CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1200 matches found

Apache Kafka Client - Arbitrary File Read

Apache Kafka Client contains arbitrary file read and server-side request forgery caused by untrusted configuration of sasl.oauthbearer.token.endpoint.url and sasl.oauthbearer.jwks.endpoint.url, letting attackers read files or send requests to unintended locations, exploit requires untrusted party...

7.5CVSS7.3AI score0.21423EPSS

Exploits2References2

RedhatCVE•added yesterday•4 views

CVE-2026-33558

Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and responses information in the DEBUG log level in the logs. By default, the log level is set to INFO level. If the DEBUG level is enabled, the sensitive information wi...

5.3CVSS5.3AI score0.00169EPSS

Exploits0References1

IBM Security Bulletins•added yesterday•9 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Apache Kafka (CVE-2026-35554)

Summary A vulnerability in Apache Kafka that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2026-33558 DESCRIPTION: Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and response...

8.7CVSS5.8AI score0.00169EPSS

Exploits0Affected Software1

RedhatCVE•added yesterday•4 views

CVE-2026-45080

Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, improper access control allows disclosure of password hash. This issue has been patched in version 2.10.4...

6.9CVSS5.3AI score0.00041EPSS

Exploits0References1

RedhatCVE•added yesterday•4 views

CVE-2026-42316

kafka-sink-azure-kusto Kafka Connect plugin is the official Microsoft sink for Azure Data Explorer Kusto. Prior to 5.2.3, kafka-sink-azure-kusto did not sanitize user-controlled values inside the kusto.tables.topics.mapping configuration. The db, table, mapping, and format fields of each mapping...

6.5CVSS5.9AI score0.0003EPSS

Exploits0References1

OSV•added yesterday•3 views

ROOT-APP-MAVEN-CVE-2026-35554 CVE-2026-35554 in io.root.org.apache.kafka:kafka-clients - Patched by Root

Root has patched CVE-2026-35554 in the io.root.org.apache.kafka:kafka-clients package for Root:Maven. Multiple fixed versions available...

8.7CVSS5.2AI score0.00025EPSS

Exploits0

OSV•added yesterday•7 views

ROOT-APP-MAVEN-CVE-2026-33558 CVE-2026-33558 in io.root.org.apache.kafka:kafka-clients - Patched by Root

Root has patched CVE-2026-33558 in the io.root.org.apache.kafka:kafka-clients package for Root:Maven. Multiple fixed versions available...

5.3CVSS5.8AI score0.00169EPSS

Exploits0

Nuclei•added yesterday•103 views

Apache Druid Kafka Connect - Remote Code Execution

The vulnerability has the potential to enable a remote attacker with authentication to run any code on the system. This is due to unsafe deserialization that occurs during the configuration of the connector through the Kafka Connect REST API id: CVE-2023-25194 info: name: Apache Druid Kafka Conne...

8.8CVSS6.9AI score0.94055EPSS

Exploits7References5

IBM Security Bulletins•added 2 days ago•7 views

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationRuntime and IntegrationServer operands that use Kafka are vulnerable to loss of confidentiality (CVE-2025-27817, CVE-2025-27818)

Summary Apache Kafka Client is used by IBM App Connect Enterprise Certified Container when running flows that connect to a Kafka server. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use Kafka Client are vulnerable to loss of confidentiality...

8.8CVSS6.7AI score0.21423EPSS

Exploits2Affected Software1

SUSE CVE•added 3 days ago•8 views

SUSE CVE-2026-41115

An improper authorization vulnerability has been identified in Apache Kafka. The implementation of the CONSUMERGROUPDESCRIBE 69 API validates the DESCRIBE operation on the GROUP resource instead of the READ operation that documented in the official kafka documentation and the KIP-848. This...

4.3CVSS5.8AI score0.00089EPSS

Exploits0References3

NVD•added 4 days ago•6 views

CVE-2026-45080

6.9CVSS0.00041EPSS

Exploits0References2

EUVD•added 4 days ago•6 views

EUVD-2026-33962

6.9CVSS5.7AI score0.00041EPSS

Exploits0References2

ATTACKERKB•added 4 days ago•6 views

CVE-2026-44367

Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, a vulnerability exists in the user registration and login mechanisms due to inconsistent handling of username case sensitivity, leading to a targeted Denial of Service DoS and complete account...

2.7CVSS5.7AI score0.00039EPSS

Exploits0References3Affected Software1

EUVD•added 4 days ago•5 views

EUVD-2026-33961

2.7CVSS5.7AI score0.00039EPSS

Exploits0References2

NVD•added 4 days ago•6 views

CVE-2026-41115

4.3CVSS0.00089EPSS

Exploits0References2

Vulnrichment•added 4 days ago•6 views

CVE-2026-41115 Apache Kafka: Improper Authorization in CONSUMER_GROUP_DESCRIBE API

5.8AI score0.00089EPSS

Exploits0References1

Cvelist•added 4 days ago•34 views

CVE-2026-41115 Apache Kafka: Improper Authorization in CONSUMER_GROUP_DESCRIBE API

0.00089EPSS

Exploits0References1

CVE•added 4 days ago•99 views

CVE-2026-41115

Summary: CVE-2026-41115 describes an improper authorization issue in Apache Kafka related to the CONSUMER_GROUP_DESCRIBE API. The vulnerability discussion notes a discrepancy between ACLs and documented permissions, but states that the correct permission for the API is DESCRIBE GROUP and that the...

4.3CVSS5.8AI score0.00089EPSS

Exploits0References2Affected Software1