Lucene search
K

24 matches found

EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-41834

Deserialization of Untrusted Data vulnerability in Apache Camel PQC component. The camel-pqc component persists post-quantum key metadata KeyMetadata through pluggable KeyLifecycleManager implementations. HashicorpVaultKeyLifecycleManager and AwsSecretsManagerKeyLifecycleManager read that metadat...

6.4AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 6 days ago7 views

Linux Distros Unpatched Vulnerability : CVE-2026-7531

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 released in 5.9.1: a malicious TLS 1.3 server sending a...

9.8CVSS6AI score0.00346EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 8:17 p.m.7 views

CVE-2026-7531

Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 released in 5.9.1: a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory...

9.8CVSS0.00346EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 8:17 p.m.3 views

DEBIAN-CVE-2026-7531

Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 released in 5.9.1: a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory...

9.8CVSS5.8AI score0.00346EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/04/27 10:15 a.m.6 views

org.apache.camel.springboot:camel-pqc-starter (=4.19.0) potentially affected by CVE-2026-40048 via org.apache.camel:camel-pqc (=4.19.0)

org.apache.camel:camel-pqc MAVEN version =4.19.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.camel:camel-pqc and may be impacted: - org.apache.camel.springboot:camel-pqc-starter =4.19.0 Source cves: CVE-2026-40048 Source advisory:...

7.8CVSS5.8AI score0.00342EPSS
Exploits0
OSV
OSV
added 2026/04/27 9:34 a.m.8 views

GHSA-V3VG-332R-MW99 Camel-PQC Vulnerable to Deserialization of Untrusted Data

The Camel-PQC FileBasedKeyLifecycleManager class deserializes the contents of .key files in the configured key directory using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. The cast to java.security.KeyPair is evaluated only after readObject has...

7.8CVSS6.4AI score0.00342EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2026/04/27 9:34 a.m.8 views

Camel-PQC Vulnerable to Deserialization of Untrusted Data

The Camel-PQC FileBasedKeyLifecycleManager class deserializes the contents of .key files in the configured key directory using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. The cast to java.security.KeyPair is evaluated only after readObject has...

7.8CVSS6.4AI score0.00342EPSS
Exploits0References9Affected Software1
NVD
NVD
added 2026/04/27 9:16 a.m.10 views

CVE-2026-40048

The Camel-PQC FileBasedKeyLifecycleManager class deserializes the contents of .key files in the configured key directory using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. The cast to java.security.KeyPair is evaluated only after readObject has...

7.8CVSS0.00342EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/27 7:53 a.m.6 views

CVE-2026-40048 Apache Camel PQC: Unsafe Deserialization from FileBasedKeyLifecycleManager

The Camel-PQC FileBasedKeyLifecycleManager class deserializes the contents of .key files in the configured key directory using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. The cast to java.security.KeyPair is evaluated only after readObject has...

6.3AI score0.00342EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.15 views

PT-2026-35369

The Camel-PQC FileBasedKeyLifecycleManager class deserializes the contents of .key files in the configured key directory using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. The cast to java.security.KeyPair is evaluated only after readObject has...

6.3AI score0.00342EPSS
Exploits0References3
Oracle linux
Oracle linux
added 2026/04/27 12:0 a.m.8 views

java-1.8.0-openjdk security update

1:1.8.0.492.b09-1.0.1 - Add Oracle vendor bug URL Orabug: 34340155 1:1.8.0.492.b09-1 - Update to 8u492-b09 GA - Update release notes for 8u492-b09. - Add missing CVEs for 8u482. - Regenerate JDK-8199936/PR3533 patch following JDK-8374917 - Regenerate JDK-8186464/RH1433262 patch following...

7.5CVSS7.7AI score0.00702EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/04/09 11:29 p.m.3 views

CVE-2026-5460 Heap Use-After-Free in PQC Hybrid KeyShare Error Cleanup in wolfSSL TLS 1.3

A heap use-after-free exists in wolfSSL's TLS 1.3 post-quantum cryptography PQC hybrid KeyShare processing. In the error handling path of TLSXKeyShareProcessPqcHybridClient in src/tls.c, the inner function TLSXKeyShareProcessPqcClientex frees a KyberKey object upon encountering an error. The call...

