Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

205298 matches found

Vulnrichment
Vulnrichmentadded 2026/04/27 9:59 a.m.0 views

CVE-2026-27172 Apache Camel: Unsafe Java deserialization in camel-consul ConsulRegistry allows arbitrary code execution via malicious values read from the Consul KV store

The ConsulRegistry in the camel-consul component class org.apache.camel.component.consul.ConsulRegistry and its inner ConsulRegistryUtils.deserialize method read Java-serialized values from the Consul KV store and passed them to ObjectInputStream.readObject without configuring an ObjectInputFilte...

6.2AI score0.00271EPSS
Exploits0References1
RedHat Linux
RedHat Linuxadded 2026/04/27 9:47 a.m.6 views

python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules

A flaw was found in Python's decompression modules, including lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is...

9.1CVSS6AI score0.00137EPSS
Exploits0References10
CVE
CVEadded 2026/04/27 9:38 a.m.14 views

CVE-2026-40858

CVE-2026-40858 – Apache Camel: Camel-Infinispan insecure deserialization The camel-infinispan component’s ProtoStream-based remote aggregation repository deserializes data read from a remote Infinispan cache using java.io.ObjectInputStream without ObjectInputFilter. An attacker who can write to t...

8.8CVSS6.6AI score0.00271EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2026/04/27 9:38 a.m.29 views

CVE-2026-40858 Apache Camel: Camel-Infinispan: Unsafe Deserialization in Remote Aggregation Repository

The camel-infinispan component's ProtoStream-based remote aggregation repository deserializes data read from a remote Infinispan cache using java.io.ObjectInputStream without applying any ObjectInputFilter. An attacker who can write to the Infinispan cache used by a Camel application can inject a...

0.00271EPSS
Exploits1References1
EUVD
EUVDadded 2026/04/27 9:38 a.m.6 views

EUVD-2026-25808

The camel-infinispan component's ProtoStream-based remote aggregation repository deserializes data read from a remote Infinispan cache using java.io.ObjectInputStream without applying any ObjectInputFilter. An attacker who can write to the Infinispan cache used by a Camel application can inject a...

8.8CVSS6.5AI score0.00271EPSS
Exploits1References1
OSV
OSVadded 2026/04/27 9:34 a.m.3 views

GHSA-VPR3-2659-RW55 Camel-MINA Vulnerable to Deserialization of Untrusted Data

The camel-mina component's MinaConverter.toObjectInputIoBuffer type converter wraps an IoBuffer in a java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. When a Camel route uses camel-mina as a TCP or UDP consumer and requests conversion to ObjectInput f...

8.8CVSS6.3AI score0.00059EPSS
Exploits1References11
OSV
OSVadded 2026/04/27 9:34 a.m.2 views

GHSA-8297-V2RF-2P32 Apache MINA vulnerable to Deserialization of Untrusted Data

Apache MINA's AbstractIoBuffer.resolveClass contains two branches, one of them for static classes or primitive types does not check the class at all, bypassing the classname allowlist and allowing arbitrary code to be executed. The fix checks if the class is present in the accepted class...

9.8CVSS6AI score0.00059EPSS
Exploits0References4
Github Security Blog
Github Security Blogadded 2026/04/27 9:34 a.m.7 views

Apache MINA vulnerable to Deserialization of Untrusted Data

Apache MINA's AbstractIoBuffer.resolveClass contains two branches, one of them for static classes or primitive types does not check the class at all, bypassing the classname allowlist and allowing arbitrary code to be executed. The fix checks if the class is present in the accepted class...

9.8CVSS6AI score0.00059EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blogadded 2026/04/27 9:34 a.m.4 views

Camel-PQC Vulnerable to Deserialization of Untrusted Data

The Camel-PQC FileBasedKeyLifecycleManager class deserializes the contents of .key files in the configured key directory using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. The cast to java.security.KeyPair is evaluated only after readObject has...

7.8CVSS6.4AI score0.00027EPSS
Exploits0References9Affected Software1
OSV
OSVadded 2026/04/27 9:16 a.m.3 views

DEBIAN-CVE-2026-41635

Apache MINA's AbstractIoBuffer.resolveClass contains two branches, one of them for static classes or primitive types does not check the class at all, bypassing the classname allowlist and allowing arbitrary code to be executed. The fix checks if the class is present in the accepted class...

