Lucene search
K

5177 matches found

ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-46587

Improper Input Validation vulnerability in Apache Camel. This issue affects Apache Camel: through 4.14.7, from 4.15.0 through 4.18.2, from 4.19.0 through 4.20.0. Users are recommended to upgrade to version 4.14.8, 4.18.3, 4.21.0, which fixes the issue...

7.3CVSS5.9AI score
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-49042

Improper Input Validation vulnerability in Apache Camel. This issue affects Apache Camel: from 4.8.0 through 4.18.2, from 4.19.0 through 4.20.0. Users are recommended to upgrade to version 4.18.3, 4.21.0, which fixes the issue...

7.3CVSS5.9AI score
Exploits0References2Affected Software1
NVD
NVD
added yesterday5 views

CVE-2026-49365

Generation of Error Message Containing Sensitive Information vulnerability in Apache Camel Netty HTTP component. The camel-netty-http HTTP server consumer exposes a muteException option that controls what is returned to the client when a route processing error occurs. This option defaulted to fal...

0.0016EPSS
Exploits0References2
NVD
NVD
added yesterday5 views

CVE-2026-48203

Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection', Improper Input Validation, Server-Side Request Forgery SSRF vulnerability in Apache Camel Solr component. The camel-solr producer copies Exchange message headers whose names begin with the SolrParam...

9.1CVSS0.00185EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-48203

Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection', Improper Input Validation, Server-Side Request Forgery SSRF vulnerability in Apache Camel Solr component. The camel-solr producer copies Exchange message headers whose names begin with the SolrParam...

6.1AI score0.00185EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added yesterday5 views

CVE-2026-46455

Insufficient Session Expiration vulnerability in Apache Camel Keycloak Component. The camel-keycloak security helper KeycloakSecurityHelper.parseAndVerifyAccessToken builds a Keycloak TokenVerifier using withChecks... with only the subject-exists check and the realm-URL issuer check. Keycloak's...

6AI score0.00152EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added yesterday5 views

EUVD-2026-41827

Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel ElasticSearch Rest Client. The camel-elasticsearch-rest-client component reads several Exchange headers to control its behaviour - SEARCHQUERY an advanced query body, OPERATION which...

5.3CVSS6AI score0.00173EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday16 views

Web-Check < 2.0.1 Screenshot API - OS Command Injection

Lissy93/web-check contains a command injection caused by unsanitized user input in the screenshot API, letting attackers execute arbitrary system commands, exploit requires sending crafted url parameters. id: CVE-2025-32778 info: name: Web-Check 2.0.1 Screenshot API - OS Command Injection author:...

9.3CVSS6.1AI score0.19761EPSS
Exploits4References4
Nuclei
Nuclei
added 2 days ago21 views

WordPress Burst Statistics 3.4.0-3.4.1.1 - Authentication Bypass

Burst Statistics – Privacy-Friendly WordPress Analytics plugin 3.4.0 to 3.4.1.1 contains an authentication bypass caused by incorrect return-value handling in ismainwpauthenticated function, letting unauthenticated attackers impersonate administrators, exploit requires knowledge of an administrat...

9.8CVSS5.9AI score0.14608EPSS
Exploits10References2
Debian
Debian
added 4 days ago10 views

[SECURITY] [DLA 4666-1] openvpn security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-4666-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta July 04, 2026 https://wiki.debian.org/LTS - -----------------------------------------------------------------------...

6CVSS6AI score
Exploits0
NVD
NVD
added 4 days ago4 views

CVE-2026-47897

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache Lucene.Net Lucene.Net.Replicator library. This issue affects Apache Lucene.Net.Replicator: from 4.8.0-beta00005 before 4.8.0-beta00018. Users are recommended to upgrade to version 4.8.0-beta00018,...

8.9CVSS0.00385EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-41518

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache Lucene.Net Lucene.Net.Replicator library. This issue affects Apache Lucene.Net.Replicator: from 4.8.0-beta00005 before 4.8.0-beta00018. Users are recommended to upgrade to version 4.8.0-beta00018,...

8.9CVSS5.9AI score0.00385EPSS
Exploits0References1
CVE
CVE
added 4 days ago15 views

CVE-2026-47897

CVE-2026-47897 is a path traversal vulnerability in Apache Lucene.Net.Replicator. Affected: Lucene.Net.Replicator library (versions from 4.8.0-beta00005 up to, but before, 4.8.0-beta00018). Root cause: improper limitation of a pathname to a restricted directory, enabling potential access to restr...

8.9CVSS5.9AI score0.00385EPSS
Exploits0References2
Nuclei
Nuclei
added 5 days ago12 views

Apache ActiveMQ < 5.16.5/5.17.3 - Remote Code Execution

Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandlerhandlePostRequest is able to create JmxRequest...

8.8CVSS7.7AI score0.8581EPSS
Exploits2References3
EUVD
EUVD
added last week8 views

EUVD-2026-40279

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache ActiveMQ, Apache ActiveMQ Web Console. The browse page in the web console renders a message Id directly without sanitization. This allows an authenticated producer to send a message with a J...

6.1CVSS5.7AI score0.00563EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.7 views

PT-2026-53840

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ versions prior to 5.19.8 Apache ActiveMQ versions 6.0.0 through 6.2.6 Description An improper authorization issue exists where an authenticated user with low privileges can access the /admin/ endpoints in the Web Console. This...

8.1CVSS5.9AI score0.0051EPSS
Exploits0References10
NVD
NVD
added 2026/06/29 9:16 p.m.14 views

CVE-2026-55956

Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

6.5CVSS0.0041EPSS
Exploits0References2
NVD
NVD
added 2026/06/29 9:16 p.m.11 views

CVE-2026-55957

Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to authenticate binds using GSSAPI allowed attackers to authenticate without provided the correct password. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.4, from 10.1.0-M1...

7.3CVSS0.00462EPSS
Exploits0References2
OSV
OSV
added 2026/06/29 9:16 p.m.7 views

DEBIAN-CVE-2026-50229

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in the number guess example for Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.0.M1 through 9.0.118, from 8.5.0 through 8.5.100, fro...

6.1CVSS5.7AI score0.00423EPSS
Exploits0References1
OSV
OSV
added 2026/06/29 9:16 p.m.3 views

UBUNTU-CVE-2026-55956

Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

6.5CVSS5.7AI score0.0041EPSS
Exploits0References7
Rows per page
Query Builder