Lucene search
K

12790 matches found

EUVD
EUVD
added 3 days ago5 views

EUVD-2026-41855

Deserialization of Untrusted Data vulnerability in Apache Camel, Apache Camel JMS component. JmsBinding.extractBodyFromJms in camel-jms - and the equivalent JmsBinding in camel-sjms - deserializes the payload of an incoming JMS ObjectMessage via jakarta.jms.ObjectMessage.getObject whenever the...

7.3CVSS6AI score0.00504EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 3 days ago5 views

CVE-2026-1433

uniFLOW Universal Login Manager ULM Standalone contains an information disclosure vulnerability that may allow an authenticated administrator to access sensitive configuration information through the ULM Remote User Interface RUI. Exploitation requires administrative privileges and may disclose...

4.8CVSS5.9AI score0.00217EPSS
Exploits0References3
Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-40859 Apache Camel: Camel-Vertx-Http: Unsafe Java deserialization of HTTP response bodies via a raw ObjectInputStream when transferException is enabled

Deserialization of Untrusted Data vulnerability in Apache Camel. The camel-vertx-http component deserializes HTTP response bodies carrying the Content-Type application/x-java-serialized-object using a raw java.io.ObjectInputStream, without applying any ObjectInputFilter...

0.00724EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago4 views

EUVD-2026-41824

Deserialization of Untrusted Data vulnerability in Apache Camel. The camel-vertx-http component deserializes HTTP response bodies carrying the Content-Type application/x-java-serialized-object using a raw java.io.ObjectInputStream, without applying any ObjectInputFilter...

8.1CVSS6.7AI score0.00724EPSS
Exploits0References1
CVE
CVE
added 3 days ago11 views

CVE-2026-40859

CVE-2026-40859 – Apache Camel Camel-Vertx-Http deserialization vulnerability : The camel-vertx-http component deserializes HTTP response bodies with Content-Type application/x-java-serialized-object using a raw java.io.ObjectInputStream without an ObjectInputFilter, when transferException=true (o...

8.1CVSS6.7AI score0.00724EPSS
Exploits0References2Affected Software1
NVD
NVD
added 4 days ago9 views

CVE-2026-10656

The MAX32xxx USB device controller driver drivers/usb/udc/udcmax32.c, compatible adimax32usbhs dereferenced an endpoint buffer in its OUT and IN transfer-completion handlers without checking it for NULL. udceventxferoutdone called netbufaddbuf, eprequest-actlen immediately after buf =...

4.6CVSS0.00181EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-10656

The MAX32xxx USB device controller driver drivers/usb/udc/udcmax32.c, compatible adimax32usbhs dereferenced an endpoint buffer in its OUT and IN transfer-completion handlers without checking it for NULL. udceventxferoutdone called netbufaddbuf, eprequest-actlen immediately after buf =...

4.6CVSS6.1AI score0.00181EPSS
Exploits1References3Affected Software1
CVE
CVE
added 4 days ago9 views

CVE-2026-10656

CVE-2026-10656 affects the MAX32xxx USB device controller driver (Zephyr MAX32 UDC), specifically udc_max32.c with compatible adi_max32_usbhs. The issue is a NULL-dereference in transfer-completion handlers: udc_event_xfer_out_done() uses net_buf_add(buf, ep_request->actlen) after buf = udc_bu...

4.6CVSS6.1AI score0.00181EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 4 days ago21 views

CVE-2026-10656 NULL-pointer dereference DoS in MAX32 USB device controller transfer-completion handlers

The MAX32xxx USB device controller driver drivers/usb/udc/udcmax32.c, compatible adimax32usbhs dereferenced an endpoint buffer in its OUT and IN transfer-completion handlers without checking it for NULL. udceventxferoutdone called netbufaddbuf, eprequest-actlen immediately after buf =...

4.6CVSS0.00181EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-55828

Name of the Vulnerable Software and Affected Versions Zephyr version 4.4.0 Description The MAX32xxx USB device controller driver drivers/usb/udc/udc max32.c, compatible adi max32 usbhs contains a flaw where it dereferences an endpoint buffer in its OUT and IN transfer-completion handlers without...

4.6CVSS6AI score0.00181EPSS
Exploits1References5
NVD
NVD
added 5 days ago9 views

CVE-2026-12195

myVesta is affected by an authenticated remote code execution vulnerability. Low privileged users can insert arbitrary commands as a part of the vftpuser parameter when deleting FTP usernames. This could result in the execution of commands as the admin user or takevoer of the admin user in myVest...

8.5CVSS0.00656EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-41665

myVesta is affected by an authenticated remote code execution vulnerability. Low privileged users can insert arbitrary commands as a part of the vftpuser parameter when deleting FTP usernames. This could result in the execution of commands as the admin user or takevoer of the admin user in myVest...

8.5CVSS6.7AI score0.00656EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago6 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the extensionsRequired field of glTF files processed by the 3D file viewer. An attacker can execute arbitrary JavaScript code in the context of another user by uploading a crafted glTF file containing malicio...

8.7CVSS5.9AI score0.00336EPSS
Exploits0References2
OSV
OSV
added 6 days ago4 views

ALPINE-CVE-2026-9547

When a libcurl-based application performs transfers via SCP:// or SFTP:// and utilizes the CURLOPTSSHKEYFUNCTION callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for th...

7.4CVSS6AI score0.00398EPSS
Exploits1References1
NVD
NVD
added 6 days ago7 views

CVE-2026-9545

In this scenario, libcurl first uses a proper HTTP/3 server for the initial transfers, and when it makes a second transfer to the same site it has been replaced by the attacker's impostor machine - without a valid certificate. When libcurl returns to the hostname the second time with a cached SSL...

7.5CVSS0.0032EPSS
Exploits1References3
NVD
NVD
added 6 days ago6 views

CVE-2026-9547

When a libcurl-based application performs transfers via SCP:// or SFTP:// and utilizes the CURLOPTSSHKEYFUNCTION callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for th...

7.4CVSS0.00398EPSS
Exploits1References3
OSV
OSV
added 6 days ago3 views

ALPINE-CVE-2026-12064

When a user invokes curl using a schemeless URL combined with --proto-default sftp or scp, a disconnect occurs between the tool layer and libcurl. The tool layer incorrectly infers the URL scheme, which erroneously bypasses the initialization of critical SSH security options like...

7.5CVSS6AI score0.0045EPSS
Exploits1References1
Cvelist
Cvelist
added 6 days ago43 views

CVE-2026-9547 SSH improper host validation

When a libcurl-based application performs transfers via SCP:// or SFTP:// and utilizes the CURLOPTSSHKEYFUNCTION callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for th...

0.00398EPSS
Exploits1References3
CVE
CVE
added 6 days ago19 views

CVE-2026-9547

The CVE-2026-9547 issue affects libcurl when performing SCP/SFTP transfers with CURLOT_SSH_KEYFUNCTION in the SSH key callback. A host-key type mismatch for a known_hosts entry may be silently accepted, bypassing the intended validation and allowing connections to succeed without warning, which e...

7.4CVSS6AI score0.00398EPSS
Exploits1References3Affected Software1
AlpineLinux
AlpineLinux
added 6 days ago6 views

CVE-2026-8286

A vulnerability exists where a new transfer that uses STARTTLS to upgrade the connection might reuse an existing live connection even though the TLS configuration mismatches so it should not...

8.1CVSS5.9AI score0.00413EPSS
Exploits1References3
Rows per page
Query Builder