Lucene search
K

45 matches found

NVD
NVD
added 13 hours ago5 views

CVE-2026-49365

Generation of Error Message Containing Sensitive Information vulnerability in Apache Camel Netty HTTP component. The camel-netty-http HTTP server consumer exposes a muteException option that controls what is returned to the client when a route processing error occurs. This option defaulted to fal...

Exploits0References2
Cvelist
Cvelist
added 14 hours ago6 views

CVE-2026-49365 Apache Camel: Camel-Netty-HTTP: The muteException consumer option defaulted to false, so a processing error returned the full Java stack trace in the HTTP response body, disclosing sensitive internal information to unauthenticated clients

Generation of Error Message Containing Sensitive Information vulnerability in Apache Camel Netty HTTP component. The camel-netty-http HTTP server consumer exposes a muteException option that controls what is returned to the client when a route processing error occurs. This option defaulted to fal...

Exploits0References1
CVE
CVE
added 14 hours ago7 views

CVE-2026-49365

Summary: CVE-2026-49365 affects Apache Camel’s Netty HTTP component. The camel-netty-http server consumer’s muteException option defaults to false, causing a requested processing error to write the full Java stack trace into the HTTP response body, potentially exposing sensitive information to un...

5.8AI score
Exploits0References2
EUVD
EUVD
added 14 hours ago9 views

EUVD-2026-41846

Generation of Error Message Containing Sensitive Information vulnerability in Apache Camel Netty HTTP component. The camel-netty-http HTTP server consumer exposes a muteException option that controls what is returned to the client when a route processing error occurs. This option defaulted to fal...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/06/24 1:32 p.m.6 views

ROOT-APP-MAVEN-CVE-2025-22227 CVE-2025-22227 in io.root.io.projectreactor.netty:reactor-netty-http - Patched by Root

Root has patched CVE-2025-22227 in the io.root.io.projectreactor.netty:reactor-netty-http package for Root:Maven. Multiple fixed versions available...

6.1CVSS5.2AI score0.0034EPSS
Exploits0
OSV
OSV
added 2026/06/21 7:51 a.m.6 views

ROOT-APP-MAVEN-CVE-2023-34062 CVE-2023-34062 in io.root.io.projectreactor.netty:reactor-netty-http - Patched by Root

Root has patched CVE-2023-34062 in the io.root.io.projectreactor.netty:reactor-netty-http package for Root:Maven. Multiple fixed versions available...

7.5CVSS7.3AI score0.01124EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/10 12:5 p.m.13 views

Important: Red Hat Security Advisory: Red Hat build of Quarkus 3.27.4 release and security update

An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more informatio...

9.8CVSS6.8AI score0.00863EPSS
Exploits5References35
Github Security Blog
Github Security Blog
added 2026/06/08 7:2 p.m.14 views

Netty has a Vulnerable Default Configuration Which Leads to Denial of Service via Unbounded HTTP/3 Header Size

Summary The default configuration of the Http3ConnectionHandler in the Netty HTTP/3 codec lacks an enforced maximum header size limit. When a peer does not explicitly specify HTTP3SETTINGSMAXFIELDSECTIONSIZE, the implementation defaults to an unbounded limit. This insecure default configuration...

7.5CVSS5.5AI score0.00279EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/18 12:0 a.m.16 views

RHEL 8 : Red Hat JBoss Enterprise Application Platform 8.1.6 (RHSA-2026:18054)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:18054 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release ...

9.9CVSS7.2AI score0.10629EPSS
Exploits6References59
vulnersOsv
vulnersOsv
added 2026/05/07 12:46 a.m.9 views

ai.agentican:agentican-framework-core (>=0.1.0-alpha.2 <=0.1.0-alpha.4), ai.agentican:agentican-quarkus-deployment (>=0.1.0-alpha.1 <=0.1.0-alpha.4) +23809 more potentially affected by CVE-2026-42587 via io.netty:netty-codec-http (>=4.0.0.Alpha1 <=4.1.132.Final)

io.netty:netty-codec-http MAVEN version =4.0.0.Alpha1, =0.1.0-alpha.2, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.3, =0.1.0-alpha.2, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.28.0 and more Source cves:...

