Lucene search
K

328 matches found

NVD
NVD
added 2026/07/02 7:16 p.m.11 views

CVE-2026-58465

Eclipse Wakaama before snapshot/2026-05-26 contains an unbounded memory allocation vulnerability in the CoAP Block1 handler within coap/block.c that allows unauthenticated remote attackers to exhaust server memory by sending a sequence of Block1 PUT requests with incrementing block numbers...

8.7CVSS0.00555EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/02 5:55 p.m.7 views

CVE-2026-58465

Eclipse Wakaama before snapshot/2026-05-26 contains an unbounded memory allocation vulnerability in the CoAP Block1 handler within coap/block.c that allows unauthenticated remote attackers to exhaust server memory by sending a sequence of Block1 PUT requests with incrementing block numbers...

8.7CVSS6AI score0.00555EPSS
Exploits0References5
CVE
CVE
added 2026/07/02 5:55 p.m.19 views

CVE-2026-58465

The CVE affects Eclipse Wakaama before snapshot/2026-05-26, with an unbounded memory allocation in the CoAP Block1 handler (coap/block.c). Unauthenticated remote attackers can exhaust memory by sending a sequence of Block1 PUT requests with incrementing block numbers to the registration endpoint ...

8.7CVSS6AI score0.00555EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.16 views

PT-2026-55282

Name of the Vulnerable Software and Affected Versions Eclipse Wakaama versions prior to snapshot/2026-05-26 Description An unbounded memory allocation issue exists in the CoAP Block1 handler within the coap/block.c file. Unauthenticated remote attackers can cause a denial of service by sending a...

8.7CVSS6.2AI score0.00555EPSS
Exploits0References9
OSV
OSV
added 2026/05/18 12:4 a.m.23 views

OSV-2026-762 Heap-buffer-overflow in coap_pdu_parse_header

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=513783540 Crash type: Heap-buffer-overflow READ 1 Crash state: coappduparseheader coappduparse2 coappduparse...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/16 12:15 a.m.10 views

OSV-2026-747 Heap-buffer-overflow in coap_persist_startup_lkd

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=513035615 Crash type: Heap-buffer-overflow READ 8 Crash state: coappersiststartuplkd persisttarget.c...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/14 12:21 a.m.9 views

OSV-2026-736 Heap-buffer-overflow in coap_pdu_parse_header

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=512517700 Crash type: Heap-buffer-overflow READ 1 Crash state: coappduparseheader coappduparse2 coappduparse...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/13 12:2 a.m.12 views

OSV-2026-720 Heap-buffer-overflow in coap_persist_startup_lkd

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=511948388 Crash type: Heap-buffer-overflow READ 8 Crash state: coappersiststartuplkd persisttarget.c...

5.8AI score
Exploits0References1
GithubExploit
GithubExploit
added 2026/04/27 6:21 p.m.174 views

Exploit for CVE-2026-33453

Apache Camel 4.18.0 — CVE Security Assessment Three critical...

10CVSS6.7AI score0.06157EPSS
Exploits4
OSV
OSV
added 2026/04/27 12:30 p.m.7 views

GHSA-695C-X5GC-94GJ Apache camel-coap allows header injection that can lead to remote code execution

Apache Camel's camel-coap component is vulnerable to header injection because it maps CoAP request URI query parameters directly into Camel message headers without applying a HeaderFilterStrategy. An unauthenticated attacker can send a crafted CoAP request to inject arbitrary Camel internal heade...

10CVSS6AI score0.06157EPSS
Exploits2References11
Github Security Blog
Github Security Blog
added 2026/04/27 12:30 p.m.13 views

Apache camel-coap allows header injection that can lead to remote code execution

Apache Camel's camel-coap component is vulnerable to header injection because it maps CoAP request URI query parameters directly into Camel message headers without applying a HeaderFilterStrategy. An unauthenticated attacker can send a crafted CoAP request to inject arbitrary Camel internal heade...

10CVSS6AI score0.06157EPSS
Exploits2References11Affected Software1
Snyk
Snyk
added 2026/04/27 12:14 p.m.5 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes throug the CamelCoapResource.handleRequest function. An attacker can execute arbitrary operating system commands by injecting specially crafted CoAP URI quer...

