Lucene search
K

1407 matches found

NVD
NVD
added 9 hours ago7 views

CVE-2026-43865

Deserialization of Untrusted Data vulnerability in Apache Camel Hazelcast component. The camel-hazelcast component creates and manages Hazelcast instances using a default configuration that applies no Java deserialization filter. When Camel builds the Hazelcast Config itself - that is, when no...

Exploits0References2
ATTACKERKB
ATTACKERKB
added 10 hours ago4 views

CVE-2026-53913

Improper Authentication, Missing Authentication for Critical Function, Not Failing Securely 'Failing Open' vulnerability in Apache Camel Keycloak Component. The KeycloakSecurityPolicy of camel-keycloak guards a route by running KeycloakSecurityProcessor.beforeProcess, which performs three checks ...

6.4AI score
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 11 hours ago3 views

CVE-2026-43865

Deserialization of Untrusted Data vulnerability in Apache Camel Hazelcast component. The camel-hazelcast component creates and manages Hazelcast instances using a default configuration that applies no Java deserialization filter. When Camel builds the Hazelcast Config itself - that is, when no...

6.3AI score
Exploits0References2Affected Software1
Cvelist
Cvelist
added 11 hours ago7 views

CVE-2026-43865 Apache Camel: Camel-Hazelcast: Unsafe Java deserialization in default-configured managed Hazelcast instances enables remote code execution

Deserialization of Untrusted Data vulnerability in Apache Camel Hazelcast component. The camel-hazelcast component creates and manages Hazelcast instances using a default configuration that applies no Java deserialization filter. When Camel builds the Hazelcast Config itself - that is, when no...

Exploits0References1
EUVD
EUVD
added 11 hours ago4 views

EUVD-2026-41826

Deserialization of Untrusted Data vulnerability in Apache Camel Hazelcast component. The camel-hazelcast component creates and manages Hazelcast instances using a default configuration that applies no Java deserialization filter. When Camel builds the Hazelcast Config itself - that is, when no...

6.3AI score
Exploits0References1
CVE
CVE
added 11 hours ago8 views

CVE-2026-43865

CVE-2026-43865 : In Apache Camel’s Hazelcast component, default Hazelcast instance creation can deserialize untrusted data via ObjectInputStream.readObject because no JavaSerializationFilter is applied by default in Camel’s generated Config. This enables remote code execution when an attacker can...

6.3AI score
Exploits0References2
Nuclei
Nuclei
added yesterday92 views

Apache APISIX - Remote Code Execution

A default configuration of Apache APISIX with default API key is vulnerable to remote code execution. An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. When the admin key was changed or the port of Admin API was changed to a port different...

9.8CVSS7.7AI score0.96182EPSS
Exploits16References5
Nuclei
Nuclei
added 2 days ago49 views

Lotus Domino R5 and R6 WebMail - Information Disclosure

Lotus Domino R5 and R6 WebMail with 'Generate HTML for all fields' enabled which is by default allows remote attackers to read the HTML source to obtain sensitive information including the password hash in the HTTPPassword field, the password change date in the HTTPPasswordChangeDate field, and t...

5CVSS6AI score0.73635EPSS
Exploits11References5
Vulnrichment
Vulnrichment
added 2026/06/29 5:16 p.m.6 views

CVE-2026-56782 Gorse - Unauthenticated Database Dump and Restore via /api/dump and /api/restore Endpoints

Gorse before 0.5.10 contains an authentication bypass vulnerability in the /api/dump and /api/restore endpoints that allows unauthenticated attackers to access protected functionality when adminapikey is empty, which is the default configuration. Remote attackers can exfiltrate the entire databas...

9.8CVSS5.8AI score0.03016EPSS
Exploits2References4
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-553 TorchServe Server-Side Request Forgery vulnerability

Impact Remote Server-Side Request Forgery SSRF Issue: TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity of the system and...

