7406 matches found
Sensitive Information Exposure
Apache Camel Undertow Component is vulnerable to Sensitive Information Exposure. The vulnerability is due to improper handling of exception responses, where processing errors return full Java stack traces instead of suppressing them, allowing attackers to obtain sensitive information such as...
Uncaught Exception
Overview github.com/nats-io/nats-server/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Uncaught Exception in the WebSocket listener routing, which dispatches requests for the...
CVE-2026-59875
node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.17, node-tar does not strip NUL bytes from PAX path and linkpath records in src/pax.ts, allowing a crafted archive with values to reach fs.lstat or fs.open and terminate the process with an uncaught exception. This issue is...
CVE-2026-59875 node-tar: Uncaught Exception DoS via NUL byte in PAX path/linkpath records
node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.17, node-tar does not strip NUL bytes from PAX path and linkpath records in src/pax.ts, allowing a crafted archive with values to reach fs.lstat or fs.open and terminate the process with an uncaught exception. This issue is...
CVE-2026-59875
node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.17, node-tar does not strip NUL bytes from PAX path and linkpath records in src/pax.ts, allowing a crafted archive with values to reach fs.lstat or fs.open and terminate the process with an uncaught exception. This issue is...
CVE-2026-49145
CVE-2026-49145 affects App::Ack for Perl up to version 3.10.0. The flaw arises because ack searches upward for a project .ackrc and loads its options; the project-source blocklist did not include --files-from, allowing a project .ackrc to set --files-from to a path whose listed files ack will rea...
CVE-2026-49365
A flaw was found in the Apache Camel Netty HTTP component. An unauthenticated remote attacker can exploit this vulnerability by sending a malformed request that triggers an exception during route processing. Due to a misconfiguration where muteException is set to false by default, the system...
CVE-2026-56139
A flaw was found in the Apache Camel Undertow component. The camel-undertow HTTP server consumer, when processing errors, could return full Java stack traces in HTTP responses. This occurs because the muteException option, which controls what is returned to the client during errors, defaulted to...
CVE-2026-40859
A flaw was found in the camel-vertx-http component of Apache Camel. This vulnerability, a Deserialization of Untrusted Data, could allow a remote attacker to execute arbitrary code. By controlling the backend server or acting as a man-in-the-middle, an attacker could send a specially crafted...
PYSEC-2026-1563 LlamaIndex Improper Handling of Exceptional Conditions vulnerability
A vulnerability in the LangChainLLM class of the run-llama/llamaindex repository, version v0.12.5, allows for a Denial of Service DoS attack. The streamcomplete method executes the llm using a thread and retrieves the result via the getresponsegen method of the StreamingGeneratorCallbackHandler...
PYSEC-2026-1964 TensorFlow has Floating Point Exception in AvgPoolGrad with XLA
Impact If the stride and window size are not positive for tf.rawops.AvgPoolGrad, it can give an FPE. python import tensorflow as tf import numpy as np @tf.functionjitcompile=True def test: y = tf.rawops.AvgPoolGradoriginputshape=1,0,0,0, grad=0.39117979, ksize=1,0,0,0, strides=1,0,0,0,...
PYSEC-2026-1960 TensorFlow has Floating Point Exception in AudioSpectrogram
Impact version:2.11.0 //core/ops/audioops.cc:70 Status SpectrogramShapeFnInferenceContext c ShapeHandle input; TFRETURNIFERRORc-WithRankc-input0, 2, &input; int32t windowsize; TFRETURNIFERRORc-GetAttr"windowsize", &windowsize; int32t stride; TFRETURNIFERRORc-GetAttr"stride", &stride; .....1...
PYSEC-2026-956 TensorFlow has Floating Point Exception in TensorListSplit with XLA
Impact FPE in TensorListSplit with XLA python import tensorflow as tf func = tf.rawops.TensorListSplit para = 'tensor': 1, 'elementshape': -1, 'lengths': 0 @tf.functionjitcompile=True def fuzzjit: y = funcpara return y printfuzzjit Patches We have patched the issue in GitHub commit...
PYSEC-2026-954 TensorFlow has Floating Point Exception in TFLite in conv kernel
Impact Constructing a tflite model with a paramater filterinputchannel of less than 1 gives a FPE. Patches We have patched the issue in GitHub commit 34f8368c535253f5c9cb3a303297743b62442aaa. The fix will be included in TensorFlow 2.12. We will also cherrypick this commit on TensorFlow 2.11.1. Fo...
EUVD-2026-42002
Uncaught Exception CWE-248 in the Controller 6000 and Controller 7000 diagnostic web interface allows an authenticated and authorized operator to trigger a Controller restart by sending specific requests, resulting in a temporary denial of service. Version of Command Centre affected: 9.50 prior t...
CVE-2026-27790
CVE-2026-27790 affects the T20 Readers integration within Command Centre. An uncaught exception (CWE-248) in the system allows an authenticated and authorized operator to trigger a restart by sending specific requests, causing a temporary denial of service. Affected versions include: 9.50 prior t...
EUVD-2026-42001
Uncaught Exception CWE-248 in the T20 Readers allows an authenticated and authorized operator to trigger a restart by sending specific requests, resulting in a temporary denial of service. Version of Command Centre affected: 9.50 prior to vCR9.50.260616a distributed in 9.50.1587MR1 9.40 prior to...
CVE-2026-56139
Generation of Error Message Containing Sensitive Information vulnerability in Apache Camel Undertow Component. The camel-undertow HTTP server consumer exposes a muteException option that controls what is returned to the client when a route processing error occurs. This option defaulted to false,...
CVE-2026-49365
Generation of Error Message Containing Sensitive Information vulnerability in Apache Camel Netty HTTP component. The camel-netty-http HTTP server consumer exposes a muteException option that controls what is returned to the client when a route processing error occurs. This option defaulted to fal...
CVE-2026-40859
Deserialization of Untrusted Data vulnerability in Apache Camel. The camel-vertx-http component deserializes HTTP response bodies carrying the Content-Type application/x-java-serialized-object using a raw java.io.ObjectInputStream, without applying any ObjectInputFilter...