CVE Notify
19.3K subscribers
4 photos
204K links
Alert on the latest CVEs

Partner channel: @malwr
Download Telegram
🚨 CVE-2026-46587
Improper Input Validation vulnerability in Apache Camel.

This issue affects Apache Camel: through 4.14.7, from 4.15.0 through 4.18.2, from 4.19.0 through 4.20.0.

Users are recommended to upgrade to version 4.14.8, 4.18.3, 4.21.0, which fixes the issue.

πŸŽ–@cveNotify
🚨 CVE-2026-46588
Improper Input Validation vulnerability in Apache Camel.

This issue affects Apache Camel: through 4.14.7, from 4.15.0 through 4.18.2, from 4.19.0 through 4.20.0.

Users are recommended to upgrade to version 4.14.8, 4.18.3, 4.21.0, which fixes the issue.

πŸŽ–@cveNotify
🚨 CVE-2026-49042
Improper Input Validation vulnerability in Apache Camel.

This issue affects Apache Camel: from 4.8.0 through 4.18.2, from 4.19.0 through 4.20.0.

Users are recommended to upgrade to version 4.18.3, 4.21.0, which fixes the issue.

πŸŽ–@cveNotify
🚨 CVE-2026-49297
Apache Airflow's Google provider operators `GCSToSFTPOperator` and `GCSTimeSpanFileTransformOperator` joined GCS object names returned by the bucket listing API directly to a destination filesystem path without normalisation or containment check. A user with write access to the source GCS bucket (typically a different trust principal than the DAG author β€” partner uploads, ingest-only service accounts, public-data buckets) could create an object whose name contains `..` segments and cause the DAG run to write the downloaded blob outside the configured destination (the SFTP `destination_path` for `GCSToSFTPOperator`; the worker-local temp directory for `GCSTimeSpanFileTransformOperator`), enabling overwrite of arbitrary files on the SFTP server or the worker host. Affects deployments that ingest from buckets writable by less-trusted principals. Users are advised to upgrade to `apache-airflow-providers-google` 22.2.1 or later.

πŸŽ–@cveNotify
🚨 CVE-2026-4249
The throttling event handling mechanism in multiple WSO2 products accepts user-supplied JSON payloads without sufficient validation of their structure and content. This allows an unauthenticated remote attacker to inject malicious JSON data that can lead to a persistent denial of service condition.

Successful exploitation of this vulnerability can disrupt the API Gateway, preventing legitimate API traffic from being processed and impacting complete service availability. The denial of service is persistent, requiring manual intervention to restore normal operations.

πŸŽ–@cveNotify
🚨 CVE-2026-56810
Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint mint (Mint.HTTP1 module) allows a denial of service via an oversized chunked transfer-encoded response.

This vulnerability is associated with program files lib/mint/http1.ex and program routines 'Elixir.Mint.HTTP1':decode_body/5, 'Elixir.Mint.HTTP1':add_body_to_buffer/2.

When Mint decodes a chunked HTTP response body, it accumulates each partial fragment of the current chunk in the connection's data_buffer (an unbounded iolist) via add_body_to_buffer/2 and does not emit the data to the caller until the full declared chunk length has been received. The chunk size is taken directly from the server and parsed with no upper bound, so a malicious or compromised server can announce one enormous chunk (for example a size line of 7FFFFFFF, about 2 GiB) and then send the body bytes slowly without ever completing the chunk. The client buffers every received byte while it waits for a completion that never arrives, and because no data responses are produced until the chunk finishes, a caller that otherwise streams large content-length bodies safely gains no protection. An unauthenticated remote server (reachable whenever a client follows redirects, fetches user-supplied URLs, or processes webhooks) can drive the client's memory arbitrarily high and trigger an out-of-memory condition.

This issue affects mint: from 0.5.0 before 1.9.1.

πŸŽ–@cveNotify
🚨 CVE-2026-58226
Inefficient Algorithmic Complexity vulnerability in elixir-mint hpax allows unauthenticated denial-of-service via unbounded HPACK integer decoding.

hpax decodes HPACK variable-length integers with no upper bound on the decoded value or the number of continuation octets. 'Elixir.HPAX.Types':decode_remaining_integer/3 accumulates the integer as int + (value <<< m), shifting by 7 more bits for each continuation octet and stopping only on a terminating octet or truncated input, never because the integer grew too large. Because BEAM integers are arbitrary precision, a run of N continuation octets builds an O(N)-bit bignum and re-adds into an ever-larger bignum on each step, so the total decoding cost is superlinear (about O(N^2)). An unauthenticated attacker who can send an HTTP/2 header block to a server using this decoder (reached through the 'Elixir.HPAX':decode/2 entry point) can supply a small header block that forces a large, attacker-controlled amount of CPU (and transient memory), a denial-of-service amplification.

This issue affects hpax from 0.1.1 before 1.0.4.

πŸŽ–@cveNotify
🚨 CVE-2026-6901
Untrusted Search Path vulnerability in B&R Industrial Automation GmbH APROL.

This issue affects APROL: before R 4.4-01P5.

πŸŽ–@cveNotify
🚨 CVE-2026-57974
Integer overflow or wraparound in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

πŸŽ–@cveNotify
🚨 CVE-2026-57975
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

πŸŽ–@cveNotify
🚨 CVE-2026-57981
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

πŸŽ–@cveNotify
🚨 CVE-2026-57983
Improper authorization in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.

πŸŽ–@cveNotify
🚨 CVE-2026-57984
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

πŸŽ–@cveNotify
🚨 CVE-2026-57985
Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

πŸŽ–@cveNotify
🚨 CVE-2026-57986
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

πŸŽ–@cveNotify
🚨 CVE-2026-57988
Relative path traversal in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

πŸŽ–@cveNotify
🚨 CVE-2026-57991
Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.

πŸŽ–@cveNotify
🚨 CVE-2026-57992
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

πŸŽ–@cveNotify
🚨 CVE-2026-58276
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

πŸŽ–@cveNotify
🚨 CVE-2026-58284
Improper authorization in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

πŸŽ–@cveNotify
🚨 CVE-2026-58285
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

πŸŽ–@cveNotify