Lucene search
K

1319 matches found

CVE
CVE
added 5 hours ago4 views

CVE-2026-46588

CVE-2026-46588 – Apache Camel (CouchDB header issue) exposes an improper input validation flaw in Apache Camel that affects versions up to 4.14.7 and in 4.15.0–4.18.2 and 4.19.0–4.20.0. The issue involves non-Camel-prefixed Exchange headers bypassing HeaderFilterStrategy, enabling operation overr...

5.9AI score
Exploits0References1
NVD
NVD
added 5 hours ago6 views

CVE-2026-56140

Improper Input Validation vulnerability in Apache Camel AWS SNS component. The camel-aws2-sns component filters Camel headers through a component-specific HeaderFilterStrategy, Sns2HeaderFilterStrategy. Like the sibling Sqs2HeaderFilterStrategy, it originally configured only an outbound filter...

Exploits0References1
NVD
NVD
added 5 hours ago5 views

CVE-2026-46726

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery SSRF vulnerability in Apache Camel in Vertx Websocket component. The camel-vertx-websocket consumer mapped inbound WebSocket query and path parameters into the Camel Exchange header...

Exploits0References2
ATTACKERKB
ATTACKERKB
added 6 hours ago3 views

CVE-2026-56140

Improper Input Validation vulnerability in Apache Camel AWS SNS component. The camel-aws2-sns component filters Camel headers through a component-specific HeaderFilterStrategy, Sns2HeaderFilterStrategy. Like the sibling Sqs2HeaderFilterStrategy, it originally configured only an outbound filter...

6AI score
Exploits0References2Affected Software1
EUVD
EUVD
added 6 hours ago6 views

EUVD-2026-41852

Improper Input Validation vulnerability in Apache Camel AWS SNS component. The camel-aws2-sns component filters Camel headers through a component-specific HeaderFilterStrategy, Sns2HeaderFilterStrategy. Like the sibling Sqs2HeaderFilterStrategy, it originally configured only an outbound filter...

6AI score
Exploits0References1
Cvelist
Cvelist
added 6 hours ago4 views

CVE-2026-55994 Apache Camel Iggy: The inbound consumer maps externally-supplied Iggy message user-headers into the Exchange without a HeaderFilterStrategy, allowing injection of Camel control headers - enabling control over internal behaviour

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery SSRF vulnerability in Apache Camel in Iggy component. The camel-iggy consumer mapped the user-headers of inbound Iggy messages into the Camel Exchange header map without applying any...

Exploits0References1
CVE
CVE
added 6 hours ago4 views

CVE-2026-46726

The CVE-2026-46726 issue affects Apache Camel’s Vertx Websocket component. The inbound WebSocket consumer maps external query and path parameters into the Camel Exchange header map without applying a HeaderFilterStrategy, allowing an unauthenticated attacker to inject Camel control headers (e.g.,...

6AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 6 hours ago2 views

CVE-2026-46457

Improper Input Validation vulnerability in Apache Camel NATS component. The camel-nats component maps inbound NATS message headers into the Camel Exchange but defaulted its headerFilterStrategy to a bare new DefaultHeaderFilterStrategy with no inbound rules configured NatsConfiguration. With no...

6.1AI score
Exploits0References2Affected Software1
CVE
CVE
added 6 hours ago6 views

CVE-2026-46456

In CVE-2026-46456, the Apache Camel AWS2-SQS component fails to apply an inbound header filter, allowing a sender to inject Camel control headers into the Exchange via unfiltered inbound SQS message attributes. This enables manipulation of downstream producers (e.g., HTTP redirection, filename ch...

6AI score
Exploits0References2
EUVD
EUVD
added 2026/06/09 3:48 a.m.10 views

EUVD-2026-35324

Spring LDAP's DirContextAuthenticationStrategy implementations do not reject a bind request where a non-empty username is paired with an empty or null password. Affected versions: Spring LDAP 2.4.0 through 2.4.4; 3.2.0 through 3.2.17; 3.3.0 through 3.3.7; 4.0.0 through 4.0.3...

