Lucene search
K

78 matches found

EUVD
EUVD
added 2026/06/26 12:32 a.m.5 views

EUVD-2026-39593

A flaw was found in Apicurio Registry. The DocumentBuilderAccessor correctly blocks external DTD and schema access but does not disable DOCTYPE declarations or enable FEATURESECUREPROCESSING. An attacker with artifact-write permission can upload XML documents with internal entity-expansion payloa...

6.5CVSS5.8AI score0.00243EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/26 12:32 a.m.7 views

EUVD-2026-39574

A flaw was found in Apicurio Registry. The ContentTypeUtil.isParsableXml method creates a SAXParserFactory without enabling secure processing features or disabling external entity resolution. An attacker with artifact-write permission or unauthenticated when the registry runs with default...

8.5CVSS5.8AI score0.00233EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/26 12:32 a.m.6 views

EUVD-2026-39577

A flaw was found in Apicurio Registry. The WSDLReaderAccessor creates a wsdl4j WSDLReader without disabling the javax.wsdl.importDocuments feature. When the VALIDITY rule is set to FULL, an attacker with Developer-role access can upload a WSDL document containing attacker-controlled import...

7.4CVSS6AI score0.00187EPSS
Exploits0References3
NVD
NVD
added 2026/06/26 12:16 a.m.9 views

CVE-2026-12993

A flaw was found in Apicurio Registry. The DocumentBuilderAccessor correctly blocks external DTD and schema access but does not disable DOCTYPE declarations or enable FEATURESECUREPROCESSING. An attacker with artifact-write permission can upload XML documents with internal entity-expansion payloa...

6.5CVSS0.00243EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 11:23 p.m.18 views

CVE-2026-12993

Affected software: Apicurio Registry. Vulnerability: DocumentBuilderAccessor does not disable DOCTYPE declarations or enable FEATURE_SECURE_PROCESSING, allowing an attacker with artifact-write permission to upload XML documents containing internal entity-expansion payloads (billion-laughs) that c...

6.5CVSS5.8AI score0.00243EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/25 11:23 p.m.39 views

CVE-2026-12993 Apicurio/apicurio-registry: apicurio-registry: xml entity-expansion denial of service via internal dtd subset

A flaw was found in Apicurio Registry. The DocumentBuilderAccessor correctly blocks external DTD and schema access but does not disable DOCTYPE declarations or enable FEATURESECUREPROCESSING. An attacker with artifact-write permission can upload XML documents with internal entity-expansion payloa...

6.5CVSS0.00243EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/25 11:23 p.m.8 views

CVE-2026-12993

A flaw was found in Apicurio Registry. The DocumentBuilderAccessor correctly blocks external DTD and schema access but does not disable DOCTYPE declarations or enable FEATURESECUREPROCESSING. An attacker with artifact-write permission can upload XML documents with internal entity-expansion payloa...

6.5CVSS5.8AI score0.00243EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 10:17 p.m.10 views

CVE-2026-12992

A flaw was found in Apicurio Registry. The WSDLReaderAccessor creates a wsdl4j WSDLReader without disabling the javax.wsdl.importDocuments feature. When the VALIDITY rule is set to FULL, an attacker with Developer-role access can upload a WSDL document containing attacker-controlled import...

7.4CVSS0.00187EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 10:17 p.m.10 views

CVE-2026-12975

A flaw was found in Apicurio Registry. The ContentTypeUtil.isParsableXml method creates a SAXParserFactory without enabling secure processing features or disabling external entity resolution. An attacker with artifact-write permission or unauthenticated when the registry runs with default...

8.5CVSS0.00233EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/25 9:16 p.m.7 views

CVE-2026-12992 Apicurio/apicurio-registry: apicurio-registry: ssrf via wsdl4j import dereference in wsdl full validation

A flaw was found in Apicurio Registry. The WSDLReaderAccessor creates a wsdl4j WSDLReader without disabling the javax.wsdl.importDocuments feature. When the VALIDITY rule is set to FULL, an attacker with Developer-role access can upload a WSDL document containing attacker-controlled import...

