Lucene search
K

9 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-40994

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Wss4jSecurityInterceptor initialized its BSP WS-I Basic Security Profile compliance flag so that inbound validation disabled WSS4J BSP enforcement on RequestDat...

8.2CVSS5.5AI score0.00229EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 7:16 a.m.12 views

CVE-2026-41000

Wss4jSecurityInterceptor did not consistently wire Apache WSS4J ReplayCache instances into RequestData for validation-time checks. As a result, protections against replay of UsernameToken nonces and creation timestamps, Timestamp elements, and certain SAML one-time-use semantics could be...

3.7CVSS0.00223EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.15 views

PT-2026-48619

Name of the Vulnerable Software and Affected Versions Spring Web Services versions 5.0.0 through 5.0.1 Spring Web Services versions 4.1.0 through 4.1.3 Spring Web Services versions 4.0.0 through 4.0.18 Spring Web Services versions 3.1.0 through 3.1.8 Description Wss4jSecurityInterceptor sets the...

4.8CVSS5.8AI score0.00129EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.14 views

PT-2026-48623

Name of the Vulnerable Software and Affected Versions Spring Web Services versions 5.0.0 through 5.0.1 Spring Web Services versions 4.1.0 through 4.1.3 Spring Web Services versions 4.0.0 through 4.0.18 Spring Web Services versions 3.1.0 through 3.1.8 Description The Wss4jSecurityInterceptor faile...

3.7CVSS5.8AI score0.00223EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.12 views

VMware Spring Web Services 安全漏洞

VMware Spring Web Services is a SOAP Web services development framework provided by the American company VMware. There are security vulnerabilities in versions 5.0.0 to 5.0.1, 4.1.0 to 4.1.3, 4.0.0 to 4.0.18, and 3.1.0 to 3.1.8 of VMware Spring Web Services. These vulnerabilities stem from...

3.7CVSS5.4AI score0.00223EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/10 12:0 a.m.7 views

Use of RSA Algorithm without OAEP

Overview Affected versions of this package are vulnerable to Use of RSA Algorithm without OAEP via the Wss4jSecurityInterceptor class, in the Wss4jSecurityInterceptor.java file due to defaulting allowRSA15KeyTransportAlgorithm to true when building the validation RequestData. This overrides Apach...

6.3CVSS5.4AI score0.00129EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 12:0 a.m.8 views

Insecure Defaults

Overview Affected versions of this package are vulnerable to Insecure Defaults due to the Wss4jSecurityInterceptor class in Wss4jSecurityInterceptor.java initializing its bspCompliant flag to false, so inbound validation always calls RequestData.setDisableBSPEnforcementtrue and disables WSS4J's...

8.8CVSS5.4AI score0.00229EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-1624

Malicious code in bioql PyPI...

5.9CVSS6.8AI score0.01756EPSS
Exploits0References38
OSV
OSV
added 2014/12/26 5:4 p.m.6 views

MGASA-2014-0552 Updated wss4j packages fix CVE-2014-3623

Updated wss4j packages fixes security vulnerability: Apache WSS4J before 1.6.17, when using TransportBinding, does not properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vectors CVE-2014-3623...

5CVSS6.4AI score0.09224EPSS
Exploits0References3
Rows per page
Query Builder