php: NULL pointer dereference in SOAP apache:Map decoder with missing <value>

A flaw was found in PHP. When a PHP SOAP server has a typemap configured, the apache:Map decoding process checks the incorrect variable in case of a missing value element. This incorrect check leads to a NULL pointer dereference and allows a remote unauthenticated attacker to crash the PHP SOAP...

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability, which stems from the possibility for remote, unauthenticated attackers to send specially crafted SOAP requests to the SAML ECP endpoint. These requests are accompanied ...

CVE-2026-7262

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, when a SOAP server has a typemap configured, the decoding process contains a mistake which checks the wrong variable in case of missing value element. This leads to dereferences a NULL pointer,...

CVE-2025-50187

Chamilo is a learning management system. Prior to version 1.11.28, parameter from SOAP request is evaluated without filtering which leads to Remote Code Execution. This issue has been patched in version 1.11.28...

CVE-2025-50187 Chamilo: Evaluation of untrusted user input leads to Remote Code Execution

Chamilo is a learning management system. Prior to version 1.11.28, parameter from SOAP request is evaluated without filtering which leads to Remote Code Execution. This issue has been patched in version 1.11.28...

PT-2026-22589

Name of the Vulnerable Software and Affected Versions Chamilo versions prior to 1.11.28 Description Chamilo is a learning management system. A flaw exists where a parameter from a SOAP request is evaluated without proper filtering, potentially leading to Remote Code Execution. The issue was...

CVE-2025-59097

The exos 9300 application can be used to configure Access Managers e.g. 92xx, 9230 and 9290. The configuration is done in a graphical user interface on the dormakaba exos server. As soon as the save button is clicked in exos 9300, the whole configuration is sent to the selected Access Manager via...

CVE-2025-59097

The CVE-2025-59097 issue affects the dormakaba exos 9300 configuration GUI used to push configurations to Access Managers (e.g., 92xx, 9230, 9290). When the user saves a configuration, the SOAP payload is sent to the selected Access Manager without authentication or authorization by default. Whil...

CVE-2025-59090

CVE-2025-59090 affects dormakaba exos 9300 systems where an unauthenticated SOAP API is exposed on port 8002. The API is reachable without credentials, enabling an attacker with network access to create arbitrary access log events and query 2FA PINs linked to enrolled chip cards. CVSS metrics in ...

[SECURITY] Fedora 42 Update: mingw-libsoup-2.74.3-16.fc42

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications...

Konica Bizhub Multifunction Printers Improper Validation of Syntactic Correctness of Input (CVE-2024-51983)

An unauthenticated attacker who can connect to the Web Services feature HTTP TCP port 80 can issue a WS-Scan SOAP request containing an unexpected JobToken value which will crash the target device. The device will reboot, after which the attacker can reissue the command to repeatedly crash the...

EUVD-2021-18493

Malware in sbrugna...

EUVD-2019-10217

Malware in sbrugna...

EUVD-2021-18494

Malware in sbrugna...

Nokia Single RAN 安全漏洞

Nokia Single RAN is a wireless network technology from Nokia, Finland. A security vulnerability exists in Nokia Single RAN 24R1-SR versions prior to 1.0 MP, which stems from a failure to validate input in the PlanId field of a SOAP provision operation message in the MNO internal RAN management...

CVE-2024-7097

An incorrect authorization vulnerability exists in multiple WSO2 products due to a flaw in the SOAP admin service, which allows user account creation regardless of the self-registration configuration settings. This vulnerability enables malicious actors to create new user accounts without proper...

CVE-2021-31601

An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user regardless of privileges can list all...

php: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP

A vulnerability was found in PHP where the weak randomness affects applications that use SOAP with HTTP Digest authentication against a possibly malicious server over HTTP allows a remote authenticated attackers to cause a stack information leak...

CLSA-2024-1716485568 php: Fix of 2 CVEs

CVE-2022-4900: sapi/cli/phpcliserver.c: Prevent potential buffer overflow for large value of phpcliserverworkersmax - CVE-2023-3247: ext/soap/phphttp.c: Fix missing randomness check and insufficient random bytes...

CVE-2023-34274

D-Link DIR-2150 LoginPassword Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit thi...