Lucene search
K

11 matches found

Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-56303 Capgo - Unauthenticated API Key Metadata Disclosure via SECURITY DEFINER RPC Function

Capgo before 12.128.2 contains an information disclosure vulnerability in the findapikeybyvalue PostgreSQL function marked SECURITY DEFINER and executable by the anon role. Unauthenticated attackers can call this function via the /rest/v1/rpc/findapikeybyvalue endpoint to retrieve sensitive API k...

8.7CVSS0.00302EPSS
Exploits0References2
CVE
CVE
added 4 days ago16 views

CVE-2026-56303

Capgo before 12.128.2 contains an information disclosure in the PostgreSQL function find_apikey_by_value (marked SECURITY DEFINER) that can be executed by the anon role. An unauthenticated caller can hit the /rest/v1/rpc/find_apikey_by_value endpoint to retrieve API key metadata such as user_id, ...

8.7CVSS6.1AI score0.00302EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-43171

Capgo before 12.128.2 contains an information disclosure vulnerability in the findapikeybyvalue PostgreSQL function marked SECURITY DEFINER and executable by the anon role. Unauthenticated attackers can call this function via the /rest/v1/rpc/findapikeybyvalue endpoint to retrieve sensitive API k...

8.7CVSS6.1AI score0.00302EPSS
Exploits0References2
OSV
OSV
added 4 days ago2 views

CVE-2026-56303 Capgo - Unauthenticated API Key Metadata Disclosure via SECURITY DEFINER RPC Function

Capgo before 12.128.2 contains an information disclosure vulnerability in the findapikeybyvalue PostgreSQL function marked SECURITY DEFINER and executable by the anon role. Unauthenticated attackers can call this function via the /rest/v1/rpc/findapikeybyvalue endpoint to retrieve sensitive API k...

8.7CVSS6.1AI score0.00302EPSS
Exploits0References4
CVE
CVE
added 2026/07/06 8:24 a.m.23 views

CVE-2026-43867

The CVE concerns Apache Camel’s PQC component where AwsSecretsManagerKeyLifecycleManager.deserializeMetadata() Base64-decodes and deserializes persisted KeyMetadata via a raw java.io.ObjectInputStream.readObject() without an ObjectInputFilter or class allow-list. A user who can write to the confi...

9.8CVSS6.4AI score0.00691EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/07/06 8:24 a.m.3 views

CVE-2026-43867 Apache Camel: Camel-PQC: The AWS Secrets Manager key-lifecycle manager deserializes persisted key metadata with java.io.ObjectInputStream and no ObjectInputFilter

Deserialization of Untrusted Data vulnerability in Apache Camel PQC Component. The camel-pqc component persists post-quantum key metadata KeyMetadata through pluggable KeyLifecycleManager implementations. AwsSecretsManagerKeyLifecycleManager.deserializeMetadata reads that metadata back from the...

9.8CVSS6.4AI score0.00691EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/07/06 8:3 a.m.7 views

CVE-2026-46590

Deserialization of Untrusted Data vulnerability in Apache Camel PQC component. The camel-pqc component persists post-quantum key metadata KeyMetadata through pluggable KeyLifecycleManager implementations. HashicorpVaultKeyLifecycleManager and AwsSecretsManagerKeyLifecycleManager read that metadat...

6.4AI score0.00485EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/07/06 8:3 a.m.16 views

CVE-2026-46590

CVE-2026-46590 (Apache Camel-PQC) describes a deserialization of untrusted data issue in the camel-pqc component. Hashicorp Vault and AWS Secrets Manager key lifecycle managers deserialize a Base64-wrapped value via java.io.ObjectInputStream.readObject() without an ObjectInputFilter or class allo...

8.8CVSS6.4AI score0.00485EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.9 views

PT-2026-55895

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.18.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.x Description Deserialization of untrusted data in the Apache Camel PQC component occurs when HashicorpVaultKeyLifecycleManager,...

8.8CVSS6.7AI score0.00485EPSS
Exploits1References5
NVD
NVD
added 2026/06/11 9:16 p.m.12 views

CVE-2026-41005

Cloud Foundry UAA incorrectly treated XML encryption to the Service Provider confidentiality as a substitute for XML signatures from the Identity Provider authenticity in two SAML flows: the OAuth 2.0 SAML2 bearer grant token endpoint and browser SSO ACS when wantAssertionSigned is set to false...

9CVSS0.00131EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.10 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the STK authentication status in the Bluetooth SMP protocol not correctly reflecting the MITM status, which...

8.8CVSS5.8AI score0.00282EPSS
Exploits0References1
Rows per page
Query Builder