CVE-2026-26234

JUNG Smart Visu Server 1.1.1050 contains a request header manipulation vulnerability that allows unauthenticated attackers to override request URLs by injecting arbitrary values in the X-Forwarded-Host header. Attackers can manipulate proxied requests to generate tainted responses, enabling cache...

Apache Camel Arbitrary Command Execution Vulnerability (CNVD-2025-05168)

Apache Camel is the United States Apache Apache Foundation of a set of open source based on Enterprise Integration Pattern Enterprise Integration Pattern , referred to as EIP integration framework. The framework provides Enterprise Integration Pattern Java objects POJO implementation , and throug...

Amazon Linux 2 : ecs-service-connect-agent (ALASECS-2023-003)

The version of ecs-service-connect-agent installed on the remote host is prior to v1.25.4.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2023-003 advisory. Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to...

CVE-2021-33580

User controlled request.getHeader"Referer", request.getRequestURL and request.getQueryString are used to build and run a regex expression. The attacker doesn't have to use a browser and may send a specially crafted Referer header programmatically. Since the attacker controls the string and the...

httplib2 injection vulnerability

httplib2 is an HTTP client library. An injection vulnerability exists in httplib2 versions prior to 0.18.0. An attacker can exploit the vulnerability by changing the request header and body via the unescaped portion of a controlled uri httplib2.Http.request and sending other hidden requests to th...