Lucene search
K

25 matches found

NVD
NVD
added 3 days ago7 views

CVE-2026-46454

Improper Input Validation vulnerability in Apache Camel Cometd Component. The camel-cometd component maps inbound Bayeux CometD message headers into the Camel Exchange without applying a HeaderFilterStrategy. CometdBinding.populateExchangeFromMessage copies the entire ext.CamelHeaders map supplie...

9.8CVSS0.00487EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 3 days ago5 views

CVE-2026-46454

Improper Input Validation vulnerability in Apache Camel Cometd Component. The camel-cometd component maps inbound Bayeux CometD message headers into the Camel Exchange without applying a HeaderFilterStrategy. CometdBinding.populateExchangeFromMessage copies the entire ext.CamelHeaders map supplie...

6.1AI score0.00487EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 3 days ago30 views

CVE-2026-46454 Apache Camel: Camel-Cometd: Inbound Bayeux message headers are mapped into the Exchange without a HeaderFilterStrategy, allowing unauthenticated clients to inject Camel control headers

Improper Input Validation vulnerability in Apache Camel Cometd Component. The camel-cometd component maps inbound Bayeux CometD message headers into the Camel Exchange without applying a HeaderFilterStrategy. CometdBinding.populateExchangeFromMessage copies the entire ext.CamelHeaders map supplie...

0.00487EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-41828

Improper Input Validation vulnerability in Apache Camel Cometd Component. The camel-cometd component maps inbound Bayeux CometD message headers into the Camel Exchange without applying a HeaderFilterStrategy. CometdBinding.populateExchangeFromMessage copies the entire ext.CamelHeaders map supplie...

9.8CVSS6.1AI score0.00487EPSS
Exploits0References1
CVE
CVE
added 3 days ago11 views

CVE-2026-46454

The CVE-2026-46454 entry describes an improper input validation vulnerability in Apache Camel’s CometD binding. The issue arises because inbound Bayeux/CometD headers are mapped into the Camel Exchange without a HeaderFilterStrategy, copying the entire ext.CamelHeaders map onto the message. This ...

9.8CVSS6.1AI score0.00487EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 3 days ago13 views

PT-2026-55889

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.0.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description Improper input validation in the Apache Camel Cometd component allows unauthenticated users to injec...

9.8CVSS6.1AI score0.00487EPSS
Exploits0References4
NVD
NVD
added 2026/06/18 5:16 p.m.11 views

CVE-2025-53114

CometD is a scalable comet implementation for web messaging. In versions 5.0.0 through 5.0.22, 6.0.0 through 6.0.18, 7.0.0 through 7.0.18, and 8.0.0 through 8.0.8, bad clients that always send a fixed batch value when the server is using the acknowledgement extension may cause the unacknowledged...

7.5CVSS0.00384EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/18 4:25 p.m.19 views

CVE-2025-53114 CometD has acknowledgement extension out of memory

CometD is a scalable comet implementation for web messaging. In versions 5.0.0 through 5.0.22, 6.0.0 through 6.0.18, 7.0.0 through 7.0.18, and 8.0.0 through 8.0.8, bad clients that always send a fixed batch value when the server is using the acknowledgement extension may cause the unacknowledged...

7.5CVSS0.00384EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/18 4:25 p.m.5 views

CVE-2025-53114

CometD is a scalable comet implementation for web messaging. In versions 5.0.0 through 5.0.22, 6.0.0 through 6.0.18, 7.0.0 through 7.0.18, and 8.0.0 through 8.0.8, bad clients that always send a fixed batch value when the server is using the acknowledgement extension may cause the unacknowledged...

7.5CVSS5.2AI score0.00384EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2026/06/18 4:25 p.m.27 views

CVE-2025-53114

Affected software: CometD server implementations. A vulnerability arises when clients consistently set ext.ack to 1 during /meta/connect while the acknowledgement extension is enabled, causing the unacknowledged message queue to grow without bound and potentially trigger OutOfMemoryError. Affecte...

7.5CVSS5.2AI score0.00384EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.13 views

PT-2026-48527

Name of the Vulnerable Software and Affected Versions CometD versions 5.0.x CometD versions 6.0.x CometD versions 8.0.x Description Improper handling of the acknowledgement extension allows malicious clients to cause a server outage. By consistently sending a fixed batch value in the ext paramete...

