Lucene search
+L

413 matches found

NVD
NVD
added 2026/04/27 11:16 a.m.9 views

CVE-2026-27172

The ConsulRegistry in the camel-consul component class org.apache.camel.component.consul.ConsulRegistry and its inner ConsulRegistryUtils.deserialize method read Java-serialized values from the Consul KV store and passed them to ObjectInputStream.readObject without configuring an ObjectInputFilte...

8.8CVSS0.00667EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/04/27 9:59 a.m.8 views

CVE-2026-27172

The ConsulRegistry in the camel-consul component class org.apache.camel.component.consul.ConsulRegistry and its inner ConsulRegistryUtils.deserialize method read Java-serialized values from the Consul KV store and passed them to ObjectInputStream.readObject without configuring an ObjectInputFilte...

9.8CVSS8.6AI score0.01145EPSS
Exploits3References2Affected Software1
CVE
CVE
added 2026/04/27 9:59 a.m.37 views

CVE-2026-27172

CVE-2026-27172 affects Apache Camel, Camel-Catalog: the ConsulRegistry reads Java-serialized values from the Consul KV store and deserializes them via ObjectInputStream.readObject() without an ObjectInputFilter. An attacker with write access to the backing KV store can inject a malicious serializ...

8.8CVSS6.3AI score0.00667EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/04/27 9:59 a.m.39 views

CVE-2026-27172 Apache Camel: Unsafe Java deserialization in camel-consul ConsulRegistry allows arbitrary code execution via malicious values read from the Consul KV store

The ConsulRegistry in the camel-consul component class org.apache.camel.component.consul.ConsulRegistry and its inner ConsulRegistryUtils.deserialize method read Java-serialized values from the Consul KV store and passed them to ObjectInputStream.readObject without configuring an ObjectInputFilte...

0.00667EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/27 12:0 a.m.14 views

vLLM 安全漏洞

vLLM is an open-source inference and service engine designed for LLM models, featuring high throughput and efficient memory usage. Versions of vLLM prior to 0.19.0 contained a security vulnerability. This vulnerability stemmed from a function in the KV Block Handler component called...

6.3CVSS6.1AI score0.00288EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.17 views

PT-2026-35393

The ConsulRegistry in the camel-consul component class org.apache.camel.component.consul.ConsulRegistry and its inner ConsulRegistryUtils.deserialize method read Java-serialized values from the Consul KV store and passed them to ObjectInputStream.readObject without configuring an ObjectInputFilte...

6.2AI score0.00667EPSS
Exploits1References2
OSV
OSV
added 2026/04/21 12:15 p.m.5 views

BIT-VAULT-2026-3605 Vault KVv2 Metadata and Secret Deletion Policy Bypass Denial-of-Service

An authenticated user with access to a kvv2 path through a policy containing a glob may be able to delete secrets they were not authorized to read or write, resulting in denial-of-service. This vulnerability did not allow a malicious user to delete secrets across namespaces, nor read any secret...

8.1CVSS5.8AI score0.00376EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/20 7:22 p.m.8 views

CVE-2026-40525

OpenViking prior to version 0.3.9 contains an authentication bypass vulnerability in the VikingBot OpenAPI HTTP route surface where the authentication check fails open when the apikey configuration value is unset or empty. Remote attackers with network access to the exposed service can invoke...

9.1CVSS5.8AI score0.00571EPSS
Exploits1References1
OSV
OSV
added 2026/04/20 5:16 p.m.51 views

UBUNTU-CVE-2026-28684

python-dotenv reads key-value pairs from a .env file and can set them as environment variables. Prior to version 1.2.2, setkey and unsetkey in python-dotenv follow symbolic links when rewriting .env files, allowing a local attacker to overwrite arbitrary files via a crafted symlink when a...

6.6CVSS5.9AI score0.00236EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2026/04/20 4:25 p.m.7 views

CVE-2026-28684

python-dotenv reads key-value pairs from a .env file and can set them as environment variables. Prior to version 1.2.2, setkey and unsetkey in python-dotenv follow symbolic links when rewriting .env files, allowing a local attacker to overwrite arbitrary files via a crafted symlink when a...

