|
5351
|
8.8 |
HIGH
Network
|
apache
|
camel
|
The camel-mina component's MinaConverter.toObjectInput(IoBuffer) type converter wraps an IoBuffer in a java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. …
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-40473
|
2026-04-29 04:43 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5352
|
9.8 |
CRITICAL
Network
|
apache
|
camel
|
JmsBinding.extractBodyFromJms() in camel-jms, and the equivalent JmsBinding class in camel-sjms, deserialized the payload of incoming JMS ObjectMessage values via javax.jms.ObjectMessage.getObject() …
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-40860
|
2026-04-29 04:42 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5353
|
9.4 |
CRITICAL
Network
|
apache
|
camel
|
The Camel-Mail component is vulnerable to Camel message header injection. The custom header filter strategy used by the component (MailHeaderFilterStrategy) only filters the 'out' direction via setOu…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-33454
|
2026-04-29 04:42 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5354
|
8.2 |
HIGH
Network
|
apache
|
camel
|
When authentication is enabled on the Apache Camel embedded HTTP server or embedded management server (camel-platform-http-main) and a non-root context path such as /api or /admin is configured via c…
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-40022
|
2026-04-29 04:41 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5355
|
8.8 |
HIGH
Network
|
apache
|
camel
|
The camel-infinispan component's ProtoStream-based remote aggregation repository deserializes data read from a remote Infinispan cache using java.io.ObjectInputStream without applying any ObjectInput…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-40858
|
2026-04-29 04:41 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5356
|
6.5 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.20 contains a scope enforcement bypass vulnerability in the assistant-media route that allows trusted-proxy callers without operator.read scope to access protected assistant-me…
|
CWE-863
Incorrect Authorization
|
CVE-2026-41908
|
2026-04-29 04:41 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5357
|
5.4 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.20 contains an improper authorization vulnerability in paired-device pairing management that allows limited-scope sessions to enumerate and act on pairing requests. Attackers w…
|
CWE-863
Incorrect Authorization
|
CVE-2026-41909
|
2026-04-29 04:40 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5358
|
10.0 |
CRITICAL
Network
|
apache
|
camel
|
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Apache Camel Camel-Coap component.
Apache Camel's camel-coap component is vulnerable to Camel message …
|
CWE-915
Improperly Controlled Modification of Dynamically-Determined Object Attributes
|
CVE-2026-33453
|
2026-04-29 04:39 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5359
|
7.5 |
HIGH
Network
|
marked_project
|
marked
|
Marked is a markdown parser and compiler. From 18.0.0 to 18.0.1, a critical Denial of Service (DoS) vulnerability exists in marked. By providing a specific 3-byte input sequence a tab, a vertical tab…
|
CWE-400
CWE-674
CWE-835
Uncontrolled Resource Consumption
Uncontrolled Recursion
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2026-41680
|
2026-04-29 04:37 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5360
|
4.3 |
MEDIUM
Network
|
rocket.chat
|
rocket.chat
|
In versions <8.4.0, <8.3.2, <8.2.2, <8.1.3, <8.0.4, <7.13.6, <7.12.7, <7.11.7, and <7.10.10, the endpoints /api/apps/logs and /api/apps/:id/logs have a typo in the required permission check, allowing…
|
CWE-284
Improper Access Control
|
CVE-2026-29197
|
2026-04-29 04:34 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
