Lucene search
K

1195 matches found

Veracode
Veracode
added 6 days ago7 views

Sensitive Information Exposure

Apache Camel Undertow Component is vulnerable to Sensitive Information Exposure. The vulnerability is due to improper handling of exception responses, where processing errors return full Java stack traces instead of suppressing them, allowing attackers to obtain sensitive information such as...

5.3CVSS5.9AI score0.00363EPSS
Exploits0References4Affected Software2
RedHat Linux
RedHat Linux
added 2026/07/08 6:28 p.m.5 views

Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.18 for Quarkus 3.33 update is now available (RHBQ 3.33.2.SP2)

An update for Red Hat Build of Apache Camel 4.18 for Quarkus 3.33 update is now available RHBQ 3.33.2.SP2. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products. Red Hat Product...

9.8CVSS6.6AI score0.00695EPSS
Exploits1References11
RedhatCVE
RedhatCVE
added 2026/07/08 7:10 a.m.6 views

CVE-2026-49365

A flaw was found in the Apache Camel Netty HTTP component. An unauthenticated remote attacker can exploit this vulnerability by sending a malformed request that triggers an exception during route processing. Due to a misconfiguration where muteException is set to false by default, the system...

5.3CVSS5.8AI score0.00363EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/07/08 7:5 a.m.7 views

CVE-2026-56139

A flaw was found in the Apache Camel Undertow component. The camel-undertow HTTP server consumer, when processing errors, could return full Java stack traces in HTTP responses. This occurs because the muteException option, which controls what is returned to the client during errors, defaulted to...

5.3CVSS5.8AI score0.00363EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/07/08 7:0 a.m.7 views

CVE-2026-40859

A flaw was found in the camel-vertx-http component of Apache Camel. This vulnerability, a Deserialization of Untrusted Data, could allow a remote attacker to execute arbitrary code. By controlling the backend server or acting as a man-in-the-middle, an attacker could send a specially crafted...

8.1CVSS6.8AI score0.00724EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/07/08 7:0 a.m.6 views

CVE-2026-46584

A flaw was found in the Apache Camel Mail Component. This vulnerability, due to improper input validation, allows a remote attacker to exploit routes that channel untrusted input into the mail producer without proper header stripping. Before version 4.19.0, this could lead to the redirection of...

7.5CVSS5.9AI score0.00378EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/07/08 6:55 a.m.6 views

CVE-2026-46726

A flaw was found in the Apache Camel Vertx Websocket component. This vulnerability allows an unauthenticated remote attacker to inject malicious query parameters into a WebSocket connection. This can lead to Server-Side Request Forgery SSRF, where the server is coerced into making requests to...

8.2CVSS6AI score0.00536EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/07/08 6:55 a.m.6 views

CVE-2026-46592

A flaw was found in the Apache Camel CXF SOAP component. A remote attacker can exploit this vulnerability by manipulating the operationName header in an unauthenticated HTTP request. This improper input validation allows the attacker to force the CxfProducer to invoke unintended SOAP operations o...

7.5CVSS6AI score0.00396EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/07/08 6:40 a.m.6 views

CVE-2026-49098

A flaw was found in the Apache Camel Kafka Component. A remote attacker can exploit an improper input validation vulnerability by manipulating specific Kafka headers, such as kafka.OVERRIDETOPIC, when an HTTP consumer bridges into a Kafka producer. This allows the attacker to redirect messages to...

6.5CVSS6AI score0.00385EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/07/08 6:30 a.m.7 views

CVE-2026-43866

A flaw was found in Apache Camel JMS components. A remote attacker can exploit a deserialization vulnerability by sending a specially crafted ObjectMessage to a queue or topic consumed by an affected Camel application. This bypasses existing security checks, allowing the attacker to inject...

8.1CVSS6AI score0.00504EPSS
Exploits2References4
RedhatCVE
RedhatCVE
added 2026/07/08 5:46 a.m.6 views

CVE-2026-40047

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Apache Camel Docling component. The camel-docling component invokes the external docling command-line tool by assembling an argument list in DoclingProducer and executing it through...

