CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

27 matches found

CVE-2026-0138

In lwisiobufferwrite of lwisiobuffer.c, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS0.00073EPSS

Exploits0References1

Cvelist•added 2026/06/16 6:51 p.m.•20 views

CVE-2026-0138

0.00073EPSS

Exploits0References1

Positive Technologies•added 2026/06/16 12:0 a.m.•10 views

PT-2026-49797

In lwis io buffer write of lwis io buffer.c, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.7AI score0.00073EPSS

Exploits0References3

OSV•added 2026/06/01 12:0 a.m.•3 views

PUB-A-486024286

7.8CVSS5.9AI score0.00073EPSS

Exploits0References1

Cvelist•added 2026/05/28 9:41 a.m.•29 views

CVE-2026-46236 media: rc: xbox_remote: heed DMA restrictions

In the Linux kernel, the following vulnerability has been resolved: media: rc: xboxremote: heed DMA restrictions The buffer for IO must not be part of the device structure because that violates the DMA coherency rules...

0.00119EPSS

Exploits0References8

CNNVD•added 2026/05/28 12:0 a.m.•7 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fact that the IO buffer of the xboxremote driver is located within the device structure,...

5.9AI score0.00119EPSS

Exploits0References5

RedhatCVE•added 2026/05/14 7:53 a.m.•8 views

CVE-2026-42779

A flaw was found in Apache MINA. An attacker can exploit a vulnerability in the AbstractIoBuffer.resolveClass method, specifically when IoBuffer.getObject is called, to bypass the classname allowlist. This bypass allows for the execution of arbitrary code, potentially leading to full system...

9.8CVSS6AI score0.0093EPSS

Exploits1References4

OSV•added 2026/05/09 12:33 p.m.•7 views

OESA-2026-2244 apache-mina security update

Apache MINA is a network application framework which helps users develop high performance and high scalability network applications easily. It provides an abstract event-driven asynchronous API over various transports such as TCP/IP and UDP/IP via Java NIO. Security Fixes: The fix for...

9.8CVSS6AI score0.0093EPSS

Exploits1References5

OSV•added 2026/05/09 12:32 p.m.•8 views

OESA-2026-2243 apache-mina security update

9.8CVSS6AI score0.0093EPSS

Exploits1References3

OSV•added 2026/05/09 12:32 p.m.•5 views

OESA-2026-2241 apache-mina security update

9.8CVSS6.1AI score0.0093EPSS

Exploits1References5

RedhatCVE•added 2026/05/01 5:14 p.m.•6 views

CVE-2026-41409

A flaw was found in Apache MINA. An incomplete fix for a deserialization vulnerability in the AbstractIoBuffer.getObject method allowed a static initializer in a class to be executed before the classname allowlist was applied. This could enable a remote attacker to execute arbitrary code by sendi...

9.8CVSS6.2AI score0.00451EPSS

Exploits0References4

ATTACKERKB•added 2026/05/01 10:0 a.m.•4 views

CVE-2026-42779

The fix for CVE-2026-41635 was not applied to the 2.1.X and 2.2.X branches. Here was the original issue description: Apache MINA's AbstractIoBuffer.resolveClass contains two branches, one of them for static classes or primitive types does not check the class at all, bypassing the classname...

9.8CVSS6AI score0.0093EPSS

Exploits1References2Affected Software1

Cvelist•added 2026/05/01 10:0 a.m.•29 views

CVE-2026-42779 Apache MINA: AbstractIoBuffer.resolveClass() null-clazz Branch Skips acceptMatchers Filter — Full Object Deserialization RCE (take 2)

9.8CVSS0.0093EPSS

Exploits1References1

Positive Technologies•added 2026/05/01 12:0 a.m.•6 views

PT-2026-36314

Name of the Vulnerable Software and Affected Versions Apache MINA affected versions not specified Description An issue in the deserialization mechanism of the Apache MINA Java network application framework could allow a remote attacker to impact the confidentiality, integrity, and availability of...

9.8CVSS5.9AI score0.00678EPSS

Exploits0References276

OSV•added 2026/04/27 12:30 p.m.•7 views

GHSA-F2WH-GRMH-R6JM Apache MINA Vulnerable to Deserialization of Untrusted Data (CVE-2024-52046 Incomplete Fix)

The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject was incomplete. The classname allowlist of classes allowed to be deserialized was applied too late after a static initializer in a class to be read might already have been executed. Affected versions are Apache MINA 2.0.0 =...

9.8CVSS5.8AI score0.00451EPSS

Exploits0References4

Snyk•added 2026/04/27 11:12 a.m.•6 views

Deserialization of Untrusted Data

Overview org.apache.mina:mina-core is a network application framework which helps users develop high performance and high scalability network applications easily. Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the IoBuffer.getObject function. An attacker...

10CVSS6.3AI score0.23932EPSS

Exploits0References2

Github Security Blog•added 2026/04/27 9:34 a.m.•9 views

Apache MINA vulnerable to Deserialization of Untrusted Data

Apache MINA's AbstractIoBuffer.resolveClass contains two branches, one of them for static classes or primitive types does not check the class at all, bypassing the classname allowlist and allowing arbitrary code to be executed. The fix checks if the class is present in the accepted class...

9.8CVSS6AI score0.0064EPSS

Exploits0References4Affected Software1