Lucene search
K

10 matches found

NVD
NVD
added 2026/07/06 9:16 a.m.10 views

CVE-2026-46726

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery SSRF vulnerability in Apache Camel in Vertx Websocket component. The camel-vertx-websocket consumer mapped inbound WebSocket query and path parameters into the Camel Exchange header...

7.5CVSS0.00536EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/06 8:13 a.m.33 views

CVE-2026-55994 Apache Camel Iggy: The inbound consumer maps externally-supplied Iggy message user-headers into the Exchange without a HeaderFilterStrategy, allowing injection of Camel control headers - enabling control over internal behaviour

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery SSRF vulnerability in Apache Camel in Iggy component. The camel-iggy consumer mapped the user-headers of inbound Iggy messages into the Camel Exchange header map without applying any...

0.00396EPSS
Exploits0References1
OSV
OSV
added 2026/07/06 8:13 a.m.3 views

CVE-2026-55994 Apache Camel Iggy: The inbound consumer maps externally-supplied Iggy message user-headers into the Exchange without a HeaderFilterStrategy, allowing injection of Camel control headers - enabling control over internal behaviour

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery SSRF vulnerability in Apache Camel in Iggy component. The camel-iggy consumer mapped the user-headers of inbound Iggy messages into the Camel Exchange header map without applying any...

7.5CVSS6.1AI score0.00396EPSS
Exploits0References5
Spring Security Advisories
Spring Security Advisories
added 2026/06/09 12:0 a.m.9 views

cve-2026-41732 - HIGH - In Spring for Apache Pulsar, overly broad trusted-package matching in header mapper exposes JDK classes to deserialization

cve-2026-41732 - HIGH - In Spring for Apache Pulsar, overly broad trusted-package matching in header mapper exposes JDK classes to deserialization...

8.1CVSS6.1AI score0.00347EPSS
Exploits0
Snyk
Snyk
added 2026/04/07 4:14 p.m.2 views

User Impersonation

Overview Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to User Impersonation via the ASGIRequest objects. An attacker can impersonate users or manipulate request headers by exploiting the...

7.5CVSS5.9AI score0.00436EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/07 2:22 p.m.7 views

CVE-2026-3902

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGIRequest allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants with hyphens or with underscores to a single version with underscores. Earlier, unsupported Django...

5.9AI score0.00436EPSS
Exploits0References4Affected Software1
RubySec
RubySec
added 2026/04/02 12:0 a.m.12 views

Rack::Sendfile header-based X-Accel-Mapping regex injection enables unauthorized X-Accel-Redirect

Summary Rack::Sendfilemapaccelpath interpolates the value of the X-Accel-Mapping request header directly into a regular expression when rewriting file paths for X-Accel-Redirect. Because the header value is not escaped, an attacker who can supply X-Accel-Mapping to the backend can inject regex...

7.5CVSS5.8AI score0.00209EPSS
Exploits0References1Affected Software1
SUSE CVE
SUSE CVE
added 2025/03/28 3:1 a.m.4 views

SUSE CVE-2025-21872

In the Linux kernel, the following vulnerability has been resolved: efi: Don't map the entire mokvar table to determine its size Currently, when validating the mokvar table, we remap the entire table on each iteration of the loop, adding space as we discover new entries. If the table grows over a...

5.5CVSS7.6AI score0.00189EPSS
Exploits0References16
OSV
OSV
added 2025/03/27 3:15 p.m.3 views

DEBIAN-CVE-2025-21872

In the Linux kernel, the following vulnerability has been resolved: efi: Don't map the entire mokvar table to determine its size Currently, when validating the mokvar table, we remap the entire table on each iteration of the loop, adding space as we discover new entries. If the table grows over a...

5.5CVSS5.6AI score0.00189EPSS
Exploits0References1
OSV
OSV
added 2024/01/12 1:15 a.m.4 views

CVE-2024-21607

An Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on MX Series and EX9200 Series allows an unauthenticated, network-based attacker to cause partial impact to the integrity of the device. If the "tcp-reset" option is added to the "reject" action in an IPv6 filter which...

5.3CVSS6.1AI score0.0031EPSS
Exploits0References2
Rows per page
Query Builder