-56303 Capgo - Unauthenticated API Key Metadata Disclosure via SECURITY DEFINER RPC Function
Capgo before 12.128.2 contains an information disclosure vulnerability in the findapikeybyvalue PostgreSQL function marked SECURITY DEFINER and executable by the anon role. Unauthenticated attackers can call this function via the /rest/v1/rpc/findapikeybyvalue endpoint to retrieve sensitive API k...
CVE-2026-43867
The CVE concerns Apache Camel’s PQC component where AwsSecretsManagerKeyLifecycleManager.deserializeMetadata() Base64-decodes and deserializes persisted KeyMetadata via a raw java.io.ObjectInputStream.readObject() without an ObjectInputFilter or class allow-list. A user who can write to the confi...
CVE-2026-43867 Apache Camel: Camel-PQC: The AWS Secrets Manager key-lifecycle manager deserializes persisted key metadata with java.io.ObjectInputStream and no ObjectInputFilter
Deserialization of Untrusted Data vulnerability in Apache Camel PQC Component. The camel-pqc component persists post-quantum key metadata KeyMetadata through pluggable KeyLifecycleManager implementations. AwsSecretsManagerKeyLifecycleManager.deserializeMetadata reads that metadata back from the...
CVE-2026-46590
Deserialization of Untrusted Data vulnerability in Apache Camel PQC component. The camel-pqc component persists post-quantum key metadata KeyMetadata through pluggable KeyLifecycleManager implementations. HashicorpVaultKeyLifecycleManager and AwsSecretsManagerKeyLifecycleManager read that metadat...
CVE-2026-46590
CVE-2026-46590 (Apache Camel-PQC) describes a deserialization of untrusted data issue in the camel-pqc component. Hashicorp Vault and AWS Secrets Manager key lifecycle managers deserialize a Base64-wrapped value via java.io.ObjectInputStream.readObject() without an ObjectInputFilter or class allo...
PT-2026-55895
Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.18.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.x Description Deserialization of untrusted data in the Apache Camel PQC component occurs when HashicorpVaultKeyLifecycleManager,...
CVE-2026-41005
Cloud Foundry UAA incorrectly treated XML encryption to the Service Provider confidentiality as a substitute for XML signatures from the Identity Provider authenticity in two SAML flows: the OAuth 2.0 SAML2 bearer grant token endpoint and browser SSO ACS when wantAssertionSigned is set to false...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the STK authentication status in the Bluetooth SMP protocol not correctly reflecting the MITM status, which...