Lucene search
+L

9 matches found

NVD
NVD
added 2026/07/06 9:16 a.m.9 views

CVE-2026-46455

Insufficient Session Expiration vulnerability in Apache Camel Keycloak Component. The camel-keycloak security helper KeycloakSecurityHelper.parseAndVerifyAccessToken builds a Keycloak TokenVerifier using withChecks... with only the subject-exists check and the realm-URL issuer check. Keycloak's...

9.8CVSS0.00411EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.9 views

PT-2026-55904

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.0.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description An injection issue exists in the Apache Camel IRC component due to improper input validation and...

6.5CVSS6.2AI score0.00428EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.10 views

PT-2026-55895

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.18.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.x Description Deserialization of untrusted data in the Apache Camel PQC component occurs when HashicorpVaultKeyLifecycleManager,...

8.8CVSS6.7AI score0.00485EPSS
Exploits1References9
NVD
NVD
added 2026/04/27 11:16 a.m.10 views

CVE-2026-33453

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Apache Camel Camel-Coap component. Apache Camel's camel-coap component is vulnerable to Camel message header injection, leading to remote code execution when routes forward CoAP requests to...

10CVSS0.06157EPSS
Exploits2References6
ATTACKERKB
ATTACKERKB
added 2026/02/23 8:45 a.m.19 views

CVE-2026-25747

Deserialization of Untrusted Data vulnerability in Apache Camel LevelDB component. The Camel-LevelDB DefaultLevelDBSerializer class deserializes data read from the LevelDB aggregation repository using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. ...

8.8CVSS6.3AI score0.00903EPSS
Exploits2References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/09 12:9 p.m.23 views

CVE-2025-27636 Apache Camel: Camel Message Header Injection via Improper Filtering

Bypass/Injection vulnerability in Apache Camel components under particular conditions. This issue affects Apache Camel: from 4.10.0 through = 4.10.1, from 4.8.0 through = 4.8.4, from 3.10.0 through = 3.22.3. Users are recommended to upgrade to version 4.10.2 for 4.10.x LTS, 4.8.5 for 4.8.x LTS an...

5.1AI score0.79817EPSS
Exploits3References3
RedHat Linux
RedHat Linux
added 2014/03/24 6:5 p.m.8 views

Camel: remote code execution via XSL

The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message...

7.5CVSS6.1AI score0.07352EPSS
Exploits2References5
CVE
CVE
added 2004/09/01 4:0 a.m.51 views

CVE-2002-1471

The CVE-2002-1471 issue concerns the camel component used by Ximian Evolution 1.0.x and earlier. It does not verify TLS/SSL certificates when establishing a new SSL connection after an initial verification, which could allow remote attackers to perform a man-in-the-middle attack to monitor or mod...

5CVSS6.6AI score0.00923EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2003/04/22 4:0 a.m.5 views

DEBIAN-CVE-2002-1471

The camel component for Ximian Evolution 1.0.x and earlier does not verify certificates when it establishes a new SSL connection after previously verifying a certificate, which could allow remote attackers to monitor or modify sessions via a man-in-the-middle attack...

5CVSS6.8AI score0.00923EPSS
Exploits1References1
Rows per page
Query Builder