Apache Camel's Camel-Mail component is vulnerable to Camel message header injection

The Camel-Mail component is vulnerable to Camel message header injection. The custom header filter strategy used by the component MailHeaderFilterStrategy only filters the 'out' direction via setOutFilterStartsWith, while it does not configure the 'in' direction via setInFilterStartsWith. As a...

USN-8210-1 nginx vulnerabilities

It was discovered that the nginx ngxmailauthhttpmodule module incorrectly handled certain requests. An attacker could possibly use this issue to cause nginx to crash, resulting in a denial of service. CVE-2026-27651 It was discovered that the nginx ngxhttpdavmodule module incorrectly handled...

Deserialization of Untrusted Data

Overview org.apache.camel:camel-mail is a Camel Mail support. Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the MailHeaderFilterStrategy component. An attacker can execute arbitrary code or alter application behavior by injecting specially crafted MIME...

io.automatiko.addons.services:automatiko-receive-email-addon (>=0.7.0 <=0.46.0), org.apache.camel.kafkaconnector:camel-imap-kafka-connector (>=0.1.0 <=0.11.5) +22 more potentially affected by CVE-2026-33454 via org.apache.camel:camel-mail (>=3.0.0-M1 <=4.14.5)

org.apache.camel:camel-mail MAVEN version =3.0.0-M1, =0.7.0, =0.1.0, =0.1.0, =1.0.0, =1.0.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =4.10.3, =0.2.0, =3.25.0, =0.2.0, =0.2.0, =3.19.0, =3.27.3 and more Source cves: CVE-2026-33454https...

CVE-2026-33454

The Camel-Mail component is vulnerable to Camel message header injection. The custom header filter strategy used by the component MailHeaderFilterStrategy only filters the 'out' direction via setOutFilterStartsWith, while it does not configure the 'in' direction via setInFilterStartsWith. As a...

CVE-2026-33454

The Camel-Mail component is vulnerable to Camel message header injection. The custom header filter strategy used by the component MailHeaderFilterStrategy only filters the 'out' direction via setOutFilterStartsWith, while it does not configure the 'in' direction via setInFilterStartsWith. As a...

CVE-2026-33454 Apache Camel: Inbound Header Filter Missing in MailHeaderFilterStrategy Allows Remote Code Execution via MIME Header Injection (CVE-2025-30177 Variant)

The Camel-Mail component is vulnerable to Camel message header injection. The custom header filter strategy used by the component MailHeaderFilterStrategy only filters the 'out' direction via setOutFilterStartsWith, while it does not configure the 'in' direction via setInFilterStartsWith. As a...

CVE-2026-33454

The CVE describes an inbound header filtering gap in Camel-Mail (MailHeaderFilterStrategy): inbound headers are not filtered, allowing attacker-delivered email to inject Camel-specific headers that can influence downstream components (e.g., camel-bean, camel-exec, camel-sql). Affected: Apache Cam...

EUVD-2026-25806

The Camel-Mail component is vulnerable to Camel message header injection. The custom header filter strategy used by the component MailHeaderFilterStrategy only filters the 'out' direction via setOutFilterStartsWith, while it does not configure the 'in' direction via setInFilterStartsWith. As a...

CVE-2026-33454 Apache Camel: Inbound Header Filter Missing in MailHeaderFilterStrategy Allows Remote Code Execution via MIME Header Injection (CVE-2025-30177 Variant)

The Camel-Mail component is vulnerable to Camel message header injection. The custom header filter strategy used by the component MailHeaderFilterStrategy only filters the 'out' direction via setOutFilterStartsWith, while it does not configure the 'in' direction via setInFilterStartsWith. As a...

CLSA-2026-1777280127 cyrus-imapd: Fix of CVE-2021-33582

Fix CVE-2021-33582 - Denial of service via string hashing algorithm collisions...

PT-2026-35384

CVE-2026-33454 The Camel-Mail component is vulnerable to Camel message header injection. The custom header filter strategy used by the component MailHeaderFilterStrategy only filt… https://t.co/aFcj2mALO4...

Apache Camel 代码问题漏洞

Apache Camel is an open-source integration framework based on the Enterprise Integration Pattern EIP, developed by the Apache Foundation in the United States. This framework provides implementations of Java objects following the EIP pattern, and routing and mediation rules are configured through...

CVE-2026-7013 MaxSite CMS mail_send Plugin cross site scripting

A security vulnerability has been detected in MaxSite CMS up to 109.3. Affected by this issue is some unknown functionality of the component mailsend Plugin. The manipulation of the argument fsubject/ffiles/ffrom leads to cross site scripting. The attack can be initiated remotely. The exploit has...

PT-2026-35194

A security vulnerability has been detected in MaxSite CMS up to 109.3. Affected by this issue is some unknown functionality of the component mail send Plugin. The manipulation of the argument f subject/f files/f from leads to cross site scripting. The attack can be initiated remotely. The exploit...

[SECURITY] Fedora 44 Update: thunderbird-149.0.1-2.fc44

Mozilla Thunderbird is a standalone mail and newsgroup client...

SUSE CVE-2009-1636

Multiple buffer overflows in the Internet Agent aka GWIA component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to execute arbitrary code via 1 a crafted e-mail address in an SMTP session or 2 an SMTP command...

[SECURITY] Fedora 44 Update: nginx-1.28.3-1.fc44

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

Hiding Bluetooth Trackers in Mail

It was used to track a Dutch naval ship: Dutch journalist Just Vervaart, working for regional media network Omroep Gelderland, followed the directions posted on the Dutch government website and mailed a postcard with a hidden tracker inside. Because of this, they were able to track the ship for...

CLSA-2026-1777022242 nginx: Fix of 2 CVEs

CVE-2026-32647: fix buffer over-read/over-write in ngxhttpmp4module via integer overflow, off-by-one boundary checks, and zero sync sample validation in stss atom - CVE-2026-27651: fix NULL pointer dereference in ngxmailauthhttpmodule when using CRAM-MD5 or APOP authentication with Auth-Wait...