Lucene search
K

133 matches found

Fedora
Fedora
added 2026/04/28 1:15 a.m.4 views

[SECURITY] Fedora 42 Update: libcoap-4.3.5b-1.fc42

The Constrained Application Protocol CoAP is a specialized web transfer protocol for use with constrained nodes and constrained networks in the Inter net of Things. The protocol is designed for machine-to-machine M2M applications such as smart energy and building automation. libcoap implements a...

9.8CVSS5.2AI score0.00296EPSS
Exploits0
Fedora
Fedora
added 2026/04/28 1:0 a.m.5 views

[SECURITY] Fedora 43 Update: libcoap-4.3.5b-1.fc43

The Constrained Application Protocol CoAP is a specialized web transfer protocol for use with constrained nodes and constrained networks in the Inter net of Things. The protocol is designed for machine-to-machine M2M applications such as smart energy and building automation. libcoap implements a...

9.8CVSS5.2AI score0.00296EPSS
Exploits0
Snyk
Snyk
added 2026/04/27 12:14 p.m.3 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes throug the CamelCoapResource.handleRequest function. An attacker can execute arbitrary operating system commands by injecting specially crafted CoAP URI quer...

10CVSS6.6AI score0.06157EPSS
Exploits2References2
NVD
NVD
added 2026/04/27 11:16 a.m.9 views

CVE-2026-33453

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Apache Camel Camel-Coap component. Apache Camel's camel-coap component is vulnerable to Camel message header injection, leading to remote code execution when routes forward CoAP requests to...

10CVSS0.06157EPSS
Exploits2References6
CVE
CVE
added 2026/04/27 9:58 a.m.74 views

CVE-2026-33453

The CVE-2026-33453 issue affects Apache Camel’s camel-coap component, enabling header injection via CoAP URI query parameters. The camel-coap handler copies incoming CoAP URI query params directly into Camel Exchange In headers without a HeaderFilterStrategy, allowing an unauthenticated attacker ...

10CVSS6.5AI score0.06157EPSS
Exploits2References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/27 9:58 a.m.8 views

CVE-2026-33453

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Apache Camel Camel-Coap component. Apache Camel's camel-coap component is vulnerable to Camel message header injection, leading to remote code execution when routes forward CoAP requests to...

6.5AI score0.06157EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2026/04/27 9:58 a.m.31 views

CVE-2026-33453 Apache Camel: CoAP URI Query Parameter to Exchange Header Injection in camel-coap Allows Single-Packet Pre-Auth Remote Code Execution

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Apache Camel Camel-Coap component. Apache Camel's camel-coap component is vulnerable to Camel message header injection, leading to remote code execution when routes forward CoAP requests to...

0.06157EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2026/04/27 9:58 a.m.7 views

CVE-2026-33453 Apache Camel: CoAP URI Query Parameter to Exchange Header Injection in camel-coap Allows Single-Packet Pre-Auth Remote Code Execution

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Apache Camel Camel-Coap component. Apache Camel's camel-coap component is vulnerable to Camel message header injection, leading to remote code execution when routes forward CoAP requests to...

6.5AI score0.06157EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/04/20 10:52 a.m.5 views

CVE-2026-29013

A flaw was found in libcoap. Attackers can send specially crafted Constrained Application Protocol CoAP requests with malformed OSCORE options or responses during OSCORE negotiation. This can trigger out-of-bounds reads during CBOR parsing and potentially lead to heap buffer overflow writes due t...

9.8CVSS6AI score0.00296EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/04/13 3:0 a.m.5 views

nodejs: Nodejs denial of service

A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...

7.5CVSS7AI score0.01056EPSS
Exploits0References5
CVE
CVE
added 2026/04/06 12:0 a.m.13 views

CVE-2026-30078

OpenAirInterface V2.2.0 AMF crashes when it receives an NGAP message with an invalid procedure code or invalid PDU-type, e.g., a message that requires InitiatingMessage but is sent as a successfulOutcome. This is the affected component and the underlying issue is improper handling of NGAP message...

7.5CVSS6AI score0.00292EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/04/02 2:16 p.m.3 views

UBUNTU-CVE-2026-31931

Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, use of the "tls.alpn" rule keyword can cause Suricata to crash with a NULL dereference. This issue has been patched in version 8.0.4...

7.5CVSS5.7AI score0.00351EPSS
Exploits0References2
NVD
NVD
added 2026/03/11 8:16 p.m.15 views

CVE-2026-27703

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things IoT devices and other embedded devices. In 2026.01 and earlier, the default handler for the wellknowncore resource coapwellknowncoredefaulthandler writes user-provided option data and...

9.8CVSS0.00483EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/11 7:38 p.m.6 views

EUVD-2026-11305

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things IoT devices and other embedded devices. In 2026.01 and earlier, the default handler for the wellknowncore resource coapwellknowncoredefaulthandler writes user-provided option data and...

7.5CVSS6.2AI score0.00483EPSS
Exploits1References1
CVE
CVE
added 2026/03/11 7:38 p.m.19 views

CVE-2026-27703

RIOT OS contains a vulnerability in the default handler for the well_known_core resource (coap_well_known_core_default_handler). In 2026.01 and earlier, it writes user-provided option data and other data into a fixed-size buffer without validating the destination size, enabling an out-of-bounds w...

9.8CVSS6.2AI score0.00483EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.8 views

PT-2026-24801

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things IoT devices and other embedded devices. In 2026.01 and earlier, the default handler for the well known core resource coap well known core default handler writes user-provided option...

7.5CVSS6.2AI score0.00483EPSS
Exploits1References3
Packet Storm News
Packet Storm News
added 2026/02/20 12:0 a.m.4 views

Influence of Autoencoder Latent Space on Classifying IoT CoAP Attacks

The Internet of Things IoT presents a unique cybersecurity challenge due to its vast network of interconnected, resource-constrained devices. These vulnerabilities not only threaten data integrity but also the overall functionality of IoT systems. This study addresses these challenges by explorin...

6AI score
Exploits0
OSV
OSV
added 2026/01/23 2:28 a.m.6 views

GO-2026-4322 Traefik's ACME TLS-ALPN fast path lacks timeouts and close on handshake stall in github.com/traefik/traefik

Traefik's ACME TLS-ALPN fast path lacks timeouts and close on handshake stall in github.com/traefik/traefik...

7.5CVSS5.4AI score0.00321EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/19 5:58 p.m.3 views

CVE-2026-23833

ESPHome is a system to control microcontrollers remotely through Home Automation systems. In versions 2025.9.0 through 2025.12.6, an integer overflow in the API component's protobuf decoder allows denial-of-service attacks when API encryption is not used. The bounds check ptr + fieldlength end in...

6.3CVSS5.5AI score0.00273EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/01/15 10:58 p.m.5 views

EUVD-2026-2949

Traefik's ACME TLS-ALPN fast path lacks timeouts and close on handshake stall...

5.9CVSS6.4AI score0.00321EPSS
Exploits0References6
Rows per page
Query Builder