Lucene search
+L

390 matches found

vulnersOsv
vulnersOsv
added 2026/04/27 10:14 a.m.7 views

com.github.niupengyu.schedule:ahead-schedule-distributed (>=1.2.6-RELEASE <=1.2.8-RELEASE), com.github.niupengyu:ahead-frame-socket (>=1.2.1-RELEASE <=1.2.3-RELEASE) +40 more potentially affected by CVE-2026-41635 via org.apache.mina:mina-core (>=2.1.0 <=2.1.10)

org.apache.mina:mina-core MAVEN version =2.1.0, =1.2.6-RELEASE, =1.2.1-RELEASE, =2.2.1, =2.2.1, =3.0.0, =1.0.0, =3.0.11, =3.6.7, =3.6.7, =3.6.7, =3.6.10 and more Source cves: CVE-2026-41635 Source advisory: SNYK:JAVA-ORGAPACHEMINA-16322972...

9.8CVSS5.8AI score0.0064EPSS
Exploits0
Snyk
Snyk
added 2026/04/27 10:14 a.m.13 views

Deserialization of Untrusted Data

Overview org.apache.mina:mina-core is a network application framework which helps users develop high performance and high scalability network applications easily. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the resolveClass function in AbstractIoBuffe...

9.8CVSS6.3AI score0.0064EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/04/27 9:34 a.m.9 views

org.apache.camel.kafkaconnector:camel-mina-kafka-connector (>=0.1.0 <=0.11.5), org.apache.camel.karaf:camel-mina (>=4.10.3 <=4.14.5) +4 more potentially affected by CVE-2026-40473 via org.apache.camel:camel-mina (>=3.0.0 <=4.14.5)

org.apache.camel:camel-mina MAVEN version =3.0.0, =0.1.0, =4.10.3, =3.0.0, =4.0-20200713, =4.0-20200713, =4.0-20200713, =4.3.2 Source cves: CVE-2026-40473 Source advisory: OSV:GHSA-VPR3-2659-RW55...

8.8CVSS5.8AI score0.00926EPSS
Exploits2
vulnersOsv
vulnersOsv
added 2026/04/27 9:34 a.m.8 views

au.com.versent.jenkins.plugins:ignore-committer-strategy (>=37.v0d3157c4a_ef8 <=57.v0756db_b_f6926), be.mogo.iam:mogo-provisioning (>=1.0.1.RELEASE <=1.1.7.RELEASE) +898 more potentially affected by CVE-2026-41635 via org.apache.mina:mina-core (>=2.0.0 <=2.0.27)

org.apache.mina:mina-core MAVEN version =2.0.0, =37.v0d3157c4aef8, =1.0.1.RELEASE, =1.1.8.RELEASE, =1.1.5.RELEASE, =1.0.0.RELEASE, =1.0.0.RELEASE, =1.0.0.RELEASE, =1.0.2.RELEASE, =2.0.0, =1.0.7, =1.1.6, =1.1.0, =1.0.0, =1.1.0, =5.1.3 and more Source cves: CVE-2026-41635 Source advisory:...

9.8CVSS5.8AI score0.0064EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/27 9:34 a.m.11 views

com.github.niupengyu.schedule:ahead-schedule-distributed (>=1.2.6-RELEASE <=1.2.8-RELEASE), com.github.niupengyu:ahead-frame-socket (>=1.2.1-RELEASE <=1.2.3-RELEASE) +40 more potentially affected by CVE-2026-41635 via org.apache.mina:mina-core (>=2.1.0 <=2.1.10)

org.apache.mina:mina-core MAVEN version =2.1.0, =1.2.6-RELEASE, =1.2.1-RELEASE, =2.2.1, =2.2.1, =3.0.0, =1.0.0, =3.0.11, =3.6.7, =3.6.7, =3.6.7, =3.6.10 and more Source cves: CVE-2026-41635 Source advisory: OSV:GHSA-8297-V2RF-2P32...

9.8CVSS5.8AI score0.0064EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/27 9:34 a.m.13 views

ai.h2o:sparkling-water-core_2.11 (>=3.46.0.1-1-2.3 <=3.46.0.6-1-2.4), ai.h2o:sparkling-water-core_2.12 (>=3.46.0.1-1-3.0 <=3.46.0.6-1-3.5) +762 more potentially affected by CVE-2026-41635 via org.apache.mina:mina-core (>=2.2.0 <=2.2.5)

org.apache.mina:mina-core MAVEN version =2.2.0, =3.46.0.1-1-2.3, =3.46.0.1-1-3.0, =3.46.0.1-1-2.3, =3.46.0.1-1-3.0, =3.46.0.1-1-2.3, =3.46.0.1-1-3.0, =3.46.0.1-1-2.3, =3.46.0.1-1-3.0, =1.5.4.RELEASE, =0.0.2, =3.0.0, =1.0.9, =1.6.9, =1.2.5, =1.1.7, =1.2.8 and more Source cves: CVE-2026-41635 Sourc...

9.8CVSS6.5AI score0.0064EPSS
Exploits0
OSV
OSV
added 2026/04/27 9:34 a.m.12 views

GHSA-VPR3-2659-RW55 Camel-MINA Vulnerable to Deserialization of Untrusted Data

The camel-mina component's MinaConverter.toObjectInputIoBuffer type converter wraps an IoBuffer in a java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. When a Camel route uses camel-mina as a TCP or UDP consumer and requests conversion to ObjectInput f...

