Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/06/25 9:16 p.m.25 views

CVE-2026-12992 Apicurio/apicurio-registry: apicurio-registry: ssrf via wsdl4j import dereference in wsdl full validation

A flaw was found in Apicurio Registry. The WSDLReaderAccessor creates a wsdl4j WSDLReader without disabling the javax.wsdl.importDocuments feature. When the VALIDITY rule is set to FULL, an attacker with Developer-role access can upload a WSDL document containing attacker-controlled import...

7.4CVSS0.00187EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/25 9:16 p.m.7 views

CVE-2026-12992 Apicurio/apicurio-registry: apicurio-registry: ssrf via wsdl4j import dereference in wsdl full validation

A flaw was found in Apicurio Registry. The WSDLReaderAccessor creates a wsdl4j WSDLReader without disabling the javax.wsdl.importDocuments feature. When the VALIDITY rule is set to FULL, an attacker with Developer-role access can upload a WSDL document containing attacker-controlled import...

7.4CVSS6AI score0.00187EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 9:16 p.m.22 views

CVE-2026-12992

Apicurio Registry is affected by an SSRF flaw in the WSDL handling path. The WSDLReaderAccessor constructs a wsdl4j WSDLReader without disabling javax.wsdl.importDocuments, and with the FULL VALIDITY rule enabled, a Developer-role user can upload a WSDL with attacker-controlled import locations, ...

7.4CVSS6AI score0.00187EPSS
Exploits0References3Affected Software1
Amazon
Amazon
added 2011/10/31 12:0 a.m.33 views

Medium: perl-libwww-perl

Issue Overview: The Net::HTTPS module in libwww-perl LWP before 6.00, as used in WWW::Mechanize, LWP::UserAgent, and other products, when running in environments that do not set the If-SSL-Cert-Subject header, does not enable full validation of SSL certificates by default, which allows remote...

4.3CVSS6.8AI score0.04246EPSS
Exploits1
Rows per page
Query Builder