Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2026/06/15 2:36 p.m.7 views

CVE-2026-50633

A flaw was found in Apache CXF's JCA integration module. This Java Naming and Directory Interface JNDI Injection vulnerability allows for arbitrary code execution. A remote attacker could exploit this by manipulating the Java EE Connector Architecture JCA deployment descriptor ra.xml or runtime...

8.1CVSS5.7AI score0.00782EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/12 9:2 a.m.24 views

CVE-2026-50633 Apache CXF: JNDI Injection vulnerability in DispatchMDBMessageListenerImpl

A JNDI Injection vulnerability has been discovered in Apache CXF's JCA integration module, which can allow for code execution, if an attacker is able to manipulate the JCA deployment descriptor ra.xml or runtime activation parameters. Users are recommended to upgrade to versions 4.2.2 or 4.1.7,...

0.00782EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 9:2 a.m.37 views

CVE-2026-50633

The CVE-2026-50633 issue is a JNDI Injection vulnerability in Apache CXF’s JCA integration module (DispatchMDBMessageListenerImpl). The vulnerability allows code execution when an attacker can manipulate the JCA deployment descriptor (ra.xml) or runtime activation parameters. Affected software is...

8.1CVSS5.4AI score0.00782EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.7 views

PT-2026-48852

Name of the Vulnerable Software and Affected Versions Apache CXF versions prior to 4.2.2 Apache CXF versions prior to 4.1.7 Description A JNDI Injection issue exists in the JCA integration module. This occurs when an attacker can manipulate the JCA deployment descriptor 'ra.xml' or runtime...

8.1CVSS5.8AI score0.00782EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/04/21 7:23 p.m.5 views

CVE-2026-5588

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix. The PKIX draft CompositeVerifier implementation improperly accepts an empty signature sequence as a valid cryptographic signature. This issue allows a remote attacker to bypass signature verification mechanisms, potentially...

7.5CVSS5.4AI score0.00392EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2025/07/16 12:30 p.m.9 views

org.glassfish.main.admingui:console-cluster-plugin (>=3.1.2 <=9.0.0-M2), org.glassfish.main.admingui:console-commandrecorder-plugin (>=7.0.16 <=9.0.0-M2) +16 more potentially affected by CVE-2024-9343 via org.glassfish.main.admingui:console-common (>=3.1.2 <=9.0.0-M2)

org.glassfish.main.admingui:console-common MAVEN version =3.1.2, =3.1.2, =7.0.16, =3.1.2, =3.1.2, =3.1.2, =3.1.2, =3.1.2, =4.0, =8.0.2, =3.1.2, =4.0, =3.1.2, =4.0, =4.0, =6.2.5, =9.0.0-M2 and more Source cves: CVE-2024-9343 Source advisory:...

6.1CVSS5.7AI score0.00219EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/05/14 2:49 a.m.5 views

com.liferay:com.liferay.portal.store.jcr (>=1.0.0 <=2.0.3), com.squeakysand.jcr:squeakysand-jcr-taglib-test (>=0.2.0 <=0.4.0) +8 more potentially affected by CVE-2015-1833 via org.apache.jackrabbit:jackrabbit-core (>=2.2.0 <=2.2.13)

org.apache.jackrabbit:jackrabbit-core MAVEN version =2.2.0, =1.0.0, =0.2.0, =0.2.0, =2.10.0, =2.2.0, =2.2.0, =1.2.0-cr4, =1.2.0-cr8 Source cves: CVE-2015-1833 Source advisory: OSV:GHSA-9284-J4C9-779Q...

6.4CVSS5.8AI score0.51488EPSS
Exploits6
vulnersOsv
vulnersOsv
added 2022/05/14 2:49 a.m.5 views

com.day.crx:crx-auth-ldap (=2.3.15), com.day.crx:crx-spellchecker (>=2.3.14 <=2.3.64) +14 more potentially affected by CVE-2015-1833 via org.apache.jackrabbit:jackrabbit-core (>=2.4.0 <=2.4.5)

org.apache.jackrabbit:jackrabbit-core MAVEN version =2.4.0, =2.3.14, =2.3.14, =0.6.0, =2.4.0, =2.4.0, =2.4.0, =5.12.0, =5.11.0, =5.11.0, =5.11.0, =5.12.2 and more Source cves: CVE-2015-1833 Source advisory: OSV:GHSA-9284-J4C9-779Q...

6.4CVSS5.8AI score0.51488EPSS
Exploits6
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:7 a.m.18 views

Security Bulletin: Potential security vulnerability in IBM WebSphere Application Server in Bluemix MQ JCA Resource adapter (CVE-2016-0360)

Summary There is a potential security vulnerability with the WebSphere Application Server MQ JCA Resource adapter. Vulnerability Details CVEID: CVE-2016-0360 DESCRIPTION: IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that deserialize objects from untrusted sources whi...

9.8CVSS1.4AI score0.02812EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:6 a.m.12 views

Security Bulletin: Potential security vulnerability in WebSphere Application Server MQ JCA Resource adapter (CVE-2016-0360)

Summary There is a potential security vulnerability with the WebSphere Application Server MQ JCA Resource adapter. Vulnerability Details CVEID: CVE-2016-0360 DESCRIPTION: IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that deserialize objects from untrusted sources whi...

9.8CVSS8AI score0.02812EPSS
Exploits0Affected Software1
Prion
Prion
added 2018/06/04 1:29 p.m.27 views

Design/Logic Flaw

In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size...

5CVSS6.8AI score0.03174EPSS
Exploits0References8Affected Software2
Rows per page
Query Builder