Total CVEs

143,701

Critical Severity

4,088

High Severity

14,745

Last 7 Days

1,539
Quick preset (or use dates below)
Clear Filters
πŸ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years β†’
Showing 1,341 - 1,360 of 40,106 CVEs
CVE-2026-6901 HIGH - 7.7

Untrusted Search Path vulnerability in B&R Industrial Automation GmbH APROL. This issue affects APROL: before R 4.4-01P5.

Published: Jul 06, 2026
Source: NVD
CVE-2026-6900 HIGH - 7.4

Improper certificate validation vulnerability in B&R Industrial Automation GmbH APROL. This issue affects APROL: before R 4.4-01P5.

Published: Jul 06, 2026
Source: NVD

Inefficient Algorithmic Complexity vulnerability in elixir-mint hpax allows unauthenticated denial-of-service via unbounded HPACK integer decoding. hpax decodes HPACK variable-length integers with no upper bound on the decoded value or the number of continuation octets. 'Elixir.HPAX.Types'...

Vendor: elixir-mint
Product: hpax
Published: Jul 06, 2026
Source: NVD

Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint mint (Mint.HTTP1 module) allows a denial of service via an oversized chunked transfer-encoded response. This vulnerability is associated with program files lib/mint/http1.ex and program routines 'Elixir.Mint.HTTP...

Vendor: elixir-mint
Product: mint
Published: Jul 06, 2026
Source: NVD
CVE-2026-4249 HIGH - 8.6

The throttling event handling mechanism in multiple WSO2 products accepts user-supplied JSON payloads without sufficient validation of their structure and content. This allows an unauthenticated remote attacker to inject malicious JSON data that can lead to a persistent denial of service condition. ...

Vendor: wso2
Product: api_control_plane
Published: Jul 06, 2026
Source: NVD
CVE-2026-49297 HIGH - 8.1

Apache Airflow's Google provider operators `GCSToSFTPOperator` and `GCSTimeSpanFileTransformOperator` joined GCS object names returned by the bucket listing API directly to a destination filesystem path without normalisation or containment check. A user with write access to the source GCS bucke...

Vendor: Apache Software Foundation
Product: Apache Airflow Google provider
Published: Jul 06, 2026
Source: NVD
CVE-2026-49042 HIGH - 7.3

Improper Input Validation vulnerability in Apache Camel. This issue affects Apache Camel: from 4.8.0 through 4.18.2, from 4.19.0 through 4.20.0. Users are recommended to upgrade to version 4.18.3, 4.21.0, which fixes the issue.

Vendor: Apache Software Foundation
Product: Apache Camel
Published: Jul 06, 2026
Source: NVD
CVE-2026-46588 HIGH - 7.3

Improper Input Validation vulnerability in Apache Camel. This issue affects Apache Camel: through 4.14.7, from 4.15.0 through 4.18.2, from 4.19.0 through 4.20.0. Users are recommended to upgrade to version 4.14.8, 4.18.3, 4.21.0, which fixes the issue.

Vendor: Apache Software Foundation
Product: Apache Camel
Published: Jul 06, 2026
Source: NVD
CVE-2026-46587 HIGH - 7.3

Improper Input Validation vulnerability in Apache Camel. This issue affects Apache Camel: through 4.14.7, from 4.15.0 through 4.18.2, from 4.19.0 through 4.20.0. Users are recommended to upgrade to version 4.14.8, 4.18.3, 4.21.0, which fixes the issue.

Vendor: Apache Software Foundation
Product: Apache Camel
Published: Jul 06, 2026
Source: NVD

An authenticated user could manipulate a company ID parameter in a POST request to the backend to gain unauthorised access to other companies hosted within the same subdomain environment. The application does not adequately verify whether the requested company ID belongs to the authenticated user’s ...

Vendor: Adiss
Product: Biloop
Published: Jul 06, 2026
Source: NVD
CVE-2025-8591 MEDIUM - 6.1

The software accepts user-supplied input via a URL parameter without adequate output encoding before reflecting it back to the user's browser. This condition allows an attacker to inject malicious script content into pages served by the application. By leveraging this weakness, an attacker can...

Vendor: wso2
Product: api_control_plane
Published: Jul 06, 2026
Source: NVD
CVE-2026-9165 HIGH - 7.7

A flaw was found in Red Hat Advanced Cluster Security for Kubernetes (RHACS). Central does not limit the depth of GraphQL queries served on the authenticated GraphQL API. An authenticated user with a valid API token can send deeply nested queries that cause excessive resource consumption in Central,...

Published: Jul 06, 2026
Source: NVD
CVE-2026-56140 CRITICAL - 9.8

Improper Input Validation vulnerability in Apache Camel AWS SNS component. The camel-aws2-sns component filters Camel headers through a component-specific HeaderFilterStrategy, Sns2HeaderFilterStrategy. Like the sibling Sqs2HeaderFilterStrategy, it originally configured only an outbound filter (se...

Vendor: Apache Software Foundation
Product: Apache Camel AWS2 SNS
Published: Jul 06, 2026
Source: NVD
CVE-2026-56139 MEDIUM - 5.3

Generation of Error Message Containing Sensitive Information vulnerability in Apache Camel Undertow Component. The camel-undertow HTTP server consumer exposes a muteException option that controls what is returned to the client when a route processing error occurs. This option defaulted to false, wh...

Vendor: Apache Software Foundation
Product: Apache Camel Undertow
Published: Jul 06, 2026
Source: NVD
CVE-2026-55994 HIGH - 7.5

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery (SSRF) vulnerability in Apache Camel in Iggy component. The camel-iggy consumer mapped the user-headers of inbound Iggy messages into the Camel Exchange header map without applying any...

Vendor: Apache Software Foundation
Product: Apache Camel Iggy
Published: Jul 06, 2026
Source: NVD
CVE-2026-55993 HIGH - 7.5

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery (SSRF) vulnerability in Apache Camel in Atmosphere Websocket Component. The camel-atmosphere-websocket consumer mapped inbound WebSocket query parameters into the Camel Exchange header...

Vendor: Apache Software Foundation
Product: Apache Camel Atmosphere Websocket
Published: Jul 06, 2026
Source: NVD
CVE-2026-53913 CRITICAL - 9.8

Improper Authentication, Missing Authentication for Critical Function, Not Failing Securely ('Failing Open') vulnerability in Apache Camel Keycloak Component. The KeycloakSecurityPolicy of camel-keycloak guards a route by running KeycloakSecurityProcessor.beforeProcess(), which performs t...

Vendor: Apache Software Foundation
Product: Apache Camel Keycloak
Published: Jul 06, 2026
Source: NVD
CVE-2026-49365 MEDIUM - 5.3

Generation of Error Message Containing Sensitive Information vulnerability in Apache Camel Netty HTTP component. The camel-netty-http HTTP server consumer exposes a muteException option that controls what is returned to the client when a route processing error occurs. This option defaulted to false...

Vendor: Apache Software Foundation
Product: Apache Camel
Published: Jul 06, 2026
Source: NVD
CVE-2026-49099 MEDIUM - 5.3

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel Salesforce Component. The camel-salesforce producer resolves its operation parameters - the SOQL query, the SO...

Vendor: Apache Software Foundation
Product: Apache Camel Salesforce
Published: Jul 06, 2026
Source: NVD
CVE-2026-49098 MEDIUM - 5.3

Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Apache Camel Kafka Component. The camel-kafka producer can override its configured target topic at runtime from the kafka.OVERRIDE_TOPIC Exchange ...

Vendor: Apache Software Foundation
Product: Apache Camel
Published: Jul 06, 2026
Source: NVD