CLSA-2026-1779125894 php: Fix of 7 CVEs

CVE-2026-7258: fix out-of-bounds read in urldecode via signed-char to ctype.h GHSA-m8rr-4c36-8gq4 - CVE-2026-6722: fix stale SOAPGLOBAL refmap pointer with Apache Map GHSA-85c2-q967-79q5 - CVE-2026-7259: fix null pointer dereference in phpmbcheckencoding via mberegsearchinit GHSA-wm6j-2649-pv75 -...

GHSA-P5C5-6564-VVR8 Improper Authentication in Apache CXF

Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element...

apache-cxf: UsernameTokenPolicyValidator and UsernameTokenInterceptor allow empty passwords to authenticate

Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element...

PT-2012-4724 · Apache · Apache Cxf

Name of the Vulnerable Software and Affected Versions: Apache CXF versions 2.4.0 through 2.4.9 Apache CXF versions 2.5.0 through 2.5.5 Apache CXF versions 2.6.0 through 2.6.2 Description: The issue allows remote attackers to execute unintended web-service operations by sending a header with a SOA...

IBM WebSphere Application Server < 6.1.0.17 Multiple Vulnerabilities

IBM WebSphere Application Server 6.1 before Fix Pack 17 appears to be running on the remote host. As such, it is reportedly affected by multiple flaws : - An attribute in a SOAP security header may cause a security exposure in Web Services applications. PK61315 - An unspecified vulnerability in t...