7.5CVSS6.7AI score0.00863EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2026/04/14 5:20 p.m.7 views

Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.14 for Quarkus 3.27 update is now available (RHBQ 3.27.3.GA)

An update for Red Hat Build of Apache Camel 4.14 for Quarkus 3.27 update is now available RHBQ 3.27.3.GA. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products. An update for Red H...

8.7CVSS5.8AI score0.01125EPSS
Exploits2References4
Atlassian
Atlassian
added 2026/04/10 10:29 p.m.23 views

HTTP Request Smuggling io.netty:netty-codec-http Dependency in Confluence Data Center

This High severity HTTP Request Smuggling vulnerability was introduced in version 8.9.0, 9.0.1, 9.1.0, 9.2.0, 9.3.1, 9.4.0, 9.5.1, 10.0.2, 10.1.0, 10.2.0 of Confluence Data Center. This HTTP Request Smuggling vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS5.8AI score0.0064EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/07 10:58 a.m.4 views

Security Bulletin: tCRLF Injection Vulnerability in Netty HttpRequestEncoder Leading to Request Smuggling, affects watsonx.data

Summary Netty versions prior to 4.1.129.Final and 4.2.8.Final are vulnerable to CRLF injection in HttpRequestEncoder, allowing request smuggling if URIs are not properly sanitized. The issue is fixed in versions 4.1.129.Final and 4.2.8.Final. This can affect watsonx.data. Vulnerability Details...

6.5CVSS6.6AI score0.00292EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 11:52 a.m.10 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses netty-codec-http-4.2.5.Final.jar which is vulnerable to CVE-2025-67735.

Summary IBM Maximo Application Suite - Monitor Component uses netty-codec-http-4.2.5.Final.jar which is vulnerable to CVE-2025-67735. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-67735 DESCRIPTION: Netty is an asynchronous, event-driven...

6.5CVSS5.9AI score0.00292EPSS
Exploits1Affected Software1
RedHat Linux
RedHat Linux
added 2026/02/23 4:31 p.m.10 views

Moderate: Red Hat Security Advisory: AMQ Clients 2026.Q1

An update is now available for Red Hat AMQ Clients Red Hat Product Security has rated this update as having an impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the Reference...

7.5CVSS6.6AI score0.00631EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/16 5:45 a.m.12 views

Security Bulletin:Vulnerability in reactor-netty-http affects IBM Netezza Appliance

Summary The reactor-netty-http package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-22227 Vulnerability Details CVEID:CVE-2025-22227 DESCRIPTION: In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials. I...

6.1CVSS6.2AI score0.0034EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2025/12/03 10:10 a.m.14 views

DoS (Denial of Service) io.netty:netty-codec-http2 Dependency in Jira Service Management Data Center and Server

This High severity DoS Denial of Service vulnerability known as CVE-2025-55163 was introduced in 10.3.0, and 11.0.0 of Jira Service Management Data Center and Server. This vulnerability with a CVSS Score of 8.2 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...

8.2CVSS6.8AI score0.00979EPSS
Exploits1
Atlassian
Atlassian
added 2025/12/02 9:27 p.m.13 views

DoS (Denial of Service) io.netty:netty-codec-http2 Dependency Vulnerability in Crowd Data Center and Server

This High severity DoS Denial of Service vulnerability was introduced in version 7.1.0 of Crowd Data Center. This Improper Authorization vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N allows an unauthenticated attacker ...

8.2CVSS5.8AI score0.00979EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/28 6:4 a.m.2 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in reactor-netty-http

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in reactor-netty-http Vulnerability Details CVEID:CVE-2025-22227 DESCRIPTION: In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials. In order for this to happen,...

6.1CVSS6.6AI score0.0034EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2025/10/14 5:59 p.m.20 views

Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.10.7 for Spring Boot release.

Red Hat build of Apache Camel 4.10.7 for Spring Boot patch release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

8.7CVSS7AI score0.0104EPSS
Exploits2References6
Rows per page
Query Builder