36 matches found
CVE-2026-46726
A flaw was found in the Apache Camel Vertx Websocket component. This vulnerability allows an unauthenticated remote attacker to inject malicious query parameters into a WebSocket connection. This can lead to Server-Side Request Forgery SSRF, where the server is coerced into making requests to...
CVE-2026-55994
Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery SSRF vulnerability in Apache Camel in Iggy component. The camel-iggy consumer mapped the user-headers of inbound Iggy messages into the Camel Exchange header map without applying any...
CVE-2026-55994
Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery SSRF vulnerability in Apache Camel in Iggy component. The camel-iggy consumer mapped the user-headers of inbound Iggy messages into the Camel Exchange header map without applying any...
EUVD-2026-41850
Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery SSRF vulnerability in Apache Camel in Iggy component. The camel-iggy consumer mapped the user-headers of inbound Iggy messages into the Camel Exchange header map without applying any...
CVE-2026-46726
Apache Camel Vertx Websocket: the inbound WebSocket consumer maps external query/path parameters into the Exchange header map without HeaderFilterStrategy, enabling injection of Camel headers (e.g., CamelHttpUri) and potential server-side request forgery (SSRF) to attacker-controlled URIs. The HT...
Malicious Package
Overview search-engine-setup is a malicious package. This package contains malicious code, and its content has been removed from the official package manager. While this package typosquats well-known libraries to impersonate valid open-source ecosystems, there is no connection between those...
Malicious Package
Overview @vpmdhaj/search-setup is a malicious package. This package contains malicious code, and its content has been removed from the official package manager. While this package typosquats well-known libraries to impersonate valid open-source ecosystems, there is no connection between those...
Malicious Package
Overview opensearch-setup is a malicious package. This package contains malicious code, and its content has been removed from the official package manager. While this package typosquats well-known libraries to impersonate valid open-source ecosystems, there is no connection between those legitima...
Malicious Package
Overview @vpmdhaj/devops-tools is a malicious package. This package contains malicious code, and its content has been removed from the official package manager. While this package typosquats well-known libraries to impersonate valid open-source ecosystems, there is no connection between those...
Malicious Package
Overview search-cluster-setup is a malicious package. This package contains malicious code, and its content has been removed from the official package manager. While this package typosquats well-known libraries to impersonate valid open-source ecosystems, there is no connection between those...
Malicious Package
Overview @vpmdhaj/opensearch-setup is a malicious package. This package contains malicious code, and its content has been removed from the official package manager. While this package typosquats well-known libraries to impersonate valid open-source ecosystems, there is no connection between those...
Malicious Package
Overview opensearch-config-utility is a malicious package. This package contains malicious code, and its content has been removed from the official package manager. While this package typosquats well-known libraries to impersonate valid open-source ecosystems, there is no connection between those...
Malicious Package
Overview opensearch-setup-tool is a malicious package. This package contains malicious code, and its content has been removed from the official package manager. While this package typosquats well-known libraries to impersonate valid open-source ecosystems, there is no connection between those...
CVE-2026-32288 vulnerabilities
Vulnerabilities for packages: flux-operator-fips, kube-conformance, chartmuseum, consul-fips, dive, spire-server, nats-fips, apko, act, bom, omni-fips, knative-operator-fips, tkn-fips, gitlab-rails-ce-fips, argo-workflows, harbor, policy-controller, pulumi, k8ssandra-client-fips, gitlab-kas-fips,...
GHSA-X4JJ-H2V8-HQQV vulnerabilities
Vulnerabilities for packages: flux-operator-fips, kube-conformance, chartmuseum, consul-fips, dive, spire-server, nats-fips, apko, act, bom, omni-fips, knative-operator-fips, tkn-fips, gitlab-rails-ce-fips, argo-workflows, harbor, policy-controller, pulumi, k8ssandra-client-fips, gitlab-kas-fips,...
CVE-2026-32283 vulnerabilities
Vulnerabilities for packages: otel-cli, kubernetes-dashboard-metrics-scraper, nri-mssql, aws-ebs-csi-driver, crossplane-provider-kubernetes-fips, langfuse, nfpm, flux-operator-fips, kubernetes-csi-livenessprobe, kube-conformance, spark-operator, chartmuseum, kyverno-policy-reporter-fips,...
GHSA-GJVH-7JH8-7XHM vulnerabilities
Vulnerabilities for packages: otel-cli, kubernetes-dashboard-metrics-scraper, nri-mssql, aws-ebs-csi-driver, crossplane-provider-kubernetes-fips, langfuse, nfpm, flux-operator-fips, kubernetes-csi-livenessprobe, kube-conformance, spark-operator, chartmuseum, kyverno-policy-reporter-fips,...
CVE-2026-32692
An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization when saving credentials. An authenticated user can access plaintext values of secrets stored in external vaults by referencing a secret's external name in a credential, bypassing intended permission checks. Note:...
GO-2026-4781 Juju has unauthorized update of out-of-scope Vault secrets in github.com/juju/juju
Juju has unauthorized update of out-of-scope Vault secrets in github.com/juju/juju...