Lucene search
K

932 matches found

NVD
NVD
added 10 hours ago3 views

CVE-2026-46592

Improper Input Validation, Unintended Proxy or Intermediary 'Confused Deputy' vulnerability in Apache Camel CXF SOAP component. The camel-cxf producer selects which SOAP operation to invoke on the backend service from the operationName and operationNamespace Exchange header, whose constant values...

Exploits0References2
EUVD
EUVD
added 11 hours ago4 views

EUVD-2026-41836

Improper Input Validation, Unintended Proxy or Intermediary 'Confused Deputy' vulnerability in Apache Camel CXF SOAP component. The camel-cxf producer selects which SOAP operation to invoke on the backend service from the operationName and operationNamespace Exchange header, whose constant values...

6AI score
Exploits0References1
Cvelist
Cvelist
added 11 hours ago5 views

CVE-2026-46592 Apache Camel: Camel-CXF: The SOAP operation-selection headers used non-Camel-prefixed names (operationName, operationNamespace) that bypass the HTTP header filter, allowing an HTTP client to redirect the invoked SOAP operation

Improper Input Validation, Unintended Proxy or Intermediary 'Confused Deputy' vulnerability in Apache Camel CXF SOAP component. The camel-cxf producer selects which SOAP operation to invoke on the backend service from the operationName and operationNamespace Exchange header, whose constant values...

Exploits0References1
CVE
CVE
added 6 days ago10 views

CVE-2026-58372

SeaweedFS prior to 4.34 is affected by a path traversal vulnerability in the S3 gateway DeleteMultipleObjectsHandler. Authenticated S3 principals with write access to a single bucket can delete arbitrary objects in other tenants’ buckets by sending object keys containing ../ in the DeleteObjects ...

8.1CVSS5.9AI score0.00766EPSS
Exploits0References6
NVD
NVD
added 2026/06/23 5:17 p.m.8 views

CVE-2026-54306

n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, a prototype pollution vulnerability allowed a crafted public webhook payload to inject attacker-controlled fields into workflow data during internal object copying. These fields could be surfaced and consumed as norma...

6.4CVSS0.00259EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 3:43 p.m.17 views

CVE-2026-54306

n8n (open-source workflow automation) contains a prototype pollution vulnerability prior to versions 2.25.7 and 2.26.2. A crafted payload in a public webhook could inject attacker-controlled fields into workflow data during internal object copying, allowing downstream nodes to surface and consume...

6.4CVSS5.9AI score0.00259EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/23 3:43 p.m.33 views

CVE-2026-54306 n8n: Prototype Pollution enables confused-deputy execution via public webhooks

n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, a prototype pollution vulnerability allowed a crafted public webhook payload to inject attacker-controlled fields into workflow data during internal object copying. These fields could be surfaced and consumed as norma...

6.3CVSS0.00259EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 3:41 p.m.3 views

CVE-2026-50169

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15 20.3.22, and 19.2.23, an issue in the @angular/service-worker package compromises the integrity of request-policy enforcement during...

5.7CVSS5.9AI score0.00165EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/22 3:41 p.m.18 views

CVE-2026-50169

The CVE-2026-50169 issue affects the Angular service worker (@angular/service-worker). The vulnerability stems from the request reconstruction path in the service worker, where an internal helper strips strict client-defined redirect policies (for example redirect: 'error'), causing the browser t...

6.1CVSS5.9AI score0.00165EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/18 9:1 p.m.12 views

CVE-2026-49257

mcp-pinot is a Python-based Model Context Protocol MCP server for interacting with Apache Pinot. In versions 3.0.1 and below, mcp-pinot defaults to running an HTTP MCP server bound to 0.0.0.0:8080 with no authentication enabled. All MCP tools, including SQL query execution, schema creation, and...

10CVSS5.6AI score0.00498EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.14 views

PT-2026-50795

Name of the Vulnerable Software and Affected Versions mcp-pinot versions prior to 3.1.0 Description mcp-pinot is a Python-based Model Context Protocol MCP server for interacting with Apache Pinot. The software defaults to running an HTTP MCP server bound to 0.0.0.0:8080 without authentication. Th...

10CVSS5.9AI score0.00498EPSS
Exploits0References15
Patchstack
Patchstack
added 2026/06/16 7:0 p.m.6 views

NPM: n8n: Prototype Pollution enables confused-deputy execution via public webhooks

NPM: n8n: Prototype Pollution enables confused-deputy execution via public webhooks vulnerability discovered by ? in WordPress Npm n8n versions 2.25.7...

6.4CVSS6AI score0.00259EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 7:0 p.m.8 views

n8n: Prototype Pollution enables confused-deputy execution via public webhooks

Impact A prototype pollution vulnerability allowed a crafted public webhook payload to inject attacker-controlled fields into workflow data during internal object copying. These fields could be surfaced and consumed as normal values by downstream built-in nodes. Where a workflow combines a public...

6.4CVSS5.4AI score0.00259EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.15 views

PT-2026-50172

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.25.7 n8n versions prior to 2.26.2 Description A prototype pollution issue allows a crafted public webhook payload to inject attacker-controlled fields into workflow data during internal object copying. Prototype polluti...

6.4CVSS5.9AI score0.00259EPSS
Exploits0References5
Malwarebytes
Malwarebytes
added 2026/06/04 9:9 a.m.17 views

Meta’s AI support bot happily handed Instagram accounts to hackers

Customer service chatbots have one job: get the user what they're asking for without bothering a human. Meta's new AI support assistant took that brief a little too seriously. Over the past few months, attackers have been opening support chats, telling the bot they were locked out of Instagram...

5.7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/03 10:1 a.m.12 views

CVE-2025-48570

In multiple functions of PipTaskOrganizer.java, there is a possible way to launch an activity from the background due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.9AI score0.00072EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 12:31 a.m.14 views

EUVD-2026-33808

In getCallingPackageName of Shared.java, there is a possible way to bypass activity start restrictions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.9AI score0.00068EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/02 12:31 a.m.9 views

EUVD-2025-210012

In multiple functions of PipTaskOrganizer.java, there is a possible way to launch an activity from the background due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00072EPSS
Exploits0References2
NVD
NVD
added 2026/06/01 10:16 p.m.11 views

CVE-2025-48570

In multiple functions of PipTaskOrganizer.java, there is a possible way to launch an activity from the background due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS0.00072EPSS
Exploits0References1
CVE
CVE
added 2026/06/01 9:14 p.m.34 views

CVE-2026-0098

Technical details (affected products, versions, exploit specifics, or mitigations) are not publicly available in the provided documents. Monitor for updates and rely on official advisories when they are published.

7.8CVSS5.9AI score0.00068EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder