Total CVEs

143,793

Critical Severity

4,093

High Severity

14,778

Last 7 Days

1,531
Quick preset (or use dates below)
Clear Filters
Showing 1,441 - 1,460 of 143,793 CVEs
CVE-2026-46587 HIGH - 7.3

Improper Input Validation vulnerability in Apache Camel. This issue affects Apache Camel: through 4.14.7, from 4.15.0 through 4.18.2, from 4.19.0 through 4.20.0. Users are recommended to upgrade to version 4.14.8, 4.18.3, 4.21.0, which fixes the issue.

Vendor: Apache Software Foundation
Product: Apache Camel
Published: Jul 06, 2026
Source: NVD

An authenticated user could manipulate a company ID parameter in a POST request to the backend to gain unauthorised access to other companies hosted within the same subdomain environment. The application does not adequately verify whether the requested company ID belongs to the authenticated user’s ...

Vendor: Adiss
Product: Biloop
Published: Jul 06, 2026
Source: NVD
CVE-2025-8591 MEDIUM - 6.1

The software accepts user-supplied input via a URL parameter without adequate output encoding before reflecting it back to the user's browser. This condition allows an attacker to inject malicious script content into pages served by the application. By leveraging this weakness, an attacker can...

Vendor: wso2
Product: api_control_plane
Published: Jul 06, 2026
Source: NVD
CVE-2026-9165 HIGH - 7.7

A flaw was found in Red Hat Advanced Cluster Security for Kubernetes (RHACS). Central does not limit the depth of GraphQL queries served on the authenticated GraphQL API. An authenticated user with a valid API token can send deeply nested queries that cause excessive resource consumption in Central,...

Published: Jul 06, 2026
Source: NVD
CVE-2026-56140 CRITICAL - 9.8

Improper Input Validation vulnerability in Apache Camel AWS SNS component. The camel-aws2-sns component filters Camel headers through a component-specific HeaderFilterStrategy, Sns2HeaderFilterStrategy. Like the sibling Sqs2HeaderFilterStrategy, it originally configured only an outbound filter (se...

Vendor: Apache Software Foundation
Product: Apache Camel AWS2 SNS
Published: Jul 06, 2026
Source: NVD
CVE-2026-56139 MEDIUM - 5.3

Generation of Error Message Containing Sensitive Information vulnerability in Apache Camel Undertow Component. The camel-undertow HTTP server consumer exposes a muteException option that controls what is returned to the client when a route processing error occurs. This option defaulted to false, wh...

Vendor: Apache Software Foundation
Product: Apache Camel Undertow
Published: Jul 06, 2026
Source: NVD
CVE-2026-55994 HIGH - 7.5

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery (SSRF) vulnerability in Apache Camel in Iggy component. The camel-iggy consumer mapped the user-headers of inbound Iggy messages into the Camel Exchange header map without applying any...

Vendor: Apache Software Foundation
Product: Apache Camel Iggy
Published: Jul 06, 2026
Source: NVD
CVE-2026-55993 HIGH - 7.5

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery (SSRF) vulnerability in Apache Camel in Atmosphere Websocket Component. The camel-atmosphere-websocket consumer mapped inbound WebSocket query parameters into the Camel Exchange header...

Vendor: Apache Software Foundation
Product: Apache Camel Atmosphere Websocket
Published: Jul 06, 2026
Source: NVD
CVE-2026-53913 CRITICAL - 9.8

Improper Authentication, Missing Authentication for Critical Function, Not Failing Securely ('Failing Open') vulnerability in Apache Camel Keycloak Component. The KeycloakSecurityPolicy of camel-keycloak guards a route by running KeycloakSecurityProcessor.beforeProcess(), which performs t...

Vendor: Apache Software Foundation
Product: Apache Camel Keycloak
Published: Jul 06, 2026
Source: NVD
CVE-2026-49365 MEDIUM - 5.3

Generation of Error Message Containing Sensitive Information vulnerability in Apache Camel Netty HTTP component. The camel-netty-http HTTP server consumer exposes a muteException option that controls what is returned to the client when a route processing error occurs. This option defaulted to false...