9.8CVSS5.8AI score0.35256EPSS
Exploits6References8
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-385 Remote code execution in pytorch lightning

A remote code execution RCE vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of deserialized user input and mismanagement of dunder attributes by the deepdiff library. The library uses deepdiff.Delta objects to modify application state base...

9.8CVSS8AI score0.26488EPSS
Exploits3References8
CVE
CVE
added 2026/06/25 8:38 p.m.7 views

CVE-2026-12473

OHIF Viewers are affected: two default-configured data sources, DICOMWebProxy and DICOMJSON, fetch an arbitrary URL parameter without validation. A global authentication service in OHIF automatically injects the user's OIDC Bearer token into those requests and transmits it to an attacker-controll...

8.3CVSS6AI score0.00232EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-52096

Name of the Vulnerable Software and Affected Versions Rocket.Chat versions prior to 8.5.0 Rocket.Chat versions prior to 8.4.1 Rocket.Chat versions prior to 8.3.3 Rocket.Chat versions prior to 8.2.3 Rocket.Chat versions prior to 8.1.4 Rocket.Chat versions prior to 8.0.5 Rocket.Chat versions prior ...

9.3CVSS5.7AI score0.00149EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/22 1:34 p.m.3 views

CVE-2026-5139

Mattermost versions 11.7.x = 11.7.0, 11.6.x = 11.6.2, 11.5.x = 11.5.5, 10.11.x = 10.11.17 fail to enforce administrator authorization on the setDefaultInstance call within the /gitlab connect command handler, which allows any authenticated user to overwrite the global default GitLab instance...

5.4CVSS5.9AI score0.0017EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/22 1:34 p.m.39 views

CVE-2026-5139 GitLab Plugin Allows Non-Admin Users to Modify Default Instance Configuration

Mattermost versions 11.7.x slash command.. Mattermost Advisory ID: MMSA-2026-00644...

5.4CVSS0.0017EPSS
Exploits0References1
NVD
NVD
added 2026/06/19 2:16 p.m.10 views

CVE-2026-44915

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Apache APISIX. The default configuration of cas-auth in Apache APISIX is vulnerable to phishing and credential theft. This issue affects Apache APISIX: from 3.0.0 through 3.16.0. Users are recommended to upgrade to version 3.17.0,...

6.1CVSS0.004EPSS
Exploits0References2
NVD
NVD
added 2026/06/19 2:16 p.m.9 views

CVE-2026-47339

Incorrect Authorization vulnerability in Apache APISIX. An attacker can capitalise on authz-casdoor plugin under default configuration to authenticate themselves with credentials from a different source. This issue affects Apache APISIX: from 2.14.1 through 3.16.0. Users are recommended to upgrad...

8.1CVSS0.00285EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 1:13 p.m.27 views

CVE-2026-49230 Apache APISIX: Authentication bypass in jwe-decrypt

Improper Validation of Integrity Check Value vulnerability in Apache APISIX. The jwe-decrypt plugin under default configuration is vulnerable to authentication bypass. This issue affects Apache APISIX: from 3.8.0 through 3.16.0. Users are recommended to upgrade to version 3.17.0, which fixes the...

6.3CVSS0.00224EPSS
Exploits0References1
CVE
CVE
added 2026/06/19 1:13 p.m.19 views

CVE-2026-49230

CVE-2026-49230 affects Apache APISIX via the jwe-decrypt plugin in default config, enabling authentication bypass. Vulnerable versions are 3.8.0–3.16.0; remediation is upgrade to 3.17.0. The CVE details indicate a improper validation of an integrity check value, with a network-exposed risk. If ex...

9.1CVSS5.8AI score0.00224EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/19 1:13 p.m.21 views

EUVD-2026-38019

Improper Validation of Integrity Check Value vulnerability in Apache APISIX. The jwe-decrypt plugin under default configuration is vulnerable to authentication bypass. This issue affects Apache APISIX: from 3.8.0 through 3.16.0. Users are recommended to upgrade to version 3.17.0, which fixes the...

6.3CVSS5.8AI score0.00224EPSS
Exploits0References1
Rows per page
Query Builder