Lucene search
K

4966 matches found

Cvelist
Cvelist
added 2 days ago32 views

CVE-2026-54115 Windows Message Queuing (MSMQ) Elevation of Privilege Vulnerability

...

7.8CVSS0.00318EPSS
Exploits0References1
CVE
CVE
added 2 days ago6 views

CVE-2026-50505

CVE-2026-50505 is a Windows Message Queuing (MSMQ) remote code execution vulnerability described as a use-after-free in MSMQ that could allow an authorized attacker to execute code over a network. Public sources (MSRC update guidance) confirm updates addressing this issue and advise applying the ...

7.5CVSS6.2AI score0.00476EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 3 days ago4 views

CVE-2026-58251

A flaw was found in NATS Server, a high-performance messaging system. An authenticated user with specific permissions could bypass security rules designed to deny access to certain message subjects. This bypass occurs when a queue subscription is used, allowing the user to access information that...

6.5CVSS6AI score0.00463EPSS
Exploits0References10
Microsoft CVE
Microsoft CVE
added 5 days ago3 views

NATS Server: Queue Subscribe Authz Bypass

...

6.5CVSS6.1AI score0.00463EPSS
Exploits0
OSV
OSV
added 6 days ago3 views

UBUNTU-CVE-2026-57218

RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, RabbitMQ AMQP 0-9-1 allows an existing consumer to keep receiving messages after OAuth token expiry or connection.updatesecret refresh to reduced scopes because existing consumers are not canceled or reauthorized at delivery time after...

6.5CVSS6.1AI score0.00321EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added last week4 views

netty: io.netty/netty-codec-mqtt: Netty: Denial of Service due to excessive resource consumption from crafted MQTT 5 header

A flaw was found in Netty, an asynchronous event-driven network application framework. A remote attacker can exploit this vulnerability by sending a crafted MQTT 5 header with an oversized Properties section. This causes Netty to repeatedly parse and buffer the large Properties section in memory...

7.5CVSS6.8AI score0.00455EPSS
Exploits0References5
Snyk
Snyk
added 2026/07/08 10:38 p.m.6 views

Uncaught Exception

Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Uncaught Exception in the WebSocket listener routing, which dispatches requests for the...

8.2CVSS6.1AI score0.00593EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/07/08 6:30 a.m.7 views

CVE-2026-43866

A flaw was found in Apache Camel JMS components. A remote attacker can exploit a deserialization vulnerability by sending a specially crafted ObjectMessage to a queue or topic consumed by an affected Camel application. This bypasses existing security checks, allowing the attacker to inject...

8.1CVSS6AI score0.00504EPSS
Exploits2References4
Snyk
Snyk
added 2026/07/06 10:36 a.m.6 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the JmsBinding.extractBodyFromJms process when handling JMS ObjectMessages with the mapJmsMessage option enabled. An attacker can inject arbitrary Exchange state by publishing a crafted ObjectMessage...

9.8CVSS6AI score0.00504EPSS
Exploits2References2
Snyk
Snyk
added 2026/07/06 10:36 a.m.4 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the JmsBinding.extractBodyFromJms process when handling JMS ObjectMessages with the mapJmsMessage option enabled. An attacker can inject arbitrary Exchange state by publishing a crafted ObjectMessage...

9.8CVSS6AI score0.00504EPSS
Exploits2References2
EUVD
EUVD
added 2026/07/06 8:35 a.m.6 views

EUVD-2026-41855

Deserialization of Untrusted Data vulnerability in Apache Camel, Apache Camel JMS component. JmsBinding.extractBodyFromJms in camel-jms - and the equivalent JmsBinding in camel-sjms - deserializes the payload of an incoming JMS ObjectMessage via jakarta.jms.ObjectMessage.getObject whenever the...

7.3CVSS6AI score0.00504EPSS
Exploits2References1
Cvelist
Cvelist
added 2026/07/06 7:57 a.m.30 views

CVE-2026-46457 Apache Camel: Camel-NATS: Inbound NATS message headers are mapped into the Exchange without a configured HeaderFilterStrategy, allowing a client that can publish to the subject to inject Camel control headers

Improper Input Validation vulnerability in Apache Camel NATS component. The camel-nats component maps inbound NATS message headers into the Camel Exchange but defaulted its headerFilterStrategy to a bare new DefaultHeaderFilterStrategy with no inbound rules configured NatsConfiguration. With no...

0.00423EPSS
Exploits1References1
OSV
OSV
added 2026/07/06 7:55 a.m.7 views

CVE-2026-42527 Apache Camel: Permissive default ObjectInputFilter pattern admits java.net.** and enables DNS-based information disclosure

Deserialization of Untrusted Data vulnerability in Apache Camel. The default ObjectInputFilter pattern shipped with several Apache Camel components for defense-in-depth deserialization filtering 'java.;javax.;org.apache.camel.;!', or the no-'javax.' variant in the aggregation-repository component...

8.1CVSS6.1AI score0.00546EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/07/01 9:0 p.m.38 views

CVE-2026-55660 TinaCMS: Cross-origin postMessage handlers and rich-text URL-sanitization bypass enable stored XSS and session takeover

Tina is a headless content management system. In versions prior to @tinacms/app 2.5.6 and tinacms 3.9.3, cross-origin postMessage handlers and a rich-text URL-sanitization bypass enable stored XSS and session takeover. The library registers window message listeners — the useTina overlay handler,...

7.6CVSS0.00196EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 7:56 a.m.24 views

CVE-2026-10538

This CVE affects Control-M components (Control-M/Server and Control-M/Enterprise Manager) with a deserialization vulnerability in the messaging consumer. The issue arises from deserializing user-controlled data without strict control of allowed object types in versions 9.0.20.x and potentially ea...

8.9CVSS5.8AI score0.00246EPSS
Exploits0References1
OSV
OSV
added 2026/07/01 2:17 a.m.4 views

UBUNTU-CVE-2026-57963

An attacker who can send HTML chat messages via Matrix or XMPP can inject arbitrary styled content, phishing links, and CSS that manipulates the chat UI. This vulnerability was fixed in Thunderbird 152.0.1 and Thunderbird 140.12.1...

6.5CVSS5.9AI score0.00181EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/30 4:15 p.m.8 views

EUVD-2022-52713

RabbitMQ has predictable credential obfuscation seed value used in Shovel and Federation plugins...

7.5CVSS7.1AI score0.00307EPSS
Exploits0References4
OSV
OSV
added 2026/06/29 4:50 p.m.8 views

MAL-2026-6640 Malicious code in @rakuten-rewards/messaging-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5881076c822a732d6344ff3614bf7437722ca46d9d5f5dbdf3105586fa078dd4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/06/29 4:50 p.m.12 views

MAL-2026-6641 Malicious code in @rakuten-rewards/messaging-sdk-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a7fc8243854c9528882d45c044a4a7c7ce2ad94143a84f135b2b98cb536ce2f8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:50 p.m.11 views

Malicious code in @rakuten-rewards/messaging-sdk-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a7fc8243854c9528882d45c044a4a7c7ce2ad94143a84f135b2b98cb536ce2f8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
Rows per page
Query Builder