Lucene search
K

43 matches found

Cvelist
Cvelist
added 14 hours ago5 views

CVE-2026-46457 Apache Camel: Camel-NATS: Inbound NATS message headers are mapped into the Exchange without a configured HeaderFilterStrategy, allowing a client that can publish to the subject to inject Camel control headers

Improper Input Validation vulnerability in Apache Camel NATS component. The camel-nats component maps inbound NATS message headers into the Camel Exchange but defaulted its headerFilterStrategy to a bare new DefaultHeaderFilterStrategy with no inbound rules configured NatsConfiguration. With no...

Exploits0References1
EUVD
EUVD
added 14 hours ago5 views

EUVD-2026-41831

Improper Input Validation vulnerability in Apache Camel NATS component. The camel-nats component maps inbound NATS message headers into the Camel Exchange but defaulted its headerFilterStrategy to a bare new DefaultHeaderFilterStrategy with no inbound rules configured NatsConfiguration. With no...

7.5CVSS6.1AI score
Exploits0References1
EUVD
EUVD
added 14 hours ago4 views

EUVD-2026-41830

Improper Input Validation vulnerability in Apache Camel AWS2-SQS Component. The camel-aws2-sqs component map inbound message attributes into the Camel Exchange through a component-specific HeaderFilterStrategy. Sqs2HeaderFilterStrategy configured only an outbound filter setOutFilterPattern, which...

9.8CVSS6AI score
Exploits0References1
CVE
CVE
added 14 hours ago7 views

CVE-2026-46456

Improper Input Validation vulnerability in Apache Camel AWS2-SQS Component. The camel-aws2-sqs component map inbound message attributes into the Camel Exchange through a component-specific HeaderFilterStrategy. Sqs2HeaderFilterStrategy configured only an outbound filter setOutFilterPattern, which...

9.8CVSS6AI score
Exploits0References2
Cvelist
Cvelist
added 14 hours ago5 views

CVE-2026-46454 Apache Camel: Camel-Cometd: Inbound Bayeux message headers are mapped into the Exchange without a HeaderFilterStrategy, allowing unauthenticated clients to inject Camel control headers

Improper Input Validation vulnerability in Apache Camel Cometd Component. The camel-cometd component maps inbound Bayeux CometD message headers into the Camel Exchange without applying a HeaderFilterStrategy. CometdBinding.populateExchangeFromMessage copies the entire ext.CamelHeaders map supplie...

Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.8 views

PT-2026-29161

Name of the Vulnerable Software and Affected Versions MCP Java SDK versions prior to 1.0.1 MCP Java SDK versions prior to 1.1.1 Description The MCP Java SDK contains a hardcoded wildcard Cross-Origin Resource Sharing CORS configuration, specifically setting Access-Control-Allow-Origin to ''. This...

6.1CVSS7.5AI score0.00222EPSS
Exploits0References11
EUVD
EUVD
added 2026/03/28 12:30 p.m.9 views

EUVD-2026-16911

Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior expose sensitive information in web management responses. Administrative credentials, including the router and/or admin panel password, are included in plaintext within configuration response bodies. In addition, responses lack...

6.8CVSS5.9AI score0.00297EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/02/03 7:11 p.m.3 views

CVE-2026-24427 Tenda AC7 Exposes Admin Credentials in Configuration Responses

Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior expose sensitive information in web management responses. Administrative credentials, including the router and/or admin panel password, are included in plaintext within configuration response bodies. In addition, responses lack...

6.8CVSS5.4AI score0.00118EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/28 9:17 p.m.6 views

CVE-2026-24472

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Cache Middleware contains an information disclosure vulnerability caused by improper handling of HTTP cache control directives. The middleware does not respect standard cache control...

5.3CVSS5.9AI score0.00457EPSS
Exploits0References1
NVD
NVD
added 2026/01/27 8:16 p.m.5 views

CVE-2026-24472

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Cache Middleware contains an information disclosure vulnerability caused by improper handling of HTTP cache control directives. The middleware does not respect standard cache control...

5.3CVSS0.00457EPSS
Exploits0References3
EUVD
EUVD
added 2026/01/27 7:34 p.m.7 views

EUVD-2026-4750

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Cache Middleware contains an information disclosure vulnerability caused by improper handling of HTTP cache control directives. The middleware does not respect standard cache control...

5.3CVSS5.9AI score0.00457EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/27 7:34 p.m.6 views

CVE-2026-24472

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Cache Middleware contains an information disclosure vulnerability caused by improper handling of HTTP cache control directives. The middleware does not respect standard cache control...

5.3CVSS5.9AI score0.00457EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/01 10:24 p.m.5 views

CVE-2025-65681

An issue was discovered in Overhang.IO tutor-open-edx overhangio/tutor 20.0.2 allowing local unauthorized attackers to gain access to sensitive information due to the absence of proper cache-control HTTP headers and client-side session checks...

3.3CVSS6.6AI score0.00195EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/26 9:31 p.m.6 views

EUVD-2025-199747

An issue was discovered in Overhang.IO tutor-open-edx overhangio/tutor 20.0.2 allowing local unauthorized attackers to gain access to sensitive information due to the absence of proper cache-control HTTP headers and client-side session checks...

6AI score0.00195EPSS
Exploits0References4
Snyk
Snyk
added 2025/11/26 7:41 p.m.3 views

Use of Cache Containing Sensitive Information

Overview tutor is a The Docker-based Open edX distribution designed for peace of mind Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information due to the absence of proper cache-control HTTP headers and insufficient client-side session validation. An...

4.6CVSS6.5AI score0.00195EPSS
Exploits0References2
NVD
NVD
added 2025/11/26 7:15 p.m.5 views

CVE-2025-65681

An issue was discovered in Overhang.IO tutor-open-edx overhangio/tutor 20.0.2 allowing local unauthorized attackers to gain access to sensitive information due to the absence of proper cache-control HTTP headers and client-side session checks...

3.3CVSS0.00195EPSS
Exploits0References3
PyPA
PyPA
added 2025/11/26 7:15 p.m.10 views

PYSEC-2025-219

An issue was discovered in Overhang.IO tutor-open-edx overhangio/tutor 20.0.2 allowing local unauthorized attackers to gain access to sensitive information due to the absence of proper cache-control HTTP headers and client-side session checks...

3.3CVSS5.8AI score0.00195EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/11/26 7:15 p.m.12 views

PYSEC-2025-219

An issue was discovered in Overhang.IO tutor-open-edx overhangio/tutor 20.0.2 allowing local unauthorized attackers to gain access to sensitive information due to the absence of proper cache-control HTTP headers and client-side session checks...

3.3CVSS5.8AI score0.00195EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/11/26 12:0 a.m.6 views

PT-2025-48178

Name of the Vulnerable Software and Affected Versions Overhang.IO tutor-open-edx version 20.0.2 Description A security issue exists in Overhang.IO tutor-open-edx version 20.0.2 that could allow local unauthorized attackers to access sensitive information. This is due to missing cache-control HTTP...

3.3CVSS5.8AI score0.00195EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/10/31 11:34 p.m.8 views

CVE-2025-62276

The Document Library and the Adaptive Media modules in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions uses an incorrect cache-control heade...

4.6CVSS0.00123EPSS
Exploits0References1
Rows per page
Query Builder