18 matches found
CVE-2026-46592
A flaw was found in the Apache Camel CXF SOAP component. A remote attacker can exploit this vulnerability by manipulating the operationName header in an unauthenticated HTTP request. This improper input validation allows the attacker to force the CxfProducer to invoke unintended SOAP operations o...
CVE-2026-46592
Improper Input Validation, Unintended Proxy or Intermediary 'Confused Deputy' vulnerability in Apache Camel CXF SOAP component. The camel-cxf producer selects which SOAP operation to invoke on the backend service from the operationName and operationNamespace Exchange header, whose constant values...
CVE-2026-46592
This CVE concerns Apache Camel CXF SOAP component where the operationName/operationNamespace headers bypass the HTTP header filter, enabling a potential confused-deputy redirection to invoke a different WSDL operation. Affected range: Camel 4.0.0–4.14.8, 4.15.0–4.18.3, 4.19.0–4.21.0. Mitigation: ...
EUVD-2026-41836
Improper Input Validation, Unintended Proxy or Intermediary 'Confused Deputy' vulnerability in Apache Camel CXF SOAP component. The camel-cxf producer selects which SOAP operation to invoke on the backend service from the operationName and operationNamespace Exchange header, whose constant values...
CVE-2026-46592 Apache Camel: Camel-CXF: The SOAP operation-selection headers used non-Camel-prefixed names (operationName, operationNamespace) that bypass the HTTP header filter, allowing an HTTP client to redirect the invoked SOAP operation
Improper Input Validation, Unintended Proxy or Intermediary 'Confused Deputy' vulnerability in Apache Camel CXF SOAP component. The camel-cxf producer selects which SOAP operation to invoke on the backend service from the operationName and operationNamespace Exchange header, whose constant values...
Op Bizarre Bazaar: New LLMjacking Campaign Targets Unprotected Models
Pillar Security Research has discovered Operation Bizarre Bazaar, a massive cyberattack campaign led by a hacker known as Hecker. Between December 2025 and January 2026, over 35,000 sessions were recorded targeting AI systems to steal compute power and resell access via silver.inc...
EUVD-2020-6599
Malware in sbrugna...
EUVD-2022-43879
Malicious code in bioql PyPI...
CVE-2022-40605
MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Debrief plugin via a crafted operation name, a different vulnerability than CVE-2022-40606...
CVE-2021-46681
A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via module massive operation name field...
CVE-2021-46681
A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via module massive operation name field...
CVE-2021-46681 Vulnerability XSS in module mass operation name field
A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via module massive operation name field...
PT-2022-12901 · Unknown · Pandora Fms
Name of the Vulnerable Software and Affected Versions: Pandora FMS versions 756 and below Description: A XSS issue exists that allows an attacker to perform javascript code executions via the module massive operation name field. This enables the execution of malicious scripts. Recommendations: Fo...
CVE-2021-46681
A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via module massive operation name field...
CVE-2020-14462
CALDERA 2.7.0 allows XSS via the Operation Name box...
CVE-2020-14462
CALDERA 2.7.0 allows XSS via the Operation Name box...
Cross site scripting
CALDERA 2.7.0 allows XSS via the Operation Name box...
CVE-2020-14462
CALDERA 2.7.0 allows XSS via the Operation Name box...