7.5CVSS5.5AI score0.00384EPSS
Exploits0References11
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-1534

Malicious code in bioql PyPI...

8.1CVSS8AI score0.01101EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 2:16 a.m.41 views

Security Bulletin: Provision to add https and Secure Flag to bayeux_browser cookie for IBM Control Desk.

Summary BAYEUXBROWSER cookie is generated from Cometd Server and it remains live with the session. In older versions of cometd server, BAYEUXBROWSER cookie was neither true for https nor for secure. But in the current version ie. 5.0.3, there is a provision to make the cookie true for https and...

5.3CVSS4.1AI score0.00726EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/19 8:54 p.m.83 views

Security Bulletin: Provision to add https and Secure Flag to bayeux_browser cookie for IBM Control Desk.

Summary BAYEUXBROWSER cookie is generated from Cometd Server and it remains live with the session. In older versions of cometd server, BAYEUXBROWSER cookie was neither true for https nor for secure. But in the current version ie. 5.0.3, there is a provision to make the cookie true for https and...

9.8CVSS8.9AI score0.25802EPSS
Exploits7Affected Software1
RedhatCVE
RedhatCVE
added 2022/03/16 10:21 a.m.48 views

CVE-2022-24721

A flaw was found in CometD’s Oort package. This flaw allows an attacker to monitor unauthorized channels when connected remotely...

8.1CVSS4.3AI score0.01101EPSS
Exploits0References4
Veracode
Veracode
added 2022/03/16 7:26 a.m.15 views

Improper Authorization

org.cometd.java:cometd-java-oort is vulnerable to improper authorization. Remote attackers are able to subscribe and publish to Oort and Seti channels due to improper authorization, allowing interception of internal cluster traffic. As a result the remote attackers are able to create/modify/delet...

8.1CVSS5.2AI score0.01101EPSS
Exploits0References5Affected Software1
vulnersOsv
vulnersOsv
added 2022/03/15 7:2 p.m.5 views

org.cometd:cometd-demo (>=1.0.0 <=5.0.10), org.cometd:cometd-documentation (=5.0.10) potentially affected by CVE-2022-24721 via org.cometd.java:cometd-java-oort (>=1.0.beta9 <=5.0.10)

org.cometd.java:cometd-java-oort MAVEN version =1.0.beta9, =1.0.0, =5.0.10 - org.cometd:cometd-documentation =5.0.10 Source cves: CVE-2022-24721 Source advisory: OSV:GHSA-RJMQ-6V55-4RJV...

8.1CVSS7.4AI score0.01101EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/03/15 7:2 p.m.9 views

org.cometd:cometd-demo (>=7.0.0 <=7.0.19), org.cometd:cometd-documentation (>=7.0.1 <=7.0.19) potentially affected by CVE-2022-24721 via org.cometd.java:cometd-java-oort (>=7.0.0 <=7.0.5)

org.cometd.java:cometd-java-oort MAVEN version =7.0.0, =7.0.0, =7.0.1, =7.0.19 Source cves: CVE-2022-24721 Source advisory: OSV:GHSA-RJMQ-6V55-4RJV...

8.1CVSS7.2AI score0.01101EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/03/15 7:2 p.m.5 views

org.cometd:cometd-demo (>=6.0.0 <=6.0.19), org.cometd:cometd-documentation (>=6.0.1 <=6.0.19) potentially affected by CVE-2022-24721 via org.cometd.java:cometd-java-oort (>=6.0.0 <=6.0.5)

org.cometd.java:cometd-java-oort MAVEN version =6.0.0, =6.0.0, =6.0.1, =6.0.19 Source cves: CVE-2022-24721 Source advisory: OSV:GHSA-RJMQ-6V55-4RJV...

8.1CVSS7.2AI score0.01101EPSS
Exploits0
NVD
NVD
added 2022/03/15 2:15 p.m.44 views

CVE-2022-24721

CometD is a scalable comet implementation for web messaging. In any version prior to 5.0.11, 6.0.6, and 7.0.6, internal usage of Oort and Seti channels is improperly authorized, so any remote user could subscribe and publish to those channels. By subscribing to those channels, a remote user may b...

8.1CVSS0.01101EPSS
Exploits0References2
Rows per page
Query Builder