CVE-2026-35062

CVE-2026-35062 affects F5 BIG-IP and related iControl SOAP components. An authenticated iControl SOAP user may obtain information about other accounts, a control-plane issue with no data-plane exposure. Impact described as a low-privileged remote attacker potentially accessing other local account...

Oracle WebLogic Server (April 2026 CPU)

The 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0, and 15.1.1.0.0 versions of WebLogic Server installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2026 CPU advisory. - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Web...

EUVD-2012-1198

Malware in sbrugna...

EUVD-2014-4170

Malware in sbrugna...

EUVD-2020-30325

Malware in sbrugna...

EUVD-2013-2873

Malware in sbrugna...

EUVD-2025-24841

Malicious code in bioql PyPI...

EUVD-2022-40792

Malicious code in bioql PyPI...

CVE-2025-1862 Authenticated Arbitrary File Upload in Multiple WSO2 Products via BPEL Uploader SOAP Service Leading to Remote Code Execution

An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper validation of user-supplied filenames in the BPEL uploader SOAP service endpoint. A malicious actor with administrative privileges can upload arbitrary files to a user-controlled location on the server. By...

Cisco IOS XE Software Web Services Remote Code Execution (cisco-sa-http-code-exec-WmfP3h3O)

According to its self-reported version, Cisco IOS-XE Software is affected by a web services remote code exeuction vulnerability: - A vulnerability in the web services of Cisco Secure Firewall Adaptive Security Appliance ASA Software, Cisco Secure Firewall Threat Defense FTD Software, Cisco IOS...

CVE-2025-20363

A vulnerability in the web services of Cisco Secure Firewall Adaptive Security Appliance ASA Software, Cisco Secure Firewall Threat Defense FTD Software, Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, remote attacker Cisco ASA and FTD Software...

CVE-2020-9519

HTTP methods reveled in Web services vulnerability in Micro Focus Service manager server, affecting versions 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow exposure of configuration data...

CVE-2019-2648

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: WLS - Web Services. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

CVE-2022-43769

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream...

CVE-2023-50733

A Server-Side Request Forgery SSRF vulnerability has been identified in the Web Services feature of newer Lexmark devices...

CVE-2023-50733

CVE-2023-50733 is a real SSRF vulnerability in Lexmark devices’ Web Services feature. Affected: newer Lexmark devices; Vulnerable component: Web Services; Root cause: SSRF (no deeper technical detail provided in the documents). Impact (per metrics): CVSS 3.1 base score 8.6, HIGH confidentiality i...

PT-2025-4290 · Oracle · Oracle Hyperion Data Relationship Management

Name of the Vulnerable Software and Affected Versions: Oracle Hyperion Data Relationship Management version 11.2.19.0.000 Description: The issue is related to the Web Services component of Oracle Hyperion Data Relationship Management, allowing a high-privileged attacker with network access via HT...

Apache CXF Memory Consumption Vulnerability

Apache CXF is the United States Apache Apache Foundation of an open source Web services framework. The framework supports a variety of Web services standards , a variety of front-end programming APIs. Apache CXF has a memory consumption vulnerability that originates from a client-side pipeline th...

Apache CXF Server-Side Request Forgery Vulnerability

Apache CXF is the United States Apache Apache Foundation of an open source Web services framework. The framework supports a variety of Web services standards , a variety of front-end programming APIs. Apache CXF has a server-side request forgery vulnerability that can be exploited by an attacker ...

CVE-2022-38199 BUG-000144172 - Remote file download issue in ArcGIS Server

A remote file download issue can occur in some capabilities of Esri ArcGIS Server web services that may in some edge cases allow a remote, unauthenticated attacker to induce an unsuspecting victim to launch a process in the victim's PATH environment. Current browsers provide users with warnings...