Lucene search
+L

653 matches found

euvd
euvd
added 3 days ago5 views

EUVD-2026-43307

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to verify post ownership in the shared channel inbound sync handler, which allows an authenticated remote cluster to modify or delete posts authored by local users or other remotes via crafted sync messages referencing...

4.3CVSS6.2AI score0.00145EPSS
Exploits0References2
nvd
nvd
added 3 days ago8 views

CVE-2026-10103

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to verify post ownership in the shared channel inbound sync handler, which allows an authenticated remote cluster to modify or delete posts authored by local users or other remotes via crafted sync messages referencing...

4.3CVSS0.00145EPSS
Exploits0References1
cve
cve
added 3 days ago9 views

CVE-2026-10103

Mattermost versions affected: 11.7.x (up to 11.7.2), 11.6.x (up to 11.6.4), and 10.11.x (up to 10.11.19) have a flaw in the shared channel inbound sync handler that fails to verify post ownership. This allows an authenticated remote cluster to modify or delete posts authored by local users or oth...

4.3CVSS6.2AI score0.00145EPSS
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 4 days ago12 views

PT-2026-57567

Name of the Vulnerable Software and Affected Versions Zephyr version 4.4.0 Description An out-of-bounds write exists in the WireGuard subsystem within the wg process data message function located in wg crypto.c. The issue occurs when an inbound transport-data payload is linearized into a fixed po...

7.4CVSS6.2AI score0.00367EPSS
Exploits1References6
nvd
nvd
added 2026/07/06 9:16 a.m.10 views

CVE-2026-55994

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery SSRF vulnerability in Apache Camel in Iggy component. The camel-iggy consumer mapped the user-headers of inbound Iggy messages into the Camel Exchange header map without applying any...

7.5CVSS0.00396EPSS
Exploits0References2
nvd
nvd
added 2026/07/06 9:16 a.m.13 views

CVE-2026-56140

Improper Input Validation vulnerability in Apache Camel AWS SNS component. The camel-aws2-sns component filters Camel headers through a component-specific HeaderFilterStrategy, Sns2HeaderFilterStrategy. Like the sibling Sqs2HeaderFilterStrategy, it originally configured only an outbound filter...

9.8CVSS0.00427EPSS
Exploits0References1
nvd
nvd
added 2026/07/06 9:16 a.m.6 views

CVE-2026-46456

Improper Input Validation vulnerability in Apache Camel AWS2-SQS Component. The camel-aws2-sqs component map inbound message attributes into the Camel Exchange through a component-specific HeaderFilterStrategy. Sqs2HeaderFilterStrategy configured only an outbound filter setOutFilterPattern, which...

9.8CVSS0.00472EPSS
Exploits0References2
cvelist
cvelist
added 2026/07/06 8:16 a.m.37 views

CVE-2026-56140 Apache Camel AWS2 SNS: An inbound Camel-namespace filter was added to Sns2HeaderFilterStrategy to align it with sibling components

Improper Input Validation vulnerability in Apache Camel AWS SNS component. The camel-aws2-sns component filters Camel headers through a component-specific HeaderFilterStrategy, Sns2HeaderFilterStrategy. Like the sibling Sqs2HeaderFilterStrategy, it originally configured only an outbound filter...

0.00427EPSS
Exploits0References1
euvd
euvd
added 2026/07/06 8:16 a.m.10 views

EUVD-2026-41852

Improper Input Validation vulnerability in Apache Camel AWS SNS component. The camel-aws2-sns component filters Camel headers through a component-specific HeaderFilterStrategy, Sns2HeaderFilterStrategy. Like the sibling Sqs2HeaderFilterStrategy, it originally configured only an outbound filter...

9.8CVSS6AI score0.00427EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/07/06 8:16 a.m.7 views

CVE-2026-56140

Improper Input Validation vulnerability in Apache Camel AWS SNS component. The camel-aws2-sns component filters Camel headers through a component-specific HeaderFilterStrategy, Sns2HeaderFilterStrategy. Like the sibling Sqs2HeaderFilterStrategy, it originally configured only an outbound filter...

9.8CVSS6AI score0.00427EPSS
Exploits0References2Affected Software1
cve
cve
added 2026/07/06 8:16 a.m.13 views

CVE-2026-56140

CVE-2026-56140 describes an improper input validation in the Apache Camel AWS SNS component (camel-aws2-sns) due to a missing inbound filter in Sns2HeaderFilterStrategy. The Red Hat/NVD entries confirm the issue is a defense-in-depth hardening change with no known exploit path because camel-aws2-...

