Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

61118 matches found

Cvelist
Cvelistadded 2026/04/27 9:20 a.m.34 views

CVE-2026-41409 Apache MINA: CWE-502 Deserialization of Untrusted Data

The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject was incomplete. The classname allowlist of classes allowed to be deserialized was applied too late after a static initializer in a class to be read might already have been executed. Affected versions are Apache MINA 2.0.0 =...

9.8CVSS0.00451EPSS
Exploits0References1
EUVD
EUVDadded 2026/04/27 9:20 a.m.2 views

EUVD-2026-25809

The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject was incomplete. The classname allowlist of classes allowed to be deserialized was applied too late after a static initializer in a class to be read might already have been executed. Affected versions are Apache MINA 2.0.0 =...

10CVSS7.4AI score0.23932EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/04/27 9:20 a.m.3 views

CVE-2026-41409 Apache MINA: CWE-502 Deserialization of Untrusted Data

The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject was incomplete. The classname allowlist of classes allowed to be deserialized was applied too late after a static initializer in a class to be read might already have been executed. Affected versions are Apache MINA 2.0.0 =...

9.8CVSS5.2AI score0.00451EPSS
Exploits0References1
CVE
CVEadded 2026/04/27 9:20 a.m.22 views

CVE-2026-41409

Apache MINA is affected by CVE-2026-41409 due to an incomplete fix for CVE-2024-52046 in AbstractIoBuffer.getObject(). The classname allowlist for deserialization was enforced too late after a class static initializer could already run. Affected versions: MINA 2.0.0–2.0.27, 2.1.0–2.1.10, 2.2.0–2....

9.8CVSS5.3AI score0.00451EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVEadded 2026/04/27 9:20 a.m.7 views

CVE-2026-41409

The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject was incomplete. The classname allowlist of classes allowed to be deserialized was applied too late after a static initializer in a class to be read might already have been executed. Affected versions are Apache MINA 2.0.0 =...

9.8CVSS5.3AI score0.00451EPSS
Exploits0
OSV
OSVadded 2026/04/27 9:16 a.m.5 views

DEBIAN-CVE-2026-41635

Apache MINA's AbstractIoBuffer.resolveClass contains two branches, one of them for static classes or primitive types does not check the class at all, bypassing the classname allowlist and allowing arbitrary code to be executed. The fix checks if the class is present in the accepted class...

9.8CVSS5.7AI score0.0064EPSS
Exploits0References1
NVD
NVDadded 2026/04/27 9:16 a.m.1 views

CVE-2026-40473

The camel-mina component's MinaConverter.toObjectInputIoBuffer type converter wraps an IoBuffer in a java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. When a Camel route uses camel-mina as a TCP or UDP consumer and requests conversion to ObjectInput f...

8.8CVSS0.00733EPSS
Exploits1References2
NVD
NVDadded 2026/04/27 9:16 a.m.6 views

CVE-2026-40860

JmsBinding.extractBodyFromJms in camel-jms, and the equivalent JmsBinding class in camel-sjms, deserialized the payload of incoming JMS ObjectMessage values via javax.jms.ObjectMessage.getObject without applying any ObjectInputFilter, class allowlist or class denylist. Because this code path is...

9.8CVSS0.00693EPSS
Exploits0References2
NVD
NVDadded 2026/04/27 9:16 a.m.12 views

CVE-2026-40453

The fix for CVE-2025-27636 added setLowerCasetrue to HttpHeaderFilterStrategy so that case-variant header names such as 'CAmelExecCommandExecutable' are filtered out alongside 'CamelExecCommandExecutable'. The same setLowerCasetrue call was not applied to five non-HTTP HeaderFilterStrategy...

9.9CVSS0.00547EPSS
Exploits0References1
NVD
NVDadded 2026/04/27 9:16 a.m.4 views

CVE-2026-41635

Apache MINA's AbstractIoBuffer.resolveClass contains two branches, one of them for static classes or primitive types does not check the class at all, bypassing the classname allowlist and allowing arbitrary code to be executed. The fix checks if the class is present in the accepted class...

9.8CVSS0.0064EPSS
Exploits0References2
UbuntuCve
UbuntuCveadded 2026/04/27 9:16 a.m.3 views

CVE-2026-41635

Apache MINA's AbstractIoBuffer.resolveClass contains two branches, one of them for static classes or primitive types does not check the class at all, bypassing the classname allowlist and allowing arbitrary code to be executed. The fix checks if the class is present in the accepted class...

