CVE-2026-35266

Vulnerability in Oracle REST Data Services component: Core. Supported versions that are affected are 24.2.0-26.1.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle REST Data Services. Successful attacks require human interaction...

PT-2026-44507

Vulnerability in Oracle REST Data Services component: Core. Supported versions that are affected are 24.2.0-26.1.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle REST Data Services. Successful attacks require human interaction...

Exploit for Deserialization of Untrusted Data in Drupal

CVE-2019-6340 — Drupal RESTful Web Services RCE Python imple...

CVE-2026-47323

Summary: CVE-2026-47323 affects Apache Camel's CXF and Knative header filtering, where inbound header filtering is not configured. This allows unauthenticated injection of Camel-internal headers (e.g., CamelExecCommandExecutable, CamelFileName) via HTTP requests to CXF-RS or CXF-SOAP endpoints. W...

CLSA-2025-1764771605 jackson-jaxrs-providers: Fix of CVE-2025-52999

Rebuilt with the CVE-2025-52999: fixed jackson-core version - Fixed build: replaced missing packages with a patch for PackageVersion...

EUVD-2013-2933

Malware in sbrugna...

EUVD-2012-0545

Malware in sbrugna...

EUVD-2012-0116

Malware in sbrugna...

EUVD-2012-3276

Malware in sbrugna...

EUVD-2011-3482

Malware in sbrugna...

EUVD-2024-18794

Malicious code in bioql PyPI...

PT-2024-40372 · Varnish +1 · Varnish +1

Name of the Vulnerable Software and Affected Versions: ezplatform-http-cache affected versions not specified Description: The issue is related to the BREACH vulnerability, which affects HTTP compression and can allow secrets to be extracted through carefully crafted requests. This is due to...

apache: cxf: org.apache.cxf:cxf-rt-rs-service-description: SSRF via WADL stylesheet parameter

A Server-side request forgery SSRF vulnerability has been identified in Apache CXF in the WADL service description. The flaw allows an attacker to perform SSRF-style attacks on REST web services. The attack only applies if a custom stylesheet parameter is configured...

CVE-2024-21080

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite component: REST Services. Supported versions that are affected are 12.2.9-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Applications...

CVE-2024-21080

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite component: REST Services. Supported versions that are affected are 12.2.9-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Applications...

PT-2023-9064 · Oracle · Oracle E-Business Suite

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.9 through 12.2.13 Description: The issue is related to insufficient input validation in the REST Services component of the Oracle Applications Framework. This can allow a remote attacker to gain...

Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages

Summary The z/TPF system was updated to address all the vulnerabilities described by the CVEs that are listed in the Vulnerability Details. These vulnerabilities are related to REST services that are implemented in Java. Vulnerability Details CVEID:CVE-2019-12086 DESCRIPTION: FasterXML...

GHSA-HF4P-MHC8-X2GP Apache Archiva vulnerable to Cross Site Request Forgery

Several REST service endpoints of Apache Archiva are not protected against Cross Site Request Forgery CSRF attacks. A malicious site opened in the same browser as the archiva site, may send an HTML response that performs arbitrary actions on archiva services, with the same rights as the active...

Apache Archiva vulnerable to Cross Site Request Forgery

Several REST service endpoints of Apache Archiva are not protected against Cross Site Request Forgery CSRF attacks. A malicious site opened in the same browser as the archiva site, may send an HTML response that performs arbitrary actions on archiva services, with the same rights as the active...

Improper Access Control

Keycloak REST Services is vulnerable to improper access control. The vulnerability exists in exchangeClientToClient function in DefaultTokenExchangeProvider because the clients can exchange the tokens issued to other clients by passing the clientid which allows an attacker to gain unauthorized...