9.1CVSS5.9AI score0.01569EPSS
Exploits2References4
RedhatCVE
RedhatCVE
added 2026/07/06 4:32 p.m.10 views

CVE-2026-56140

A flaw was found in the Apache Camel AWS SNS component camel-aws2-sns. An improper input validation vulnerability exists in the Sns2HeaderFilterStrategy due to a missing inbound filter rule. However, this component is producer-only, meaning it does not process external messages in a way that woul...

9.8CVSS6AI score0.00427EPSS
Exploits0References4
NVD
NVD
added 2026/07/06 11:16 a.m.11 views

CVE-2026-49042

Improper Input Validation vulnerability in Apache Camel. This issue affects Apache Camel: from 4.8.0 through 4.18.2, from 4.19.0 through 4.20.0. Users are recommended to upgrade to version 4.18.3, 4.21.0, which fixes the issue...

7.3CVSS0.00399EPSS
Exploits0References2
NVD
NVD
added 2026/07/06 11:16 a.m.10 views

CVE-2026-46588

Improper Input Validation vulnerability in Apache Camel. This issue affects Apache Camel: through 4.14.7, from 4.15.0 through 4.18.2, from 4.19.0 through 4.20.0. Users are recommended to upgrade to version 4.14.8, 4.18.3, 4.21.0, which fixes the issue...

7.3CVSS0.00399EPSS
Exploits0References2
NVD
NVD
added 2026/07/06 11:16 a.m.9 views

CVE-2026-46587

Improper Input Validation vulnerability in Apache Camel. This issue affects Apache Camel: through 4.14.7, from 4.15.0 through 4.18.2, from 4.19.0 through 4.20.0. Users are recommended to upgrade to version 4.14.8, 4.18.3, 4.21.0, which fixes the issue...

7.3CVSS0.00399EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:36 a.m.6 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the JmsBinding.extractBodyFromJms process when handling JMS ObjectMessages with the mapJmsMessage option enabled. An attacker can inject arbitrary Exchange state by publishing a crafted ObjectMessage...

9.8CVSS6AI score0.00504EPSS
Exploits2References2
Snyk
Snyk
added 2026/07/06 10:36 a.m.4 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the JmsBinding.extractBodyFromJms process when handling JMS ObjectMessages with the mapJmsMessage option enabled. An attacker can inject arbitrary Exchange state by publishing a crafted ObjectMessage...

9.8CVSS6AI score0.00504EPSS
Exploits2References2
Snyk
Snyk
added 2026/07/06 10:36 a.m.4 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the JmsBinding.extractBodyFromJms process when handling JMS ObjectMessages with the mapJmsMessage option enabled. An attacker can inject arbitrary Exchange state by publishing a crafted ObjectMessage...

9.8CVSS6AI score0.00504EPSS
Exploits2References2
Cvelist
Cvelist
added 2026/07/06 9:36 a.m.32 views

CVE-2026-46588 Apache Camel: CouchDB: Non-Camel-prefixed Exchange headers bypass HeaderFilterStrategy allowing operation override from untrusted input

Improper Input Validation vulnerability in Apache Camel. This issue affects Apache Camel: through 4.14.7, from 4.15.0 through 4.18.2, from 4.19.0 through 4.20.0. Users are recommended to upgrade to version 4.14.8, 4.18.3, 4.21.0, which fixes the issue...

0.00399EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/06 9:36 a.m.6 views

EUVD-2026-41866

Improper Input Validation vulnerability in Apache Camel. This issue affects Apache Camel: through 4.14.7, from 4.15.0 through 4.18.2, from 4.19.0 through 4.20.0. Users are recommended to upgrade to version 4.14.8, 4.18.3, 4.21.0, which fixes the issue...

7.3CVSS5.9AI score0.00399EPSS
Exploits0References1
Rows per page
Query Builder