Lucene search
K

16 matches found

NVD
NVD
added 4 days ago7 views

CVE-2026-43866

Deserialization of Untrusted Data vulnerability in Apache Camel, Apache Camel JMS component. JmsBinding.extractBodyFromJms in camel-jms - and the equivalent JmsBinding in camel-sjms - deserializes the payload of an incoming JMS ObjectMessage via jakarta.jms.ObjectMessage.getObject whenever the...

7.3CVSS0.00504EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-41855

Deserialization of Untrusted Data vulnerability in Apache Camel, Apache Camel JMS component. JmsBinding.extractBodyFromJms in camel-jms - and the equivalent JmsBinding in camel-sjms - deserializes the payload of an incoming JMS ObjectMessage via jakarta.jms.ObjectMessage.getObject whenever the...

7.3CVSS6AI score0.00504EPSS
Exploits0References1
CVE
CVE
added 4 days ago15 views

CVE-2026-43866

Summary : CVE-2026-43866 is a deserialization bypass in Apache Camel JMS components. When mapJmsMessage is enabled, camel-jms (and camel-sjms and JMS-family components) deserialize JMS ObjectMessage payloads via ObjectMessage.getObject(). Although a post-deserialization allow-list was added in CV...

7.3CVSS6AI score0.00881EPSS
Exploits1References1Affected Software1
RedHat Linux
RedHat Linux
added 2026/05/14 4:55 p.m.12 views

Apache Camel: camel-jms: camel-sjms: camel-sjms2: camel-amqp: camel-activemq: camel-activemq6: Apache Camel: Remote Code Execution via deserialization of JMS ObjectMessage

A flaw was found in Apache Camel. A remote attacker could exploit a deserialization vulnerability by sending a specially crafted Java Message Service JMS ObjectMessage to a Camel application acting as a JMS consumer. This vulnerability arises because the application deserializes the message paylo...

9.8CVSS6.4AI score0.00881EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/04/27 8:3 a.m.33 views

CVE-2026-40860 Apache Camel: Unsafe Deserialization of JMS ObjectMessage in camel-jms, camel-sjms, camel-sjms2 and camel-amqp

JmsBinding.extractBodyFromJms in camel-jms, and the equivalent JmsBinding class in camel-sjms, deserialized the payload of incoming JMS ObjectMessage values via javax.jms.ObjectMessage.getObject without applying any ObjectInputFilter, class allowlist or class denylist. Because this code path is...

0.00881EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.15 views

PT-2026-35372

Name of the Vulnerable Software and Affected Versions Apache Camel versions 3.0.0 through 4.14.6 Apache Camel versions 4.15.0 through 4.18.1 Apache Camel versions 4.19.0 through 4.19.x Description The extractBodyFromJms function in camel-jms and the JmsBinding class in camel-sjms deserialize the...

9.8CVSS6.7AI score0.00881EPSS
Exploits1References15
Microsoft CVE
Microsoft CVE
added 2025/09/03 9:40 p.m.4 views

HDF5 H5Omessage.c H5O_msg_flush heap-based overflow

...

5.3CVSS7AI score0.00255EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/09/03 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2016-4974

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS AMQP 1.0 before 0.10.0 does not restrict the use of classes available on the classpath, which might allow...

7.5CVSS7.8AI score0.06192EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2018/05/14 8:51 p.m.5 views

Artemis: Deserialization of untrusted input vulnerability

It was found that use of a JMS ObjectMessage does not safely handle user supplied data when deserializing objects. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage...

7.2CVSS7.8AI score0.06924EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/05/14 8:36 p.m.5 views

Artemis: Deserialization of untrusted input vulnerability

It was found that use of a JMS ObjectMessage does not safely handle user supplied data when deserializing objects. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage...

7.2CVSS7.8AI score0.06924EPSS
Exploits0References4
OSV
OSV
added 2018/03/09 7:29 p.m.4 views

CVE-2016-0276

IBM Financial Transaction Manager FTM for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager FTM for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager FTM for Corporate Payment Services CPS for...

6.3CVSS7.6AI score0.01672EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2017/12/13 6:26 p.m.7 views

Artemis: Deserialization of untrusted input vulnerability

It was found that use of a JMS ObjectMessage does not safely handle user supplied data when deserializing objects. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage...

7.2CVSS7.8AI score0.06924EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/12/13 5:48 p.m.6 views

Artemis: Deserialization of untrusted input vulnerability

It was found that use of a JMS ObjectMessage does not safely handle user supplied data when deserializing objects. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage...

7.2CVSS7.8AI score0.06924EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2016/09/27 12:0 a.m.4 views

PT-2016-6204

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ Artemis versions prior to 1.4.0 Description The issue allows remote authenticated users with permission to send messages to the Artemis broker to deserialize arbitrary objects and execute arbitrary code by leveraging gadget...

7.2CVSS8.1AI score0.06924EPSS
Exploits0References32
OSV
OSV
added 2016/07/13 3:59 p.m.4 views

CVE-2016-4974

Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS AMQP 1.0 before 0.10.0 does not restrict the use of classes available on the classpath, which might allow remote authenticated users with permission to send messages to deserialize arbitrary objects and execute arbitrary code by leveraging a...

7.5CVSS6.1AI score0.06192EPSS
Exploits0References7
CNVD
CNVD
added 2016/01/12 12:0 a.m.6 views

Apache ActiveMQ Arbitrary Code Execution Vulnerability

Apache ActiveMQ is the United States Apache Apache Software Foundation developed a set of open source messaging middleware , which supports Java messaging services , clustering , Spring Framework and so on. Apache ActiveMQ 5.13.0 before 5.x version of a security vulnerability , the vulnerability...

9.8CVSS9.7AI score0.38191EPSS
Exploits4References1
Rows per page
Query Builder