Lucene search
K

14 matches found

Cvelist
Cvelist
added 7 hours ago4 views

CVE-2026-46457 Apache Camel: Camel-NATS: Inbound NATS message headers are mapped into the Exchange without a configured HeaderFilterStrategy, allowing a client that can publish to the subject to inject Camel control headers

Improper Input Validation vulnerability in Apache Camel NATS component. The camel-nats component maps inbound NATS message headers into the Camel Exchange but defaulted its headerFilterStrategy to a bare new DefaultHeaderFilterStrategy with no inbound rules configured NatsConfiguration. With no...

Exploits0References1
OSV
OSV
added 2026/03/27 5:45 p.m.4 views

BIT-NATS-2026-33219 NATS is vulnerable to pre-auth DoS through WebSockets client service

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, a malicious client which can connect to the WebSockets port can cause unbounded memory use in the nats-server before authentication; this requires sending a...

7.5CVSS5.9AI score0.00532EPSS
Exploits0References11
OSV
OSV
added 2026/03/27 7:8 a.m.2 views

BIT-NATS-2026-33215 NATS is vulnerable to MQTT hijacking via Client ID

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server provides an MQTT client interface. Prior to versions 2.11.15 and 2.12.5, Sessions and Messages can by hijacked via MQTT Client ID malfeasance. Versions 2.11.15 and 2.12.5 patch the issu...

6.5CVSS5.9AI score0.0024EPSS
Exploits0References3
OSV
OSV
added 2026/03/25 9:16 p.m.2 views

DEBIAN-CVE-2026-33249

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Starting in version 2.11.0 and prior to versions 2.11.15 and 2.12.6, a valid client which uses message tracing headers can indicate that the trace messages can be sent to an arbitrary valid subject,...

4.3CVSS6.3AI score0.00228EPSS
Exploits0References1
OSV
OSV
added 2026/03/25 9:16 p.m.4 views

UBUNTU-CVE-2026-33223

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, the NATS message header Nats-Request-Info: is supposed to be a guarantee of identity by the NATS server, but the stripping of this header from inbound messages was...

6.4CVSS5.8AI score0.00211EPSS
Exploits0References4
CVE
CVE
added 2026/03/25 7:41 p.m.14 views

CVE-2026-33216

Impactful CVE-2026-33216 (NATS-Server) : In MQTT deployments using usercodes/passwords, passwords are incorrectly classified as a non-authenticating identity statement (JWT) and exposed through monitoring endpoints. Affected versions are prior to 2.11.15 and 2.12.6; fixes are in 2.11.14 and 2.12....

8.6CVSS5.8AI score0.00365EPSS
Exploits0References9Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.10 views

EUVD-2020-27064

Malware in sbrugna...

7.5CVSS7.6AI score0.01154EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/11 1:39 p.m.14 views

Security Bulletin: Astronomer with IBM is vulnerable to several vulnerabilities

Summary Open source software is used by Astronomer with IBM as part of overall processing functionality. Vulnerability Details CVEID:CVE-2008-1530 DESCRIPTION: GnuPG gpg 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via crafted...

9.3CVSS9.7AI score0.70561EPSS
Exploits2Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 3:40 p.m.7 views

CVE-2020-5910

In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System NATS messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized...

7.5CVSS6.9AI score0.01154EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/04/11 12:0 a.m.8 views

The vulnerability of the NATS messaging system’s server lies in the lack of access control elements for the JetStream API. This allows attackers to delete data.

The vulnerability of the NATS messaging system server is related to the lack of access control elements for the JetStream API. Exploiting this vulnerability could allow a malicious actor to delete data by sending specially crafted requests...

9.6CVSS7.7AI score0.00529EPSS
Exploits0References2Affected Software1
Akamai Blog
Akamai Blog
added 2024/09/19 1:0 p.m.3 views

Maximizing Financial Performance: How Financial Institutions Can Achieve Low Latency and High Throughput with NATS.io and Akamai

...

7AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2021/03/30 12:0 a.m.4 views

The vulnerability of the NATS messaging system server, related to uncontrolled resource consumption, allows attackers to cause service failures.

The vulnerability of the NATS messaging system server is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures...

7.8CVSS7.2AI score0.03658EPSS
Exploits0References6Affected Software1
CNVD
CNVD
added 2020/07/02 12:0 a.m.10 views

F5 NGINX Controller Authentication Vulnerability

F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5. The platform supports the management of multiple NGINX instances using a visual interface. A security vulnerability exists in the NGINX controller NATS messaging service in F5 NGINX Controller versions 1.0....

7.5CVSS6.5AI score0.01154EPSS
Exploits0References1
Kitploit
Kitploit
added 2019/12/13 9:28 p.m.297 views

Dsiem - Security Event Correlation Engine For ELK Stack

Dsiem is a security event correlation engine for ELK stack, allowing the platform to be used as a dedicated and full-featured SIEM system. Dsiem provides OSSIM-style correlation for normalized logs/events, perform lookup/query to threat intelligence and vulnerability information sources, and...

6.8AI score
Exploits0References7
Rows per page
Query Builder