Malicious code in exxpress-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 378e423b00c08a371fbae1c77360685d2277e502e9875caa53fb20f58a39f396 The package name exxpress-tool is a one-character edit of the widely-used express package. On npm install, the declared scripts.postinstall runs...

MAL-2026-3758 Malicious code in dotenvv-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 79fd33c6e511ab11f10b1dae91e2f083f486dd020bbf2dca5256eabc904f61b7 Package name dotenvv-tool impersonates the popular dotenv package; index.js is an admitted dummy stub "The real payload is in postinstall.js". The...

Deserialization Of Untrusted Data

Apache Camel is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to the DefaultLevelDBSerializer class deserializing data using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions, which allows an attacker to inject a crafted...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the DefaultLevelDBSerializer class. An attacker can execute arbitrary code by injecting a crafted serialized Java object into the LevelDB database files, which is then deserialized during normal...

org.apache.camel.karaf:camel-leveldb (>=4.10.3 <=4.10.7), org.apache.camel.karaf:camel-leveldb-test (>=4.10.3 <=4.10.7) +4 more potentially affected by CVE-2026-25747 via org.apache.camel:camel-leveldb (>=3.0.0 <=4.10.8)

org.apache.camel:camel-leveldb MAVEN version =3.0.0, =4.10.3, =4.10.3, =1.2.0, =1.2.0, =1.2.0, =3.0.0, =4.10.8 Source cves: CVE-2026-25747 Source advisory: OSV:GHSA-429Q-MRC4-38FR...

org.apache.camel.karaf:camel-leveldb (>=4.10.3 <=4.10.7), org.apache.camel.karaf:camel-leveldb-test (>=4.10.3 <=4.10.7) +4 more potentially affected by CVE-2026-25747 via org.apache.camel:camel-leveldb (>=3.0.0 <=4.10.8)

org.apache.camel:camel-leveldb MAVEN version =3.0.0, =4.10.3, =4.10.3, =1.2.0, =1.2.0, =1.2.0, =3.0.0, =4.10.8 Source cves: CVE-2026-25747 Source advisory: SNYK:JAVA-ORGAPACHECAMEL-15353482...

Apache Camel Deserializes Untrusted Data in its LevelDB Component

Deserialization of Untrusted Data vulnerability in Apache Camel LevelDB component. The Camel-LevelDB DefaultLevelDBSerializer class deserializes data read from the LevelDB aggregation repository using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. ...

GHSA-429Q-MRC4-38FR Apache Camel Deserializes Untrusted Data in its LevelDB Component

Deserialization of Untrusted Data vulnerability in Apache Camel LevelDB component. The Camel-LevelDB DefaultLevelDBSerializer class deserializes data read from the LevelDB aggregation repository using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. ...

CVE-2026-25747

Deserialization of Untrusted Data vulnerability in Apache Camel LevelDB component. The Camel-LevelDB DefaultLevelDBSerializer class deserializes data read from the LevelDB aggregation repository using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. ...

CVE-2026-25747

Deserialization of Untrusted Data vulnerability in Apache Camel LevelDB component. The Camel-LevelDB DefaultLevelDBSerializer class deserializes data read from the LevelDB aggregation repository using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. ...

CVE-2026-25747

CVE-2026-25747 describes a Deserialization of Untrusted Data vulnerability in the Apache Camel LevelDB component. The issue stems from the DefaultLevelDBSerializer using java.io.ObjectInputStream to read from the LevelDB aggregation repository without ObjectInputFilter or class-loading restrictio...

CVE-2026-25747

Deserialization of Untrusted Data vulnerability in Apache Camel LevelDB component. The Camel-LevelDB DefaultLevelDBSerializer class deserializes data read from the LevelDB aggregation repository using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. ...

CVE-2026-25747 Apache Camel LevelDB: Deserialization of Untrusted Data in Camel LevelDB

Deserialization of Untrusted Data vulnerability in Apache Camel LevelDB component. The Camel-LevelDB DefaultLevelDBSerializer class deserializes data read from the LevelDB aggregation repository using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. ...

CVE-2026-25747 Apache Camel LevelDB: Deserialization of Untrusted Data in Camel LevelDB

Deserialization of Untrusted Data vulnerability in Apache Camel LevelDB component. The Camel-LevelDB DefaultLevelDBSerializer class deserializes data read from the LevelDB aggregation repository using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. ...

Apache Camel 安全漏洞

Apache Camel is an open-source integration framework based on the Enterprise Integration Pattern EIP, developed by the Apache Foundation in the United States. This framework provides implementations of Java objects following the EIP pattern, and routing and mediation rules are configured through...

PT-2026-20653

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.10.0 through 4.10.7 Apache Camel versions 4.14.0 through 4.14.4 Apache Camel versions 4.15.0 through 4.17.9 Description The LevelDB component in Apache Camel contains a flaw where it deserializes data from the LevelDB...

PT-2026-20652

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.15.0 through 4.17.9 Description The Camel-Keycloak KeycloakSecurityPolicy does not validate the iss issuer claim of JWT tokens against the configured realm. This allows a token issued by one Keycloak realm to be silentl...

Exploit for CVE-2026-25747

LevelDB Deserialization Vulnerability Reproducer This project...

radio-paradise-api (=0.0.1), turkish-synonyms-api (=0.0.0) potentially affected by unknown CVE via memoize-with-leveldb (>=0.0.1 <=2.0.0)

memoize-with-leveldb NPM version =0.0.1, =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on memoize-with-leveldb and may be impacted: - radio-paradise-api =0.0.1 - turkish-synonyms-api =0.0.0 Source cves: unknown CVE Source advisory:...

memoize-with-leveldb (>=0.0.0 <=0.0.1), radio-paradise-api (>=0.0.0 <=0.0.1) potentially affected by unknown CVE via level-json-cache (>=0.0.0 <=2.0.0)

level-json-cache NPM version =0.0.0, =0.0.0, =0.0.0, =0.0.1 Source cves: unknown CVE Source advisory: OSV:MAL-2025-25200...