CVE-2026-40994 Wss4jSecurityInterceptor disables WS-I BSP validation by default

Wss4jSecurityInterceptor initialized its BSP WS-I Basic Security Profile compliance flag so that inbound validation disabled WSS4J BSP enforcement on RequestData. Services that validate WS-Security on the network could therefore accept messages that violate BSP rules, weakening protocol-level...

CVE-2026-9319

IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to deserialization of untrusted data via JAX-WS endpoints with WS-Security...

PT-2026-6504

Skipper is vulnerable to arbitrary code execution through lua filters in github.com/zalando/skipper...

BLADE: Behavior-Level Anomaly Detection Using Network Traffic in Web Services

With their widespread popularity, web services have become the main targets of various cyberattacks. Existing traffic anomaly detection approaches focus on flow-level attacks, yet fail to recognize behavior-level attacks, which appear benign in individual flows but reveal malicious purpose using...

EUVD-2020-17844

Malware in sbrugna...

EUVD-2021-1660

Malware in sbrugna...

EUVD-2019-16962

Malware in sbrugna...

EUVD-2020-21402

Malware in sbrugna...

EUVD-2022-4587

Malicious code in bioql PyPI...

EUVD-2023-0918

Malicious code in bioql PyPI...

EUVD-2024-0599

Malicious code in bioql PyPI...

WordPress Plugin My Private Site plugin for WordPress Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

CVE-2024-20919

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...

Apache CXF 代码问题漏洞

Apache CXF is the United States Apache Apache Foundation of an open source Web services framework. The framework supports a variety of Web services standards , a variety of front-end programming APIs and so on. A code issue vulnerability exists in Apache CXF versions prior to 3.5.5 and 3.4.10,...

br.net.woodstock.rockframework:rockframework-web (>=1.2.1 <=1.2.2), com.cybersource:cybersource-sdk-java (>=6.0.1 <=6.1.0) +333 more potentially affected by CVE-2015-0226 via org.apache.ws.security:wss4j (>=1.5.2 <=1.6.16)

org.apache.ws.security:wss4j MAVEN version =1.5.2, =1.2.1, =6.0.1, =1.0.1, =1.1.0.Beta5, =1.1.0.Beta5, =1.1.0.Beta5, =1.1.0.Beta1, =1.0.0, =1.2.0 and more Source cves: CVE-2015-0226 Source advisory: OSV:GHSA-VJWC-5HFH-2VV5...

br.net.woodstock.rockframework:rockframework-web (>=1.2.1 <=1.2.2), com.cybersource:cybersource-sdk-java (>=6.0.1 <=6.1.0) +333 more potentially affected by CVE-2014-3623 via org.apache.ws.security:wss4j (>=1.5.2 <=1.6.16)

org.apache.ws.security:wss4j MAVEN version =1.5.2, =1.2.1, =6.0.1, =1.0.1, =1.1.0.Beta5, =1.1.0.Beta5, =1.1.0.Beta5, =1.1.0.Beta1, =1.0.0, =1.2.0 and more Source cves: CVE-2014-3623 Source advisory: OSV:GHSA-99V3-9X35-C5VF...

com.fluxcorp.plugins:webservice-trigger (>=1.0.2 <=1.0.4), com.github.mkluas:web-admin (>=1.0.0 <=1.1.0) +66 more potentially affected by CVE-2014-0034 via org.apache.cxf:cxf-rt-ws-security (>=2.0.6 <=2.6.11)

org.apache.cxf:cxf-rt-ws-security MAVEN version =2.0.6, =1.0.2, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =4.0.3, =2.5.0, =2.5.0, =2.5.0, =2.1.7, =2.5.0, =2.6.11 and more Source cves: CVE-2014-0034 Source advisory: OSV:GHSA-38X2-FP9M-87MX...

UBUNTU-CVE-2020-13577

A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability...

PT-2020-6525 · Genivia · Gsoap

Name of the Vulnerable Software and Affected Versions: Genivia gSOAP version 2.8.107 Description: A denial-of-service issue exists in the WS-Security plugin functionality of Genivia gSOAP. It can be triggered by a specially crafted SOAP request, allowing an attacker to send an HTTP request and...

CVE-2020-12606

DB Soft SGLAC prior to 20.05.001 is affected. The vulnerability resides in the ProcedimientoGenerico method of the SVCManejador.svc webservice, enabling an attacker to execute arbitrary SQL commands on the SQL Server via xp_cmdshell. CVSS details in the provided data indicate a high/critical impa...