Lucene search
+L

1078 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.13 views

CVE-2026-44618

Insecure XML parser configuration in Apache CXF's WS-Transfer module may allow attackers to perform XXE attacks. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue...

5.3CVSS5.4AI score0.00338EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/04 8:33 a.m.10 views

CVE-2026-44417

A flaw was found in Apache CXF. Untrusted users, if allowed to configure Java Message Service JMS for Apache CXF, can exploit this vulnerability to achieve remote code execution RCE. This issue arises from an incomplete fix for a prior security flaw, indicating an alternative path that could lead...

7.5CVSS6.4AI score0.0064EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/26 1:30 p.m.8 views

Apache CXF has an LDAP injection vulnerability

An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF may allow an attacker to retrieve arbitrary certificates from the repository. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue...

9.8CVSS5.8AI score0.00722EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/26 1:30 p.m.4 views

Apache CXF: Untrusted JMS configuration can lead to RCE

The fix for CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE was not complete, meaning that another path in the code might lead to code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. Users are recommended to upgrade to versions 4.2.1...

9.8CVSS7.5AI score0.00793EPSS
Exploits0References3Affected Software1
vulnersOsv
vulnersOsv
added 2026/05/22 3:47 p.m.6 views

org.apache.cxf.services.xkms:cxf-services-xkms-war (>=4.0.0 <=4.1.5) potentially affected by CVE-2026-44930 via org.apache.cxf.services.xkms:cxf-services-xkms-x509-repo-ldap (>=4.0.0 <=4.1.5)

org.apache.cxf.services.xkms:cxf-services-xkms-x509-repo-ldap MAVEN version =4.0.0, =4.0.0, =4.1.5 Source cves: CVE-2026-44930 Source advisory: SNYK:JAVA-ORGAPACHECXFSERVICESXKMS-16874169...

9.8CVSS5.5AI score0.00722EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/22 3:47 p.m.6 views

org.apache.cxf.services.xkms:cxf-services-xkms-war (=4.2.0) potentially affected by CVE-2026-44930 via org.apache.cxf.services.xkms:cxf-services-xkms-x509-repo-ldap (=4.2.0)

org.apache.cxf.services.xkms:cxf-services-xkms-x509-repo-ldap MAVEN version =4.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.cxf.services.xkms:cxf-services-xkms-x509-repo-ldap and may be impacted: -...

9.8CVSS5.5AI score0.00722EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/22 3:47 p.m.9 views

org.apache.cxf.systests:cxf-systests-jaxrs (=4.2.0), org.apache.cxf.systests:cxf-systests-transport-jms (=4.2.0) +4 more potentially affected by CVE-2025-48913 +1 more via org.apache.cxf:cxf-rt-transports-jms (=4.2.0)

org.apache.cxf:cxf-rt-transports-jms MAVEN version =4.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.cxf:cxf-rt-transports-jms and may be impacted: - org.apache.cxf.systests:cxf-systests-jaxrs =4.2.0 -...

9.8CVSS7.2AI score0.00793EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/22 3:47 p.m.7 views

org.apache.cxf.systests:cxf-systests-jaxrs (>=4.0.0 <=4.1.5), org.apache.cxf.systests:cxf-systests-transport-jms (>=4.0.0 <=4.1.5) +18 more potentially affected by CVE-2025-48913 +1 more via org.apache.cxf:cxf-rt-transports-jms (>=4.0.0 <=4.1.5)

org.apache.cxf:cxf-rt-transports-jms MAVEN version =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =6.2.0.Final, =7.3.7.Final, =7.0.0.Final, =7.0.0.Final, =6.2.0.Final, =6.2.0.Final, =7.0.0.Final, =7.0.0.Final, =6.2.0.Final, =7.4.0.Beta3 and more Source cves: CVE-2025-48913, CVE-2026-4441...

9.8CVSS7.2AI score0.00793EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/22 3:47 p.m.9 views

org.apache.camel:camel-example-cxf (>=2.14.0 <=2.19.5), org.apache.cxf.osgi.itests:org.apache.cxf.osgi.itests (>=3.0.0 <=3.6.10) +17 more potentially affected by CVE-2025-48913 +1 more via org.apache.cxf:cxf-rt-transports-jms (>=3.0.0-milestone1 <=3.6.10)

org.apache.cxf:cxf-rt-transports-jms MAVEN version =3.0.0-milestone1, =2.14.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.2.0, =5.0.0.Beta1, =5.0.0.Beta1, =5.0.0.Beta1, =5.0.0.Beta1, =5.5.0.Final and more Source cves: CVE-2025-48913, CVE-2026-44417 Source advisory:...

