3893 matches found
Information Disclosure
Keycloak is vulnerable to Information Disclosure. The vulnerability is due to differing error responses in the SAML ECP endpoint, where specially crafted SOAP requests with varying client IDs can trigger distinct faultstring values. An unauthenticated attacker can use these responses to determine...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure due to the Spring Security integration paths in SpringSecurityUtils.checkUserValidity, SpringSecurityPasswordValidationCallbackHandler, and X509AuthenticationProvider, which surface account status exceptions such as...
Insecure Defaults
Overview Affected versions of this package are vulnerable to Insecure Defaults due to the Wss4jSecurityInterceptor class in Wss4jSecurityInterceptor.java initializing its bspCompliant flag to false, so inbound validation always calls RequestData.setDisableBSPEnforcementtrue and disables WSS4J's...
EUVD-2026-35446
CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side file contents when an attacker with a Data Center Expert user account submits crafted XML payloads to SOAP service endpoints...
CVE-2026-8045
CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side file contents when an attacker with a Data Center Expert user account submits crafted XML payloads to SOAP service endpoints...
CVE-2026-8045
CVE-2026-8045 describes a CWE-611 XML External Entity (XXE) vulnerability in a SOAP service endpoint that can disclose server-side file contents when a crafted XML payload is submitted by a Data Center Expert user. The affected behavior involves parsing user-supplied XML leading to information di...
CVE-2026-8045
CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side file contents when an attacker with a Data Center Expert user account submits crafted XML payloads to SOAP service endpoints...
PT-2026-47813
Name of the Vulnerable Software and Affected Versions Schneider Electric Data Center Expert affected versions not specified Description An Improper Restriction of XML External Entity Reference XXE issue exists, which occurs when an application fails to restrict XML external entity references,...
Exploit for Authentication Bypass by Primary Weakness in Mantisbt
CVE-2026-30849.ts — usage This TypeScript script performs a c...
php security update
An update is available for php. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list PHP is an HTML-embedded scripting language commonly used with the Apache HTTP...
RHEL 10 : php (RHSA-2026:23388)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:23388 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: PHP: PHP: Denial of Service via...
RHEL 9 : php:8.2 (RHSA-2026:22143)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:22143 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: PHP: PHP: Denial of Service via...
RHEL 8 : php:8.2 (RHSA-2026:22305)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:22305 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: PHP: PHP: Denial of Service via...
RHEL 9 : php:8.3 (RHSA-2026:22142)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:22142 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: PHP: PHP: Denial of Service via...
CVE-2026-21404
NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows Communication Foundation SOAP implementation. If the SOAP functionality is enabled, a local attacker can extract credentials to bypass the intended transfer workflow. Successful authentication against the...
CVE-2026-7261
A flaw was found in the PHP SoapServer component. When the server is configured to maintain session persistence, an error during a SOAP request can cause the system to incorrectly manage memory. This can lead to a "use-after-free" vulnerability, where the system attempts to use memory that has...
CVE-2026-42063
A vulnerability exists in iControl SOAP where an authenticated attacker with the Resource Administrator or Administrator role can download sensitive files. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2026-9152
A missing authentication vulnerability exists in the Altium 365 SearchService. A legacy SOAP endpoint exposes search index operations without requiring authentication, session tokens, or any form of identity verification. An unauthenticated network attacker who can reference a target workspace's...
CVE-2026-45574
epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker on the network path between the ePA service and the Konnektor can present any TLS certificate self-signed, expired, wrong CN and intercept all SOAP traffic. This includes patient...
CVE-2026-6722
A flaw was found in PHP's SOAP extension. This vulnerability allows a remote attacker to execute arbitrary code on the affected system. The issue stems from a use-after-free error in the object deduplication mechanism, which can be triggered by sending a specially crafted SOAP request. This allow...