CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

vulnersOsv•added 2026/04/27 9:34 a.m.•2 views

org.apache.camel.kafkaconnector:camel-mina-kafka-connector (>=0.1.0 <=0.11.5), org.apache.camel.karaf:camel-mina (>=4.10.3 <=4.14.5) +4 more potentially affected by CVE-2026-40473 via org.apache.camel:camel-mina (>=3.0.0 <=4.14.5)

org.apache.camel:camel-mina MAVEN version =3.0.0, =0.1.0, =4.10.3, =3.0.0, =4.0-20200713, =4.0-20200713, =4.0-20200713, =4.3.2 Source cves: CVE-2026-40473 Source advisory: OSV:GHSA-VPR3-2659-RW55...

8.8CVSS5.8AI score0.00059EPSS

Exploits1

vulnersOsv•added 2026/04/27 9:34 a.m.•1 views

org.apache.camel.karaf:camel-pqc (>=4.14.5 <=4.18.1), org.apache.camel.quarkus:camel-quarkus-pqc (>=3.24.0 <=3.33.0) +2 more potentially affected by CVE-2026-40048 via org.apache.camel:camel-pqc (>=4.12.0 <=4.18.1)

org.apache.camel:camel-pqc MAVEN version =4.12.0, =4.14.5, =3.24.0, =3.24.0, =4.12.0, =4.18.1 Source cves: CVE-2026-40048 Source advisory: OSV:GHSA-V3VG-332R-MW99...

7.8CVSS5.8AI score0.00027EPSS

vulnersOsv•added 2026/04/07 9:31 a.m.•3 views

org.apache.activemq:activemq-http (>=6.0.0 <=6.2.1), org.apache.activemq:activemq-karaf (>=6.0.0 <=6.2.1) +4 more potentially affected by CVE-2026-33227 via org.apache.activemq:activemq-mqtt (>=6.0.0 <=6.2.1)

org.apache.activemq:activemq-mqtt MAVEN version =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.2.1 Source cves: CVE-2026-33227 Source advisory: SNYK:JAVA-ORGAPACHEACTIVEMQ-15930952...

4.3CVSS5.8AI score0.00077EPSS

vulnersOsv•added 2026/02/23 9:31 a.m.•2 views

org.apache.camel.karaf:camel-leveldb (>=4.10.3 <=4.10.7), org.apache.camel.karaf:camel-leveldb-test (>=4.10.3 <=4.10.7) +4 more potentially affected by CVE-2026-25747 via org.apache.camel:camel-leveldb (>=3.0.0 <=4.10.8)

org.apache.camel:camel-leveldb MAVEN version =3.0.0, =4.10.3, =4.10.3, =1.2.0, =1.2.0, =1.2.0, =3.0.0, =4.10.8 Source cves: CVE-2026-25747 Source advisory: OSV:GHSA-429Q-MRC4-38FR...

8.8CVSS5.8AI score0.00064EPSS

Exploits2

vulnersOsv•added 2026/02/23 9:31 a.m.•5 views

org.apache.camel:camel-leveldb MAVEN version =3.0.0, =4.10.3, =4.10.3, =1.2.0, =1.2.0, =1.2.0, =3.0.0, =4.10.8 Source cves: CVE-2026-25747 Source advisory: SNYK:JAVA-ORGAPACHECAMEL-15353482...

8.8CVSS5.8AI score0.00064EPSS

Exploits2

RedhatCVE•added 2026/01/27 3:23 p.m.•0 views

CVE-2026-24656

Deserialization of Untrusted Data vulnerability in Apache Karaf Decanter. The Decanter log socket collector exposes the port 4560, without authentication. If the collector exposes allowed classes property, this configuration can be bypassed. It means that the log socket collector is vulnerable to...

Github Security Blog•added 2026/01/26 12:30 p.m.•6 views

Apache Karaf Decanter has Deserialization of Untrusted Data in its Log Socket Collector

Deserialization of Untrusted Data vulnerability in Apache Karaf Decanter. The Decanter Log Socket Collector exposes port 4560 without authentication. If the collector exposes allowed classes property, this configuration can be bypassed. The Log Socket Collector is vulnerable to deserialization of...

Exploits0References6Affected Software1

OSV•added 2026/01/26 10:16 a.m.•1 views

CVE-2026-24656

3.7CVSS5.8AI score

Exploits0References2

NVD•added 2026/01/26 10:16 a.m.•4 views

CVE-2026-24656

3.7CVSS0.00037EPSS

Exploits0References2

CVE•added 2026/01/26 9:41 a.m.•9 views

CVE-2026-24656

Concretely, CVE-2026-24656 affects Apache Karaf Decanter before 2.12.0, specifically the Decanter log socket collector that exposes port 4560 without authentication. If the collector exposes the allowed-classes property, this configuration can be bypassed, allowing deserialization of untrusted da...

Exploits0References2Affected Software1

ATTACKERKB•added 2026/01/26 9:41 a.m.•1 views

CVE-2026-24656

Cvelist•added 2026/01/26 9:41 a.m.•30 views

Exploits0References2

CVE-2026-24656 Apache Karaf: Decanter log-socket collector has deserialization vulnerability

0.00037EPSS

EUVD•added 2026/01/26 9:41 a.m.•4 views

EUVD-2026-4680

CNNVD•added 2026/01/26 12:0 a.m.•3 views

Apache Karaf Decanter security vulnerability

Apache Karaf Decanter is a monitoring and alerting module of the Apache Foundation. Versions of Apache Karaf Decanter prior to 2.12.0 contained a security vulnerability, which stemmed from the log socket collector’s inability to deserialize trusted data, potentially leading to denial-of-service...

Positive Technologies•added 2026/01/25 12:0 a.m.•3 views

Exploits0References3

PT-2026-4647

Name of the Vulnerable Software and Affected Versions Apache Karaf Decanter versions prior to 2.12.0 Description The Decanter log socket collector in Apache Karaf has a deserialization issue. The collector operates on port 4560 without authentication. If the allowed classes property is exposed, i...

3.7CVSS5.9AI score0.00037EPSS

Exploits0References14

vulnersOsv•added 2026/01/14 12:49 p.m.•2 views

org.apache.camel.karaf:camel-neo4j (>=4.10.3 <=4.10.7), org.apache.camel.springboot:camel-neo4j-starter (>=4.10.0 <=4.10.7) potentially affected by CVE-2025-66169 via org.apache.camel:camel-neo4j (>=4.10.0 <=4.10.7)

org.apache.camel:camel-neo4j MAVEN version =4.10.0, =4.10.3, =4.10.0, =4.10.7 Source cves: CVE-2025-66169 Source advisory: SNYK:JAVA-ORGAPACHECAMEL-14930769...

5.3CVSS5.8AI score0.00034EPSS

vulnersOsv•added 2026/01/14 12:31 p.m.•1 views

org.apache.camel:camel-neo4j MAVEN version =4.10.0, =4.10.3, =4.10.0, =4.10.7 Source cves: CVE-2025-66169 Source advisory: OSV:GHSA-4JRW-64VR-7G8M...

5.3CVSS5.8AI score0.00034EPSS

RedhatCVE•added 2026/01/09 9:36 a.m.•6 views

CVE-2024-34365

UNSUPPORTED WHEN ASSIGNED Improper Input Validation vulnerability in Apache Karaf Cave.This issue affects all versions of Apache Karaf Cave. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to th...

9.1CVSS6.7AI score0.00305EPSS