Lucene search
K

1235 matches found

Nuclei
Nuclei
added 9 hours ago13 views

Apache CXF < 4.0.4 - Aegis DataBinding SSRF / Local File Read

Apache CXF before 4.0.4, 3.6.3 and 3.5.8 has a Server-Side Request Forgery SSRF vulnerability when using the Aegis DataBinding. The XOP Include mechanism in multipart SOAP requests can be abused to read local files or make server-side HTTP requests to arbitrary URLs. An attacker can use this to...

9.3CVSS7AI score0.05849EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added yesterday3 views

apache-cxf: org.apache.cxf/cxf-integration-jca: Apache CXF: Arbitrary code execution via JNDI Injection

A flaw was found in Apache CXF's JCA integration module. This Java Naming and Directory Interface JNDI Injection vulnerability allows for arbitrary code execution. A remote attacker could exploit this by manipulating the Java EE Connector Architecture JCA deployment descriptor ra.xml or runtime...

8.1CVSS6.4AI score0.00782EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added yesterday3 views

cxf: org.apache.cxf/cxf-rt-rs-security-oauth2: cxf: Unauthorized access due to logic error in OAuthRequestFilter

A flaw was found in the OAuthRequestFilter component of cxf. A logic error in this filter inadvertently creates an inverse security check when enabled. This issue causes legitimate requests from a bound IP address to be rejected, while requests from any other IP address are blindly allowed. This...

9.8CVSS5.9AI score0.00629EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added yesterday3 views

cxf: org.apache.cxf/cxf-rt-transports-jms: Apache CXF: Arbitrary code execution via untrusted JMS configuration

A flaw was found in Apache CXF. This vulnerability, stemming from an incomplete fix for a previous issue, allows untrusted users who can configure Java Message Service JMS for Apache CXF to achieve arbitrary code execution. This could lead to a complete compromise of the affected system...

8.8CVSS6.2AI score0.00646EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added yesterday3 views

apache-cxf: org.apache.cxf/cxf-rt-rs-security-oauth2: Apache CXF: Token Confusion/Routing attacks due to improper validation of JWT audience claims

A flaw was found in Apache CXF. The JwtAccessTokenValidator class fails to properly validate the 'aud' Audience claims within incoming JSON Web Token JWT access tokens. This vulnerability allows an attacker to reuse a JWT, originally intended for one resource server, against a different resource...

9.1CVSS5.9AI score0.00418EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added yesterday4 views

org.apache.cxf/cxf-rt-transports-jms: Apache CXF: Remote Code Execution via untrusted JMS configuration

A flaw was found in Apache CXF. Untrusted users, if allowed to configure Java Message Service JMS for Apache CXF, can exploit this vulnerability to achieve remote code execution RCE. This issue arises from an incomplete fix for a prior security flaw, indicating an alternative path that could lead...

7.5CVSS6.6AI score0.0064EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added yesterday5 views

apache-cxf: org.apache.cxf.services.xkms/cxf-services-xkms-x509-repo-ldap: Apache CXF: Information Disclosure via LDAP Injection

A flaw was found in Apache CXF. A remote attacker could exploit an LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server. This vulnerability allows the attacker to retrieve arbitrary certificates from the repository, leading to information disclosure...

9.8CVSS7.3AI score0.0068EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added yesterday5 views

cxf: org.apache.cxf/cxf-core: Apache CXF: Information disclosure via out-of-band external entity resolution due to missing JAXP hardening

A flaw was found in Apache CXF. The EndpointReferenceUtils and W3CMultiSchemaFactory classes within Apache CXF construct a SAXParserFactory without proper security configurations. This oversight enables out-of-band OOB external entity resolution, a type of XML External Entity XXE vulnerability. A...

9.8CVSS5.8AI score0.00485EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2 days ago4 views

cxf: org.apache.cxf/cxf-core: Apache CXF: Information disclosure via out-of-band external entity resolution due to missing JAXP hardening

A flaw was found in Apache CXF. The EndpointReferenceUtils and W3CMultiSchemaFactory classes within Apache CXF construct a SAXParserFactory without proper security configurations. This oversight enables out-of-band OOB external entity resolution, a type of XML External Entity XXE vulnerability. A...

