Lucene search
K

53 matches found

Cvelist
Cvelist
added 2026/07/02 5:55 p.m.38 views

CVE-2026-58465 Eclipse Wakaama CoAP Block1 Handler Unbounded Memory Allocation DoS

Eclipse Wakaama before snapshot/2026-05-26 contains an unbounded memory allocation vulnerability in the CoAP Block1 handler within coap/block.c that allows unauthenticated remote attackers to exhaust server memory by sending a sequence of Block1 PUT requests with incrementing block numbers...

8.7CVSS0.00555EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/02 5:55 p.m.7 views

EUVD-2026-41417

Eclipse Wakaama before snapshot/2026-05-26 contains an unbounded memory allocation vulnerability in the CoAP Block1 handler within coap/block.c that allows unauthenticated remote attackers to exhaust server memory by sending a sequence of Block1 PUT requests with incrementing block numbers...

8.7CVSS6AI score0.00555EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.13 views

Apache Camel 4.14.x < 4.14.6 / 4.15.x < 4.18.1 RCE (CVE-2026-33453)

The version of Apache Camel on the remote host is 4.14.x prior to 4.14.6 or 4.15.x through 4.18.x prior to 4.18.1. It is, therefore, affected by a remote code execution vulnerability: - The camel-coap component maps incoming CoAP request URI query parameters directly into Camel Exchange In messag...

10CVSS8AI score0.06157EPSS
Exploits2References3
RedHat Linux
RedHat Linux
added 2026/05/14 4:55 p.m.10 views

Apache Camel: camel-coap: Apache Camel camel-coap: Remote code execution via CoAP URI query parameter injection

A flaw was found in Apache Camel's camel-coap component. An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted CoAP Constrained Application Protocol UDP User Datagram Protocol packet. The camel-coap component improperly processes URI query parameters,...

10CVSS6.4AI score0.06157EPSS
Exploits2References5
Veracode
Veracode
added 2026/05/06 8:41 a.m.16 views

Improperly Controlled Modification Of Dynamically-Determined Object Attributes

Apache Camel is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes. The vulnerability is due to lack of header filtering when mapping CoAP query parameters to message headers, which allows an attacker to inject malicious headers and execute arbitrary...

10CVSS6AI score0.06157EPSS
Exploits2References15Affected Software3
RedhatCVE
RedhatCVE
added 2026/05/06 6:16 a.m.9 views

CVE-2026-33453

A flaw was found in Apache Camel's camel-coap component. An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted CoAP Constrained Application Protocol UDP User Datagram Protocol packet. The camel-coap component improperly processes URI query parameters,...

10CVSS6.4AI score0.06157EPSS
Exploits2References4
Fedora
Fedora
added 2026/04/28 1:35 a.m.8 views

[SECURITY] Fedora 44 Update: libcoap-4.3.5b-1.fc44

The Constrained Application Protocol CoAP is a specialized web transfer protocol for use with constrained nodes and constrained networks in the Inter net of Things. The protocol is designed for machine-to-machine M2M applications such as smart energy and building automation. libcoap implements a...

9.8CVSS5.2AI score0.00296EPSS
Exploits0
Fedora
Fedora
added 2026/04/28 1:15 a.m.5 views

[SECURITY] Fedora 42 Update: libcoap-4.3.5b-1.fc42

The Constrained Application Protocol CoAP is a specialized web transfer protocol for use with constrained nodes and constrained networks in the Inter net of Things. The protocol is designed for machine-to-machine M2M applications such as smart energy and building automation. libcoap implements a...

9.8CVSS5.2AI score0.00296EPSS
Exploits0
Fedora
Fedora
added 2026/04/28 1:0 a.m.5 views

[SECURITY] Fedora 43 Update: libcoap-4.3.5b-1.fc43

The Constrained Application Protocol CoAP is a specialized web transfer protocol for use with constrained nodes and constrained networks in the Inter net of Things. The protocol is designed for machine-to-machine M2M applications such as smart energy and building automation. libcoap implements a...