Vendor: Apache Software Foundation
Product: Apache Camel
Published: Jul 06, 2026
Source: NVD
CVE-2026-49099 MEDIUM - 5.3

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel Salesforce Component. The camel-salesforce producer resolves its operation parameters - the SOQL query, the SO...

Vendor: Apache Software Foundation
Product: Apache Camel Salesforce
Published: Jul 06, 2026
Source: NVD
CVE-2026-49098 MEDIUM - 5.3

Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Apache Camel Kafka Component. The camel-kafka producer can override its configured target topic at runtime from the kafka.OVERRIDE_TOPIC Exchange ...

Vendor: Apache Software Foundation
Product: Apache Camel
Published: Jul 06, 2026
Source: NVD
CVE-2026-49097 MEDIUM - 6.5

Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Apache Camel IRC component. The camel-irc producer chooses the destination of an outgoing IRC message from the irc.sendTo Exchange header (the con...

Vendor: Apache Software Foundation
Product: Apache Camel
Published: Jul 06, 2026
Source: NVD
CVE-2026-49086 MEDIUM - 6.5

Improper Input Validation, Unintended Proxy or Intermediary ('Confused Deputy') vulnerability in Apache Camel DAPR component. The camel-dapr Dapr Pub/Sub consumer (DaprPubSubConsumer) copied two fields from each inbound CloudEvent - its Pub/Sub component name and its topic - into the Came...

Vendor: Apache Software Foundation
Product: Apache Camel Dapr
Published: Jul 06, 2026
Source: NVD
CVE-2026-48206 MEDIUM - 5.3

Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel JIRA component. The camel-jira producers read their operation parameters - the issue key, project key, transition id, summary, type, assignee, components, watchers, link type, work-log minutes ...

Vendor: Apache Software Foundation
Product: Apache Camel JIRA
Published: Jul 06, 2026
Source: NVD
CVE-2026-48205 CRITICAL - 9.1

Improper Input Validation, Server-Side Request Forgery (SSRF) vulnerability in Apache Camel DNS component. The camel-dns producers read DNS operation parameters - the resolver to query, the name or domain to look up, the record type and class, and the search term - from Exchange message headers who...

Vendor: Apache Software Foundation
Product: Apache Camel DNS
Published: Jul 06, 2026
Source: NVD
CVE-2026-48204 CRITICAL - 9.8

Improper Input Validation, Improper Access Control vulnerability in Apache Camel in Camel Mongodb Gridfs component. The camel-mongodb-gridfs producer selects the GridFS operation to perform from the gridfs.operation Exchange header when the endpoint's operation parameter is not set - which is ...

Vendor: Apache Software Foundation
Product: Apache Camel
Published: Jul 06, 2026
Source: NVD
CVE-2026-48203 CRITICAL - 9.1

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), Improper Input Validation, Server-Side Request Forgery (SSRF) vulnerability in Apache Camel Solr component. The camel-solr producer copies Exchange message headers whose names begin with th...

Vendor: Apache Software Foundation
Product: Apache Camel
Published: Jul 06, 2026
Source: NVD
CVE-2026-46726 HIGH - 7.5

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery (SSRF) vulnerability in Apache Camel in Vertx Websocket component. The camel-vertx-websocket consumer mapped inbound WebSocket query and path parameters into the Camel Exchange header ...

Vendor: Apache Software Foundation
Product: Apache Camel Vertx Websocket
Published: Jul 06, 2026
Source: NVD
CVE-2026-46592 HIGH - 7.5

Improper Input Validation, Unintended Proxy or Intermediary ('Confused Deputy') vulnerability in Apache Camel CXF SOAP component. The camel-cxf producer selects which SOAP operation to invoke on the backend service from the operationName (and operationNamespace) Exchange header, whose con...

Vendor: Apache Software Foundation
Product: Apache Camel
Published: Jul 06, 2026
Source: NVD