Lucene search
K

3893 matches found

Veracode
Veracode
added 2026/06/10 7:29 a.m.8 views

Information Disclosure

Keycloak is vulnerable to Information Disclosure. The vulnerability is due to differing error responses in the SAML ECP endpoint, where specially crafted SOAP requests with varying client IDs can trigger distinct faultstring values. An unauthenticated attacker can use these responses to determine...

5.3CVSS5.8AI score0.00331EPSS
Exploits0References8Affected Software1
Snyk
Snyk
added 2026/06/10 12:0 a.m.9 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure due to the Spring Security integration paths in SpringSecurityUtils.checkUserValidity, SpringSecurityPasswordValidationCallbackHandler, and X509AuthenticationProvider, which surface account status exceptions such as...

6.9CVSS5.4AI score0.00366EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 12:0 a.m.9 views

Insecure Defaults

Overview Affected versions of this package are vulnerable to Insecure Defaults due to the Wss4jSecurityInterceptor class in Wss4jSecurityInterceptor.java initializing its bspCompliant flag to false, so inbound validation always calls RequestData.setDisableBSPEnforcementtrue and disables WSS4J's...

8.8CVSS5.4AI score0.00229EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 6:30 p.m.12 views

EUVD-2026-35446

CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side file contents when an attacker with a Data Center Expert user account submits crafted XML payloads to SOAP service endpoints...

7.1CVSS5.4AI score0.00233EPSS
Exploits0References2
NVD
NVD
added 2026/06/09 4:16 p.m.12 views

CVE-2026-8045

CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side file contents when an attacker with a Data Center Expert user account submits crafted XML payloads to SOAP service endpoints...

7.1CVSS0.00233EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 2:41 p.m.30 views

CVE-2026-8045

CVE-2026-8045 describes a CWE-611 XML External Entity (XXE) vulnerability in a SOAP service endpoint that can disclose server-side file contents when a crafted XML payload is submitted by a Data Center Expert user. The affected behavior involves parsing user-supplied XML leading to information di...

7.1CVSS5.5AI score0.00233EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/09 2:41 p.m.35 views

CVE-2026-8045

CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side file contents when an attacker with a Data Center Expert user account submits crafted XML payloads to SOAP service endpoints...

7.1CVSS0.00233EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.15 views

PT-2026-47813

Name of the Vulnerable Software and Affected Versions Schneider Electric Data Center Expert affected versions not specified Description An Improper Restriction of XML External Entity Reference XXE issue exists, which occurs when an application fails to restrict XML external entity references,...

7.1CVSS6.6AI score0.00233EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2026/06/06 2:6 p.m.88 views

Exploit for Authentication Bypass by Primary Weakness in Mantisbt

CVE-2026-30849.ts — usage This TypeScript script performs a c...

9.8CVSS5.4AI score0.00413EPSS
Exploits1
Rockylinux
Rockylinux
added 2026/06/06 12:4 p.m.26 views

php security update

An update is available for php. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list PHP is an HTML-embedded scripting language commonly used with the Apache HTTP...

8.8CVSS5.5AI score0.0078EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.10 views

RHEL 10 : php (RHSA-2026:23388)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:23388 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: PHP: PHP: Denial of Service via...

8.8CVSS5.7AI score0.0078EPSS
Exploits1References13
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.17 views

RHEL 9 : php:8.2 (RHSA-2026:22143)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:22143 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: PHP: PHP: Denial of Service via...

8.8CVSS5.6AI score0.0078EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.8 views

RHEL 8 : php:8.2 (RHSA-2026:22305)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:22305 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: PHP: PHP: Denial of Service via...

8.8CVSS5.7AI score0.0078EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.16 views

RHEL 9 : php:8.3 (RHSA-2026:22142)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:22142 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: PHP: PHP: Denial of Service via...

8.8CVSS5.6AI score0.0078EPSS
Exploits1References10
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.9 views

CVE-2026-21404

NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows Communication Foundation SOAP implementation. If the SOAP functionality is enabled, a local attacker can extract credentials to bypass the intended transfer workflow. Successful authentication against the...

6.3CVSS5.5AI score0.00122EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.10 views

CVE-2026-7261

A flaw was found in the PHP SoapServer component. When the server is configured to maintain session persistence, an error during a SOAP request can cause the system to incorrectly manage memory. This can lead to a "use-after-free" vulnerability, where the system attempts to use memory that has...

9.8CVSS5.1AI score0.00302EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.15 views

CVE-2026-42063

A vulnerability exists in iControl SOAP where an authenticated attacker with the Resource Administrator or Administrator role can download sensitive files. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

6.9CVSS5.5AI score0.0029EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.11 views

CVE-2026-9152

A missing authentication vulnerability exists in the Altium 365 SearchService. A legacy SOAP endpoint exposes search index operations without requiring authentication, session tokens, or any form of identity verification. An unauthenticated network attacker who can reference a target workspace's...

10CVSS5.4AI score0.00339EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.9 views

CVE-2026-45574

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker on the network path between the ePA service and the Konnektor can present any TLS certificate self-signed, expired, wrong CN and intercept all SOAP traffic. This includes patient...

8.1CVSS5.5AI score0.00138EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.9 views

CVE-2026-6722

A flaw was found in PHP's SOAP extension. This vulnerability allows a remote attacker to execute arbitrary code on the affected system. The issue stems from a use-after-free error in the object deduplication mechanism, which can be triggered by sending a specially crafted SOAP request. This allow...

9.8CVSS6AI score0.00739EPSS
Exploits0References4
Rows per page
Query Builder