94 matches found
CVE-2026-44915
creationtimestamp| type| source ---|---|--- 2026-06-19 14:40:08+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3monl4huei52p...
CVE-2026-40994
Wss4jSecurityInterceptor initialized its BSP WS-I Basic Security Profile compliance flag so that inbound validation disabled WSS4J BSP enforcement on RequestData. Services that validate WS-Security on the network could therefore accept messages that violate BSP rules, weakening protocol-level...
UBUNTU-CVE-2026-40994
Wss4jSecurityInterceptor initialized its BSP WS-I Basic Security Profile compliance flag so that inbound validation disabled WSS4J BSP enforcement on RequestData. Services that validate WS-Security on the network could therefore accept messages that violate BSP rules, weakening protocol-level...
EUVD-2026-36204
Wss4jSecurityInterceptor initialized its BSP WS-I Basic Security Profile compliance flag so that inbound validation disabled WSS4J BSP enforcement on RequestData. Services that validate WS-Security on the network could therefore accept messages that violate BSP rules, weakening protocol-level...
CVE-2026-40994 Wss4jSecurityInterceptor disables WS-I BSP validation by default
Wss4jSecurityInterceptor initialized its BSP WS-I Basic Security Profile compliance flag so that inbound validation disabled WSS4J BSP enforcement on RequestData. Services that validate WS-Security on the network could therefore accept messages that violate BSP rules, weakening protocol-level...
CVE-2026-40994 Wss4jSecurityInterceptor disables WS-I BSP validation by default
Wss4jSecurityInterceptor initialized its BSP WS-I Basic Security Profile compliance flag so that inbound validation disabled WSS4J BSP enforcement on RequestData. Services that validate WS-Security on the network could therefore accept messages that violate BSP rules, weakening protocol-level...
CVE-2026-40994
Summary: CVE-2026-40994 affects Spring Web Services where Wss4jSecurityInterceptor initializes its BSP flag to disable BSP enforcement on inbound data, weakening protocol-level WS-Security checks. Affected versions: Spring Web Services 5.0.0–5.0.1; 4.1.0–4.1.3; 4.0.0–4.0.18; 3.1.0–3.1.8. Impact (...
PT-2026-48617
Wss4jSecurityInterceptor initialized its BSP WS-I Basic Security Profile compliance flag so that inbound validation disabled WSS4J BSP enforcement on RequestData. Services that validate WS-Security on the network could therefore accept messages that violate BSP rules, weakening protocol-level...
CVE-2026-42920 BIG-IP DTLS Vulnerability
When a Client SSL profile is configured with Allow Dynamic Record Sizing on a UDP virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2026-25753
creationtimestamp| type| source ---|---|--- 2026-02-15 11:23:47+00:00| seen| https://bsky.app/profile/undercode.bsky.social/post/3mevgd7g2uc27...
GHSA-VG28-83RP-8XX4
creationtimestamp| type| source ---|---|--- 2025-12-10 23:03:38+00:00| seen| https://bsky.app/profile/nixpkgssecuritychanges.gerbet.me/post/3m7o66wzd6q2a 2025-12-11 00:05:03+00:00| seen| https://bsky.app/profile/nixpkgs-prs-bot.bsky.social/post/3m7obmrdszu2x...
CVE-2025-64064
Primakon Pi Portal 1.0.18 /api/v2/ppusers endpoint fails to adequately check user permissions before processing a PATCH request to modify the PPSECURITYPROFILEID. Because of weak access controls any low level user can use this API and change their permission to Administrator by using...
EUVD-2025-199638
Primakon Pi Portal 1.0.18 /api/v2/ppusers endpoint fails to adequately check user permissions before processing a PATCH request to modify the PPSECURITYPROFILEID. Because of weak access controls any low level user can use this API and change their permission to Administrator by using...
CVE-2025-64064
Primakon Pi Portal 1.0.18 /api/v2/ppusers endpoint fails to adequately check user permissions before processing a PATCH request to modify the PPSECURITYPROFILEID. Because of weak access controls any low level user can use this API and change their permission to Administrator by using...
CVE-2025-64064
Primakon Pi Portal 1.0.18 /api/v2/ppusers endpoint fails to adequately check user permissions before processing a PATCH request to modify the PPSECURITYPROFILEID. Because of weak access controls any low level user can use this API and change their permission to Administrator by using...
CVE-2025-64064
Primakon Pi Portal 1.0.18 /api/v2/ppusers endpoint fails to adequately check user permissions before processing a PATCH request to modify the PPSECURITYPROFILEID. Because of weak access controls any low level user can use this API and change their permission to Administrator by using...
PT-2025-48072
Primakon Pi Portal 1.0.18 /api/v2/pp users endpoint fails to adequately check user permissions before processing a PATCH request to modify the PP SECURITY PROFILE ID. Because of weak access controls any low level user can use this API and change their permission to Administrator by using PP...
CVE-2025-64064
CVE-2025-64064 affects Primakon Pi Portal 1.0.18 via the /api/v2/pp_users endpoint. A PATCH request that modifies PP_SECURITY_PROFILE_ID can bypass permissions checks, allowing a low-privilege user to elevate to Administrator. Core issue is weak access control around the PP_SECURITY_PROFILE_ID pa...
EUVD-2016-6913
Malware in sbrugna...
EUVD-2020-20217
Malware in sbrugna...