Lucene search
+L

1322 matches found

Nuclei
Nuclei
added yesterday122 views

Kafka UI 0.7.1 Command Injection

An issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows remote attackers to execute arbitrary code via the q parameter of /api/clusters/local/topics/topic/messages. id: CVE-2023-52251 info: name: Kafka UI 0.7.1 Command Injection author: yhy0,iamnoooob severity: high description: | An...

8.8CVSS8.6AI score0.85025EPSS
Exploits5References3
Nuclei
Nuclei
added 2 days ago13 views

Apache Kafka Client - Arbitrary File Read

Apache Kafka Client contains arbitrary file read and server-side request forgery caused by untrusted configuration of sasl.oauthbearer.token.endpoint.url and sasl.oauthbearer.jwks.endpoint.url, letting attackers read files or send requests to unintended locations, exploit requires untrusted party...

7.5CVSS7AI score0.62368EPSS
Exploits2References2
NVD
NVD
added 2026/07/08 11:16 p.m.8 views

CVE-2026-54775

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, a CoreWCF service listening on a Kafka topic stops processing new records from that topic when KafkaTransportPump receives a null-value tombstone record, causing a persistent...

6.5CVSS0.00336EPSS
Exploits0References6
CVE
CVE
added 2026/07/08 10:13 p.m.16 views

CVE-2026-54775

Summary: CVE-2026-54775 affects CoreWCF.Kafka’s KafkaTransportPump. Before versions 1.8.1 and 1.9.1, a null-value tombstone (Kafka tombstone) on a topic causes the pump to halt, stopping processing of new records and potentially causing persistent endpoint denial of service for topics with produc...

6.5CVSS6AI score0.00336EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/08 10:13 p.m.30 views

CVE-2026-54775 CoreWCF: Kafka consume pump halts permanently on a Kafka tombstone (null-value record), causing persistent endpoint denial of service.

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, a CoreWCF service listening on a Kafka topic stops processing new records from that topic when KafkaTransportPump receives a null-value tombstone record, causing a persistent...

6.5CVSS0.00336EPSS
Exploits0References6
OSV
OSV
added 2026/07/08 10:13 p.m.3 views

CVE-2026-54775 CoreWCF: Kafka consume pump halts permanently on a Kafka tombstone (null-value record), causing persistent endpoint denial of service.

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, a CoreWCF service listening on a Kafka topic stops processing new records from that topic when KafkaTransportPump receives a null-value tombstone record, causing a persistent...

6.5CVSS6.1AI score0.00336EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/07/08 6:40 a.m.6 views

CVE-2026-49098

A flaw was found in the Apache Camel Kafka Component. A remote attacker can exploit an improper input validation vulnerability by manipulating specific Kafka headers, such as kafka.OVERRIDETOPIC, when an HTTP consumer bridges into a Kafka producer. This allows the attacker to redirect messages to...

6.5CVSS6AI score0.00385EPSS
Exploits0References4
OSV
OSV
added 2026/07/07 10:55 a.m.6 views

ROOT-APP-MAVEN-CVE-2026-41726 CVE-2026-41726 in io.root.org.springframework.kafka:spring-kafka - Patched by Root

Root has patched CVE-2026-41726 in the io.root.org.springframework.kafka:spring-kafka package for Root:Maven. Multiple fixed versions available...

6.5CVSS5.8AI score0.00289EPSS
Exploits0
OSV
OSV
added 2026/07/07 10:55 a.m.4 views

ROOT-APP-MAVEN-CVE-2026-41731 CVE-2026-41731 in io.root.org.springframework.kafka:spring-kafka - Patched by Root

Root has patched CVE-2026-41731 in the io.root.org.springframework.kafka:spring-kafka package for Root:Maven. Multiple fixed versions available...

8.1CVSS5.8AI score0.00489EPSS
Exploits0
NVD
NVD
added 2026/07/06 9:16 a.m.10 views

CVE-2026-49098

Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Apache Camel Kafka Component. The camel-kafka producer can override its configured target topic at runtime from the kafka.OVERRIDETOPIC Exchange header:...

5.3CVSS0.00385EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/06 8:10 a.m.33 views

CVE-2026-49098 Apache Camel: Camel-Kafka: The kafka.OVERRIDE_TOPIC (and other kafka.*) Exchange header constants used non-Camel-prefixed names that bypass the upstream HTTP header filter, allowing an HTTP client to redirect Kafka messages to an arbitrary topic

Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Apache Camel Kafka Component. The camel-kafka producer can override its configured target topic at runtime from the kafka.OVERRIDETOPIC Exchange header:...

0.00385EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/06 8:10 a.m.8 views

EUVD-2026-41844

Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Apache Camel Kafka Component. The camel-kafka producer can override its configured target topic at runtime from the kafka.OVERRIDETOPIC Exchange header:...

6.1AI score0.00385EPSS
Exploits0References1
CVE
CVE
added 2026/07/06 8:10 a.m.10 views

CVE-2026-49098

The CVE describes an injection-type flaw in the Apache Camel Kafka Component where the kafka.OVERRIDE_TOPIC (and related kafka.* headers) can override the endpoint topic at runtime. KafkaProducer.evaluateTopic() returns the header value in preference to the endpoint topic, and headers pass throug...

5.3CVSS6.1AI score0.00385EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/06 8:10 a.m.8 views

CVE-2026-49098

Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Apache Camel Kafka Component. The camel-kafka producer can override its configured target topic at runtime from the kafka.OVERRIDETOPIC Exchange header:...

6.1AI score0.00385EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.21 views

PT-2026-55905

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.0.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description An injection issue exists in the Apache Camel Kafka component due to improper input validation and...

5.3CVSS6.2AI score0.00385EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2026/07/02 12:3 a.m.8 views

Important: Red Hat Security Advisory: Streams for Apache Kafka 2.9.4 release and security update

Streams for Apache Kafka 2.9.4 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

10CVSS7.5AI score0.38872EPSS
Exploits19References35
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/30 3:13 p.m.9 views

Malicious code in confluent-kafka-javascript (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e20f9433c5da4c3ee143c33ec2a876e07ff01aa1188d0efa783858bcd0903d3c Analysis of this package version produced no static indicator and no traced behavioral findings. The tarball does not exhibit lifecycle-script...

6.2AI score
Exploits0References2
OSV
OSV
added 2026/06/30 3:13 p.m.6 views

MAL-2026-6682 Malicious code in confluent-kafka-javascript (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e20f9433c5da4c3ee143c33ec2a876e07ff01aa1188d0efa783858bcd0903d3c Analysis of this package version produced no static indicator and no traced behavioral findings. The tarball does not exhibit lifecycle-script...

6.2AI score
Exploits0References2
OSV
OSV
added 2026/06/30 8:29 a.m.15 views

ROOT-APP-MAVEN-CVE-2026-33558 CVE-2026-33558 in io.root.org.apache.kafka:kafka-clients - Patched by Root

Root has patched CVE-2026-33558 in the io.root.org.apache.kafka:kafka-clients package for Root:Maven. Multiple fixed versions available...

5.3CVSS5.8AI score0.00535EPSS
Exploits0
OSV
OSV
added 2026/06/30 8:29 a.m.12 views

ROOT-APP-MAVEN-CVE-2025-27817 CVE-2025-27817 in io.root.org.apache.kafka:kafka-clients - Patched by Root

Root has patched CVE-2025-27817 in the io.root.org.apache.kafka:kafka-clients package for Root:Maven. Multiple fixed versions available...

7.5CVSS7.1AI score0.62368EPSS
Exploits2
Rows per page
Query Builder