5 matches found
CVE-2026-46592 Apache Camel: Camel-CXF: The SOAP operation-selection headers used non-Camel-prefixed names (operationName, operationNamespace) that bypass the HTTP header filter, allowing an HTTP client to redirect the invoked SOAP operation
Improper Input Validation, Unintended Proxy or Intermediary 'Confused Deputy' vulnerability in Apache Camel CXF SOAP component. The camel-cxf producer selects which SOAP operation to invoke on the backend service from the operationName and operationNamespace Exchange header, whose constant values...
CVE-2026-46592
Summary: Apache Camel Camel-CXF SOAP component is affected by an improper input validation vulnerability where operationName/operationNamespace headers bypass header filtering, allowing an HTTP client to redirect the SOAP operation invoked by the backend service (a confusing-deputy). Impact (as s...
EUVD-2025-19736
Malicious code in bioql PyPI...
PT-2025-27607 · Nokia · Nokia Single Ran Baseband
Name of the Vulnerable Software and Affected Versions: Nokia Single RAN baseband software versions prior to 24R1-SR 1.0 MP Description: The issue arises when a crafted SOAP "provision" operation message archive field is sent within the Mobile Network Operator MNO internal Radio Access Network RAN...
CA Multiple Products create_session_bab SOAP Request Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA ARCserve Replication and High Availability. Authentication is not required to exploit this vulnerability. The specific flaw exists within the "createsessionbab" SOAP operation, which is handled ...