9.8CVSS7.2AI score0.00793EPSS
Exploits0
Snyk
Snyk
added 2026/05/22 3:47 p.m.7 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data when importing JMS configuration with setJndiEnvironment in AbstractMessageListenerContainer. A user who control the JMS configuration can execute arbitrary code. Note: This vulnerability is a bypass of...

9.8CVSS7.4AI score0.00793EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/05/22 3:47 p.m.8 views

com.github.vindell:spring-boot-starter-cxf-jaxws-plus (>=1.0.0.RELEASE <=1.0.2.RELEASE), org.apache.cxf:apache-cxf (>=3.3.0 <=3.6.10) +1 more potentially affected by CVE-2026-44618 via org.apache.cxf:cxf-rt-ws-transfer (>=3.2.4 <=3.6.10)

org.apache.cxf:cxf-rt-ws-transfer MAVEN version =3.2.4, =1.0.0.RELEASE, =3.3.0, =3.4.0, =3.6.10 Source cves: CVE-2026-44618 Source advisory: SNYK:JAVA-ORGAPACHECXF-17115402...

5.3CVSS5.4AI score0.00338EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/22 3:47 p.m.9 views

org.apache.cxf:apache-cxf (=4.2.0), org.apache.cxf:cxf-distribution-javadoc (=4.2.0) potentially affected by CVE-2026-44618 via org.apache.cxf:cxf-rt-ws-transfer (=4.2.0)

org.apache.cxf:cxf-rt-ws-transfer MAVEN version =4.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.cxf:cxf-rt-ws-transfer and may be impacted: - org.apache.cxf:apache-cxf =4.2.0 - org.apache.cxf:cxf-distribution-javadoc =4.2.0 Source cve...

5.3CVSS5.4AI score0.00338EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/22 3:47 p.m.7 views

org.apache.cxf:apache-cxf (>=4.0.0 <=4.1.5), org.apache.cxf:cxf-distribution-javadoc (>=4.0.0 <=4.1.5) potentially affected by CVE-2026-44618 via org.apache.cxf:cxf-rt-ws-transfer (>=4.0.0 <=4.1.5)

org.apache.cxf:cxf-rt-ws-transfer MAVEN version =4.0.0, =4.0.0, =4.0.0, =4.1.5 Source cves: CVE-2026-44618 Source advisory: SNYK:JAVA-ORGAPACHECXF-17115402...

5.3CVSS5.4AI score0.00338EPSS
Exploits0
Snyk
Snyk
added 2026/05/22 3:47 p.m.7 views

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection in the use of SchemaFactory.newInstance and TransformerFactory.newInstance without applying FEATURESECUREPROCESSING. An attacker can access sensitive files or interact with internal systems by submittin...

6.9CVSS5.9AI score0.00338EPSS
Exploits0References2
NVD
NVD
added 2026/05/22 1:16 p.m.24 views

CVE-2026-44417

The fix for CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE was not complete, meaning that another path in the code might lead to code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. Users are recommended to upgrade to versions 4.2.1...

7.5CVSS0.0064EPSS
Exploits0References5
NVD
NVD
added 2026/05/22 1:16 p.m.19 views

CVE-2026-44930

An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF may allow an attacker to retrieve arbitrary certificates from the repository. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue...

9.8CVSS0.00722EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/22 12:17 p.m.6 views

CVE-2026-44417

The fix for CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE was not complete, meaning that another path in the code might lead to code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. Users are recommended to upgrade to versions 4.2.1...

9.8CVSS7.5AI score0.00793EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/22 12:17 p.m.16 views

EUVD-2026-31432

The fix for CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE was not complete, meaning that another path in the code might lead to code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. Users are recommended to upgrade to versions 4.2.1...

9.8CVSS7.5AI score0.00793EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/22 12:17 p.m.11 views

CVE-2026-44417 Apache CXF: Incomplete fix for CVE-2025-48913 (Untrusted JMS configuration can lead to RCE)

The fix for CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE was not complete, meaning that another path in the code might lead to code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. Users are recommended to upgrade to versions 4.2.1...

6.2AI score0.0064EPSS
Exploits0References1
CVE
CVE
added 2026/05/22 12:17 p.m.76 views

CVE-2026-44417

CVE-2026-44417 is an Apache CXF-related issue that completes the fix for CVE-2025-48913. The vulnerability arises when untrusted users can configure JMS in CXF, potentially enabling code execution. The published advisories indicate an incomplete fix previously, and upgrades are recommended to mit...

7.5CVSS7.5AI score0.0064EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder