1324 matches found
CVE-2026-46588
Summary: CVE-2026-46588 is an Improper Input Validation vulnerability in Apache Camel affecting versions up to 4.14.7 and 4.15.0–4.18.2, 4.19.0–4.20.0. The issue stems from input validation weaknesses in Camel’s components, enabling potential impact on confidentiality, integrity, and availability...
CVE-2026-46588 Apache Camel: CouchDB: Non-Camel-prefixed Exchange headers bypass HeaderFilterStrategy allowing operation override from untrusted input
Improper Input Validation vulnerability in Apache Camel. This issue affects Apache Camel: through 4.14.7, from 4.15.0 through 4.18.2, from 4.19.0 through 4.20.0. Users are recommended to upgrade to version 4.14.8, 4.18.3, 4.21.0, which fixes the issue...
CVE-2026-56140
Improper Input Validation vulnerability in Apache Camel AWS SNS component. The camel-aws2-sns component filters Camel headers through a component-specific HeaderFilterStrategy, Sns2HeaderFilterStrategy. Like the sibling Sqs2HeaderFilterStrategy, it originally configured only an outbound filter...
CVE-2026-46726
Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery SSRF vulnerability in Apache Camel in Vertx Websocket component. The camel-vertx-websocket consumer mapped inbound WebSocket query and path parameters into the Camel Exchange header...
CVE-2026-56140 Apache Camel AWS2 SNS: An inbound Camel-namespace filter was added to Sns2HeaderFilterStrategy to align it with sibling components
Improper Input Validation vulnerability in Apache Camel AWS SNS component. The camel-aws2-sns component filters Camel headers through a component-specific HeaderFilterStrategy, Sns2HeaderFilterStrategy. Like the sibling Sqs2HeaderFilterStrategy, it originally configured only an outbound filter...
EUVD-2026-41852
Improper Input Validation vulnerability in Apache Camel AWS SNS component. The camel-aws2-sns component filters Camel headers through a component-specific HeaderFilterStrategy, Sns2HeaderFilterStrategy. Like the sibling Sqs2HeaderFilterStrategy, it originally configured only an outbound filter...
CVE-2026-56140
Improper Input Validation vulnerability in Apache Camel AWS SNS component. The camel-aws2-sns component filters Camel headers through a component-specific HeaderFilterStrategy, Sns2HeaderFilterStrategy. Like the sibling Sqs2HeaderFilterStrategy, it originally configured only an outbound filter...
CVE-2026-55994 Apache Camel Iggy: The inbound consumer maps externally-supplied Iggy message user-headers into the Exchange without a HeaderFilterStrategy, allowing injection of Camel control headers - enabling control over internal behaviour
Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery SSRF vulnerability in Apache Camel in Iggy component. The camel-iggy consumer mapped the user-headers of inbound Iggy messages into the Camel Exchange header map without applying any...
CVE-2026-46726 Apache Camel Vertx Websocket: The inbound consumer maps externally-supplied WebSocket query and path parameters into the Exchange without a HeaderFilterStrategy, allowing injection of Camel control headers
Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery SSRF vulnerability in Apache Camel in Vertx Websocket component. The camel-vertx-websocket consumer mapped inbound WebSocket query and path parameters into the Camel Exchange header...
CVE-2026-46726
Apache Camel Vertx Websocket: the inbound WebSocket consumer maps external query/path parameters into the Exchange header map without HeaderFilterStrategy, enabling injection of Camel headers (e.g., CamelHttpUri) and potential server-side request forgery (SSRF) to attacker-controlled URIs. The HT...
CVE-2026-46457
Improper Input Validation vulnerability in Apache Camel NATS component. The camel-nats component maps inbound NATS message headers into the Camel Exchange but defaulted its headerFilterStrategy to a bare new DefaultHeaderFilterStrategy with no inbound rules configured NatsConfiguration. With no...
CVE-2026-46456
The CVE describes an improper input validation in Apache Camel AWS2-SQS (Sqs2HeaderFilterStrategy) where inbound SQS MessageAttributes are copied into the Camel Exchange without an inbound header filter. Specifically, Sqs2HeaderFilterStrategy only configured an outbound filter, so inbound headers...
EUVD-2026-35324
Spring LDAP's DirContextAuthenticationStrategy implementations do not reject a bind request where a non-empty username is paired with an empty or null password. Affected versions: Spring LDAP 2.4.0 through 2.4.4; 3.2.0 through 3.2.17; 3.3.0 through 3.3.7; 4.0.0 through 4.0.3...
CVE-2026-47323
A flaw was found in Apache Camel. An unauthenticated attacker could inject Camel-internal headers via HTTP requests to CXF-RS or CXF-SOAP endpoints due to missing inbound filtering in the HeaderFilterStrategy implementations. This allows the attacker to override configured values when messages ar...
Backdoor Unlearning Generalization: A Path toward the Removal of Unknown Triggers in LLMs
Backdoor attacks in Large Language Models LLMs are a growing security concern, where models can generate adversary-chosen content. Existing defenses target backdoors one at a time and typically require knowledge of the trigger, leaving the defender at a structural disadvantage when unknown...
Detecting Aimbot Cheaters in MOGs
Multiplayer Online Games have become a multibillion dollar industry in the entertainment sector. However, the presence of cheaters undermines the experience of honest players and devalues the effort of game developers, as it directly affects player retention, competitive integrity, the legitimacy...
MAL-2026-5092 Malicious code in retail-location-strategy-frontend (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 056a42f9d6cabda51a99fe21f647f8270a15e121d2017f53e3fa7cc1aad9a47f The OpenSSF Package Analysis project identified 'retail-location-strategy-frontend' @ 1.1.1 npm as malicious. It is considered malicious because...
Malicious code in retail-location-strategy-frontend (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 056a42f9d6cabda51a99fe21f647f8270a15e121d2017f53e3fa7cc1aad9a47f The OpenSSF Package Analysis project identified 'retail-location-strategy-frontend' @ 1.1.1 npm as malicious. It is considered malicious because...
PT-2026-43638
Missing Authorization vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AWP Classifieds: from n/a through = 4.4.5...
CVE-2026-9518
A vulnerability was identified in hemant6488 CodeIgniter-StudentManagementSystem. The impacted element is the function addStudent of the file viewstudents.php of the component Students Controller. The manipulation of the argument Name leads to cross site scripting. The attack is possible to be...