Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.

Threat Intelligence Database

Comprehensive database of the latest cyber threats affecting organizations worldwide. Filter and search to find specific threat intelligence relevant to your organization.

Pro Console Lifetime

Stop chasing alerts. Route them.

Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.

Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)

View Plans & Pricing

API access activates after upgrading in Console -> Billing.

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now

Filter Threats

Narrow down the results by type, severity, or affected countries

Search threats by title, CVE ID, or description. Maximum 100 characters.

Threat Intelligence

Click on any threat for detailed analysis and mitigation recommendations

CVE-2026-49042: CWE-20 Improper Input Validation in Apache Software Foundation Apache CamelCVE-2026-49042
0

Apache Camel contains an improper input validation vulnerability identified as CVE-2026-49042. This issue affects versions from 4.8.0 through 4.18.2 and from 4.19.0 through 4.20.0. The vulnerability is addressed in versions 4.18.3 and 4.21.0. Users are advised to upgrade to these fixed versions to mitigate the risk.

Join the discussion
CVE-2026-46588: CWE-20 Improper Input Validation in Apache Software Foundation Apache CamelCVE-2026-46588
0

CVE-2026-46588 is an Improper Input Validation vulnerability in Apache Camel. It affects multiple versions including all versions up to 4.14.7, version 4.15.0, versions from 4.15.1 up to but not including 4.18.3, and versions from 4.19.1 up to and including 4.20.0. The issue is addressed in versions 4.14.8, 4.18.3, and 4.21.0. Users are advised to upgrade to these fixed versions to mitigate the vulnerability.

Join the discussion
CVE-2026-46587: CWE-20 Improper Input Validation in Apache Software Foundation Apache CamelCVE-2026-46587
0

CVE-2026-46587 is an Improper Input Validation vulnerability in Apache Camel, an integration framework by the Apache Software Foundation. The issue affects multiple versions of Apache Camel, including all versions up to 4.14.7, versions from 4.15.0 through 4.18.2, and versions up to 4.20.0. The vulnerability is addressed in Apache Camel versions 4.14.8, 4.18.3, and 4.21.0. No CVSS score is provided for this vulnerability.

Join the discussion
CVE-2026-49097: CWE-20 Improper Input Validation in Apache Software Foundation Apache CamelCVE-2026-49097
0

Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Apache Camel IRC component. The camel-irc producer chooses the destination of an outgoing IRC message from the irc.sendTo Exchange header (the constant IrcConstants.IRC_SEND_TO, value irc.sendTo); when that header is present it overrides the channel list configured on the endpoint, and the message is sent only to the specified destination. This and the component's other control headers (irc.target, irc.messageType, irc.user.*, irc.num, irc.value) used plain, non-Camel-prefixed values. Because these names do not start with the Camel / camel prefix, HttpHeaderFilterStrategy - which blocks only the Camel header namespace on the HTTP boundary - let them pass from an inbound HTTP request straight into the Exchange. In a route that bridges an HTTP consumer (for example platform-http) into an irc: producer, any HTTP client could therefore set the irc.sendTo header and redirect a message that the route intended for a configured channel to an arbitrary IRC channel or user - exfiltrating the message content to an attacker-chosen nickname, leaking it into a public channel, or delivering messages that appear to come from the bot. No credentials are required when the bridging consumer is unauthenticated. This issue affects Apache Camel: from 4.0.0 before 4.14.8, from 4.15.0 before 4.18.3, from 4.19.0 before 4.21.0. Users are recommended to upgrade to version 4.21.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.8. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.3. After upgrading, routes that set IRC headers via the raw header names must use the CamelIrc* names (for example CamelIrcSendTo) instead of the old irc.* values. For deployments that cannot upgrade immediately, strip the irc.* headers from any untrusted ingress before the irc: producer (for example removeHeaders('irc.*') at the start of the route), and set the IRC destination from a trusted source.

Join the discussion

Showing 1 to 4 of 4 results

Page 1 of 1
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses