NAVTOR NavBox

ADVISORY SUMMARY Successful exploitation of this vulnerability could allow a local attacker to gain unauthorized access to SOAP methods, resulting in a disruption of operations. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this...

CVE-2026-42071 MantisBT: Private Bugnote Attachment Content Leak via REST API

Mantis Bug Tracker MantisBT is an open source issue tracker. From 2.23.0 to 2.28.1, a missing authorization check in MantisBT's file visibility function allows any authenticated user REPORTER+ to download attachments on private bugnotes they should not be able to access, via the REST API endpoint...

USN-6199-1 php7.4, php8.1 vulnerability

It was discovered that PHP incorrectly handled certain Digest authentication for SOAP. An attacker could possibly use this issue to expose sensitive information...

CVE-2021-20173

Netgear Nighthawk R6700 version 1.0.4.120 contains a command injection vulnerability in update functionality of the device. By triggering a system update check via the SOAP interface, the device is susceptible to command injection via preconfigured values...

Cisco IoT Field Network Director SOAP API Authorization Bypass Vulnerability

Cisco IoT Field Network Director FND is a network management system for large-scale FAN deployments. A SOAP API authorization bypass vulnerability exists in Cisco IoT Field Network Director versions prior to 4.6.1. The vulnerability stems from insufficient authorization of the SOAP API. An attack...

CVE-2019-15978

Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker with administrative privileges on the DCNM application to inject arbitrary commands on the underlying operating system OS. For more information about...

Cisco Hosted Collaboration Mediation Fulfillment SOAP API Sensitive Information Disclosure Vulnerability

A vulnerability in the Simple Object Access Protocol SOAP application programming interface API of the Cisco Hosted Collaboration Mediation Fulfillment application could allow an authenticated, remote attacker to obtain sensitive information that should be restricted. The attacker must authentica...

CXF: Large invalid content could cause temporary space to fill

It was found that when a large invalid SOAP message was processed by Apache CXF, it could be saved to a temporary file in the /tmp directory. A remote attacker could send a specially crafted SOAP message that, when processed by an application using Apache CXF, would use an excessive amount of dis...

Microsoft SharePoint Could Allow Remote Code Execution Vulnerability (2455005)

This host is missing a critical security update according to Microsoft Bulletin MS10-104 SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Oracle 9iAS SOAP components allow anonymous users to deploy applications by default

Overview Oracle Application Server 9iAS installs with Simple Object Access Protocol SOAP enabled by default and allows unauthenticated remote users to deploy and undeploy SOAP services and providers. Description Oracle Application Server 9iAS supports Simple Object Access Protocol SOAP, an...