8.8CVSS6.3AI score0.00926EPSS
Exploits2References11
OSV
OSV
added 2026/04/27 9:34 a.m.7 views

GHSA-8297-V2RF-2P32 Apache MINA vulnerable to Deserialization of Untrusted Data

Apache MINA's AbstractIoBuffer.resolveClass contains two branches, one of them for static classes or primitive types does not check the class at all, bypassing the classname allowlist and allowing arbitrary code to be executed. The fix checks if the class is present in the accepted class...

9.8CVSS6AI score0.0064EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/27 9:34 a.m.11 views

Camel-MINA Vulnerable to Deserialization of Untrusted Data

The camel-mina component's MinaConverter.toObjectInputIoBuffer type converter wraps an IoBuffer in a java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. When a Camel route uses camel-mina as a TCP or UDP consumer and requests conversion to ObjectInput f...

8.8CVSS6.3AI score0.00926EPSS
Exploits2References11Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/27 9:20 a.m.5 views

CVE-2026-41409 Apache MINA: CWE-502 Deserialization of Untrusted Data

The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject was incomplete. The classname allowlist of classes allowed to be deserialized was applied too late after a static initializer in a class to be read might already have been executed. Affected versions are Apache MINA 2.0.0 =...

9.8CVSS5.2AI score0.00451EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/04/27 9:20 a.m.13 views

CVE-2026-41409

The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject was incomplete. The classname allowlist of classes allowed to be deserialized was applied too late after a static initializer in a class to be read might already have been executed. Affected versions are Apache MINA 2.0.0 =...

9.8CVSS5.3AI score0.00451EPSS
Exploits0
CVE
CVE
added 2026/04/27 9:20 a.m.51 views

CVE-2026-41409

Apache MINA is affected by CVE-2026-41409 due to an incomplete fix for CVE-2024-52046 in AbstractIoBuffer.getObject(). The classname allowlist for deserialization was enforced too late after a class static initializer could already run. Affected versions: MINA 2.0.0–2.0.27, 2.1.0–2.1.10, 2.2.0–2....

9.8CVSS5.3AI score0.00451EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/04/27 9:20 a.m.53 views

CVE-2026-41409 Apache MINA: CWE-502 Deserialization of Untrusted Data

The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject was incomplete. The classname allowlist of classes allowed to be deserialized was applied too late after a static initializer in a class to be read might already have been executed. Affected versions are Apache MINA 2.0.0 =...

9.8CVSS0.00451EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/27 9:20 a.m.7 views

EUVD-2026-25809

The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject was incomplete. The classname allowlist of classes allowed to be deserialized was applied too late after a static initializer in a class to be read might already have been executed. Affected versions are Apache MINA 2.0.0 =...

10CVSS7.4AI score0.23932EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/27 9:20 a.m.9 views

CVE-2026-41409

The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject was incomplete. The classname allowlist of classes allowed to be deserialized was applied too late after a static initializer in a class to be read might already have been executed. Affected versions are Apache MINA 2.0.0 =...

10CVSS7.4AI score0.23932EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/04/27 9:20 a.m.2 views

CVE-2026-41409 Apache MINA: CWE-502 Deserialization of Untrusted Data

The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject was incomplete. The classname allowlist of classes allowed to be deserialized was applied too late after a static initializer in a class to be read might already have been executed. Affected versions are Apache MINA 2.0.0 =...

9.8CVSS6.7AI score0.00451EPSS
Exploits0References4
NVD
NVD
added 2026/04/27 9:16 a.m.10 views

CVE-2026-41635

Apache MINA's AbstractIoBuffer.resolveClass contains two branches, one of them for static classes or primitive types does not check the class at all, bypassing the classname allowlist and allowing arbitrary code to be executed. The fix checks if the class is present in the accepted class...

9.8CVSS0.0064EPSS
Exploits0References2
OSV
OSV
added 2026/04/27 9:16 a.m.13 views

DEBIAN-CVE-2026-41635

Apache MINA's AbstractIoBuffer.resolveClass contains two branches, one of them for static classes or primitive types does not check the class at all, bypassing the classname allowlist and allowing arbitrary code to be executed. The fix checks if the class is present in the accepted class...

9.8CVSS5.7AI score0.0064EPSS
Exploits0References1
NVD
NVD
added 2026/04/27 9:16 a.m.7 views

CVE-2026-40473

The camel-mina component's MinaConverter.toObjectInputIoBuffer type converter wraps an IoBuffer in a java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. When a Camel route uses camel-mina as a TCP or UDP consumer and requests conversion to ObjectInput f...

8.8CVSS0.00926EPSS
Exploits2References5
UbuntuCve
UbuntuCve
added 2026/04/27 9:16 a.m.7 views

CVE-2026-41635

Apache MINA's AbstractIoBuffer.resolveClass contains two branches, one of them for static classes or primitive types does not check the class at all, bypassing the classname allowlist and allowing arbitrary code to be executed. The fix checks if the class is present in the accepted class...

9.8CVSS6.1AI score0.0064EPSS
Exploits0References2
Rows per page
Query Builder