Astra Linux - уязвимость в thunderbird

When requesting an OpenPGP key from a WKD server, an incorrect padding size was used, which could allow a network observer to determine the length of the requested email address. This vulnerability was fixed in Thunderbird 136 and Thunderbird 128.8...

CVE-2026-40048

A flaw was found in Apache Camel. The FileBasedKeyLifecycleManager class deserializes key files without proper validation, allowing an attacker who can write to the key directory to place a specially crafted serialized Java object. When this object is deserialized during normal key operations, it...

GHSA-V3VG-332R-MW99 Camel-PQC Vulnerable to Deserialization of Untrusted Data

The Camel-PQC FileBasedKeyLifecycleManager class deserializes the contents of .key files in the configured key directory using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. The cast to java.security.KeyPair is evaluated only after readObject has...

CVE-2026-40048

CVE-2026-40048 – Apache Camel PQC deserialization flaw : The Camel-PQC FileBasedKeyLifecycleManager deserializes the contents of .key files in the configured key directory via java.io.ObjectInputStream without ObjectInputFilter or class-loading restrictions. The vulnerable step is that the cast t...

CVE-2026-40048 Apache Camel PQC: Unsafe Deserialization from FileBasedKeyLifecycleManager

The Camel-PQC FileBasedKeyLifecycleManager class deserializes the contents of .key files in the configured key directory using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. The cast to java.security.KeyPair is evaluated only after readObject has...

PT-2026-35369

The Camel-PQC FileBasedKeyLifecycleManager class deserializes the contents of .key files in the configured key directory using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. The cast to java.security.KeyPair is evaluated only after readObject has...

ROS-20251008-01

The Thunderbird email client vulnerability, Thunderbird ESR is related to insufficient authentication of the data. Exploitation of the vulnerability could allow an attacker acting remotely to affect the data integrity Vulnerability of Address Book URI fields of Thunderbird, Thunderbird ESR mail...

Linux Distros Unpatched Vulnerability : CVE-2025-26695

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a network observer could have learned the length of the requested email...

CVE-2025-22241

File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionality is used to auto-accept Minion authentication keys based on a pre-placed “authorization file” at a specific location a...

SUSE CVE-2025-26695

When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a network observer could have learned the length of the requested email address. This vulnerability was fixed in Thunderbird 136 and Thunderbird 128.8...

DEBIAN-CVE-2025-26695

When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a network observer could have learned the length of the requested email address. This vulnerability was fixed in Thunderbird 136 and Thunderbird 128.8...

UBUNTU-CVE-2025-26695

When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a network observer could have learned the length of the requested email address. This vulnerability was fixed in Thunderbird 136 and Thunderbird 128.8...

Mozilla Thunderbird 安全漏洞

Mozilla Thunderbird is the United States Mozilla Foundation's set of independent from the Mozilla Application Suite e-mail client software. The program supports IMAP, POP mail protocols and HTML mail format. A code issue vulnerability exists in Mozilla Thunderbird versions prior to 136 and prior ...

WhatsApp introduces new security features

WhatsApp has announced several new security features which include an extra check when an account is transferred to a new device. This check asks that users confirm the transfer on their old device. This should warn users in case there is a transfer in progress started by somebody trying to hijac...

SUSE CVE-2018-1000858

GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery CSRF vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD request, e.g. enter an email address in the composer window...

CVE-2022-33158

Trend Micro VPN Proxy Pro version 5.2.1026 and below contains a vulnerability involving some overly permissive folders in a key directory which could allow a local attacker to obtain privilege escalation on an affected system...

Design/Logic Flaw

Trend Micro VPN Proxy Pro version 5.2.1026 and below contains a vulnerability involving some overly permissive folders in a key directory which could allow a local attacker to obtain privilege escalation on an affected system...

CVE-2022-33158

Trend Micro VPN Proxy Pro version 5.2.1026 and below contains a vulnerability involving some overly permissive folders in a key directory which could allow a local attacker to obtain privilege escalation on an affected system...

Cross Site Request Forgery (CSRF)

GnuPG is vulnerable to Cross Site Request Forgery CSRF, Information Disclosure and DoS. The attack is possible when a victim performs a web key directory request...

gnupg2: Cross site request forgery in dirmngr resulting in an information disclosure or denial of service

GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery CSRF vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD request, e.g. enter an email address in the composer window...