Lucene search
K

2512 matches found

NVD
NVD
added 2 days ago6 views

CVE-2026-49097

Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Apache Camel IRC component. The camel-irc producer chooses the destination of an outgoing IRC message from the irc.sendTo Exchange header the constant...

6.5CVSS0.00196EPSS
Exploits0References2
CVE
CVE
added 2 days ago8 views

CVE-2026-49097

CVE-2026-49097 affects Apache Camel’s Camel-IRC component. The issue arises when outbound IRC message destinations are taken from non-Camel header names (irc.sendTo and related irc.* headers), which bypass the HTTP header filter. In routes bridging HTTP to irc:, an attacker could set irc.sendTo t...

6.5CVSS6.1AI score0.00196EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-41843

Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Apache Camel IRC component. The camel-irc producer chooses the destination of an outgoing IRC message from the irc.sendTo Exchange header the constant...

6.5CVSS6.1AI score0.00196EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-49097 Apache Camel: Camel-IRC: The irc.sendTo (and other irc.*) Exchange header constants used non-Camel-prefixed names that bypass the HTTP header filter, allowing an HTTP client to redirect outgoing IRC messages to arbitrary channels or users

Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Apache Camel IRC component. The camel-irc producer chooses the destination of an outgoing IRC message from the irc.sendTo Exchange header the constant...

0.00196EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-49097

Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Apache Camel IRC component. The camel-irc producer chooses the destination of an outgoing IRC message from the irc.sendTo Exchange header the constant...

6.1AI score0.00196EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/25 9:16 a.m.7 views

CVE-2026-53268

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrackirc: fix possible out-of-bounds read When parsing fails after we've matched the command string we should bail out instead of trying to match a different command. This helper should be deprecated, given...

8.2CVSS0.00364EPSS
Exploits0References8
OSV
OSV
added 2026/06/25 9:16 a.m.3 views

UBUNTU-CVE-2026-53268

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrackirc: fix possible out-of-bounds read When parsing fails after we've matched the command string we should bail out instead of trying to match a different command. This helper should be deprecated, given...

8.2CVSS5.7AI score0.00364EPSS
Exploits0References11
CVE
CVE
added 2026/06/25 8:39 a.m.26 views

CVE-2026-53268

CVE-2026-53268 affects the Linux kernel netfilter component, specifically the conntrack_irc module. The root cause is a failure to bail out after a command string is matched, which can lead to an out-of-bounds read during parsing. Impact per sources is a potential information disclosure or denial...

8.2CVSS5.7AI score0.00364EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2026/06/25 8:39 a.m.28 views

CVE-2026-53268 netfilter: conntrack_irc: fix possible out-of-bounds read

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrackirc: fix possible out-of-bounds read When parsing fails after we've matched the command string we should bail out instead of trying to match a different command. This helper should be deprecated, given...

8.2CVSS0.00364EPSS
Exploits0References8
NVD
NVD
added 2026/05/11 6:16 p.m.20 views

CVE-2026-45003

OpenClaw before 2026.4.22 allows workspace dotenv files to override connector endpoint hosts for Matrix, Mattermost, IRC, and Synology connectors. Attackers with workspace access can redirect runtime traffic to malicious endpoints by setting endpoint variables in dotenv files...

5CVSS0.00105EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/11 4:46 p.m.8 views

CVE-2026-45003 OpenClaw < 2026.4.22 - Connector Endpoint Host Override via Workspace dotenv Files

OpenClaw before 2026.4.22 allows workspace dotenv files to override connector endpoint hosts for Matrix, Mattermost, IRC, and Synology connectors. Attackers with workspace access can redirect runtime traffic to malicious endpoints by setting endpoint variables in dotenv files...

5CVSS5.8AI score0.00105EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/11 4:46 p.m.34 views

CVE-2026-45003 OpenClaw < 2026.4.22 - Connector Endpoint Host Override via Workspace dotenv Files

OpenClaw before 2026.4.22 allows workspace dotenv files to override connector endpoint hosts for Matrix, Mattermost, IRC, and Synology connectors. Attackers with workspace access can redirect runtime traffic to malicious endpoints by setting endpoint variables in dotenv files...

5CVSS0.00105EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/11 4:46 p.m.10 views

CVE-2026-45003

OpenClaw before 2026.4.22 allows workspace dotenv files to override connector endpoint hosts for Matrix, Mattermost, IRC, and Synology connectors. Attackers with workspace access can redirect runtime traffic to malicious endpoints by setting endpoint variables in dotenv files...

5CVSS5.8AI score0.00105EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.8 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.22 contained security vulnerabilities. These vulnerabilities stemmed from allowing dotenv files in the workspace to override endpoints for Matrix, Mattermost, IRC, and Synology...

5CVSS5.8AI score0.00105EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/03/24 12:24 a.m.6 views

SUSE CVE-2026-32810

Halloy is an IRC application written in Rust. In versions on \nix and macOS prior to commit f180e41061db393acf65bc99f5c5e7397586d9cb, halloy creates its config directory and files using default umask permissions, which typically results in 0644 on files and 0755 on directories. This allows any...

5.5CVSS5.9AI score0.00175EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2026/03/20 10:37 p.m.4 views

CVE-2026-32733

Halloy is an IRC application written in Rust. Prior to commit 0f77b2cfc5f822517a256ea5a4b94bad8bfe38b6, the DCC receive flow did not sanitize filenames from incoming DCC SEND requests. A remote IRC user could send a filename with path traversal sequences like ../../.ssh/authorizedkeys and the fil...

8.7CVSS5.9AI score0.00399EPSS
Exploits1References2
CVE
CVE
added 2026/03/20 10:37 p.m.12 views

CVE-2026-32733

Halloy (IRC app in Rust) contained a path-traversal flaw in the DCC receive flow prior to commit 0f77b2cfc5f822517a256ea5a4b94bad8bfe38b6. A remote user could send a DCC SEND filename with path traversal sequences (e.g., ../../.ssh/authorized_keys) and the file could be written outside the user’s...

8.7CVSS5.9AI score0.00399EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/20 10:37 p.m.59 views

CVE-2026-32733

Halloy is an IRC application written in Rust. Prior to commit 0f77b2cfc5f822517a256ea5a4b94bad8bfe38b6, the DCC receive flow did not sanitize filenames from incoming DCC SEND requests. A remote IRC user could send a filename with path traversal sequences like ../../.ssh/authorizedkeys and the fil...

8.7CVSS5.9AI score0.00399EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.10 views

PT-2026-26687

Halloy is an IRC application written in Rust. Prior to commit 0f77b2cfc5f822517a256ea5a4b94bad8bfe38b6, the DCC receive flow did not sanitize filenames from incoming DCC SEND requests. A remote IRC user could send a filename with path traversal sequences like ../../.ssh/authorized keys and the fi...

8.7CVSS5.9AI score0.00399EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.12 views

Halloy 路径遍历漏洞

Halloy is a cross-platform IRC client developed by Squidowl. Halloy has a path traversal vulnerability, which stems from the lack of cleaning of file names during the DCC reception process. This vulnerability may lead to path traversal and arbitrary file writing...

8.7CVSS5.9AI score0.00399EPSS
Exploits1References2
Rows per page
Query Builder