Lucene search
K

74125 matches found

The Hacker News
The Hacker News
added 56 minutes ago3 views

⚡ Weekly Recap: Proxy Botnets, Browser Ransomware, AI Agent Tricks, Fake PoC Malware and More

A streaming box should not need a threat model. Neither should a username field, a demo repo, a reset flow, or a browser permission prompt. That is the irritating part this week: the risky pieces were ordinary. Home devices became a routing cover. Clean code pulled dirt from a dependency. Identit...

6.4AI score
Exploits0
GithubExploit
GithubExploit
added 1 hour ago5 views

Exploit for Path Traversal in Adobe Coldfusion

CVE-2026-48282-POC CVE-2026-48282 is a path traversal...

10CVSS6.4AI score0.01021EPSS
Exploits1
GithubExploit
GithubExploit
added 1 hour ago5 views

Exploit for Improperly Controlled Modification of Dynamically-Determined Object Attributes in Apache Camel

camel-coap Header Injection → RCE Vulnerability Reproducer CV...

10CVSS6.3AI score0.06157EPSS
Exploits2
GithubExploit
GithubExploit
added 3 hours ago13 views

Exploit for Deserialization of Untrusted Data in Apache Camel

camel-consul ConsulRegistry Deserialization Vulnerability Repr...

8.8CVSS6.1AI score0.00667EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 3 hours ago3 views

Security Bulletin: IBM Quantum Safe Explorer is affected by multiple vulnerabilites

Summary The vulnerabilities were found in dependent open source libraries used within IBM Quantum Safe Explorer code base. These issues have been addressed by updating the versions of affected libraries. Vulnerability Details CVEID:CVE-2026-9595 DESCRIPTION: Impact: When a user-configured proxy o...

7.5CVSS5.7AI score0.00498EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 4 hours ago6 views

WordPress Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin <= 2.11.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by daroo in WordPress Plugin Ultimate Member versions = 2.11.4...

6.4CVSS5.9AI score0.00241EPSS
Exploits0References1Affected Software1
NVD
NVD
added 4 hours ago4 views

CVE-2026-46584

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Camel Mail Component. The camel-mail producer MailProducer.getSender scanned the outgoing Exchange for message headers in the mail.smtp. / mail.smtps. namespace and, when any were present...

Exploits0References2
NVD
NVD
added 4 hours ago4 views

CVE-2026-43866

Deserialization of Untrusted Data vulnerability in Apache Camel, Apache Camel JMS component. JmsBinding.extractBodyFromJms in camel-jms - and the equivalent JmsBinding in camel-sjms - deserializes the payload of an incoming JMS ObjectMessage via jakarta.jms.ObjectMessage.getObject whenever the...

Exploits0References1
Securelist
Securelist
added 4 hours ago2 views

When checking the URL isn’t enough: a Device Code Phishing attack via a Microsoft website

One of the most common pieces of anti-phishing advice is to double-check the website's domain name before providing your credentials. Typically, a fraudulent domain stands out to the trained eye, differing from the official URL by at least a few characters. Recently, however, we encountered a...

6AI score
Exploits0
CVE
CVE
added 5 hours ago4 views

CVE-2026-43866

Summary: A deserialization bypass affects Apache Camel JMS components (camel-jms, camel-sjms, and JMS-family such as camel-amqp/activemq) where ObjectMessage payloads are deserialized via ObjectMessage.getObject() when mapJmsMessage is enabled. Despite a post-deserialization class check intended ...

6AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 hours ago2 views

CVE-2026-43866

Deserialization of Untrusted Data vulnerability in Apache Camel, Apache Camel JMS component. JmsBinding.extractBodyFromJms in camel-jms - and the equivalent JmsBinding in camel-sjms - deserializes the payload of an incoming JMS ObjectMessage via jakarta.jms.ObjectMessage.getObject whenever the...

9.8CVSS6AI score0.00881EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 5 hours ago5 views

CVE-2026-43866 Apache Camel, Apache Camel: Camel JMS - CVE-2026-40860 fix bypass via DefaultExchangeHolder

Deserialization of Untrusted Data vulnerability in Apache Camel, Apache Camel JMS component. JmsBinding.extractBodyFromJms in camel-jms - and the equivalent JmsBinding in camel-sjms - deserializes the payload of an incoming JMS ObjectMessage via jakarta.jms.ObjectMessage.getObject whenever the...

Exploits0References1
EUVD
EUVD
added 5 hours ago3 views

EUVD-2026-41855

Deserialization of Untrusted Data vulnerability in Apache Camel, Apache Camel JMS component. JmsBinding.extractBodyFromJms in camel-jms - and the equivalent JmsBinding in camel-sjms - deserializes the payload of an incoming JMS ObjectMessage via jakarta.jms.ObjectMessage.getObject whenever the...

6AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 hours ago3 views

CVE-2026-46584

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Camel Mail Component. The camel-mail producer MailProducer.getSender scanned the outgoing Exchange for message headers in the mail.smtp. / mail.smtps. namespace and, when any were present...

6AI score
Exploits0References2Affected Software1
CVE
CVE
added 5 hours ago4 views

CVE-2026-46584

Affected software: Apache Camel Mail component (MailProducer). Issue: the mail.smtp/.mail.smtps headers in messages were read and applied as JavaMail session properties, overriding endpoint configuration. This Camel-internal namespace was not blocked by HeaderFilterStrategy, allowing untrusted in...

6AI score
Exploits0References2
EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-41832

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Camel Mail Component. The camel-mail producer MailProducer.getSender scanned the outgoing Exchange for message headers in the mail.smtp. / mail.smtps. namespace and, when any were present...

6AI score
Exploits0References1
Cvelist
Cvelist
added 5 hours ago4 views

CVE-2026-46584 Apache Camel Mail: The mail producer applied attacker-supplied message headers as JavaMail session properties, allowing an attacker to influence SMTP parameters

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Camel Mail Component. The camel-mail producer MailProducer.getSender scanned the outgoing Exchange for message headers in the mail.smtp. / mail.smtps. namespace and, when any were present...

Exploits0References1
SUSE Linux
SUSE Linux
added 6 hours ago3 views

Security update 5.1.4 for Multi-Linux Manager Client Tools

This update fixes the following issues: dracut-saltboot updated to version 1.2.1: Key Update Highlights v1.2.1 Added wait check for minion start default 10s, configurable using rd.saltboot.saltstarttimeout option bsc1260870 Decouple salt key wait check to use separate configurable option...

9.1CVSS7.1AI score0.05994EPSS
Exploits0References126
SUSE Linux
SUSE Linux
added 6 hours ago3 views

Security update 5.1.4 for Multi-Linux Manager Client Tools

This update fixes the following issues: golang-github-QubitProducts-exporterexporter: Security issue fixed: CVE-2022-21698: Fixed prometheus/clientgolang possible denial of service using InstrumentHandlerCounter bsc1248699 golang-github-lusitaniae-apacheexporter: Non customer facing changes...

7.5CVSS7AI score0.91969EPSS
Exploits3References64
SUSE Linux
SUSE Linux
added 6 hours ago3 views

Security update 5.1.4 for Multi-Linux Manager Client Tools

This update fixes the following issues: golang-github-QubitProducts-exporterexporter: Security issue fixed: CVE-2022-21698: Fixed prometheus/clientgolang possible denial of service using InstrumentHandlerCounter bsc1248699 golang-github-lusitaniae-apacheexporter: Non customer facing changes...

7.5CVSS7AI score0.91969EPSS
Exploits3References64
Rows per page
Query Builder