10CVSS6.6AI score0.06157EPSS
Exploits2References2
Snyk
Snyk
added 2026/04/27 12:14 p.m.5 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes throug the CamelCoapResource.handleRequest function. An attacker can execute arbitrary operating system commands by injecting specially crafted CoAP URI quer...

10CVSS6.6AI score0.06157EPSS
Exploits2References2
vulnersOsv
vulnersOsv
added 2026/04/27 10:15 a.m.14 views

org.apache.camel.kafkaconnector:camel-coap-kafka-connector (>=0.1.0 <=0.11.5), org.apache.camel.kafkaconnector:camel-coap-tcp-kafka-connector (>=0.1.0 <=0.11.5) +9 more potentially affected by CVE-2026-40453 via org.apache.camel:camel-coap (>=3.0.0-M1 <=4.14.5)

org.apache.camel:camel-coap MAVEN version =3.0.0-M1, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =4.10.3, =1.1.0, =1.1.0, =1.1.0, =2.3.0, =3.0.0, =3.0.0-M1, =3.0.0-RC3 Source cves: CVE-2026-40453 Source advisory: SNYK:JAVA-ORGAPACHECAMEL-16321638...

9.9CVSS5.8AI score0.0086EPSS
Exploits1
Snyk
Snyk
added 2026/04/27 10:15 a.m.6 views

Improper Handling of Case Sensitivity

Overview Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity due to a flaw in the default filtering mechanism HeaderFilterStrategy that only blocks headers starting with specific prefixes. An attacker can execute arbitrary code and write files by injecting...

9.9CVSS6.2AI score0.0086EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2026/04/27 9:34 a.m.6 views

org.apache.camel.kafkaconnector:camel-coap-kafka-connector (>=0.1.0 <=0.11.5), org.apache.camel.kafkaconnector:camel-coap-tcp-kafka-connector (>=0.1.0 <=0.11.5) +8 more potentially affected by CVE-2026-40453 via org.apache.camel:camel-coap (>=3.0.0 <=4.14.5)

org.apache.camel:camel-coap MAVEN version =3.0.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =4.10.3, =1.1.0, =1.1.0, =1.1.0, =2.3.0, =3.0.0, =4.14.5 Source cves: CVE-2026-40453 Source advisory: OSV:GHSA-JG2M-9X48-3GVJ...

9.9CVSS5.4AI score0.0086EPSS
Exploits1
NVD
NVD
added 2026/04/27 9:16 a.m.18 views

CVE-2026-40453

The fix for CVE-2025-27636 added setLowerCasetrue to HttpHeaderFilterStrategy so that case-variant header names such as 'CAmelExecCommandExecutable' are filtered out alongside 'CamelExecCommandExecutable'. The same setLowerCasetrue call was not applied to five non-HTTP HeaderFilterStrategy...

9.9CVSS0.0086EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/04/27 8:23 a.m.6 views

CVE-2026-40453 Apache Camel JMS, Apache Camel CoAP, Apache Camel Google PubSub: Incomplete fix for CVE-2025-27636 in non-HTTP HeaderFilterStrategies (camel-jms, camel-sjms, camel-coap, camel-google-pubsub) allows case-variant header injection

The fix for CVE-2025-27636 added setLowerCasetrue to HttpHeaderFilterStrategy so that case-variant header names such as 'CAmelExecCommandExecutable' are filtered out alongside 'CamelExecCommandExecutable'. The same setLowerCasetrue call was not applied to five non-HTTP HeaderFilterStrategy...

6.5AI score0.0086EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/27 8:23 a.m.9 views

EUVD-2026-25791

The fix for CVE-2025-27636 added setLowerCasetrue to HttpHeaderFilterStrategy so that case-variant header names such as 'CAmelExecCommandExecutable' are filtered out alongside 'CamelExecCommandExecutable'. The same setLowerCasetrue call was not applied to five non-HTTP HeaderFilterStrategy...

9.9CVSS6.5AI score0.0086EPSS
Exploits1References1
CVE
CVE
added 2026/04/27 8:23 a.m.103 views

CVE-2026-40453

Apache Camel non-HTTP HeaderFilterStrategies (camel-jms, camel-sjms, camel-coap, camel-google-pubsub) are affected by an incomplete fix for CVE-2025-27636. The fix added setLowerCase(true) to HttpHeaderFilterStrategy, but five non-HTTP implementations still use case-sensitive header filtering, wh...

9.9CVSS6.5AI score0.0086EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder