Lucene search
K

127 matches found

CVE
CVE
added yesterday16 views

CVE-2026-54784

CoreWCF CVE-2026-54784 affects CoreWCF 1.9.0 where SPNEGO SecurityContextToken proof key recovered from the RSTR can be observed when using TransportWithMessageCredential with Windows client credentials, enabling impersonation of the Windows principal and decryption/forgery of WS‑SecureConversati...

7.4CVSS6AI score
Exploits0References4
CVE
CVE
added yesterday12 views

CVE-2026-54775

Summary: CVE-2026-54775 affects CoreWCF.Kafka’s KafkaTransportPump. Before versions 1.8.1 and 1.9.1, a null-value tombstone (Kafka tombstone) on a topic causes the pump to halt, stopping processing of new records and potentially causing persistent endpoint denial of service for topics with produc...

6.5CVSS6AI score
Exploits0References6
CVE
CVE
added yesterday13 views

CVE-2026-54773

CoreWCF WS-Security signature substitution vulnerability: prior to versions 1.8.1 and 1.9.1, WS-Security verification performs a document-wide ds:Signature lookup, allowing an unauthenticated remote attacker to place a SOAP header before wsse:Security and cause attacker-supplied ds:Signature to b...

5.9CVSS6AI score
Exploits0References6
CVE
CVE
added yesterday9 views

CVE-2026-54772

CoreWCF (net.tcp/net.pipe/net.uds) prior to versions 1.8.1 and 1.9.1 is affected. An unauthenticated remote attacker can trigger premature EOF handling in the framing handshake, causing one server thread-pool worker to be pinned at 100% CPU per connection and potentially exhausting CPU with multi...

7.5CVSS6AI score
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/06/19 8:46 p.m.4 views

CoreWCF: SamlSerializer skips SignatureValue verification when SAML signing token is not an X.509 certificate

Impact When a service is configured to validate SAML tokens using a method other than X.509 certificate signing, the final signature verification is skipped. Preconditions The service is configured to authenticate using SAML tokens and an out of band token resolver commonly the IssuerTokenResolve...

7.4CVSS5.8AI score
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/19 8:46 p.m.9 views

GHSA-P86G-XRR2-PF7C CoreWCF: Pre-authentication infinite-loop CPU exhaustion in CoreWCF net.tcp / net.pipe / net.uds framing handshake

Impact An unauthenticated remote attacker can pin one server thread‑pool worker at 100 % CPU per connection. With a few connections, the CPU usage can be exhausted. Preconditions An attacker being able to reach a service which is exposing an endpoint using one of NetTcpBinding, NetNamedPipeBindin...

7.5CVSS5.9AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.9 views

PT-2026-51076

Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.8.1 CoreWCF versions prior to 1.9.1 Description SAML token replay protection is inoperative because the DefaultTokenReplayCache.TryAdd function does not reject duplicate tokens when DetectReplayedTokens is enabled...

5.9CVSS5.9AI score
Exploits0References9
OSV
OSV
added 2026/04/28 12:30 p.m.6 views

MINI-GCH7-HRCG-8WCF

Bulletin has no description...

8.7CVSS4.8AI score0.00656EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/23 7:58 p.m.5 views

CVE-2026-39907

Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose an unauthenticated WCF SOAP endpoint on TCP port 1208 that accepts unsanitized file paths in the ReadLicense action's LFName parameter, allowing remote attackers to trigger SMB connections and leak NTLMv2...

10CVSS5.8AI score0.00618EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2026/04/16 4:40 p.m.302 views

ffensive-playbook

HackTheBox — Writeups Collection A collection of HackTheBox m...

9.9CVSS6.4AI score0.75197EPSS
Exploits27
Microsoft KB
Microsoft KB
added 2026/04/14 2:0 p.m.6 views

April 14, 2026-KB5082421 Cumulative Update for .NET Framework 4.8.1 for Windows 11, version 26H1

April 14, 2026-KB5082421 Cumulative Update for .NET Framework 4.8.1 for Windows 11, version 26H1 Release Date: April 14, 2026 Version: .NET Framework 4.8.1 The April 14, 2026 update for Windows 11, version 26H1 includes security and cumulative reliability improvements in .NET Framework 4.8.1. We...

7.5CVSS6.4AI score0.02279EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 8:50 a.m.23 views

CVE-2021-31475

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Job Scheduler 2020.2.1 HF 2. Authentication is required to exploit this vulnerability. The specific flaw exists within the JobRouterService WCF service. The issue is due to the WCF...

9CVSS7.3AI score0.06485EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/10 3:26 a.m.5 views

CVE-2025-66631

CSLA .NET is a framework designed for the development of reusable, object-oriented business layers for applications. Versions 5.5.4 and below allow the use of WcfProxy. WcfProxy uses the now-obsolete NetDataContractSerializer NDCS and is vulnerable to remote code execution during deserialization...

9.2CVSS7.8AI score0.00575EPSS
Exploits0References1
CVE
CVE
added 2025/12/09 3:18 a.m.22 views

CVE-2025-66631

CSLA .NET prior to 6.0.0 is vulnerable to remote code execution during deserialization when using WcfProxy, which relies on the obsolete NetDataContractSerializer (NDCS). Supported details from multiple sources show that versions 5.5.4 and below are affected, while version 6.0.0 and above remove ...

9.8CVSS7.7AI score0.00575EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/12/09 3:18 a.m.7 views

CVE-2025-66631 CSLA .NET is vulnerable to Remote Code Execution via WcfProxy

CSLA .NET is a framework designed for the development of reusable, object-oriented business layers for applications. Versions 5.5.4 and below allow the use of WcfProxy. WcfProxy uses the now-obsolete NetDataContractSerializer NDCS and is vulnerable to remote code execution during deserialization...

9.2CVSS8AI score0.00575EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/12/08 10:15 p.m.7 views

Csla affected by Remote Code Execution via WcfProxy (NetDataContractSerializer)

Impact Versions of CSLA .NET prior to version 6 allow the use of WcfProxy. WcfProxy uses the NetDataContractSerializer NDCS which has known vulnerabilities that can allow remote execution of code during deserialization. NDCS itself is considered obsolete, and you should avoid using WcfProxy or...

9.8CVSS7.4AI score0.00575EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-20399

Malware in sbrugna...

7.8CVSS7.7AI score0.00394EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-5050

Malware in sbrugna...

10CVSS9.5AI score0.02413EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-14042

Malware in sbrugna...

7.8CVSS7.7AI score0.01092EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-6189

Malware in sbrugna...

4.9CVSS5.3AI score0.00979EPSS
Exploits1References3
Rows per page
Query Builder