Lucene search
K

36 matches found

RedhatCVE
RedhatCVE
added 2026/07/08 6:55 a.m.6 views

CVE-2026-46726

A flaw was found in the Apache Camel Vertx Websocket component. This vulnerability allows an unauthenticated remote attacker to inject malicious query parameters into a WebSocket connection. This can lead to Server-Side Request Forgery SSRF, where the server is coerced into making requests to...

8.2CVSS6AI score0.00536EPSS
Exploits0References4
NVD
NVD
added 2026/07/06 9:16 a.m.10 views

CVE-2026-55994

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery SSRF vulnerability in Apache Camel in Iggy component. The camel-iggy consumer mapped the user-headers of inbound Iggy messages into the Camel Exchange header map without applying any...

7.5CVSS0.00396EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/06 8:13 a.m.6 views

CVE-2026-55994

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery SSRF vulnerability in Apache Camel in Iggy component. The camel-iggy consumer mapped the user-headers of inbound Iggy messages into the Camel Exchange header map without applying any...

6AI score0.00396EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/07/06 8:13 a.m.5 views

EUVD-2026-41850

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery SSRF vulnerability in Apache Camel in Iggy component. The camel-iggy consumer mapped the user-headers of inbound Iggy messages into the Camel Exchange header map without applying any...

7.5CVSS6AI score0.00396EPSS
Exploits0References1
CVE
CVE
added 2026/07/06 8:5 a.m.11 views

CVE-2026-46726

Apache Camel Vertx Websocket: the inbound WebSocket consumer maps external query/path parameters into the Exchange header map without HeaderFilterStrategy, enabling injection of Camel headers (e.g., CamelHttpUri) and potential server-side request forgery (SSRF) to attacker-controlled URIs. The HT...

7.5CVSS6AI score0.00536EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/06/01 9:0 p.m.8 views

Malicious Package

Overview search-engine-setup is a malicious package. This package contains malicious code, and its content has been removed from the official package manager. While this package typosquats well-known libraries to impersonate valid open-source ecosystems, there is no connection between those...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/06/01 9:0 p.m.12 views

Malicious Package

Overview @vpmdhaj/search-setup is a malicious package. This package contains malicious code, and its content has been removed from the official package manager. While this package typosquats well-known libraries to impersonate valid open-source ecosystems, there is no connection between those...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/06/01 9:0 p.m.10 views

Malicious Package

Overview opensearch-setup is a malicious package. This package contains malicious code, and its content has been removed from the official package manager. While this package typosquats well-known libraries to impersonate valid open-source ecosystems, there is no connection between those legitima...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/06/01 9:0 p.m.12 views

Malicious Package

Overview @vpmdhaj/devops-tools is a malicious package. This package contains malicious code, and its content has been removed from the official package manager. While this package typosquats well-known libraries to impersonate valid open-source ecosystems, there is no connection between those...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/06/01 9:0 p.m.12 views

Malicious Package

Overview search-cluster-setup is a malicious package. This package contains malicious code, and its content has been removed from the official package manager. While this package typosquats well-known libraries to impersonate valid open-source ecosystems, there is no connection between those...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/06/01 9:0 p.m.9 views

Malicious Package

Overview @vpmdhaj/opensearch-setup is a malicious package. This package contains malicious code, and its content has been removed from the official package manager. While this package typosquats well-known libraries to impersonate valid open-source ecosystems, there is no connection between those...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/06/01 9:0 p.m.15 views

Malicious Package

Overview opensearch-config-utility is a malicious package. This package contains malicious code, and its content has been removed from the official package manager. While this package typosquats well-known libraries to impersonate valid open-source ecosystems, there is no connection between those...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/06/01 9:0 p.m.13 views

Malicious Package

Overview opensearch-setup-tool is a malicious package. This package contains malicious code, and its content has been removed from the official package manager. While this package typosquats well-known libraries to impersonate valid open-source ecosystems, there is no connection between those...

9.8CVSS5.7AI score
Exploits0References2
Chainguard
Chainguard
added 2026/04/11 2:18 a.m.13 views

CVE-2026-32288 vulnerabilities

Vulnerabilities for packages: flux-operator-fips, kube-conformance, chartmuseum, consul-fips, dive, spire-server, nats-fips, apko, act, bom, omni-fips, knative-operator-fips, tkn-fips, gitlab-rails-ce-fips, argo-workflows, harbor, policy-controller, pulumi, k8ssandra-client-fips, gitlab-kas-fips,...

5.5CVSS6.2AI score0.0029EPSS
Exploits0
Chainguard
Chainguard
added 2026/04/11 2:18 a.m.8 views

GHSA-X4JJ-H2V8-HQQV vulnerabilities

Vulnerabilities for packages: flux-operator-fips, kube-conformance, chartmuseum, consul-fips, dive, spire-server, nats-fips, apko, act, bom, omni-fips, knative-operator-fips, tkn-fips, gitlab-rails-ce-fips, argo-workflows, harbor, policy-controller, pulumi, k8ssandra-client-fips, gitlab-kas-fips,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/04/11 2:18 a.m.14 views

CVE-2026-32283 vulnerabilities

Vulnerabilities for packages: otel-cli, kubernetes-dashboard-metrics-scraper, nri-mssql, aws-ebs-csi-driver, crossplane-provider-kubernetes-fips, langfuse, nfpm, flux-operator-fips, kubernetes-csi-livenessprobe, kube-conformance, spark-operator, chartmuseum, kyverno-policy-reporter-fips,...

7.5CVSS6.9AI score0.00621EPSS
Exploits0
Chainguard
Chainguard
added 2026/04/11 2:18 a.m.5 views

GHSA-GJVH-7JH8-7XHM vulnerabilities

Vulnerabilities for packages: otel-cli, kubernetes-dashboard-metrics-scraper, nri-mssql, aws-ebs-csi-driver, crossplane-provider-kubernetes-fips, langfuse, nfpm, flux-operator-fips, kubernetes-csi-livenessprobe, kube-conformance, spark-operator, chartmuseum, kyverno-policy-reporter-fips,...

6.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/26 3:1 p.m.12 views

CVE-2026-32692

An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within...

7.6CVSS5.8AI score0.00166EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/25 10:5 p.m.2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization when saving credentials. An authenticated user can access plaintext values of secrets stored in external vaults by referencing a secret's external name in a credential, bypassing intended permission checks. Note:...

7.3CVSS5.9AI score0.0026EPSS
Exploits0References2
OSV
OSV
added 2026/03/23 6:16 p.m.4 views

GO-2026-4781 Juju has unauthorized update of out-of-scope Vault secrets in github.com/juju/juju

Juju has unauthorized update of out-of-scope Vault secrets in github.com/juju/juju...

7.6CVSS5.8AI score0.00166EPSS
Exploits0References3
Rows per page
Query Builder