9.8CVSS5.8AI score0.00485EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 3 days ago3 views

Security Bulletin: Multiple vulnerabilities affect Data Virtualization on IBM Software Hub (June 2026 - Part 1 of 2)

Summary Multiple vulnerabilities have been addressed in Data Virtualization on IBM Software Hub. Note that Data Virtualization was named Watson Query on IBM Cloud Pak for Data version 4.8. Vulnerability Details CVEID:CVE-2026-50010 DESCRIPTION: Netty is a network application framework for...

9.1CVSS6.9AI score0.00533EPSS
Exploits0Affected Software1
CVE
CVE
added 4 days ago11 views

CVE-2026-46592

This CVE concerns Apache Camel CXF SOAP component where the operationName/operationNamespace headers bypass the HTTP header filter, enabling a potential confused-deputy redirection to invoke a different WSDL operation. Affected range: Camel 4.0.0–4.14.8, 4.15.0–4.18.3, 4.19.0–4.21.0. Mitigation: ...

7.5CVSS6AI score0.00396EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.2 views

IBM WebSphere Application Server 8.5.x < 8.5.5.31 / 9.x < 9.0.5.29 / Liberty 17.0.0.3 < 26.0.0.8 (7278576)

The version of IBM WebSphere Application Server running on the remote host is affected by multiple vulnerabilities as referenced in the 7278576 advisory. - There is no restriction on the amount of attachment headers that a message can contain when being deserialized by Apache CXF, which can lead ...

7.5CVSS6AI score0.0046EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/30 12:13 a.m.6 views

org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files

A flaw was found in Apache CXF. In some edge cases with large data stream caching, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system and trigger a denial of service...

7.5CVSS6.5AI score0.01941EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/30 12:12 a.m.8 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.15 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

9.6CVSS7AI score0.0217EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.5 views

RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.1.15 (RHSA-2026:33372)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:33372 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release ...

9.6CVSS7.1AI score0.0217EPSS
Exploits1References14
RedhatCVE
RedhatCVE
added 2026/06/17 10:27 a.m.13 views

CVE-2026-50632

A flaw was found in Apache CXF. This vulnerability, stemming from an incomplete fix for a previous issue, allows untrusted users who can configure Java Message Service JMS for Apache CXF to achieve arbitrary code execution. This could lead to a complete compromise of the affected system. Mitigati...

8.8CVSS5.8AI score0.00646EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/16 12:0 a.m.11 views

Apache CXF < 4.1.7 / 4.2.x < 4.2.2 Multiple Vulnerabilities

The version of Apache CXF installed on the remote host is prior to 4.1.7 or 4.2.x prior to 4.2.2. It is, therefore, affected by multiple vulnerabilities, including: - A JNDI Injection vulnerability in the JCA integration module allows code execution if an attacker can manipulate the JCA deploymen...

8.8CVSS6.3AI score0.00782EPSS
Exploits0References17
RedhatCVE
RedhatCVE
added 2026/06/15 2:36 p.m.9 views

CVE-2026-50633

A flaw was found in Apache CXF's JCA integration module. This Java Naming and Directory Interface JNDI Injection vulnerability allows for arbitrary code execution. A remote attacker could exploit this by manipulating the Java EE Connector Architecture JCA deployment descriptor ra.xml or runtime...

8.1CVSS5.7AI score0.00782EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/15 2:36 p.m.7 views

CVE-2026-50627

A flaw was found in Apache CXF. The JwtAccessTokenValidator class fails to properly validate the 'aud' Audience claims within incoming JSON Web Token JWT access tokens. This vulnerability allows an attacker to reuse a JWT, originally intended for one resource server, against a different resource...

9.1CVSS4.8AI score0.00418EPSS
Exploits0References5
Snyk
Snyk
added 2026/06/12 11:11 a.m.7 views

Improperly Implemented Security Check for Standard

Overview org.apache.cxf:cxf-rt-rs-security-oauth2 is a services framework. Affected versions of this package are vulnerable to Improperly Implemented Security Check for Standard due to a logic error in the OAuthRequestFilter request handler. An attacker can bypass intended IP address restrictions...

9.8CVSS5.4AI score0.00629EPSS
Exploits0References2
Rows per page
Query Builder