Lucene search
K

1310 matches found

Nuclei
Nuclei
added yesterday12 views

Apache Kafka Client - Arbitrary File Read

Apache Kafka Client contains arbitrary file read and server-side request forgery caused by untrusted configuration of sasl.oauthbearer.token.endpoint.url and sasl.oauthbearer.jwks.endpoint.url, letting attackers read files or send requests to unintended locations, exploit requires untrusted party...

7.5CVSS7AI score0.62368EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday122 views

Kafka UI 0.7.1 Command Injection

An issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows remote attackers to execute arbitrary code via the q parameter of /api/clusters/local/topics/topic/messages. id: CVE-2023-52251 info: name: Kafka UI 0.7.1 Command Injection author: yhy0,iamnoooob severity: high description: | An...

8.8CVSS7.3AI score0.85025EPSS
Exploits5References3
NVD
NVD
added 6 days ago8 views

CVE-2026-54775

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, a CoreWCF service listening on a Kafka topic stops processing new records from that topic when KafkaTransportPump receives a null-value tombstone record, causing a persistent...

6.5CVSS0.00336EPSS
Exploits0References6
Cvelist
Cvelist
added 6 days ago30 views

CVE-2026-54775 CoreWCF: Kafka consume pump halts permanently on a Kafka tombstone (null-value record), causing persistent endpoint denial of service.

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, a CoreWCF service listening on a Kafka topic stops processing new records from that topic when KafkaTransportPump receives a null-value tombstone record, causing a persistent...

6.5CVSS0.00336EPSS
Exploits0References6
CVE
CVE
added 6 days ago16 views

CVE-2026-54775

Summary: CVE-2026-54775 affects CoreWCF.Kafka’s KafkaTransportPump. Before versions 1.8.1 and 1.9.1, a null-value tombstone (Kafka tombstone) on a topic causes the pump to halt, stopping processing of new records and potentially causing persistent endpoint denial of service for topics with produc...

6.5CVSS6AI score0.00336EPSS
Exploits0References6
OSV
OSV
added last week6 views

ROOT-APP-MAVEN-CVE-2026-41726 CVE-2026-41726 in io.root.org.springframework.kafka:spring-kafka - Patched by Root

Root has patched CVE-2026-41726 in the io.root.org.springframework.kafka:spring-kafka package for Root:Maven. Multiple fixed versions available...

6.5CVSS5.8AI score0.00289EPSS
Exploits0
OSV
OSV
added last week3 views

ROOT-APP-MAVEN-CVE-2026-41731 CVE-2026-41731 in io.root.org.springframework.kafka:spring-kafka - Patched by Root

Root has patched CVE-2026-41731 in the io.root.org.springframework.kafka:spring-kafka package for Root:Maven. Multiple fixed versions available...

8.1CVSS5.8AI score0.00489EPSS
Exploits0
NVD
NVD
added 2026/07/06 9:16 a.m.9 views

CVE-2026-49098

Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Apache Camel Kafka Component. The camel-kafka producer can override its configured target topic at runtime from the kafka.OVERRIDETOPIC Exchange header:...

5.3CVSS0.00385EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/06 8:10 a.m.8 views

EUVD-2026-41844

Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Apache Camel Kafka Component. The camel-kafka producer can override its configured target topic at runtime from the kafka.OVERRIDETOPIC Exchange header:...

6.1AI score0.00385EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/06 8:10 a.m.8 views

CVE-2026-49098

Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Apache Camel Kafka Component. The camel-kafka producer can override its configured target topic at runtime from the kafka.OVERRIDETOPIC Exchange header:...

6.1AI score0.00385EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/07/06 8:10 a.m.10 views

CVE-2026-49098

The CVE describes an injection-type flaw in the Apache Camel Kafka Component where the kafka.OVERRIDE_TOPIC (and related kafka.* headers) can override the endpoint topic at runtime. KafkaProducer.evaluateTopic() returns the header value in preference to the endpoint topic, and headers pass throug...

5.3CVSS6.1AI score0.00385EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/07/06 8:10 a.m.33 views

CVE-2026-49098 Apache Camel: Camel-Kafka: The kafka.OVERRIDE_TOPIC (and other kafka.*) Exchange header constants used non-Camel-prefixed names that bypass the upstream HTTP header filter, allowing an HTTP client to redirect Kafka messages to an arbitrary topic

Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Apache Camel Kafka Component. The camel-kafka producer can override its configured target topic at runtime from the kafka.OVERRIDETOPIC Exchange header:...

0.00385EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.14 views

PT-2026-55905

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.0.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description An injection issue exists in the Apache Camel Kafka component due to improper input validation and...

5.3CVSS6.2AI score0.00385EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2026/07/02 12:3 a.m.6 views

Important: Red Hat Security Advisory: Streams for Apache Kafka 2.9.4 release and security update

Streams for Apache Kafka 2.9.4 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

10CVSS7.5AI score0.38811EPSS
Exploits19References35
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/30 3:13 p.m.9 views

Malicious code in confluent-kafka-javascript (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e20f9433c5da4c3ee143c33ec2a876e07ff01aa1188d0efa783858bcd0903d3c Analysis of this package version produced no static indicator and no traced behavioral findings. The tarball does not exhibit lifecycle-script...

6.2AI score
Exploits0References2
OSV
OSV
added 2026/06/30 3:13 p.m.5 views

MAL-2026-6682 Malicious code in confluent-kafka-javascript (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e20f9433c5da4c3ee143c33ec2a876e07ff01aa1188d0efa783858bcd0903d3c Analysis of this package version produced no static indicator and no traced behavioral findings. The tarball does not exhibit lifecycle-script...

6.2AI score
Exploits0References2
OSV
OSV
added 2026/06/30 8:29 a.m.12 views

ROOT-APP-MAVEN-CVE-2025-27817 CVE-2025-27817 in io.root.org.apache.kafka:kafka-clients - Patched by Root

Root has patched CVE-2025-27817 in the io.root.org.apache.kafka:kafka-clients package for Root:Maven. Multiple fixed versions available...

7.5CVSS7.1AI score0.62368EPSS
Exploits2
OSV
OSV
added 2026/06/30 8:29 a.m.11 views

ROOT-APP-MAVEN-CVE-2024-56128 CVE-2024-56128 in io.root.org.apache.kafka:kafka_2.12 - Patched by Root

Root has patched CVE-2024-56128 in the io.root.org.apache.kafka:kafka2.12 package for Root:Maven. Multiple fixed versions available...

5.3CVSS6.7AI score0.00795EPSS
Exploits0
OSV
OSV
added 2026/06/30 8:29 a.m.15 views

ROOT-APP-MAVEN-CVE-2026-33558 CVE-2026-33558 in io.root.org.apache.kafka:kafka-clients - Patched by Root

Root has patched CVE-2026-33558 in the io.root.org.apache.kafka:kafka-clients package for Root:Maven. Multiple fixed versions available...

5.3CVSS5.8AI score0.00535EPSS
Exploits0
OSV
OSV
added 2026/06/30 8:29 a.m.13 views

ROOT-APP-MAVEN-CVE-2025-27818 CVE-2025-27818 in io.root.org.apache.kafka:kafka_2.12 - Patched by Root

Root has patched CVE-2025-27818 in the io.root.org.apache.kafka:kafka2.12 package for Root:Maven. Multiple fixed versions available...

8.8CVSS6.7AI score0.00881EPSS
Exploits0
Rows per page
Query Builder