Lucene search
K

153 matches found

EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-41834

Deserialization of Untrusted Data vulnerability in Apache Camel PQC component. The camel-pqc component persists post-quantum key metadata KeyMetadata through pluggable KeyLifecycleManager implementations. HashicorpVaultKeyLifecycleManager and AwsSecretsManagerKeyLifecycleManager read that metadat...

6.4AI score
Exploits0References2
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-13759 IBM WebSphere eXtreme Scale is affected by Insecure Deserilization

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 ships three ObjectInputStream subclasses WsObjectInputStream, ObjectStreamPool$ReusableInputStream, ObjectInputStreamResolver that install no JEP-290 class filter; when Coherence is on the classpath, multiple RCE gadget chains including...

7.5CVSS0.00303EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/28 2:45 p.m.36 views

CVE-2026-13502 antlr ANTLR4 Maven Plugin GrammarDependencies.java ObjectInputStream.readObject toctou

A flaw has been found in antlr ANTLR4 up to 4.13.2. This affects the function ObjectInputStream.readObject of the file antlr4-maven-plugin/src/main/java/org/antlr/mojo/antlr4/GrammarDependencies.java of the component Maven Plugin. This manipulation causes time-of-check time-of-use. The attack is...

4.5CVSS0.00091EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.7 views

CVE-2026-41586

Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. From versions 1.0.0 to 2.2.26, Channel.java implements readObject and exposes deSerializeChannel which call ObjectInputStream.readObject on untrusted byte arrays without...

9.3CVSS5.5AI score0.0041EPSS
Exploits0References1
Veracode
Veracode
added 2026/05/07 8:8 a.m.19 views

Unsafe Deserialization

Apache MINA is vulnerable to Unsafe Deserialization. The vulnerability is due to delayed enforcement of the classname allowlist in AbstractIoBuffer.getObject, where deserialization via ObjectInputStream.readObject occurs before validation, allowing execution of static initializers in malicious...

9.8CVSS6.2AI score0.00657EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/04/27 12:30 p.m.4 views

GHSA-4XWX-HVV7-7PRJ Apache Camel-Infinispan Component Vulnerable to Deserialization of Untrusted Data

The camel-infinispan component's ProtoStream-based remote aggregation repository deserializes data read from a remote Infinispan cache using java.io.ObjectInputStream without applying any ObjectInputFilter. An attacker who can write to the Infinispan cache used by a Camel application can inject a...

8.8CVSS6.4AI score0.00711EPSS
Exploits1References17
ATTACKERKB
ATTACKERKB
added 2026/04/27 7:51 a.m.6 views

CVE-2026-40473

The camel-mina component's MinaConverter.toObjectInputIoBuffer type converter wraps an IoBuffer in a java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. When a Camel route uses camel-mina as a TCP or UDP consumer and requests conversion to ObjectInput f...

6.2AI score0.00926EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.11 views

PT-2026-35371

The camel-mina component's MinaConverter.toObjectInputIoBuffer type converter wraps an IoBuffer in a java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. When a Camel route uses camel-mina as a TCP or UDP consumer and requests conversion to ObjectInput f...

6.2AI score0.00926EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/12 12:2 a.m.2 views

CVE-2026-3967 Alfresco Activiti Process Variable Serialization System SerializableType.java createObjectInputStream deserialization

A flaw has been found in Alfresco Activiti up to 7.19/8.8.0. Affected by this issue is the function deserialize/createObjectInputStream of the file activiti-core/activiti-engine/src/main/java/org/activiti/engine/impl/variable/SerializableType.java of the component Process Variable Serialization...

6.5CVSS6.2AI score0.00242EPSS
Exploits0References4
Veracode
Veracode
added 2026/02/28 5:7 a.m.23 views

Deserialization Of Untrusted Data

Apache Camel is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to the DefaultLevelDBSerializer class deserializing data using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions, which allows an attacker to inject a crafted...

8.8CVSS6.5AI score0.00903EPSS
Exploits2References6Affected Software1
OSV
OSV
added 2026/02/23 9:31 a.m.3 views

GHSA-429Q-MRC4-38FR Apache Camel Deserializes Untrusted Data in its LevelDB Component

Deserialization of Untrusted Data vulnerability in Apache Camel LevelDB component. The Camel-LevelDB DefaultLevelDBSerializer class deserializes data read from the LevelDB aggregation repository using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. ...

7.1CVSS6.4AI score0.00903EPSS
Exploits2References9
NVD
NVD
added 2026/02/23 9:17 a.m.16 views

CVE-2026-25747

Deserialization of Untrusted Data vulnerability in Apache Camel LevelDB component. The Camel-LevelDB DefaultLevelDBSerializer class deserializes data read from the LevelDB aggregation repository using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. ...

8.8CVSS0.00903EPSS
Exploits2References6
CVE
CVE
added 2026/02/23 8:45 a.m.31 views

CVE-2026-25747

CVE-2026-25747 describes a Deserialization of Untrusted Data vulnerability in the Apache Camel LevelDB component. The issue stems from the DefaultLevelDBSerializer using java.io.ObjectInputStream to read from the LevelDB aggregation repository without ObjectInputFilter or class-loading restrictio...

8.8CVSS6.3AI score0.00903EPSS
Exploits2References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 8 : java-17-openjdk-17.0.2.0.8-4.el8 (AXSA:2022-2986:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-2986:01 advisory. OpenJDK: Incomplete deserialization class filtering in ObjectInputStream Serialization, 8264934 CVE-2022-21248 OpenJDK: Incorrect reading of TIFF...

5.3CVSS6.4AI score0.08346EPSS
Exploits0References16
EUVD
EUVD
added 2025/12/30 5:32 a.m.3 views

EUVD-2025-205687

A vulnerability has been found in Dromara Sa-Token up to 1.44.0. This issue affects the function ObjectInputStream.readObject of the file SaSerializerTemplateForJdkUseBase64.java. Such manipulation leads to deserialization. The attack can be executed remotely. This attack is characterized by high...

5CVSS5AI score0.0022EPSS
Exploits0References5
EUVD
EUVD
added 2025/12/28 2:32 a.m.4 views

EUVD-2025-205488

A weakness has been identified in Dromara Sa-Token up to 1.44.0. This affects the function ObjectInputStream.readObject of the file SaJdkSerializer.java. Executing manipulation can lead to deserialization. The attack may be launched remotely. This attack is characterized by high complexity. It is...

3.1CVSS6.2AI score0.00271EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/12/28 12:0 a.m.7 views

Sa-Token 代码问题漏洞

Sa-Token is a lightweight Java authentication framework open source by dromara. A code issue vulnerability exists in Sa-Token 1.44.0 and earlier versions, which stems from an incorrect operation of the function ObjectInputStream.readObject in the file SaJdkSerializer.java, which could lead to a...

3.1CVSS4.6AI score0.00271EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/12/28 12:0 a.m.4 views

PT-2025-53632

Name of the Vulnerable Software and Affected Versions Dromara Sa-Token versions up to 1.44.0 Description A weakness exists in Dromara Sa-Token up to version 1.44.0 related to deserialization. The issue affects the ObjectInputStream.readObject function within the SaJdkSerializer.java file...

3.1CVSS6.2AI score0.00271EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-0304

Malware in sbrugna...

10CVSS9.3AI score0.03621EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-20483

Malware in sbrugna...

9.8CVSS9.4AI score0.02981EPSS
Exploits0References5
Rows per page
Query Builder