7.4CVSS5.4AI score0.00257EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/04 4:22 a.m.10 views

CVE-2026-47323

A flaw was found in Apache Camel. An unauthenticated attacker could inject Camel-internal headers via HTTP requests to CXF-RS or CXF-SOAP endpoints due to missing inbound filtering in the HeaderFilterStrategy implementations. This allows the attacker to override configured values when messages ar...

9.8CVSS6.4AI score0.01425EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2026/06/02 12:0 a.m.9 views

Backdoor Unlearning Generalization: A Path toward the Removal of Unknown Triggers in LLMs

Backdoor attacks in Large Language Models LLMs are a growing security concern, where models can generate adversary-chosen content. Existing defenses target backdoors one at a time and typically require knowledge of the trigger, leaving the defender at a structural disadvantage when unknown...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/02 12:0 a.m.29 views

Detecting Aimbot Cheaters in MOGs

Multiplayer Online Games have become a multibillion dollar industry in the entertainment sector. However, the presence of cheaters undermines the experience of honest players and devalues the effort of game developers, as it directly affects player retention, competitive integrity, the legitimacy...

5.3AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/30 9:5 p.m.14 views

Malicious code in retail-location-strategy-frontend (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 056a42f9d6cabda51a99fe21f647f8270a15e121d2017f53e3fa7cc1aad9a47f The OpenSSF Package Analysis project identified 'retail-location-strategy-frontend' @ 1.1.1 npm as malicious. It is considered malicious because...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/30 9:5 p.m.13 views

MAL-2026-5092 Malicious code in retail-location-strategy-frontend (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 056a42f9d6cabda51a99fe21f647f8270a15e121d2017f53e3fa7cc1aad9a47f The OpenSSF Package Analysis project identified 'retail-location-strategy-frontend' @ 1.1.1 npm as malicious. It is considered malicious because...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.11 views

PT-2026-43638

Missing Authorization vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AWP Classifieds: from n/a through = 4.4.5...

6.5CVSS5.8AI score0.00242EPSS
Exploits0References2
NVD
NVD
added 2026/05/26 2:16 a.m.14 views

CVE-2026-9518

A vulnerability was identified in hemant6488 CodeIgniter-StudentManagementSystem. The impacted element is the function addStudent of the file viewstudents.php of the component Students Controller. The manipulation of the argument Name leads to cross site scripting. The attack is possible to be...

5.3CVSS0.00336EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/25 11:10 p.m.15 views

Malicious code in bandkit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 687dcebaf30461a2325de226851b84abfb6db6359a12c9392ece9c5ff02a620d bandkit ships a React component BandPanel that, when rendered without an explicit strategyWalletAddress prop — the configuration shown in the package...

5.2AI score
Exploits0References6
NVD
NVD
added 2026/05/19 2:16 p.m.16 views

CVE-2026-47323

Camel-CXF and Camel-Knative Message Header Injection via Missing Inbound Filtering The CXF and Knative HeaderFilterStrategy implementations CxfRsHeaderFilterStrategy in camel-cxf-rest, CxfHeaderFilterStrategy in camel-cxf-transport, and KnativeHttpHeaderFilterStrategy in camel-knative-http only...

9.8CVSS0.01425EPSS
Exploits0References4
CVE
CVE
added 2026/05/19 12:25 p.m.32 views

CVE-2026-47323

Summary: CVE-2026-47323 affects Apache Camel's CXF and Knative header filtering, where inbound header filtering is not configured. This allows unauthenticated injection of Camel-internal headers (e.g., CamelExecCommandExecutable, CamelFileName) via HTTP requests to CXF-RS or CXF-SOAP endpoints. W...

9.8CVSS6.5AI score0.01425EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder