EUVD-2021-0770

Malware in sbrugna...

EUVD-2022-5771

Malicious code in bioql PyPI...

EUVD-2022-0592

Malicious code in bioql PyPI...

EUVD-2022-1980

Malicious code in bioql PyPI...

EUVD-2022-2021

Malicious code in bioql PyPI...

EUVD-2022-2671

Malicious code in bioql PyPI...

Security Bulletin:IBM WebSphere Application Server Liberty shipped with IBM OpenPages is vulnerable to a denial of service due to Apache CXF (CVE-2025-23184)

Summary IBM WebSphere Application Server Liberty is shipped as a supporting program of IBM OpenPages. Information about a denial of service due to Apache CXF vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. These products have addressed t...

Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Apache CXF (CVE-2025-23184)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera, and...

Apache CXF 3.5.10 / 3.6.5 / 4.0.6 / 4.1.0 DoS (CVE-2025-48795)

The version of Apache CXF installed on the remote host is 3.5.10, 3.6.5, 4.0.6, or 4.1.0. It is, therefore, affected by a denial of service vulnerability: - Apache CXF stores large stream based messages as temporary files on the local filesystem. A bug was introduced which means that the entire...

CVE-2025-48795 Apache CXF: Denial of Service and sensitive data exposure in logs

Apache CXF stores large stream based messages as temporary files on the local filesystem. A bug was introduced which means that the entire temporary file is read into memory and then logged. An attacker might be able to exploit this to cause a denial of service attack by causing an out of memory...

Security Bulletin: IBM Tivoli Business Service Manager is vulnerable to denial of service attack due to Apache CXF (CVE-2025-23184)

Summary Apache CXF is shipped with IBM Tivoli Business Service Manager as part of the web services framework. Information about a security vulnerability affecting Apache CXF has been published in a security bulletin. Vulnerability Details CVEID:CVE-2025-23184 DESCRIPTION: A potential denial of...

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Apache CXF (CVE-2025-23184)

Summary There is a vulnerability in the Apache CXF library used by IBM WebSphere Application Server Liberty with the jaxws-2.2, xmlWS-3.0 or xmlWS-4.0 feature enabled. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin:...

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to a denial of service due to Apache CXF (CVE-2025-23184)

Summary There is a vulnerability in the Apache CXF library used by IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, with the jaxws-2.2, xmlWS-3.0 or xmlWS-4.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the...

Apache CXF < 3.5.10 , 3.6.x < 3.6.5, 4.0.x < 4.0.6 DoS

In versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6, a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected and it is possible that memory consumption will continue to increase, eventually causing the application to run out of memory. Note that Nessus has not...

CVE-2025-23184

A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system it applies to servers and clients...

CVE-2022-46363 Apache CXF directory listing / code exfiltration

A vulnerability in Apache CXF before versions 3.5.5 and 3.4.10 allows an attacker to perform a remote directory listing or code exfiltration. The vulnerability only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes...

com.argusoft:medplat_core (>=0.0.1 <=0.0.8), com.argusoft:medplat_lms (=0.0.1) +294 more potentially affected by CVE-2016-6812 via org.apache.cxf:cxf-core (>=3.0.0-milestone1 <=3.0.11)

org.apache.cxf:cxf-core MAVEN version =3.0.0-milestone1, =0.0.1, =3.0.1, =0.0.1, =0.6, =0.1.0, =0.1.0, =1.4, =1.6, =2.0.0, =2.0.9, =2.3.16, =1.0.0, =1.0.0, =1.0.0, =2.0.4 and more Source cves: CVE-2016-6812 Source advisory: OSV:GHSA-VW2C-5WPH-V92R...

com.github.livesense:org.liveSense.sample.webServiceServlet (>=1.0.3 <=1.0.5), com.github.livesense:org.liveSense.service.cxf (>=1.0.3 <=1.0.5) +286 more potentially affected by CVE-2014-3584 via org.apache.cxf:cxf-rt-frontend-jaxrs (>=2.7.0 <=2.7.7)

org.apache.cxf:cxf-rt-frontend-jaxrs MAVEN version =2.7.0, =1.0.3, =1.0.3, =1.5, =1.5, =1.5, =1.5, =0.2.0, =0.2.0, =1.0.0, =0.4.0, =0.4.1, =0.6.0 - com.treelogic-swe:aws-mock =1.0 and more Source cves: CVE-2014-3584 Source advisory: OSV:GHSA-GW5J-77F9-V2G2...

com.apitrary:apitrary-api-client (=0.1), com.apitrary:apitrary-orm-core (=0.1) +88 more potentially affected by CVE-2013-0239 via org.apache.cxf:cxf-rt-frontend-jaxrs (>=2.6.0 <=2.6.5)

org.apache.cxf:cxf-rt-frontend-jaxrs MAVEN version =2.6.0, =0.0.2, =1.0.0, =1.0.0, =1.0.3, =1.0.M1, =1.0.M1, =1.0.M2, =1.0.0, =1.0.0, =1.0.6 and more Source cves: CVE-2013-0239 Source advisory: OSV:GHSA-P5C5-6564-VVR8...

com.kumuluz.ee:kumuluzee-jax-ws-cxf (>=2.6.0 <=3.12.2), net.kieker-monitoring:analysis (>=2.0.0 <=2.0.3) +1 more potentially affected by CVE-2021-22696 via org.apache.cxf:cxf (>=2.7.18 <=3.2.6)

org.apache.cxf:cxf MAVEN version =2.7.18, =2.6.0, =2.0.0, =2.0.3 - org.apache.nutch:nutch =1.10 Source cves: CVE-2021-22696 Source advisory: OSV:GHSA-7Q4H-PJ78-J7VG...