9.8CVSS6.1AI score0.0064EPSS
Exploits0References2
OSV
OSVadded 2026/04/27 9:16 a.m.2 views

UBUNTU-CVE-2026-41635

Apache MINA's AbstractIoBuffer.resolveClass contains two branches, one of them for static classes or primitive types does not check the class at all, bypassing the classname allowlist and allowing arbitrary code to be executed. The fix checks if the class is present in the accepted class...

9.8CVSS6AI score0.0064EPSS
Exploits0References3
Circl
Circladded 2026/04/27 9:9 a.m.4 views

CVE-2026-41635

creationtimestamp| type| source ---|---|--- 2026-04-27 09:09:56+00:00| seen| https://ccb.belgium.be/advisories/warning-critical-arbitrary-code-execution-vulnerability-apache-mina-patch-immediately 2026-05-01 01:27:07+00:00| seen| https://bsky.app/profile/getpokemon7.bsky.social/post/3mkqxxdbwbc2e...

9.8CVSS6.5AI score0.0064EPSS
Exploits0References6
ATTACKERKB
ATTACKERKBadded 2026/04/27 8:59 a.m.3 views

CVE-2026-41635

Apache MINA's AbstractIoBuffer.resolveClass contains two branches, one of them for static classes or primitive types does not check the class at all, bypassing the classname allowlist and allowing arbitrary code to be executed. The fix checks if the class is present in the accepted class filter...

9.8CVSS5.6AI score0.0064EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2026/04/27 8:59 a.m.18 views

CVE-2026-41635

Summary: CVE-2026-41635 affects Apache MINA’s AbstractIoBuffer.resolveClass(), where one code path for static/primitive types neglects the class check and bypasses the classname allowlist, enabling arbitrary code execution through object deserialization. Impact and scope: Affects MINA versions 2....

9.8CVSS5.6AI score0.0064EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2026/04/27 8:59 a.m.27 views

CVE-2026-41635 Apache MINA: AbstractIoBuffer.resolveClass() null-clazz Branch Skips acceptMatchers Filter — Full Object Deserialization RCE

Apache MINA's AbstractIoBuffer.resolveClass contains two branches, one of them for static classes or primitive types does not check the class at all, bypassing the classname allowlist and allowing arbitrary code to be executed. The fix checks if the class is present in the accepted class...

9.8CVSS0.0064EPSS
Exploits0References1
EUVD
EUVDadded 2026/04/27 8:59 a.m.2 views

EUVD-2026-25796

Apache MINA's AbstractIoBuffer.resolveClass contains two branches, one of them for static classes or primitive types does not check the class at all, bypassing the classname allowlist and allowing arbitrary code to be executed. The fix checks if the class is present in the accepted class...

9.8CVSS5.6AI score0.0064EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/04/27 8:59 a.m.3 views

CVE-2026-41635 Apache MINA: AbstractIoBuffer.resolveClass() null-clazz Branch Skips acceptMatchers Filter — Full Object Deserialization RCE

Apache MINA's AbstractIoBuffer.resolveClass contains two branches, one of them for static classes or primitive types does not check the class at all, bypassing the classname allowlist and allowing arbitrary code to be executed. The fix checks if the class is present in the accepted class...

9.8CVSS5.5AI score0.0064EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/04/27 8:16 a.m.3 views

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by Cross-site scripting (XSS) vulnerability due to Apache Solr

Summary Admin UI in Apache Solr is used by IBM Operations Analytics - Log Analysis as part of the Solr administrative web interface. CVE-2015-8797. Vulnerability Details CVEID:CVE-2015-8797 DESCRIPTION: Cross-site scripting XSS vulnerability in webapp/web/js/scripts/plugins.js in the stats page i...

6.1CVSS6.2AI score0.03286EPSS
Exploits0Affected Software1
CVE
CVEadded 2026/04/27 8:3 a.m.19 views

CVE-2026-40860

Apache Camel CVE-2026-40860 describes unsafe deserialization of JMS ObjectMessage payloads in camel-jms, camel-sjms, camel-sjms2 and camel-amqp. The root cause is deserialization via javax.jms.ObjectMessage.getObject() without ObjectInputFilter or allow/deny lists, triggered when mapJmsMessage is...

9.8CVSS6.4AI score0.00693EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder