Lucene search
+L

6 matches found

NVD
NVD
added 2026/07/06 9:16 a.m.13 views

CVE-2026-49086

Improper Input Validation, Unintended Proxy or Intermediary 'Confused Deputy' vulnerability in Apache Camel DAPR component. The camel-dapr Dapr Pub/Sub consumer DaprPubSubConsumer copied two fields from each inbound CloudEvent - its Pub/Sub component name and its topic - into the...

6.5CVSS0.00426EPSS
Exploits0References2
OSV
OSV
added 2026/03/15 1:35 p.m.6 views

CVE-2026-28521 arduino-TuyaOpen TuyaIoT Out-of-Bounds Memory Read Information Disclosure

arduino-TuyaOpen before version 1.2.1 contains an out-of-bounds memory read vulnerability in the TuyaIoT component. An attacker who hijacks or controls the Tuya cloud service can issue malicious DP event data to victim devices, causing out-of-bounds memory access that may result in information...

7CVSS6AI score0.00212EPSS
Exploits0References5
Snyk
Snyk
added 2025/02/21 6:40 p.m.5 views

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection via the deserialize method, when handling untrusted XML data, which may contain external entity references. Details XXE Injection is a type of attack against an application that parses XML input. XML is...

8.7CVSS7.6AI score0.00211EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/06/20 2:25 p.m.13 views

cloudevents/sdk-go: usage of WithRoundTripper to create a Client leaks credentials

A vulnerability was found in cloudevents/sdk-go. This issue involves using cloudevents.WithRoundTripper to create a cloudevents.Client with an authenticated http.RoundTripper results in the go-sdk leaking credentials to arbitrary endpoints. When the transport is populated with an authenticated...

7.5CVSS5.9AI score0.00661EPSS
Exploits0References5
OSV
OSV
added 2024/03/06 10:15 p.m.6 views

AZL-35751 CVE-2024-28110 affecting package telegraf for versions less than 1.31.0-1

Go SDK for CloudEvents is the official CloudEvents SDK to integrate applications with CloudEvents. Prior to version 2.15.2, using cloudevents.WithRoundTripper to create a cloudevents.Client with an authenticated http.RoundTripper causes the go-sdk to leak credentials to arbitrary endpoints. When...

7.5CVSS7AI score0.00661EPSS
Exploits0References1
OSV
OSV
added 2024/03/06 10:15 p.m.7 views

AZL-35761 CVE-2024-28110 affecting package telegraf for versions less than 1.28.5-5

Go SDK for CloudEvents is the official CloudEvents SDK to integrate applications with CloudEvents. Prior to version 2.15.2, using cloudevents.WithRoundTripper to create a cloudevents.Client with an authenticated http.RoundTripper causes the go-sdk to leak credentials to arbitrary endpoints. When...

7.5CVSS7AI score0.00661EPSS
Exploits0References1
Rows per page
Query Builder