7.4CVSS6AI score0.00187EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 9:16 p.m.21 views

CVE-2026-12992

Apicurio Registry is affected by an SSRF flaw in the WSDL handling path. The WSDLReaderAccessor constructs a wsdl4j WSDLReader without disabling javax.wsdl.importDocuments, and with the FULL VALIDITY rule enabled, a Developer-role user can upload a WSDL with attacker-controlled import locations, ...

7.4CVSS6AI score0.00187EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/25 9:16 p.m.22 views

CVE-2026-12992 Apicurio/apicurio-registry: apicurio-registry: ssrf via wsdl4j import dereference in wsdl full validation

A flaw was found in Apicurio Registry. The WSDLReaderAccessor creates a wsdl4j WSDLReader without disabling the javax.wsdl.importDocuments feature. When the VALIDITY rule is set to FULL, an attacker with Developer-role access can upload a WSDL document containing attacker-controlled import...

7.4CVSS0.00187EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/25 9:16 p.m.5 views

CVE-2026-12992

A flaw was found in Apicurio Registry. The WSDLReaderAccessor creates a wsdl4j WSDLReader without disabling the javax.wsdl.importDocuments feature. When the VALIDITY rule is set to FULL, an attacker with Developer-role access can upload a WSDL document containing attacker-controlled import...

7.4CVSS6AI score0.00187EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/25 9:12 p.m.6 views

CVE-2026-12975 Apicurio/apicurio-registry: apicurio-registry: unhardened saxparser in content-type detection leads to blind xxe / ssrf / billion-laughs dos

A flaw was found in Apicurio Registry. The ContentTypeUtil.isParsableXml method creates a SAXParserFactory without enabling secure processing features or disabling external entity resolution. An attacker with artifact-write permission or unauthenticated when the registry runs with default...

8.5CVSS5.8AI score0.00233EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 9:12 p.m.15 views

CVE-2026-12975

CVE-2026-12975 affects Apicurio Registry. The flaw is in ContentTypeUtil.isParsableXml(), which creates a SAXParserFactory without enabling secure processing features or disabling external entity resolution. An attacker with artifact-write permission (or unauthenticated when the registry runs wit...

8.5CVSS5.8AI score0.00233EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/25 9:12 p.m.25 views

CVE-2026-12975 Apicurio/apicurio-registry: apicurio-registry: unhardened saxparser in content-type detection leads to blind xxe / ssrf / billion-laughs dos

A flaw was found in Apicurio Registry. The ContentTypeUtil.isParsableXml method creates a SAXParserFactory without enabling secure processing features or disabling external entity resolution. An attacker with artifact-write permission or unauthenticated when the registry runs with default...

8.5CVSS0.00233EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/25 9:12 p.m.6 views

CVE-2026-12975

A flaw was found in Apicurio Registry. The ContentTypeUtil.isParsableXml method creates a SAXParserFactory without enabling secure processing features or disabling external entity resolution. An attacker with artifact-write permission or unauthenticated when the registry runs with default...

8.5CVSS5.8AI score0.00233EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.5 views

PT-2026-52629

Name of the Vulnerable Software and Affected Versions Apicurio Registry affected versions not specified Description A flaw exists in the DocumentBuilderAccessor where DOCTYPE declarations are not disabled and FEATURE SECURE PROCESSING is not enabled. Although external DTD and schema access are...

6.5CVSS5.9AI score0.00243EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.8 views

PT-2026-52594

Name of the Vulnerable Software and Affected Versions Apicurio Registry affected versions not specified Description A flaw exists where the WSDLReaderAccessor creates a wsdl4j WSDLReader without disabling the javax.wsdl.importDocuments feature. When the VALIDITY rule is set to FULL, a user with...

7.4CVSS5.9AI score0.00187EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.7 views

PT-2026-52593

Name of the Vulnerable Software and Affected Versions Apicurio Registry affected versions not specified Description A flaw exists in the ContentTypeUtil.isParsableXml function, which creates a SAXParserFactory without enabling secure processing features or disabling external entity resolution. Th...

8.5CVSS5.8AI score0.00233EPSS
Exploits0References8
Rows per page
Query Builder