Lucene search
K

13 matches found

NVD
NVD
added 13 hours ago7 views

CVE-2026-49099

Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection', Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel Salesforce Component. The camel-salesforce producer resolves its operation parameters - the SOQL query, the SOSL search,...

Exploits0References2
ATTACKERKB
ATTACKERKB
added 14 hours ago4 views

CVE-2026-49098

Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Apache Camel Kafka Component. The camel-kafka producer can override its configured target topic at runtime from the kafka.OVERRIDETOPIC Exchange header:...

6.1AI score
Exploits0References2Affected Software1
CVE
CVE
added 14 hours ago6 views

CVE-2026-49098

CVE-2026-49098 (Apache Camel) affects the Camel-Kafka component. The issue arises from using non-Camel-prefixed kafka.* header constants (e.g., kafka.OVERRIDE_TOPIC) which bypass upstream HTTP header filtering, allowing an HTTP client to redirect messages to arbitrary Kafka topics via the kafka.O...

6.1AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 14 hours ago3 views

CVE-2026-49097

Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Apache Camel IRC component. The camel-irc producer chooses the destination of an outgoing IRC message from the irc.sendTo Exchange header the constant...

6.1AI score
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/23 5:52 p.m.8 views

CVE-2026-52845

Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, forwardauth copyheaders deletes the exact client-supplied identity header before copying the trusted value from the auth gateway. But when the request later goes through phpfastcgi, Caddy normalizes HTTP headers int...

8.1CVSS5.9AI score0.00246EPSS
Exploits1
CVE
CVE
added 2026/06/22 2:55 p.m.50 views

CVE-2026-53655

node-tar (node-tar) before version 7.5.16 is vulnerable: it applies a PAX extended header size override to the next header entry, including intermediary L/K/x headers, which desynchronizes the stream cursor from other tar implementations. This yields a tar-parser interpretation differential (CWE-...

6.9CVSS5.9AI score0.00107EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/20 7:6 a.m.3 views

CVE-2026-33055 tar-rs incorrectly ignores PAX size headers if header size is nonzero

tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As part of CVE-2025-62518, the astral-tokio-tar project was changed to correctly honor PAX size headers in the...

5.1CVSS7.3AI score0.00397EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:8 a.m.4 views

SUSE CVE-2008-2105

emailin.pl in Bugzilla 2.23.4, 3.0.x before 3.0.4, and 3.1.x before 3.1.4 allows remote authenticated users to more easily spoof the changer of a bug via a @reporter command in the body of an e-mail message, which overrides the e-mail address as normally obtained from the From e-mail header. NOTE...

3.5CVSS7AI score0.00967EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:1 a.m.3 views

SUSE CVE-2016-5135

WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the Content Security Policy CSP protection mechanis...

6.5CVSS8.6AI score0.01604EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2022/11/21 11:11 a.m.7 views

Mozilla: Cross-Site Tracing was possible via non-standard override headers

The Mozilla Foundation Security Advisory describes this flaw as: Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitiga...

6.1CVSS7.3AI score0.00575EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2022/08/12 3:15 p.m.1 views

CVE-2022-37041

An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite ZCS 8.8.15 and 9.0. The value of the X-Forwarded-Host header overwrites the value of the Host header in proxied requests. The value of X-Forwarded-Host header is not checked against the whitelist of...

7.5CVSS7.1AI score0.0053EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2016/07/26 5:18 a.m.2 views

chromium-browser: content-security-policy bypass

WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the Content Security Policy CSP protection mechanis...

6.5CVSS7.4AI score0.01604EPSS
Exploits0References5
OSV
OSV
added 2016/07/23 12:0 a.m.2 views

UBUNTU-CVE-2016-5135

WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the Content Security Policy CSP protection mechanis...

6.5CVSS7AI score0.01604EPSS
Exploits0References4
Rows per page
Query Builder