CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 4 days ago•6 views

Apache Camel 4.14.x < 4.14.6 / 4.15.x < 4.18.1 RCE (CVE-2026-33453)

The version of Apache Camel on the remote host is 4.14.x prior to 4.14.6 or 4.15.x through 4.18.x prior to 4.18.1. It is, therefore, affected by a remote code execution vulnerability: - The camel-coap component maps incoming CoAP request URI query parameters directly into Camel Exchange In messag...

10CVSS6.6AI score0.05138EPSS

Exploits1References3

NVD•added 2026/06/16 3:16 p.m.•8 views

CVE-2026-11317

A denial of service security issue exists in the affected product. The security issue stems from a fault occurring when a crafted CIP message is sent. Devices with less memory are more likely to be affected. This can result in a major nonrecoverable fault MNRF. A program download is required to...

8.7CVSS0.00302EPSS

Cvelist•added 2026/06/16 1:10 p.m.•24 views

CVE-2026-11317 Rockwell Automation Logix 5370 and 5570 Controllers Vulnerable To Denial of Service Via CIP

8.7CVSS0.00302EPSS

Packet Storm News•added 2026/06/10 12:0 a.m.•12 views

Grammar-Constrained Decoding Can Jailbreak LLMs into Generating Malicious Code

Large Language Models LLMs are increasingly used for code generation, raising concerns that they may be misused to produce malicious code. Meanwhile, Grammar-Constrained Decoding GCD has been widely adopted to improve the reliability of LLM-generated code by enforcing syntactic validity. In this...

5.3AI score

Packet Storm News•added 2026/06/08 12:0 a.m.•5 views

Secrets Best Not Shared: DNS Privacy Enhancements for the Constrained IoT

Attackers often identify DNS traffic to disrupt or compromise Internet services. While prior work has focused on encrypting queries using DNS over TLS, HTTPS, or QUIC to counter such attacks, we consider IETF protocols designed for resource-constrained IoT devices and empirically analyze the...

5.5AI score

RedhatCVE•added 2026/06/05 7:19 p.m.•9 views

CVE-2026-5263

URI nameConstraints from constrained intermediate CAs are parsed but not enforced during certificate chain verification in wolfcrypt/src/asn.c. A compromised or malicious sub-CA could issue leaf certificates with URI SAN entries that violate the nameConstraints of the issuing CA, and wolfSSL woul...

7CVSS5.4AI score0.00152EPSS

EUVD•added 2026/06/05 9:1 a.m.•12 views

EUVD-2026-34793

Improper Authentication, Missing authentication for critical function, Weak Authentication vulnerability in DTS Electronics Industry and Trade Ltd. Co. Redline WR3200 allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Redline WR3200: from 7.1.3 before 7.1.8...

9.8CVSS5.5AI score0.0046EPSS

Packet Storm News•added 2026/06/01 12:0 a.m.•6 views

Patcher: Post-Hoc Patching of Backdoored Large Language Models

Large language models remain vulnerable to jailbreak backdoor attacks, where adversaries poison safety alignment data to embed hidden triggers that bypass safety mechanisms. Existing defenses often require comprehensive attack information or multiple triggered examples, making them impractical wh...

Tenable Nessus•added 2026/05/28 12:0 a.m.•9 views

FreeBSD : Erlang/OTP -- TLS hostname verification bypass via Subject CommonName fallback and name constraints (93576148-5a54-11f1-b886-4c526214c986)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 93576148-5a54-11f1-b886-4c526214c986 advisory. https://github.com/erlang/otp/security/advisories/GHSA-22cw-4ph4-6447 reports: Erlang/OTP's TLS hostnam...

8.1CVSS5.8AI score0.00231EPSS

Exploits0References3

Packet Storm News•added 2026/05/27 12:0 a.m.•13 views

Efficient and Quantum-Safe Internet Key Exchange Protocols for Satellite Communications

This paper studies cryptographic key exchange in satellite communications, which requires specific solutions because the satellite context presents unique challenges, particularly concerning onboard resource constraints and long transmission latency. We address these challenges by considering the...

RedHat Linux•added 2026/05/14 4:55 p.m.•9 views

Apache Camel: camel-coap: Apache Camel camel-coap: Remote code execution via CoAP URI query parameter injection

A flaw was found in Apache Camel's camel-coap component. An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted CoAP Constrained Application Protocol UDP User Datagram Protocol packet. The camel-coap component improperly processes URI query parameters,...

10CVSS6.4AI score0.05138EPSS

Exploits1References5

Packet Storm News•added 2026/05/13 12:0 a.m.•11 views

Empowering IoT Security: On-Device Intrusion Detection in Resource Constrained Devices

IoT devices particularly microcontrollers are challenged by their inherent limitations in processing capabilities, memory capacity, and energy conservation. Securing communication within IoT networks is further complicated by the heterogeneity of devices and the myriad of potential security...

Veracode•added 2026/05/06 8:41 a.m.•13 views

Improperly Controlled Modification Of Dynamically-Determined Object Attributes

Apache Camel is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes. The vulnerability is due to lack of header filtering when mapping CoAP query parameters to message headers, which allows an attacker to inject malicious headers and execute arbitrary...

10CVSS6AI score0.05138EPSS

Exploits1References10Affected Software3

RedhatCVE•added 2026/05/06 6:16 a.m.•8 views

CVE-2026-33453

10CVSS6.4AI score0.05138EPSS

Exploits1References4

Fedora•added 2026/04/28 1:35 a.m.•7 views

[SECURITY] Fedora 44 Update: libcoap-4.3.5b-1.fc44

The Constrained Application Protocol CoAP is a specialized web transfer protocol for use with constrained nodes and constrained networks in the Inter net of Things. The protocol is designed for machine-to-machine M2M applications such as smart energy and building automation. libcoap implements a...

9.8CVSS5.2AI score0.00296EPSS

Fedora•added 2026/04/28 1:15 a.m.•4 views

[SECURITY] Fedora 42 Update: libcoap-4.3.5b-1.fc42

9.8CVSS5.2AI score0.00296EPSS

Fedora•added 2026/04/28 1:0 a.m.•5 views

[SECURITY] Fedora 43 Update: libcoap-4.3.5b-1.fc43

9.8CVSS5.2AI score0.00296EPSS

Packet Storm News•added 2026/04/28 12:0 a.m.•7 views

Towards Agentic Investigation of Security Alerts

Security analysts are overwhelmed by the volume of alerts and the low context provided by many detection systems. Early-stage investigations typically require manual correlation across multiple log sources, a task that is usually time-consuming. In this paper, we present an experimental, agentic...