Lucene search
K

508 matches found

Veracode
Veracode
added 6 days ago7 views

Sensitive Information Exposure

Apache Camel Undertow Component is vulnerable to Sensitive Information Exposure. The vulnerability is due to improper handling of exception responses, where processing errors return full Java stack traces instead of suppressing them, allowing attackers to obtain sensitive information such as...

5.3CVSS5.9AI score0.00363EPSS
Exploits0References4Affected Software2
RedhatCVE
RedhatCVE
added 2026/07/08 7:10 a.m.6 views

CVE-2026-49365

A flaw was found in the Apache Camel Netty HTTP component. An unauthenticated remote attacker can exploit this vulnerability by sending a malformed request that triggers an exception during route processing. Due to a misconfiguration where muteException is set to false by default, the system...

5.3CVSS5.8AI score0.00363EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/07/08 7:5 a.m.7 views

CVE-2026-56139

A flaw was found in the Apache Camel Undertow component. The camel-undertow HTTP server consumer, when processing errors, could return full Java stack traces in HTTP responses. This occurs because the muteException option, which controls what is returned to the client during errors, defaulted to...

5.3CVSS5.8AI score0.00363EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/07/08 5:55 a.m.5 views

CVE-2026-8147

A flaw was found in MLflow. When authentication is enabled, any authenticated user can bypass experiment-level authorization controls on trace API endpoints. This is due to missing authorization validators, allowing unauthorized reading, deleting, and modifying of traces. This vulnerability can...

8.1CVSS7AI score0.00348EPSS
Exploits1References5
NVD
NVD
added 2026/07/06 9:16 a.m.10 views

CVE-2026-56139

Generation of Error Message Containing Sensitive Information vulnerability in Apache Camel Undertow Component. The camel-undertow HTTP server consumer exposes a muteException option that controls what is returned to the client when a route processing error occurs. This option defaulted to false,...

5.3CVSS0.00363EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/06 8:15 a.m.32 views

CVE-2026-56139 Apache Camel Undertow: The muteException consumer option defaulted to false, so a processing error returned the full Java stack trace in the HTTP response body, disclosing sensitive internal information to unauthenticated clients

Generation of Error Message Containing Sensitive Information vulnerability in Apache Camel Undertow Component. The camel-undertow HTTP server consumer exposes a muteException option that controls what is returned to the client when a route processing error occurs. This option defaulted to false,...

0.00363EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/06 8:11 a.m.10 views

EUVD-2026-41846

Generation of Error Message Containing Sensitive Information vulnerability in Apache Camel Netty HTTP component. The camel-netty-http HTTP server consumer exposes a muteException option that controls what is returned to the client when a route processing error occurs. This option defaulted to fal...

5.8AI score0.00363EPSS
Exploits0References1
OSV
OSV
added 2026/07/06 8:11 a.m.4 views

CVE-2026-49365 Apache Camel: Camel-Netty-HTTP: The muteException consumer option defaulted to false, so a processing error returned the full Java stack trace in the HTTP response body, disclosing sensitive internal information to unauthenticated clients

Generation of Error Message Containing Sensitive Information vulnerability in Apache Camel Netty HTTP component. The camel-netty-http HTTP server consumer exposes a muteException option that controls what is returned to the client when a route processing error occurs. This option defaulted to fal...

5.3CVSS6.1AI score0.00363EPSS
Exploits0References5
OSV
OSV
added 2026/07/02 7:32 a.m.4 views

CVE-2026-8147 Authorization Bypass in mlflow/mlflow

In MLflow versions prior to 3.14.0, when running with authentication enabled, the trace API endpoints lack proper authorization validators. This allows any authenticated user to bypass experiment-level authorization controls on all trace operations, including reading, deleting, and modifying trac...

8.1CVSS6AI score0.00348EPSS
Exploits1References4
OSV
OSV
added 2026/06/29 5:22 p.m.3 views

CVE-2026-57955 SigNoz 0.130.1 - SQL Injection in Alert History Endpoints via Rule ID Parameter

SigNoz through 0.130.1 contains a SQL injection vulnerability that allows authenticated attackers to execute arbitrary ClickHouse queries by injecting URL-encoded quotes into the rule ID path parameter of the alert-history endpoints. Attackers can manipulate the unsanitized rule ID interpolated...

