Lucene search
K

18 matches found

RedhatCVE
RedhatCVE
added 6 days ago5 views

CVE-2026-46592

A flaw was found in the Apache Camel CXF SOAP component. A remote attacker can exploit this vulnerability by manipulating the operationName header in an unauthenticated HTTP request. This improper input validation allows the attacker to force the CxfProducer to invoke unintended SOAP operations o...

7.5CVSS6AI score0.00396EPSS
Exploits0References4
NVD
NVD
added 2026/07/06 9:16 a.m.8 views

CVE-2026-46592

Improper Input Validation, Unintended Proxy or Intermediary 'Confused Deputy' vulnerability in Apache Camel CXF SOAP component. The camel-cxf producer selects which SOAP operation to invoke on the backend service from the operationName and operationNamespace Exchange header, whose constant values...

7.5CVSS0.00396EPSS
Exploits0References2
CVE
CVE
added 2026/07/06 8:4 a.m.14 views

CVE-2026-46592

This CVE concerns Apache Camel CXF SOAP component where the operationName/operationNamespace headers bypass the HTTP header filter, enabling a potential confused-deputy redirection to invoke a different WSDL operation. Affected range: Camel 4.0.0–4.14.8, 4.15.0–4.18.3, 4.19.0–4.21.0. Mitigation: ...

7.5CVSS6AI score0.00396EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/07/06 8:4 a.m.5 views

EUVD-2026-41836

Improper Input Validation, Unintended Proxy or Intermediary 'Confused Deputy' vulnerability in Apache Camel CXF SOAP component. The camel-cxf producer selects which SOAP operation to invoke on the backend service from the operationName and operationNamespace Exchange header, whose constant values...

7.5CVSS6AI score0.00396EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/06 8:4 a.m.34 views

CVE-2026-46592 Apache Camel: Camel-CXF: The SOAP operation-selection headers used non-Camel-prefixed names (operationName, operationNamespace) that bypass the HTTP header filter, allowing an HTTP client to redirect the invoked SOAP operation

Improper Input Validation, Unintended Proxy or Intermediary 'Confused Deputy' vulnerability in Apache Camel CXF SOAP component. The camel-cxf producer selects which SOAP operation to invoke on the backend service from the operationName and operationNamespace Exchange header, whose constant values...

0.00396EPSS
Exploits0References1
HackRead
HackRead
added 2026/01/29 5:37 p.m.10 views

Op Bizarre Bazaar: New LLMjacking Campaign Targets Unprotected Models

Pillar Security Research has discovered Operation Bizarre Bazaar, a massive cyberattack campaign led by a hacker known as Hecker. Between December 2025 and January 2026, over 35,000 sessions were recorded targeting AI systems to steal compute power and resell access via silver.inc...

5.9AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-6599

Malware in sbrugna...

5.4CVSS5.5AI score0.00626EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-43879

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.00417EPSS
Exploits0References1
OSV
OSV
added 2022/10/17 12:0 a.m.18 views

CVE-2022-40605

MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Debrief plugin via a crafted operation name, a different vulnerability than CVE-2022-40606...

6.1CVSS5.9AI score0.00417EPSS
Exploits0References3
NVD
NVD
added 2022/08/05 4:15 p.m.47 views

CVE-2021-46681

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via module massive operation name field...

6.1CVSS0.00336EPSS
Exploits0References2
OSV
OSV
added 2022/08/05 4:15 p.m.6 views

CVE-2021-46681

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via module massive operation name field...

6.1CVSS5.8AI score0.00336EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/08/05 3:25 p.m.9 views

CVE-2021-46681 Vulnerability XSS in module mass operation name field

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via module massive operation name field...

4CVSS6.5AI score0.00336EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/08/05 12:0 a.m.5 views

PT-2022-12901 · Unknown · Pandora Fms

Name of the Vulnerable Software and Affected Versions: Pandora FMS versions 756 and below Description: A XSS issue exists that allows an attacker to perform javascript code executions via the module massive operation name field. This enables the execution of malicious scripts. Recommendations: Fo...

6.1CVSS6.2AI score0.00336EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2022/02/21 11:0 a.m.8 views

CVE-2021-46681

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via module massive operation name field...

6.1CVSS6.4AI score0.00336EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2020/06/19 12:15 p.m.16 views

CVE-2020-14462

CALDERA 2.7.0 allows XSS via the Operation Name box...

5.4CVSS0.00626EPSS
Exploits1References1
OSV
OSV
added 2020/06/19 12:15 p.m.13 views

CVE-2020-14462

CALDERA 2.7.0 allows XSS via the Operation Name box...

5.4CVSS5.8AI score
Exploits0References1
Prion
Prion
added 2020/06/19 12:15 p.m.14 views

Cross site scripting

CALDERA 2.7.0 allows XSS via the Operation Name box...

3.5CVSS5.2AI score0.00626EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/06/19 11:34 a.m.23 views

CVE-2020-14462

CALDERA 2.7.0 allows XSS via the Operation Name box...

5.3AI score0.00626EPSS
Exploits1References1
Rows per page
Query Builder