Lucene search
K

3893 matches found

RedHat Linux
RedHat Linux
added 2026/06/30 11:12 a.m.6 views

Important: Red Hat Security Advisory: php security update

An update for php is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

9.8CVSS7.1AI score0.0078EPSS
Exploits1References9
RedHat Linux
RedHat Linux
added 2026/06/30 11:12 a.m.6 views

PHP: PHP SoapServer: Memory corruption and information disclosure via incorrect persistence handling

A flaw was found in the PHP SoapServer component. When the server is configured to maintain session persistence, an error during a SOAP request can cause the system to incorrectly manage memory. This can lead to a "use-after-free" vulnerability, where the system attempts to use memory that has...

9.8CVSS7.2AI score0.00302EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/30 11:12 a.m.4 views

php: php-soap: php-src: PHP SOAP extension: Remote Code Execution via use-after-free vulnerability

A flaw was found in PHP's SOAP extension. This vulnerability allows a remote attacker to execute arbitrary code on the affected system. The issue stems from a use-after-free error in the object deduplication mechanism, which can be triggered by sending a specially crafted SOAP request. This allow...

9.8CVSS7.8AI score0.00739EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/30 11:12 a.m.6 views

php: NULL pointer dereference in SOAP apache:Map decoder with missing <value>

A flaw was found in PHP. When a PHP SOAP server has a typemap configured, the apache:Map decoding process checks the incorrect variable in case of a missing value element. This incorrect check leads to a NULL pointer dereference and allows a remote unauthenticated attacker to crash the PHP SOAP...

7.5CVSS5.8AI score0.0078EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.13 views

Oracle E-Business Suite (June 2026 CSPU)

The versions of Oracle E-Business Suite installed on the remote host are affected by multiple vulnerabilities as referenced in the June 2026 CSPU advisory. - Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite component: Core. Easily exploitable...

9.9CVSS6AI score0.00473EPSS
Exploits0References57
OSV
OSV
added 2026/06/19 8:47 p.m.6 views

GHSA-GQV6-PWCG-87R8 CoreWCF: XML Signature Wrapping in WS-Security endorsing/supporting signature verification allows replay of captured signed messages

Impact The attacker, with one captured signed SOAP envelope from a victim and no other privileges, can invoke arbitrary operations on the service as the victim principal for the lifetime of the captured signing key. There is no rate limit on replays. The DetectReplays setting on transport-securit...

7.4CVSS6AI score0.00143EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/19 8:47 p.m.7 views

Improper Verification of Cryptographic Signature

Overview CoreWCF.Primitives is a port of the service side of Windows Communication Foundation WCF to .NET Core. The goal of this project is to enable existing WCF services to move to .NET Core. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in...

9.1CVSS6AI score0.00143EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.13 views

PT-2026-51080

Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.8.1 CoreWCF versions prior to 1.9.1 Description WS-Security signature verification fails to ensure that the selected ds:Signature covers the expected Security header target. This allows an attacker who has captured ...

7.4CVSS6AI score0.00143EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.5 views

PT-2026-56538

Name of the Vulnerable Software and Affected Versions Zeep versions 4.0.0 through 4.3.2 Description In this Python SOAP client, the Settings.forbid external setting is not enforced during the parsing of WSDL or XSD documents. This allows transitive xsd:import, xsd:include, wsdl:import, and lxml...

5.9CVSS6.1AI score0.00252EPSS
Exploits0References10
BDU FSTEC
BDU FSTEC
added 2026/06/18 12:0 a.m.3 views

The vulnerability of the SoapServer class in the PHP programming language involves the use of memory after it is freed. This allows attackers to exploit the vulnerable code to disclose sensitive information or cause service failures.

The vulnerability of the SoapServer class in the PHP programming language is related to the use of memory after it is freed during the processing of the SOAPPERSISTENCESESSION parameter. Exploiting this vulnerability can allow an attacker, operating remotely, to disclose sensitive information or...

10CVSS5.7AI score0.00302EPSS
Exploits0References4Affected Software2
NVD
NVD
added 2026/06/17 10:54 a.m.10 views

CVE-2026-46927

Vulnerability in the Oracle Receivables product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SOAP to compromise Oracle Receivables...

8.1CVSS0.00366EPSS
Exploits0References1
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.149 views

Ivanti EPM - Remote Code Execution

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. id: CVE-2024-29824 info: name: Ivanti EPM - Remote Code Execution author: DhiyaneshDK severity: critical description: | ...

9.6CVSS9.4AI score0.99951EPSS
Exploits5References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.18 views

PT-2026-50031

Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite Oracle Receivables versions 12.2.3 through 12.2.15 Description An issue exists in the Internal Operations component of Oracle Receivables. An unauthenticated attacker with network access via SOAP Simple Object Access...

8.1CVSS5.8AI score0.00366EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-40997

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Several Spring WS integration paths with Spring Security could surface detailed account state for example locked or disabled user semantics to remote SOAP clien...

5.3CVSS5.7AI score0.00366EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 7:16 a.m.12 views

CVE-2026-40997

Several Spring WS integration paths with Spring Security could surface detailed account state for example locked or disabled user semantics to remote SOAP clients through exception messages or callback outcomes, instead of failing with generic authentication errors. That behavior assists remote...

5.3CVSS0.00366EPSS
Exploits0References1
OSV
OSV
added 2026/06/11 7:16 a.m.7 views

UBUNTU-CVE-2026-40997

Several Spring WS integration paths with Spring Security could surface detailed account state for example locked or disabled user semantics to remote SOAP clients through exception messages or callback outcomes, instead of failing with generic authentication errors. That behavior assists remote...

5.3CVSS5.4AI score0.00366EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/11 5:4 a.m.30 views

CVE-2026-40997 SOAP security faults leak Spring Security account state

Several Spring WS integration paths with Spring Security could surface detailed account state for example locked or disabled user semantics to remote SOAP clients through exception messages or callback outcomes, instead of failing with generic authentication errors. That behavior assists remote...

5.3CVSS0.00366EPSS
Exploits0References1
CVE
CVE
added 2026/06/11 5:4 a.m.39 views

CVE-2026-40997

The CVE-2026-40997 issue affects Spring Web Services: versions 5.0.0–5.0.1, 4.1.0–4.1.3, 4.0.0–4.0.18, and 3.1.0–3.1.8. The vulnerability arises when several Spring WS integration paths with Spring Security reveal detailed account state (e.g., locked or disabled user semantics) to remote SOAP cli...

5.3CVSS5.5AI score0.00366EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/11 5:4 a.m.12 views

EUVD-2026-36207

Several Spring WS integration paths with Spring Security could surface detailed account state for example locked or disabled user semantics to remote SOAP clients through exception messages or callback outcomes, instead of failing with generic authentication errors. That behavior assists remote...

5.3CVSS5.5AI score0.00366EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.20 views

PT-2026-48620

Name of the Vulnerable Software and Affected Versions Spring Web Services versions 5.0.0 through 5.0.1 Spring Web Services versions 4.1.0 through 4.1.3 Spring Web Services versions 4.0.0 through 4.0.18 Spring Web Services versions 3.1.0 through 3.1.8 Description Integration paths between Spring W...

5.3CVSS5.8AI score0.00366EPSS
Exploits0References7
Rows per page
Query Builder