Common Vulnerabilities and Exposures (CVE)

CVE-2026-53913

Jul 7, 2026 12:36:54 UTC

Improper Authentication, Missing Authentication for Critical Function, Not Failing Securely ('Failing Open') vulnerability in Apache Camel Keycloak Component. The KeycloakSecurityPolicy of camel-keycloak guards a route by running KeycloakS...

CVE-2026-49365

Jul 7, 2026 12:34:51 UTC

Generation of Error Message Containing Sensitive Information vulnerability in Apache Camel Netty HTTP component. The camel-netty-http HTTP server consumer exposes a muteException option that controls what is returned to the client when a r...

CVE-2026-49099

Jul 7, 2026 12:30:34 UTC

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel Salesforce Component. The camel-salesforce producer resolves...

CVE-2026-49098

Jul 7, 2026 12:27:08 UTC

Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Apache Camel Kafka Component. The camel-kafka producer can override its configured target topic ...

CVE-2025-49795

Jul 7, 2026 12:21:36 UTC

A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service.

CVE-2026-14867

Jul 7, 2026 12:09:29 UTC

Credentials of built-in users are insecurely stored in the User directory of PcVue projects, all versions prior to 17.0.0. A local attacker could retrieve users’ credentials.  Active Directory accounts are not affected by this vulnerabilit...

CVE-2026-14868

Jul 7, 2026 12:07:31 UTC

The encryption algorithm used to protect the configuration of user accounts, stored in the built-in user directory of PcVue projects, all versions prior to 17.0.0, is not strong enough for the level of protection required. A local attacker ...

CVE-2026-45830

Jul 7, 2026 12:05:19 UTC

A lack of authorization validation in version 0.4.17 or later of the ChromaDB Python project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collection regardless of which tenant they belong...

CVE-2026-45832

Jul 7, 2026 12:05:19 UTC

All V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and database to the authorization layer, allowing attackers to bypass authorization controls by using the V1 endpoints.

CVE-2026-45833

Jul 7, 2026 12:05:19 UTC

A code injection vulnerability in version 0.4.17 or later of the ChromaDB Python project allows an authenticated attacker to run arbitrary code on the server by sending a malicious model repository and trust_remote_code set to true in the /...

CVE-2026-53196

Jul 7, 2026 12:05:14 UTC

In the Linux kernel, the following vulnerability has been resolved: USB: serial: io_ti: fix heap overflow in get_manuf_info() get_manuf_info() reads le16_to_cpu(rom_desc->Size) bytes from the device I2C EEPROM into a buffer allocated with...

CVE-2026-11340

Jul 7, 2026 12:05:14 UTC

Missing Authorization vulnerability in HAVELSAN Inc. Liman MYS allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Liman MYS: before release.Master.1107.

CVE-2026-31236

Jul 7, 2026 12:05:13 UTC

The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide custom Python function definitions. However, the tool directly exec...

CVE-2026-52910

Jul 7, 2026 12:05:13 UTC

In the Linux kernel, the following vulnerability has been resolved: bpf: Free reuseport cBPF prog after RCU grace period. Eulgyu Kim reported the splat below with a repro. [0] The repro sets up a UDP reuseport group with a cBPF prog and ...

CVE-2026-52955

Jul 7, 2026 12:05:13 UTC

In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in crush_decode() A message of type CEPH_MSG_OSD_MAP containing a crush map with at least one bucket has two fields holding th...