9.8CVSS6AI score0.00427EPSS
Exploits0References1Affected Software1
osv
osv
added 2026/07/06 8:16 a.m.4 views

CVE-2026-56140 Apache Camel AWS2 SNS: An inbound Camel-namespace filter was added to Sns2HeaderFilterStrategy to align it with sibling components

Improper Input Validation vulnerability in Apache Camel AWS SNS component. The camel-aws2-sns component filters Camel headers through a component-specific HeaderFilterStrategy, Sns2HeaderFilterStrategy. Like the sibling Sqs2HeaderFilterStrategy, it originally configured only an outbound filter...

9.8CVSS6.1AI score0.00427EPSS
Exploits0References4
cvelist
cvelist
added 2026/07/06 8:13 a.m.33 views

CVE-2026-55994 Apache Camel Iggy: The inbound consumer maps externally-supplied Iggy message user-headers into the Exchange without a HeaderFilterStrategy, allowing injection of Camel control headers - enabling control over internal behaviour

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery SSRF vulnerability in Apache Camel in Iggy component. The camel-iggy consumer mapped the user-headers of inbound Iggy messages into the Camel Exchange header map without applying any...

0.00396EPSS
Exploits0References1
cve
cve
added 2026/07/06 8:13 a.m.17 views

CVE-2026-55994

The CVE concerns Apache Camel Iggy: an attacker publishing to the Iggy stream can inject Camel control headers into inbound messages because the consumer maps external user-headers into the Exchange header map without a HeaderFilterStrategy. This enables Server-Side Request Forgery (SSRF) by redi...

7.5CVSS6AI score0.00396EPSS
Exploits0References2Affected Software1
osv
osv
added 2026/07/06 8:13 a.m.4 views

CVE-2026-55994 Apache Camel Iggy: The inbound consumer maps externally-supplied Iggy message user-headers into the Exchange without a HeaderFilterStrategy, allowing injection of Camel control headers - enabling control over internal behaviour

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery SSRF vulnerability in Apache Camel in Iggy component. The camel-iggy consumer mapped the user-headers of inbound Iggy messages into the Camel Exchange header map without applying any...

7.5CVSS6.1AI score0.00396EPSS
Exploits0References5
cvelist
cvelist
added 2026/07/06 7:57 a.m.30 views

CVE-2026-46457 Apache Camel: Camel-NATS: Inbound NATS message headers are mapped into the Exchange without a configured HeaderFilterStrategy, allowing a client that can publish to the subject to inject Camel control headers

Improper Input Validation vulnerability in Apache Camel NATS component. The camel-nats component maps inbound NATS message headers into the Camel Exchange but defaulted its headerFilterStrategy to a bare new DefaultHeaderFilterStrategy with no inbound rules configured NatsConfiguration. With no...

0.00423EPSS
Exploits1References1
euvd
euvd
added 2026/07/06 7:56 a.m.9 views

EUVD-2026-41830

Improper Input Validation vulnerability in Apache Camel AWS2-SQS Component. The camel-aws2-sqs component map inbound message attributes into the Camel Exchange through a component-specific HeaderFilterStrategy. Sqs2HeaderFilterStrategy configured only an outbound filter setOutFilterPattern, which...

9.8CVSS6AI score0.00472EPSS
Exploits0References1
cve
cve
added 2026/07/06 7:56 a.m.13 views

CVE-2026-46456

The CVE describes an improper input validation in Apache Camel AWS2-SQS (Sqs2HeaderFilterStrategy) where inbound SQS MessageAttributes are copied into the Camel Exchange without an inbound header filter. Specifically, Sqs2HeaderFilterStrategy only configured an outbound filter, so inbound headers...

9.8CVSS6AI score0.00472EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/07/06 7:56 a.m.6 views

CVE-2026-46456

Improper Input Validation vulnerability in Apache Camel AWS2-SQS Component. The camel-aws2-sqs component map inbound message attributes into the Camel Exchange through a component-specific HeaderFilterStrategy. Sqs2HeaderFilterStrategy configured only an outbound filter setOutFilterPattern, which...

6AI score0.00472EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2026/07/06 7:56 a.m.38 views

CVE-2026-46456 Apache Camel: Camel-AWS2-SQS: Inbound message attributes are mapped into the Exchange without an inbound HeaderFilterStrategy, allowing a message sender to inject Camel control headers

Improper Input Validation vulnerability in Apache Camel AWS2-SQS Component. The camel-aws2-sqs component map inbound message attributes into the Camel Exchange through a component-specific HeaderFilterStrategy. Sqs2HeaderFilterStrategy configured only an outbound filter setOutFilterPattern, which...

0.00472EPSS
Exploits0References1
Rows per page
Query Builder