8.3CVSS6.2AI score0.00235EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

389 Directory Server 缓冲区错误漏洞

389 Directory Server is an open-source implementation of a highly available, fully functional, reliable, and secure LDAP server. There is a security vulnerability in 389 Directory Server, which stems from type confusion during the processing of SSO token extensions. As a result, some stack trace...

4.3CVSS5.8AI score0.00179EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.10 views

CVE-2025-59853

HCL DFXAnalytics is affected by an Improper Error Handling vulnerability where the application exposes detailed stack traces in responses, which could allow an attacker to gain insights into the application's internal structure, code logic, and environment configurations...

5.3CVSS5.5AI score0.00166EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.10 views

CVE-2026-42191

OpenTelemetry.Exporter.OpenTelemetryProtocol is the OTLP OpenTelemetry Protocol exporter implementation. From 1.8.0 to 1.15.2, the OTLP disk retry feature in OpenTelemetry.Exporter.OpenTelemetryProtocol silently fell back to Path.GetTempPath when OTELDOTNETEXPERIMENTALOTLPRETRY=disk was set but...

7.8CVSS5.5AI score0.00108EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/06/02 12:0 a.m.29 views

FORGE: Multi-Agent Graduated Exploitation and Detection Engineering

Vulnerability disclosure volumes now far exceed organizational assessment capacity, yet three adjacent research communities proof-of-concept generation, vulnerability prioritization, and detection rule engineering operate largely in isolation. Existing automated exploit generation systems report...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/27 12:0 a.m.13 views

HunterAgent: Neuro-Symbolic Attack Trace Reconstruction under Anti-Forensics

Modern alert-triage systems reduce SOC burden by filtering false positives, but flagging a high-risk alert is only the start of incident response. Threat hunting requires reconstructing causal attack chains across heterogeneous, partially corrupted logs. Against APTs using anti-forensics parent-P...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.13 views

FreeBSD : Grafana -- XSS in Grafana Explore stack trace (6cc28c49-58fe-11f1-b525-3c7c3fba4204)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 6cc28c49-58fe-11f1-b525-3c7c3fba4204 advisory. https://grafana.com/security/security-advisories/cve-2025-41117 reports: Stack traces in Grafana's...

6.8CVSS5.8AI score0.00239EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/05/26 7:36 a.m.13 views

python-markdown: denial of service via malformed HTML-like sequences

A flaw was found in Python-Markdown. Parsing crafted markdown content containing malformed HTML-like sequences causes html.parser.HTMLParser to raise an unhandled AssertionError. This unhandled exception allows an attacker to cause an application crash and potentially disclose sensitive informati...

8.2CVSS7.2AI score0.00566EPSS
Exploits1References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/25 8:18 p.m.12 views

Malicious code in @izumiswap/sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 63bd0a7aaa4ac18d8ae0c57c07bec05cb4f69e8650e77c117d11c048e5cec004 On npm install, scripts/postinstall.js runs as the preinstall/postinstall lifecycle hook and performs an unambiguous install-time RCE. It first...

5.8AI score
Exploits0References5
Packet Storm News
Packet Storm News
added 2026/05/23 12:0 a.m.11 views

Analyzing Concentration, Temporal Routines and Targeting in Public Ransomware Leak Site Data

Ransomware has grown to become one of the most damaging types of cybercrime, affecting private and public organizations in any sector. While early types of ransomware targeted many victims via automated attacks, ransomware groups have started to specifically target organizations and companies in...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/15 3:30 a.m.4 views

GHSA-75CM-X2W3-8MGF MLflow: unauthenticated access to certain FastAPI routes

A vulnerability in mlflow/mlflow versions 3.9.0 and earlier allows unauthenticated access to certain FastAPI routes when the server is started with authentication enabled --app-name basic-auth and served via uvicorn ASGI. The FastAPI permission middleware only enforces authentication on /gateway/...

8.6CVSS7.4AI score0.01502EPSS
Exploits1References4
Rows per page
Query Builder