Lucene search
K

592 matches found

Nuclei
Nuclei
added 18 hours ago116 views

Microweber < 1.2.11 - CRLF Injection

CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11. id: CVE-2022-0666 info: name: Microweber 1.2.11 - CRLF Injection author: ritikchaddha severity: high description: | CRLF Injection leads to Sta...

7.6CVSS6.9AI score0.44259EPSS
Exploits1References3
NVD
NVD
added 2026/07/06 9:16 a.m.8 views

CVE-2026-49365

Generation of Error Message Containing Sensitive Information vulnerability in Apache Camel Netty HTTP component. The camel-netty-http HTTP server consumer exposes a muteException option that controls what is returned to the client when a route processing error occurs. This option defaulted to fal...

5.3CVSS0.00363EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/06 8:15 a.m.6 views

CVE-2026-56139

Generation of Error Message Containing Sensitive Information vulnerability in Apache Camel Undertow Component. The camel-undertow HTTP server consumer exposes a muteException option that controls what is returned to the client when a route processing error occurs. This option defaulted to false,...

5.8AI score0.00363EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/07/06 8:15 a.m.12 views

CVE-2026-56139

CVE-2026-56139 concerns Apache Camel Undertow: the muteException option on the Undertow HTTP server consumer defaulted to false, causing processing errors to return the full Java stack trace in HTTP responses. This exposed sensitive information (credentials in messages, host/IPs, filesystem paths...

5.3CVSS5.8AI score0.00363EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/07/06 8:15 a.m.7 views

EUVD-2026-41851

Generation of Error Message Containing Sensitive Information vulnerability in Apache Camel Undertow Component. The camel-undertow HTTP server consumer exposes a muteException option that controls what is returned to the client when a route processing error occurs. This option defaulted to false,...

5.3CVSS5.8AI score0.00363EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/06 8:11 a.m.7 views

CVE-2026-49365

Generation of Error Message Containing Sensitive Information vulnerability in Apache Camel Netty HTTP component. The camel-netty-http HTTP server consumer exposes a muteException option that controls what is returned to the client when a route processing error occurs. This option defaulted to fal...

5.8AI score0.00363EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/07/06 8:11 a.m.12 views

CVE-2026-49365

The vulnerability CVE-2026-49365 affects Apache Camel’s camel-netty-http server consumer. The root cause is that the default of muteException is false, so on route processing errors Camel writes the full Java stack trace into the HTTP response body instead of an empty body. This can disclose sens...

5.3CVSS5.8AI score0.00363EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/07/06 8:11 a.m.33 views

CVE-2026-49365 Apache Camel: Camel-Netty-HTTP: The muteException consumer option defaulted to false, so a processing error returned the full Java stack trace in the HTTP response body, disclosing sensitive internal information to unauthenticated clients

Generation of Error Message Containing Sensitive Information vulnerability in Apache Camel Netty HTTP component. The camel-netty-http HTTP server consumer exposes a muteException option that controls what is returned to the client when a route processing error occurs. This option defaulted to fal...

0.00363EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.12 views

PT-2026-55907

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.0.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description The camel-netty-http server consumer in Apache Camel contains an issue where the muteException optio...

5.3CVSS6.1AI score0.00363EPSS
Exploits0References8
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: perf: sched: Fixed a crash in perf when using the new isusertask helper. To obtain a user space stacktrace, the current task must be a user task that has executed in user space. It was previously possible to determine whether a...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.11 views

CVE-2025-52611

HCL iControl v4.0.0 was affected by Unhandled Exception - Stack Trace Disclosure vulnerability. The error occurs due to an undefined property being accessed in the application's JavaScript code. Specifically, the code attempts to read the property dashboard key from an object that is undefined...

4.3CVSS5.5AI score0.00157EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 11:41 a.m.10 views

EUVD-2025-210059

HCL iControl v4.0.0 was affected by Unhandled Exception - Stack Trace Disclosure vulnerability. The error occurs due to an undefined property being accessed in the application's JavaScript code. Specifically, the code attempts to read the property dashboard key from an object that is undefined...

4.3CVSS5.9AI score0.00157EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:41 a.m.7 views

CVE-2025-52611

HCL iControl v4.0.0 was affected by Unhandled Exception - Stack Trace Disclosure vulnerability. The error occurs due to an undefined property being accessed in the application's JavaScript code. Specifically, the code attempts to read the property dashboard key from an object that is undefined...

3.1CVSS5.9AI score0.00157EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/04 11:41 a.m.10 views

CVE-2025-52611 HCL iControl was affected by Unhandled Exception - Stack Trace Disclosure vulnerability

HCL iControl v4.0.0 was affected by Unhandled Exception - Stack Trace Disclosure vulnerability. The error occurs due to an undefined property being accessed in the application's JavaScript code. Specifically, the code attempts to read the property dashboard key from an object that is undefined...

3.1CVSS5.9AI score0.00157EPSS
Exploits0References1
CVE
CVE
added 2026/06/04 11:41 a.m.21 views

CVE-2025-52611

CVE-2025-52611 concerns HCL iControl v4.0.0, where an unhandled exception leads to stack trace disclosure. The root cause is described as accessing an undefined object’s property, specifically the dashboard key, within the application's JavaScript code. This missing/improperly initialized object ...

4.3CVSS5.9AI score0.00157EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/04 11:41 a.m.44 views

CVE-2025-52611 HCL iControl was affected by Unhandled Exception - Stack Trace Disclosure vulnerability

HCL iControl v4.0.0 was affected by Unhandled Exception - Stack Trace Disclosure vulnerability. The error occurs due to an undefined property being accessed in the application's JavaScript code. Specifically, the code attempts to read the property dashboard key from an object that is undefined...

3.1CVSS0.00157EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.11 views

HCL iControl 安全漏洞

HCL iControl is an IT infrastructure monitoring and automation platform developed by HCL Company in India. Version 4.0.0 of HCL iControl contains a security vulnerability. This vulnerability arises from unhandled exceptions, which lead to stack trace leaks. It occurs due to accessing the properti...

4.3CVSS5.3AI score0.00157EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.22 views

PT-2026-46186

HCL iControl v4.0.0 was affected by Unhandled Exception - Stack Trace Disclosure vulnerability. The error occurs due to an undefined property being accessed in the application's JavaScript code. Specifically, the code attempts to read the property dashboard key from an object that is undefined...

3.1CVSS5.9AI score0.00157EPSS
Exploits0References2
OSV
OSV
added 2026/05/29 5:38 p.m.21 views

GHSA-Q3FM-4WCW-G57X vm2 setup-sandbox.js violates Defense Invariant #11 in stack-trace formatter

Summary defaultSandboxPrepareStackTrace in lib/setup-sandbox.js lines 605, 607 appends to a fresh sandbox-realm lines = via lineslines.length = value. This is the exact invariant-violating pattern that GHSA-9qj6-qjgg-37qq commit ca195f0, 2026-05-01 just patched in neutralizeArraySpeciesBatch and...

2.1CVSS5.8AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/29 5:38 p.m.34 views

vm2 setup-sandbox.js violates Defense Invariant #11 in stack-trace formatter

Summary defaultSandboxPrepareStackTrace in lib/setup-sandbox.js lines 605, 607 appends to a fresh sandbox-realm lines = via lineslines.length = value. This is the exact invariant-violating pattern that GHSA-9qj6-qjgg-37qq commit ca195f0, 2026-05-01 just patched in neutralizeArraySpeciesBatch and...

5.8AI score
Exploits0References4Affected Software1
Rows per page
Query Builder