6.6CVSS5.5AI score0.00236EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/04/17 10:37 p.m.19 views

CVE-2026-3605

A flaw was found in Vault. An authenticated user with access to a kvv2 path through a policy containing a glob may be able to delete secrets they were not authorized to read or write. This vulnerability can lead to a denial-of-service by allowing the deletion of critical data. It does not permit ...

8.1CVSS5.6AI score0.00376EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/17 6:31 a.m.11 views

HashiCorp Vault has a KVv2 Metadata and Secret Deletion Policy Bypass that leads to Denial-of-Service

An authenticated user with access to a kvv2 path through a policy containing a glob may be able to delete secrets they were not authorized to read or write, resulting in denial-of-service. This vulnerability did not allow a malicious user to delete secrets across namespaces, nor read any secret...

8.1CVSS5.7AI score0.00376EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/04/17 6:31 a.m.6 views

GHSA-M2W4-8GGF-RJ47 HashiCorp Vault has a KVv2 Metadata and Secret Deletion Policy Bypass that leads to Denial-of-Service

An authenticated user with access to a kvv2 path through a policy containing a glob may be able to delete secrets they were not authorized to read or write, resulting in denial-of-service. This vulnerability did not allow a malicious user to delete secrets across namespaces, nor read any secret...

8.1CVSS5.7AI score0.00376EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/17 2:44 a.m.34 views

CVE-2026-3605 Vault KVv2 Metadata and Secret Deletion Policy Bypass Denial-of-Service

An authenticated user with access to a kvv2 path through a policy containing a glob may be able to delete secrets they were not authorized to read or write, resulting in denial-of-service. This vulnerability did not allow a malicious user to delete secrets across namespaces, nor read any secret...

8.1CVSS0.00376EPSS
Exploits0References1
OSV
OSV
added 2026/04/17 2:44 a.m.3 views

CVE-2026-3605 Vault KVv2 Metadata and Secret Deletion Policy Bypass Denial-of-Service

An authenticated user with access to a kvv2 path through a policy containing a glob may be able to delete secrets they were not authorized to read or write, resulting in denial-of-service. This vulnerability did not allow a malicious user to delete secrets across namespaces, nor read any secret...

8.1CVSS7.1AI score0.00376EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.11 views

PT-2026-33397

Name of the Vulnerable Software and Affected Versions HashiCorp Vault Community Edition versions prior to 2.0.0 HashiCorp Vault Enterprise versions prior to 1.19.16 HashiCorp Vault Enterprise versions prior to 1.20.10 HashiCorp Vault Enterprise versions prior to 2.0.0 Description An authenticated...

8.5CVSS5.7AI score0.00376EPSS
Exploits0References21
Fedora
Fedora
added 2026/04/03 12:52 a.m.8 views

[SECURITY] Fedora 43 Update: openbao-2.5.2-1.fc43

Openbao secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Openbao handles leasing, key revocation, key rolling, and auditing. Through a unified API, us ers can access an encrypted Key/Value store and network...

9.6CVSS6.3AI score0.00411EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/03/26 1:36 p.m.8 views

CVE-2026-33413

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, unauthorized users may bypass authentication or authorization checks and call certain etcd functions in clusters that expose the gRPC API to untrusted or partially trusted...

8.8CVSS5.7AI score0.00249EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/03/26 1:23 p.m.8 views

CVE-2026-33343

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, an authenticated user with RBAC restricted permissions on key ranges can use nested transactions to bypass all key-level authorization. This allows any authenticated user with...

6.5CVSS5.4AI score0.0021EPSS
Exploits0
Fedora
Fedora
added 2026/03/07 12:33 a.m.12 views

[SECURITY] Fedora 44 Update: valkey-9.0.3-1.fc44

Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing s...

8.5CVSS5.8AI score0.00586EPSS
Exploits0
Rows per page
Query Builder