3907 matches found
F5 Networks BIG-IP : BIG-IP iControl SOAP vulnerability (K000160926)
The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4 / 21.0.0.1. It is, therefore, affected by a vulnerability as referenced in the K000160926 advisory. An authenticated attacker with the Resource Administrator or Administrator role can create SNMP...
F5 Networks BIG-IP : iControl SOAP vulnerability (K000160973)
The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.2 / 17.5.1.6 / 21.0.0.2. It is, therefore, affected by a vulnerability as referenced in the K000160973 advisory. A vulnerability exists in iControl SOAP where an authenticated attacker with the Resource Administrato...
F5 Networks BIG-IP : iControl SOAP vulnerability (K000159021)
The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4 / 21.0.0.1. It is, therefore, affected by a vulnerability as referenced in the K000159021 advisory. An authenticated iControl SOAP user may be able to obtain information of other accounts. CVE-2026-3506...
F5 Networks BIG-IP : BIG-IP iControl SOAP vulnerability (K000160979)
The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.2 / 17.5.1.6 / 21.0.0.2. It is, therefore, affected by a vulnerability as referenced in the K000160979 advisory. An authenticated attacker with the Resource Administrator or Administrator role can modify configurati...
Improper Validation of Unsafe Equivalence in Input
Overview Affected versions of this package are vulnerable to Improper Validation of Unsafe Equivalence in Input in the CXF-RS or CXF-SOAP endpoints due to missing inbound filtering via setInFilterStartsWith. An attacker can execute arbitrary code and write files by injecting Camel-internal header...
Astra Linux – Vulnerability in PHP 7.3
In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15, and 8.0.x below 8.0.2, when using the SOAP extension to connect to a SOAP server, a malicious SOAP server may return malformed XML data as a response. This could cause PHP to access a null pointer, resulting in a crash...
CVE-2026-7262
A flaw was found in PHP. When a PHP SOAP server has a typemap configured, the apache:Map decoding process checks the incorrect variable in case of a missing value element. This incorrect check leads to a NULL pointer dereference and allows a remote unauthenticated attacker to crash the PHP SOAP...
GHSA-8364-HFQJ-PWM6 Camel-CXF and Camel-Knative Message Header are Vulnerable to Injection via Missing Inbound Filtering
Camel-CXF and Camel-Knative Message Header Injection via Missing Inbound Filtering The CXF and Knative HeaderFilterStrategy implementations CxfRsHeaderFilterStrategy in camel-cxf-rest, CxfHeaderFilterStrategy in camel-cxf-transport, and KnativeHttpHeaderFilterStrategy in camel-knative-http only...
CLSA-2026-1779204107 php: Fix of 6 CVEs
CVE-2026-6722: fix stale SOAPGLOBAL refmap pointer with Apache Map GHSA-85c2-q967-79q5 - CVE-2026-7262: fix broken Apache map value NULL check in soap encoder GHSA-hmxp-6pc4-f3vv - CVE-2026-7568: fix signed integer overflow of char array offset in metaphone GHSA-96wq-48vp-hh57 - CVE-2026-7261:...
CLSA-2026-1779203719 php: Fix of 6 CVEs
CVE-2026-6722: fix stale SOAPGLOBAL refmap pointer with Apache Map GHSA-85c2-q967-79q5 - CVE-2026-7262: fix broken Apache map value NULL check in soap encoder GHSA-hmxp-6pc4-f3vv - CVE-2026-7568: fix signed integer overflow of char array offset in metaphone GHSA-96wq-48vp-hh57 - CVE-2026-7261:...
CLSA-2026-1779179106 php: Fix of 2 CVEs
CVE-2026-7261: SOAP UAF on SoapServer::handle header-handler failure - CVE-2026-7262: SOAP tozvalmap NULL pointer dereference...
CLSA-2026-1779178796 php: Fix of 2 CVEs
CVE-2026-7261: SOAP UAF on SoapServer::handle header-handler failure - CVE-2026-7262: SOAP tozvalmap NULL pointer dereference...
SUSE SLES15 Security Update : php8 (SUSE-SU-2026:1957-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1957-1 advisory. This update for php8 fixes the following issues - CVE-2025-14179: improper handling of NULL bytes by the PDO Firebird driver when...
SUSE SLES15 Security Update : php8 (SUSE-SU-2026:1958-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1958-1 advisory. This update for php8 fixes the following issues - CVE-2025-14179: improper handling of NULL bytes by the PDO Firebird driver when...
CLSA-2026-1779125894 php: Fix of 7 CVEs
CVE-2026-7258: fix out-of-bounds read in urldecode via signed-char to ctype.h GHSA-m8rr-4c36-8gq4 - CVE-2026-6722: fix stale SOAPGLOBAL refmap pointer with Apache Map GHSA-85c2-q967-79q5 - CVE-2026-7259: fix null pointer dereference in phpmbcheckencoding via mberegsearchinit GHSA-wm6j-2649-pv75 -...
Security update for php8
This update for php8 fixes the following issues CVE-2025-14179: improper handling of NULL bytes by the PDO Firebird driver when preparing SQL queries can lead to SQL injection bsc1264778. CVE-2026-6722: use-after-free in SOAP using Apache map can lead to remote code execution bsc1264776...
Security update for php8
This update for php8 fixes the following issues CVE-2025-14179: improper handling of NULL bytes by the PDO Firebird driver when preparing SQL queries can lead to SQL injection bsc1264778. CVE-2026-6722: use-after-free in SOAP using Apache map can lead to remote code execution bsc1264776...
📄 4D Server Server-Side Request Forgery / Arbitrary File Read
Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services. -----BEGIN PGP SIGNED...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: php (UTSA-2026-021483)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021483 advisory. In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the SOAP extension's object deduplication mechanism stores pointer...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: php (UTSA-2026-021474)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021474 advisory. In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, when a SOAP server has a typemap configured, the decoding process...