9.8CVSS5.2AI score0.00296EPSS
Exploits0
Snyk
Snyk
added 2026/04/27 12:14 p.m.4 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes throug the CamelCoapResource.handleRequest function. An attacker can execute arbitrary operating system commands by injecting specially crafted CoAP URI quer...

10CVSS6.6AI score0.06157EPSS
Exploits2References2
NVD
NVD
added 2026/04/27 11:16 a.m.10 views

CVE-2026-33453

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Apache Camel Camel-Coap component. Apache Camel's camel-coap component is vulnerable to Camel message header injection, leading to remote code execution when routes forward CoAP requests to...

10CVSS0.06157EPSS
Exploits2References6
Vulnrichment
Vulnrichment
added 2026/04/27 9:58 a.m.7 views

CVE-2026-33453 Apache Camel: CoAP URI Query Parameter to Exchange Header Injection in camel-coap Allows Single-Packet Pre-Auth Remote Code Execution

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Apache Camel Camel-Coap component. Apache Camel's camel-coap component is vulnerable to Camel message header injection, leading to remote code execution when routes forward CoAP requests to...

6.5AI score0.06157EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2026/04/27 9:58 a.m.8 views

CVE-2026-33453

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Apache Camel Camel-Coap component. Apache Camel's camel-coap component is vulnerable to Camel message header injection, leading to remote code execution when routes forward CoAP requests to...

6.5AI score0.06157EPSS
Exploits2References2Affected Software1
CVE
CVE
added 2026/04/27 9:58 a.m.78 views

CVE-2026-33453

The CVE-2026-33453 issue affects Apache Camel’s camel-coap component, enabling header injection via CoAP URI query parameters. The camel-coap handler copies incoming CoAP URI query params directly into Camel Exchange In headers without a HeaderFilterStrategy, allowing an unauthenticated attacker ...

10CVSS6.5AI score0.06157EPSS
Exploits2References6Affected Software1
Cvelist
Cvelist
added 2026/04/27 9:58 a.m.33 views

CVE-2026-33453 Apache Camel: CoAP URI Query Parameter to Exchange Header Injection in camel-coap Allows Single-Packet Pre-Auth Remote Code Execution

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Apache Camel Camel-Coap component. Apache Camel's camel-coap component is vulnerable to Camel message header injection, leading to remote code execution when routes forward CoAP requests to...

0.06157EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/04/20 10:52 a.m.5 views

CVE-2026-29013

A flaw was found in libcoap. Attackers can send specially crafted Constrained Application Protocol CoAP requests with malformed OSCORE options or responses during OSCORE negotiation. This can trigger out-of-bounds reads during CBOR parsing and potentially lead to heap buffer overflow writes due t...

9.8CVSS6AI score0.00296EPSS
Exploits0References2
NVD
NVD
added 2026/03/11 8:16 p.m.15 views

CVE-2026-27703

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things IoT devices and other embedded devices. In 2026.01 and earlier, the default handler for the wellknowncore resource coapwellknowncoredefaulthandler writes user-provided option data and...

9.8CVSS0.00483EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/11 7:38 p.m.6 views

EUVD-2026-11305

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things IoT devices and other embedded devices. In 2026.01 and earlier, the default handler for the wellknowncore resource coapwellknowncoredefaulthandler writes user-provided option data and...

7.5CVSS6.2AI score0.00483EPSS
Exploits1References1
CVE
CVE
added 2026/03/11 7:38 p.m.20 views

CVE-2026-27703

RIOT OS contains a vulnerability in the default handler for the well_known_core resource (coap_well_known_core_default_handler). In 2026.01 and earlier, it writes user-provided option data and other data into a fixed-size buffer without validating the destination size, enabling an out-of-bounds w...

9.8CVSS6.2AI score0.00483EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.8 views

PT-2026-24801

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things IoT devices and other embedded devices. In 2026.01 and earlier, the default handler for the well known core resource coap well known core default handler writes user-provided option...

7.5CVSS6.2AI score0.00483EPSS
Exploits1References3
Rows per page
Query Builder