2 matches found
CVE-2026-40996
CVE-2026-40996 affects Spring Web Services where Wss4jSecurityInterceptor incorrectly defaults allowRSA15KeyTransportAlgorithm to true, overriding Apache WSS4J’s safer validation behavior for RequestData. This could allow RSA PKCS#1 v1.5 (rsa-1_5) encrypted key material in inbound WS-Security dec...
Totemomail Encryption Gateway 6.0.0_Build_371 JSONP Hijacking
COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: totemomail Encryption Gateway Vendor: totemo AG CSNC ID: CSNC-2018-002 CVE ID: CVE-2018-6562 Subject: JSONP hijacking Risk: High Effect: Remotely exploitable Author: Nicolas Heiniger Date: 14.05.2018...