|
681
|
6.5 |
MEDIUM
Network
|
apache
|
storm
|
Improper Handling of TLS Client Authentication Failure Leading to Anonymous Principal Assignment in Apache Storm
Versions Affected: up to 2.8.7
Description: When TLS transport is enabled in Apache …
Update
|
CWE-287
Improper Authentication
|
CVE-2026-41081
|
2026-04-29 04:46 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
682
|
8.1 |
HIGH
Network
|
mozilla
|
firefox
thunderbird
|
Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume tha…
Update
|
CWE-125
CWE-416
CWE-787
Out-of-bounds Read
Use After Free
Out-of-bounds Write
|
CVE-2026-6785
|
2026-04-29 04:45 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
683
|
8.1 |
HIGH
Network
|
mozilla
|
firefox
thunderbird
|
Memory safety bugs present in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort…
Update
|
CWE-125
CWE-416
CWE-787
Out-of-bounds Read
Use After Free
Out-of-bounds Write
|
CVE-2026-6786
|
2026-04-29 04:45 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
684
|
9.9 |
CRITICAL
Network
|
apache
|
camel
|
The fix for CVE-2025-27636 added setLowerCase(true) to HttpHeaderFilterStrategy so that case-variant header names such as 'CAmelExecCommandExecutable' are filtered out alongside 'CamelExecCommandExec…
Update
|
CWE-178
Improper Handling of Case Sensitivity
|
CVE-2026-40453
|
2026-04-29 04:43 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
685
|
7.8 |
HIGH
Local
|
apache
|
camel
|
The Camel-PQC FileBasedKeyLifecycleManager class deserializes the contents of `<keyId>.key` files in the configured key directory using java.io.ObjectInputStream without applying any ObjectInputFilte…
Update
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-40048
|
2026-04-29 04:43 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
686
|
8.8 |
HIGH
Network
|
apache
|
camel
|
The camel-mina component's MinaConverter.toObjectInput(IoBuffer) type converter wraps an IoBuffer in a java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. …
Update
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-40473
|
2026-04-29 04:43 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
687
|
9.8 |
CRITICAL
Network
|
apache
|
camel
|
JmsBinding.extractBodyFromJms() in camel-jms, and the equivalent JmsBinding class in camel-sjms, deserialized the payload of incoming JMS ObjectMessage values via javax.jms.ObjectMessage.getObject() …
Update
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-40860
|
2026-04-29 04:42 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
688
|
9.4 |
CRITICAL
Network
|
apache
|
camel
|
The Camel-Mail component is vulnerable to Camel message header injection. The custom header filter strategy used by the component (MailHeaderFilterStrategy) only filters the 'out' direction via setOu…
Update
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-33454
|
2026-04-29 04:42 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
689
|
8.2 |
HIGH
Network
|
apache
|
camel
|
When authentication is enabled on the Apache Camel embedded HTTP server or embedded management server (camel-platform-http-main) and a non-root context path such as /api or /admin is configured via c…
Update
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-40022
|
2026-04-29 04:41 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
690
|
8.8 |
HIGH
Network
|
apache
|
camel
|
The camel-infinispan component's ProtoStream-based remote aggregation repository deserializes data read from a remote Infinispan cache using java.io.ObjectInputStream without applying any ObjectInput…
Update
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-40858
|
2026-04-29 04:41 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
