Lucene search
K

37 matches found

EUVD
EUVD
added 2026/06/11 5:4 a.m.9 views

EUVD-2026-36210

Wss4jSecurityInterceptor did not consistently wire Apache WSS4J ReplayCache instances into RequestData for validation-time checks. As a result, protections against replay of UsernameToken nonces and creation timestamps, Timestamp elements, and certain SAML one-time-use semantics could be...

3.7CVSS5.4AI score0.00223EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/10 12:0 a.m.8 views

Replay Attack

Overview Affected versions of this package are vulnerable to Replay Attack due to the Wss4jSecurityInterceptor class in Wss4jSecurityInterceptor.java not consistently wiring configured Apache WSS4J ReplayCache instances into RequestData for validation-time checks. As a result, replay protections...

6.3CVSS5.4AI score0.00223EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2008-5391

Malware in sbrugna...

10CVSS6.4AI score0.02266EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2009-1172

Malware in sbrugna...

10CVSS6.3AI score0.01826EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-2021

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.0354EPSS
Exploits0References18
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-4683

Malicious code in bioql PyPI...

5CVSS8.8AI score0.04687EPSS
Exploits0References28
EUVD
EUVD
added 2025/10/03 8:7 p.m.22 views

EUVD-2022-5275

Malicious code in bioql PyPI...

4.3CVSS8.1AI score0.07053EPSS
Exploits0References31
The Hacker News
The Hacker News
added 2022/07/29 10:49 a.m.108 views

Dahua IP Camera Vulnerability Could Let Attackers Take Full Control Over Devices

Details have been shared about a security vulnerability in Dahua's Open Network Video Interface Forum ONVIF standard implementation, which, when exploited, can lead to seizing control of IP cameras. Tracked as CVE-2022-30563 CVSS score: 7.4, the "vulnerability could be abused by attackers to...

9.8CVSS0.3AI score0.0161EPSS
Exploits1
OSV
OSV
added 2022/05/13 1:9 a.m.36 views

GHSA-2P7X-JCR3-7P2C Improper Authentication in Apache CXF

The WS-SP UsernameToken policy in Apache CXF 2.4.5 and 2.5.1 allows remote attackers to bypass authentication by sending an empty UsernameToken as part of a SOAP request...

9.8CVSS9.6AI score0.0354EPSS
Exploits0References16
Github Security Blog
Github Security Blog
added 2022/05/13 1:9 a.m.24 views

Improper Authentication in Apache CXF

The WS-SP UsernameToken policy in Apache CXF 2.4.5 and 2.5.1 allows remote attackers to bypass authentication by sending an empty UsernameToken as part of a SOAP request...

9.8CVSS6.5AI score0.0354EPSS
Exploits0References16Affected Software1
OSV
OSV
added 2022/05/13 1:9 a.m.51 views

GHSA-V45R-RJ5X-HPG2 Cleartext Transmission of Sensitive Information in Apache CXF

The SymmetricBinding in Apache CXF before 2.6.13 and 2.7.x before 2.7.10, when EncryptBeforeSigning is enabled and the UsernameToken policy is set to an EncryptedSupportingToken, transmits the UsernameToken in cleartext, which allows remote attackers to obtain sensitive information by sniffing th...

4.3CVSS8.8AI score0.07053EPSS
Exploits0References18
Github Security Blog
Github Security Blog
added 2022/05/13 1:9 a.m.36 views

Cleartext Transmission of Sensitive Information in Apache CXF

The SymmetricBinding in Apache CXF before 2.6.13 and 2.7.x before 2.7.10, when EncryptBeforeSigning is enabled and the UsernameToken policy is set to an EncryptedSupportingToken, transmits the UsernameToken in cleartext, which allows remote attackers to obtain sensitive information by sniffing th...

4.3CVSS8.5AI score0.07053EPSS
Exploits0References18Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/05 2:48 a.m.36 views

Improper Authentication in Apache CXF

Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element...

5CVSS6.1AI score0.04687EPSS
Exploits0References22Affected Software1
Prion
Prion
added 2017/08/08 9:29 p.m.18 views

Authentication flaw

The WS-SP UsernameToken policy in Apache CXF 2.4.5 and 2.5.1 allows remote attackers to bypass authentication by sending an empty UsernameToken as part of a SOAP request...

7.5CVSS7.3AI score0.0354EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2017/08/08 9:29 p.m.25 views

CVE-2012-0803

The WS-SP UsernameToken policy in Apache CXF 2.4.5 and 2.5.1 allows remote attackers to bypass authentication by sending an empty UsernameToken as part of a SOAP request...

9.8CVSS9.6AI score0.0354EPSS
Exploits0References8
Cvelist
Cvelist
added 2017/08/08 9:0 p.m.20 views

CVE-2012-0803

The WS-SP UsernameToken policy in Apache CXF 2.4.5 and 2.5.1 allows remote attackers to bypass authentication by sending an empty UsernameToken as part of a SOAP request...

9.7AI score0.0354EPSS
Exploits0References8
CVE
CVE
added 2017/08/08 9:0 p.m.77 views

CVE-2012-0803

Apache CXF CVE-2012-0803 affects CXF 2.4.5 and 2.5.1 where WS-SP UsernameToken policy validation against the security header UsernameToken is broken, allowing a malicious client to bypass authentication by sending an empty UsernameToken in a SOAP request. The issue arises from CXF not validating ...

9.8CVSS9.5AI score0.0354EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2014/07/07 2:55 p.m.29 views

CVE-2014-0035

The SymmetricBinding in Apache CXF before 2.6.13 and 2.7.x before 2.7.10, when EncryptBeforeSigning is enabled and the UsernameToken policy is set to an EncryptedSupportingToken, transmits the UsernameToken in cleartext, which allows remote attackers to obtain sensitive information by sniffing th...

4.3CVSS6AI score0.07053EPSS
Exploits0References14
Prion
Prion
added 2014/07/07 2:55 p.m.30 views

Design/Logic Flaw

The SymmetricBinding in Apache CXF before 2.6.13 and 2.7.x before 2.7.10, when EncryptBeforeSigning is enabled and the UsernameToken policy is set to an EncryptedSupportingToken, transmits the UsernameToken in cleartext, which allows remote attackers to obtain sensitive information by sniffing th...

4.3CVSS6.5AI score0.07053EPSS
Exploits0References14Affected Software2
Cvelist
Cvelist
added 2014/07/07 2:0 p.m.52 views

CVE-2014-0035

The SymmetricBinding in Apache CXF before 2.6.13 and 2.7.x before 2.7.10, when EncryptBeforeSigning is enabled and the UsernameToken policy is set to an EncryptedSupportingToken, transmits the UsernameToken in cleartext, which allows remote attackers to obtain sensitive information by sniffing th...

6AI score0.07053EPSS
Exploits0References14
Rows per page
Query Builder