Lucene search
+L

5050 matches found

EUVD
EUVD
added 2026/07/06 8:4 a.m.8 views

EUVD-2026-41835

Improper Neutralization of Special Elements in Data Query Logic vulnerability in Apache Camel Neo4J component. The camel-neo4j producer builds the Cypher WHERE clause for its match/retrieve and delete operations from the CamelNeo4jMatchProperties map. CVE-2025-66169 addressed Cypher injection...

8.2CVSS6.1AI score0.00329EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/06 8:3 a.m.8 views

EUVD-2026-41833

Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel Lucene Component. The camel-lucene producer reads the search phrase from an Exchange header LuceneConstants.HEADERQUERY whose value was the plain string QUERY and RETURNLUCENEDOCS for...

7.5CVSS6AI score0.00399EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/07/06 8:3 a.m.10 views

CVE-2026-46585

Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel Lucene Component. The camel-lucene producer reads the search phrase from an Exchange header LuceneConstants.HEADERQUERY whose value was the plain string QUERY and RETURNLUCENEDOCS for...

6AI score0.00399EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/06 8:2 a.m.7 views

CVE-2026-46584

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Camel Mail Component. The camel-mail producer MailProducer.getSender scanned the outgoing Exchange for message headers in the mail.smtp. / mail.smtps. namespace and, when any were present...

6AI score0.00378EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/07/06 7:56 a.m.3 views

CVE-2026-46456 Apache Camel: Camel-AWS2-SQS: Inbound message attributes are mapped into the Exchange without an inbound HeaderFilterStrategy, allowing a message sender to inject Camel control headers

Improper Input Validation vulnerability in Apache Camel AWS2-SQS Component. The camel-aws2-sqs component map inbound message attributes into the Camel Exchange through a component-specific HeaderFilterStrategy. Sqs2HeaderFilterStrategy configured only an outbound filter setOutFilterPattern, which...

9.8CVSS6.1AI score0.00472EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/06 7:56 a.m.6 views

EUVD-2026-41829

Insufficient Session Expiration vulnerability in Apache Camel Keycloak Component. The camel-keycloak security helper KeycloakSecurityHelper.parseAndVerifyAccessToken builds a Keycloak TokenVerifier using withChecks... with only the subject-exists check and the realm-URL issuer check. Keycloak's...

9.8CVSS6AI score0.00411EPSS
Exploits1References1
EUVD
EUVD
added 2026/07/06 7:46 a.m.7 views

EUVD-2026-41823

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Apache Camel Docling component. The camel-docling component invokes the external docling command-line tool by assembling an argument list in DoclingProducer and executing it through...

9.1CVSS5.9AI score0.01569EPSS
Exploits2References1
OSV
OSV
added 2026/07/06 3:45 a.m.4 views

CVE-2026-14794 Craft CMS Charts Endpoint ChartsController.php actionGetNewUsersData improper authorization

A flaw has been found in Craft CMS up to 4.18.0.1. Affected by this vulnerability is the function actionGetNewUsersData of the file src/controllers/ChartsController.php of the component Charts Endpoint. This manipulation of the argument userGroupId causes improper authorization. The attack is...

5.3CVSS5.5AI score0.00222EPSS
Exploits0References8
CVE
CVE
added 2026/07/06 3:30 a.m.19 views

CVE-2026-14793

The vulnerability affects Craft CMS up to version 4.18.0.1, specifically the function actionReorderSets in src/controllers/GlobalsController.php of the reorder-sets Endpoint. The issue results in an authorization bypass and can be exploited remotely. A fix is available in version 4.18.1, with the...

5.3CVSS5.7AI score0.00224EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.14 views

PT-2026-55901

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.0.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description Improper input validation in the Apache Camel DNS component leads to Server-Side Request Forgery SSR...

9.1CVSS6.1AI score0.0037EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.16 views

PT-2026-55882

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.0.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.19.9 Description The camel-vertx-http component deserializes HTTP response bodies with the...

8.1CVSS6.5AI score0.00724EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2026/07/05 5:30 a.m.7 views

CVE-2026-14714

A weakness has been identified in zhayujie chatgpt-on-wechat CowAgent 2.1.0. This issue affects the function verifyserver of the file channel/wechatmp/common.py of the component wx Endpoint. This manipulation of the argument wechatmptoken causes missing authentication. The attack may be initiated...

6.9CVSS6.2AI score0.00453EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2026/07/05 5:30 a.m.31 views

CVE-2026-14714 zhayujie chatgpt-on-wechat CowAgent wx Endpoint common.py verify_server missing authentication

A weakness has been identified in zhayujie chatgpt-on-wechat CowAgent 2.1.0. This issue affects the function verifyserver of the file channel/wechatmp/common.py of the component wx Endpoint. This manipulation of the argument wechatmptoken causes missing authentication. The attack may be initiated...

6.9CVSS0.00453EPSS
Exploits0References7
EUVD
EUVD
added 2026/07/05 5:30 a.m.15 views

EUVD-2026-41729

A weakness has been identified in zhayujie chatgpt-on-wechat CowAgent 2.1.0. This issue affects the function verifyserver of the file channel/wechatmp/common.py of the component wx Endpoint. This manipulation of the argument wechatmptoken causes missing authentication. The attack may be initiated...

6.9CVSS6.2AI score0.00453EPSS
Exploits0References7
OSV
OSV
added 2026/07/04 10:28 p.m.4 views

MGASA-2026-0235 Updated mariadb packages fix security vulnerabilities

This update to the latest LTS version fixes some severe security vulnerabilities...

9.9CVSS5.9AI score0.00797EPSS
Exploits0References3
Snyk
Snyk
added 2026/07/03 10:20 p.m.5 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to the default configuration of REVERSEPROXYTRUSTEDPROXIES allowing all sources. An attacker can gain unauthorized access by sending spoofed reverse-proxy authentication headers such as X-WEBAUTH-USER...

9.8CVSS7.4AI score0.00783EPSS
Exploits5References2
Snyk
Snyk
added 2026/07/03 10:20 p.m.5 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to the default configuration of REVERSEPROXYTRUSTEDPROXIES allowing all sources. An attacker can gain unauthorized access by sending spoofed reverse-proxy authentication headers such as X-WEBAUTH-USER...

9.8CVSS7.4AI score0.00783EPSS
Exploits5References2
Snyk
Snyk
added 2026/07/03 10:20 p.m.6 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to the default configuration of REVERSEPROXYTRUSTEDPROXIES allowing all sources. An attacker can gain unauthorized access by sending spoofed reverse-proxy authentication headers such as X-WEBAUTH-USER...

9.8CVSS6.1AI score0.00783EPSS
Exploits5References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.6 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via insufficient validation of repository creation fields, including length-limited template fields and trust model or object format values. An attacker can submit malformed or unexpected data by providing...

9.1CVSS6AI score0.00373EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.6 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the label process. An attacker can obtain sensitive information by accessing labels associated with private organizations without proper authorization. Remediation Upgrade github.com/go-gitea/gitea/routers to...

7.5CVSS7.2AI score0.00482EPSS
Exploits0References2
Rows per page
Query Builder