6.3CVSS5.8AI score0.00275EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/04/09 11:29 p.m.4 views

CVE-2026-5460

A heap use-after-free exists in wolfSSL's TLS 1.3 post-quantum cryptography PQC hybrid KeyShare processing. In the error handling path of TLSXKeyShareProcessPqcHybridClient in src/tls.c, the inner function TLSXKeyShareProcessPqcClientex frees a KyberKey object upon encountering an error. The call...

6.5CVSS5.4AI score0.00275EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/04/09 11:29 p.m.9 views

CVE-2026-5460

A heap use-after-free exists in wolfSSL's TLS 1.3 post-quantum cryptography PQC hybrid KeyShare processing. In the error handling path of TLSXKeyShareProcessPqcHybridClient in src/tls.c, the inner function TLSXKeyShareProcessPqcClientex frees a KyberKey object upon encountering an error. The call...

6.5CVSS5.4AI score0.00275EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/26 6:0 p.m.11 views

pqc-combo (=0.1.0), pqc-fips (=0.0.3) +1 more potentially affected by unknown CVE via libcrux-ml-dsa (=0.0.4)

libcrux-ml-dsa CARGO version =0.0.4 is affected by a known vulnerability. The following packages have a transitive dependency on libcrux-ml-dsa and may be impacted: - pqc-combo =0.1.0 - pqc-fips =0.0.3 - pqc-nostd =0.1.0 Source cves: unknown CVE Source advisory: OSV:GHSA-CP57-FQ8G-QH6V...

5.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/26 5:58 p.m.6 views

pqc-combo (=0.1.0), pqc-fips (=0.0.3) +1 more potentially affected by unknown CVE via libcrux-ml-dsa (=0.0.4)

libcrux-ml-dsa CARGO version =0.0.4 is affected by a known vulnerability. The following packages have a transitive dependency on libcrux-ml-dsa and may be impacted: - pqc-combo =0.1.0 - pqc-fips =0.0.3 - pqc-nostd =0.1.0 Source cves: unknown CVE Source advisory: OSV:GHSA-XRF2-5R3P-5WGJ...

5.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/04 12:0 p.m.10 views

pqc-combo (=0.1.0), pqc-fips (=0.0.3) +1 more potentially affected by unknown CVE via libcrux-ml-dsa (=0.0.4)

libcrux-ml-dsa CARGO version =0.0.4 is affected by a known vulnerability. The following packages have a transitive dependency on libcrux-ml-dsa and may be impacted: - pqc-combo =0.1.0 - pqc-fips =0.0.3 - pqc-nostd =0.1.0 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0076...

5.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/04 12:0 p.m.15 views

libcrux-digest (>=0.0.4 <=0.0.7-rc.1), libcrux-kem (>=0.0.2 <=0.0.2-beta.3) +7 more potentially affected by unknown CVE via libcrux-sha3 (>=0.0.2-beta.3 <=0.0.8-rc.1)

libcrux-sha3 CARGO version =0.0.2-beta.3, =0.0.4, =0.0.2, =0.0.3, =0.0.2-alpha.1, =0.0.2-alpha.3 - libcrux-psq =0.0.2-beta.3 - pqc-combo =0.1.0 - pqc-fips =0.0.3 - pqc-nostd =0.1.0 - wpa-next =0.1.0 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0074...

5.8AI score
Exploits0
Oracle linux
Oracle linux
added 2026/01/15 12:0 a.m.15 views

net-snmp security update

5.9.1-17.0.1.1 - fix error index value when snmpget is used a proxy pass Orabug: 35010262 1:5.9.1-17.1 - fix out of bound access issue RHEL-137510 - enable PQC RHEL-132653...

9.8CVSS7AI score0.4269EPSS
Exploits2
Packet Storm News
Packet Storm News
added 2025/05/31 12:0 a.m.5 views

Assessing and Enhancing Quantum Readiness in Mobile Apps

Quantum computers threaten widely deployed cryptographic primitives such as RSA, DSA, and ECC. While NIST has released post-quantum cryptographic PQC standards e.g., Kyber, Dilithium, mobile app ecosystems remain largely unprepared for this transition. We present a large-scale binary analysis of...

6.8AI score
Exploits0
Rows per page
Query Builder