CVE-2026-40996 Inbound WS-Security allows RSA PKCS#1 v1.5 key transport by default

Wss4jSecurityInterceptor defaulted allowRSA15KeyTransportAlgorithm to true, overriding Apache WSS4J's safer default for validation RequestData. Inbound WS-Security decryption could therefore accept RSA PKCS1 v1.5 rsa-15 encrypted key material unless operators explicitly reconfigured the flag...

CVE-2026-40994 Wss4jSecurityInterceptor disables WS-I BSP validation by default

Wss4jSecurityInterceptor initialized its BSP WS-I Basic Security Profile compliance flag so that inbound validation disabled WSS4J BSP enforcement on RequestData. Services that validate WS-Security on the network could therefore accept messages that violate BSP rules, weakening protocol-level...

Insecure Defaults

Overview Affected versions of this package are vulnerable to Insecure Defaults due to the Wss4jSecurityInterceptor class in Wss4jSecurityInterceptor.java initializing its bspCompliant flag to false, so inbound validation always calls RequestData.setDisableBSPEnforcementtrue and disables WSS4J's...

CVE-2026-9319

IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to deserialization of untrusted data via JAX-WS endpoints with WS-Security...

PT-2026-6504

Skipper is vulnerable to arbitrary code execution through lua filters in github.com/zalando/skipper...

BLADE: Behavior-Level Anomaly Detection Using Network Traffic in Web Services

With their widespread popularity, web services have become the main targets of various cyberattacks. Existing traffic anomaly detection approaches focus on flow-level attacks, yet fail to recognize behavior-level attacks, which appear benign in individual flows but reveal malicious purpose using...

EUVD-2020-17844

Malware in sbrugna...

EUVD-2020-21402

Malware in sbrugna...

EUVD-2019-16962

Malware in sbrugna...

EUVD-2021-1660

Malware in sbrugna...

EUVD-2023-0918

Malicious code in bioql PyPI...

EUVD-2024-0599

Malicious code in bioql PyPI...

EUVD-2022-4587

Malicious code in bioql PyPI...

WordPress Plugin My Private Site plugin for WordPress Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

CVE-2024-20919

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...

Apache CXF 代码问题漏洞

Apache CXF is the United States Apache Apache Foundation of an open source Web services framework. The framework supports a variety of Web services standards , a variety of front-end programming APIs and so on. A code issue vulnerability exists in Apache CXF versions prior to 3.5.5 and 3.4.10,...

br.net.woodstock.rockframework:rockframework-web (>=1.2.1 <=1.2.2), com.cybersource:cybersource-sdk-java (>=6.0.1 <=6.1.0) +333 more potentially affected by CVE-2015-0226 via org.apache.ws.security:wss4j (>=1.5.2 <=1.6.16)

org.apache.ws.security:wss4j MAVEN version =1.5.2, =1.2.1, =6.0.1, =1.0.1, =1.1.0.Beta5, =1.1.0.Beta5, =1.1.0.Beta5, =1.1.0.Beta1, =1.0.0, =1.2.0 and more Source cves: CVE-2015-0226 Source advisory: OSV:GHSA-VJWC-5HFH-2VV5...

br.net.woodstock.rockframework:rockframework-web (>=1.2.1 <=1.2.2), com.cybersource:cybersource-sdk-java (>=6.0.1 <=6.1.0) +333 more potentially affected by CVE-2014-3623 via org.apache.ws.security:wss4j (>=1.5.2 <=1.6.16)

org.apache.ws.security:wss4j MAVEN version =1.5.2, =1.2.1, =6.0.1, =1.0.1, =1.1.0.Beta5, =1.1.0.Beta5, =1.1.0.Beta5, =1.1.0.Beta1, =1.0.0, =1.2.0 and more Source cves: CVE-2014-3623 Source advisory: OSV:GHSA-99V3-9X35-C5VF...

com.fluxcorp.plugins:webservice-trigger (>=1.0.2 <=1.0.4), com.github.mkluas:web-admin (>=1.0.0 <=1.1.0) +66 more potentially affected by CVE-2014-0034 via org.apache.cxf:cxf-rt-ws-security (>=2.0.6 <=2.6.11)

org.apache.cxf:cxf-rt-ws-security MAVEN version =2.0.6, =1.0.2, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =4.0.3, =2.5.0, =2.5.0, =2.5.0, =2.1.7, =2.5.0, =2.6.11 and more Source cves: CVE-2014-0034 Source advisory: OSV:GHSA-38X2-FP9M-87MX...

UBUNTU-CVE-2020-13577

A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability...