VulnCheck KEV: CVE-2025-29891

Bypass/Injection vulnerability in Apache Camel. This issue affects Apache Camel: from 4.10.0 before 4.10.2, from 4.8.0 before 4.8.5, from 3.10.0 before 3.22.4. Users are recommended to upgrade to version 4.10.2 for 4.10.x LTS, 4.8.5 for 4.8.x LTS and 3.22.4 for 3.x releases. This vulnerability is...

org.apache.camel.karaf:camel-undertow (>=4.8.1 <=4.8.5), org.apache.camel.springboot:camel-undertow-spring-security-starter (>=4.8.0 <=4.8.5) +3 more potentially affected by CVE-2025-27636 +2 more via org.apache.camel:camel-undertow (>=4.8.0 <=4.8.5)

org.apache.camel:camel-undertow MAVEN version =4.8.0, =4.8.1, =4.8.0, =4.8.0, =4.8.0, =4.8.0, =4.8.5 Source cves: CVE-2025-27636, CVE-2025-29891, CVE-2025-30177 Source advisory: OSV:GHSA-VQ4P-PCHP-6G6V...

Security Bulletin: This Power System update is being released to address CVE 2021-29891

Summary POWER9: In response to a security issue with BMC's HTTPS server, a new Power System firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE 2021-29891. Vulnerability Details CVEID:CVE-2021-29891 DESCRIPTION: IBM OPENBMC could allow a privileged...

CVE-2025-29891

creationtimestamp| type| source ---|---|--- 2025-03-12 15:58:16+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114150283427551221 2025-03-12 16:03:09+00:00| seen| https://cyberplace.social/users/GossiTheDog/statuses/114150301427230872 2025-03-12 16:07:40+00:00| seen|...

br.com.senior:crm-http-camel-api (>=0.0.2-alpha <=0.0.81-alpha), br.com.senior:novasoft-http-camel-api (>=0.0.3-alpha <=0.0.93-alpha) +3130 more potentially affected by CVE-2025-27636 +1 more via org.apache.camel:camel-support (>=3.10.0 <=3.22.3)

org.apache.camel:camel-support MAVEN version =3.10.0, =0.0.2-alpha, =0.0.3-alpha, =0.0.1-alpha, =1.0.0, =0.0.1-alpha, =0.0.1-alpha, =0.0.1-alpha, =0.0.1-alpha, =0.0.1-alpha, =0.0.1-alpha, =0.0.1-alpha, =18.4.0, =18.4.0, =24.17.0 - com.approvaltests:approvaltests-util-tests =18.4.0 and more Source...

br.com.senior:crm-http-camel-api (>=0.0.2-alpha <=0.0.81-alpha), br.com.senior:novasoft-http-camel-api (>=0.0.3-alpha <=0.0.93-alpha) +3130 more potentially affected by CVE-2025-27636 +1 more via org.apache.camel:camel-support (>=3.10.0 <=3.22.3)

org.apache.camel:camel-support MAVEN version =3.10.0, =0.0.2-alpha, =0.0.3-alpha, =0.0.1-alpha, =1.0.0, =0.0.1-alpha, =0.0.1-alpha, =0.0.1-alpha, =0.0.1-alpha, =0.0.1-alpha, =0.0.1-alpha, =0.0.1-alpha, =18.4.0, =18.4.0, =24.17.0 - com.approvaltests:approvaltests-util-tests =18.4.0 and more Source...

com.github.camel-tooling:camel-lsp-server (>=1.25.0 <=1.28.0), com.solace.connector.core.io:spring-cloud-stream-binder-camel (=1.0.0) +2123 more potentially affected by CVE-2025-27636 +1 more via org.apache.camel:camel-support (>=4.8.0 <=4.8.4)

org.apache.camel:camel-support MAVEN version =4.8.0, =1.25.0, =3.6.0, =3.6.0, =3.6.0, =3.6.0, =3.6.0, =3.6.0, =3.6.0, =0.0.1, =0.37.0, =0.38.0 and more Source cves: CVE-2025-27636, CVE-2025-29891 Source advisory: SNYK:JAVA-ORGAPACHECAMEL-9402847...

CVE-2025-29891

CVE-2025-29891 describes a bypass/injection in Apache Camel where the default incoming header filter may be bypassed, allowing headers to influence internal components (e.g., camel-bean, camel-exec) via HTTP parameters or headers. Affected versions: Camel 4.10.0–4.10.1/4.10.0–4.10.1, 4.8.0–4.8.4/...

CVE-2024-29891 ZITADEL Improper Content-Type Validation Leads to Account Takeover via Stored XSS + CSP Bypass

ZITADEL users can upload their own avatar image and various image types are allowed. Due to a missing check, an attacker could upload HTML and pretend it is an image to gain access to the victim's account in certain scenarios. A possible victim would need to directly open the supposed image in th...

CVE-2024-29891 ZITADEL Improper Content-Type Validation Leads to Account Takeover via Stored XSS + CSP Bypass

ZITADEL users can upload their own avatar image and various image types are allowed. Due to a missing check, an attacker could upload HTML and pretend it is an image to gain access to the victim's account in certain scenarios. A possible victim would need to directly open the supposed image in th...

CVE-2021-29891

creationtimestamp| type| source ---|---|--- 2022-08-23 00:20:44+00:00| seen| https://t.me/cibsecurity/48556...

CVE-2021-29891

IBM OPENBMC OP910 and OP940 could allow a privileged user to upload an improper site identity certificate that may cause it to lose network services. IBM X-Force ID: 207221...

CVE-2021-29891

Summary: IBM OPENBMC OP910 and OP940 are affected by CVE-2021-29891, where a privileged user could upload an improper site identity certificate, potentially causing loss of network services. The IBM bulletin confirms CVSS v3.0/3.1 base scores around 4.5–4.9 (MEDIUM) with network attack vector and...

CVE-2022-29891

creationtimestamp| type| source ---|---|--- 2022-08-18 12:41:15+00:00| seen| https://t.me/cibsecurity/48331...

CVE-2022-29891

Browse restriction bypass vulnerability in Custom Ap of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Custom App via unspecified vectors...

CVE-2022-29891

Browse restriction bypass vulnerability in Custom Ap of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Custom App via unspecified vectors...

CVE-2022-29891

CVE-2022-29891 is a Cybozu Office vulnerability describing a browse restriction bypass in the Custom App (Cybozu Office 10.0.0–10.8.5). An authenticated remote attacker could obtain Custom App data via unspecified vectors. Affected: Cybozu Office, Custom App components; root cause: bypass of acce...

JVN#20573662: Multiple vulnerabilities in Cybozu Office

Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-839CyVDB-2300CyVDB-3109 Browse restriction bypass vulnerability in Cabinet CWE-284 - CVE-2022-32283 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N| Base Score: 4....