CVE-2026-33453

The CVE-2026-33453 issue affects Apache Camel’s camel-coap component, enabling header injection via CoAP URI query parameters. The camel-coap handler copies incoming CoAP URI query params directly into Camel Exchange In headers without a HeaderFilterStrategy, allowing an unauthenticated attacker ...

CVE-2026-33453 Apache Camel: CoAP URI Query Parameter to Exchange Header Injection in camel-coap Allows Single-Packet Pre-Auth Remote Code Execution

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Apache Camel Camel-Coap component. Apache Camel's camel-coap component is vulnerable to Camel message header injection, leading to remote code execution when routes forward CoAP requests to...

SUSE-SU-2025:01894-1 Security update for the Linux Kernel (Live Patch 24 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505005597 fixes several issues. The following security issues were fixed: - CVE-2024-58013: Bluetooth: MGMT: Fix slab-use-after-free Read in mgmtremoveadvmonitorsync bsc1239096. - CVE-2024-57996: netsched: schsfq: do not allow 1 packet limit bsc1239077...

Mars: 0 Click account takeover via timed requests to ███████forgot-password (single-packet attack)

A vulnerability was present in the forgot password functionality of the platform. By sending carefully timed requests, an attacker was able to obtain the password reset token for any account using only the victim's email address...

Fwknop - Single Packet Authorization & Port Knocking

fwknop implements an authorization scheme known as Single Packet Authorization SPA for strong service concealment. SPA requires only a single packet which is encrypted, non-replayable, and authenticated via an HMAC in order to communicate desired access to a service that is hidden behind a firewa...

CVE-2017-12090

An exploitable denial of service vulnerability exists in the processing of snmp-set commands of the Allen Bradley Micrologix 1400 Series B FRN 21.2 and below. A specially crafted snmp-set request, when sent without associated firmware flashing snmp-set commands, can cause a device power cycle...

Midea's M-Smart smart socket has design logic flaws

M-Smart Smart Socket is a smart home appliance developed by Midea Group. Midea's M-Smart Smart Socket is susceptible to man-in-the-middle attacks due to insecure protocols for transmitting data and lack of validation of what is transmitted on the client and server side. The lack of effective...

Single Packet Authorization: fwknop

fwknop implements an authorization scheme known as Single Packet Authorization SPA for strong service concealment. SPA requires only a single packet which is encrypted, non-replayable, and authenticated via an HMAC in order to communicate desired access to a service that is hidden behind a firewa...

Oracle Internet Directory 10.1.4 - Remote Preauth DoS Exploit

No description provided by source. !/usr/bin/python Oracle Internet Directory 10.1.4 preauthentication Denial Of Service NOTES: Under 32 bits platforms it crashes immediately. Under 64 bits it may take even hours. Sometimes you need 2 shoots to crash OID completely. The server commonly tolerates...

[fwknop] Single Packet Authorization and Port Knocking

fwknop stands for the "FireWall KNock OPerator", and implements an authorization scheme called Single Packet Authorization SPA. This method of authorization is based around a default-drop packet filter fwknop supports iptables on Linux, ipfw on FreeBSD and Mac OS X, and PF on OpenBSD and libpcap...

Arris Cadant C3 CMTS Remote DoS Vulnerability

This vulnerability allows remote attackers to cause a denial of service on vulnerable Arris Cadant C3 CMTS systems. Authentication is not required to exploit this vulnerability. The flaw exists due to mishandling of IP options. When an unknown or bad option is specified, the C3 will terminate...

TCP RST packets spoofing

By sending spoofed RST it's possible to terminate established TCP connection. unlike TPC hijacking attacks there is no need for exact TCP sequence number, and number can be any number from handshaked TCP window. It significantly increases attack efficiency. In NetBSD sequence number for RST is no...