9.8CVSS5.7AI score0.00059EPSS
Exploits0References1
NVD
NVDadded 2026/04/27 9:16 a.m.1 views

CVE-2026-40048

The Camel-PQC FileBasedKeyLifecycleManager class deserializes the contents of .key files in the configured key directory using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. The cast to java.security.KeyPair is evaluated only after readObject has...

7.8CVSS0.00027EPSS
Exploits0References2
Circl
Circladded 2026/04/27 9:9 a.m.4 views

CVE-2026-41635

creationtimestamp| type| source ---|---|--- 2026-04-27 09:09:56+00:00| seen| https://ccb.belgium.be/advisories/warning-critical-arbitrary-code-execution-vulnerability-apache-mina-patch-immediately 2026-05-01 01:27:07+00:00| seen| https://bsky.app/profile/getpokemon7.bsky.social/post/3mkqxxdbwbc2e...

9.8CVSS6.6AI score0.00059EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/04/27 8:59 a.m.2 views

CVE-2026-41635

Apache MINA's AbstractIoBuffer.resolveClass contains two branches, one of them for static classes or primitive types does not check the class at all, bypassing the classname allowlist and allowing arbitrary code to be executed. The fix checks if the class is present in the accepted class filter...

9.8CVSS5.6AI score0.00059EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/04/27 7:53 a.m.1 views

CVE-2026-40048

The Camel-PQC FileBasedKeyLifecycleManager class deserializes the contents of .key files in the configured key directory using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. The cast to java.security.KeyPair is evaluated only after readObject has...

6.3AI score0.00027EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2026/04/27 7:53 a.m.12 views

CVE-2026-40048

CVE-2026-40048 – Apache Camel PQC deserialization flaw : The Camel-PQC FileBasedKeyLifecycleManager deserializes the contents of .key files in the configured key directory via java.io.ObjectInputStream without ObjectInputFilter or class-loading restrictions. The vulnerable step is that the cast t...

7.8CVSS6.3AI score0.00027EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2026/04/27 7:53 a.m.25 views

CVE-2026-40048 Apache Camel PQC: Unsafe Deserialization from FileBasedKeyLifecycleManager

The Camel-PQC FileBasedKeyLifecycleManager class deserializes the contents of .key files in the configured key directory using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. The cast to java.security.KeyPair is evaluated only after readObject has...

0.00027EPSS
Exploits0References1
EUVD
EUVDadded 2026/04/27 7:53 a.m.4 views

EUVD-2026-25790

The Camel-PQC FileBasedKeyLifecycleManager class deserializes the contents of .key files in the configured key directory using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. The cast to java.security.KeyPair is evaluated only after readObject has...

7.8CVSS6.3AI score0.00027EPSS
Exploits0References1
CVE
CVEadded 2026/04/27 7:51 a.m.14 views

CVE-2026-40473

The CVE-2026-40473 issue affects the camel-mina MinaConverter.toObjectInput(IoBuffer) by wrapping an IoBuffer in a java.io.ObjectInputStream without ObjectInputFilter or class-loading restrictions. Affected: Apache Camel before certain fixed releases (3.0.0–4.14.6, 4.15.0–4.18.2, 4.19.0–4.20.0). ...

8.8CVSS6.2AI score0.00059EPSS
Exploits1References2Affected Software1
Snyk
Snykadded 2026/04/27 6:3 a.m.2 views

Command Injection

Overview degit is a Straightforward project scaffolding Affected versions of this package are vulnerable to Command Injection due to improper sanitisation of user input for git shell commands directly invoked with exec method by cloneWithGit and fetchRefs functions. An attacker can execute...

8.8CVSS5.9AI score
Exploits0References2
RedHat Linux
RedHat Linuxadded 2026/04/27 5:41 a.m.5 views

freerdp: FreeRDP: Arbitrary code execution via crafted Remote Desktop Protocol (RDP) server messages

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. The gdisurfacebits function, which processes SURFACEBITSCOMMAND messages, does not properly validate image dimensions bmp.width and bmp.height provided by a malicious RDP server. This can lead to a heap buffer...

9.8CVSS6.3AI score0.00033EPSS
Exploits1References6
Rows per page
Query Builder