Lucene search
K

3390 matches found

Veracode
Veracode
added 2026/06/17 11:35 a.m.10 views

Authentication Bypass

Spring Web Services is vulnerable to Authentication Bypass. The vulnerability is due to X509AuthenticationProvider issuing a fully authenticated X509AuthenticationToken based solely on certificate-to-user mapping, without enforcing standard account status checks such as disabled, locked, expired,...

5.4CVSS5.3AI score0.00148EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/17 10:40 a.m.9 views

CVE-2026-35267

Vulnerability in the Identity Manager product of Oracle Fusion Middleware component: REST WebServices. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Identity Manager...

8.8CVSS0.00432EPSS
Exploits0References1
Veracode
Veracode
added 2026/06/17 9:37 a.m.9 views

Server-Side Request Forgery (SSRF)

Spring Web Services is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation of WS-Addressing ReplyTo and FaultTo headers, where destinations supplied in incoming requests are used directly by configured WebServiceMessageSender instances to initiate...

8.6CVSS5.5AI score0.00383EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/17 6:42 a.m.6 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is Affected by broken or risky algorithm.

Summary bcprov-jdk18on-1.81.jar is used by IBM Sterling Connect:Direct Web Services CVE-2025-14813, CVE-2026-5598. Vulnerability Details CVEID:CVE-2025-14813 DESCRIPTION: : Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all cor...

9.9CVSS5.3AI score0.00691EPSS
Exploits0Affected Software1
Wolfi
Wolfi
added 2026/06/16 8:21 p.m.8 views

GHSA-WFQV-66VQ-46RM vulnerabilities

Vulnerabilities for packages: trivy, aactl, kyverno, ratify, tekton-chains, ko, kyverno-notation-aws, trivy-operator, vexctl, tkn, teleport, slsa-verifier, crossplane, skaffold, zot...

6.1AI score
Exploits0
Patchstack
Patchstack
added 2026/06/16 2:32 p.m.4 views

NPM: hono: Body Limit Middleware can be bypassed on AWS Lambda by understating `Content-Length`

NPM: hono: Body Limit Middleware can be bypassed on AWS Lambda by understating Content-Length vulnerability discovered by ? in WordPress Npm hono versions 4.12.25...

6.5CVSS5.8AI score0.00103EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/16 2:32 p.m.7 views

GHSA-RV63-4MWF-QQC2 hono: Body Limit Middleware can be bypassed on AWS Lambda by understating `Content-Length`

Summary The Body Limit Middleware trusts the request's Content-Length header to decide whether a body is within the limit. On AWS Lambda API Gateway v1/v2, ALB, VPC Lattice, and Lambda@Edge the body is delivered fully buffered and the adapter builds the request with the client-declared...

6.5CVSS5.4AI score0.00103EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/16 2:8 p.m.7 views

Improper Encoding or Escaping of Output

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in the AWS Lambda adapter's handling of multiple Set-Cookie headers. An attacker can cause clients to drop or misinterpret cookies by triggering...

6.9CVSS5.9AI score0.00186EPSS
Exploits0References2
Veracode
Veracode
added 2026/06/16 9:35 a.m.11 views

XML External Entity (XXE) Injection

Spring Web Services is vulnerable to XML External Entity XXE Injection. The vulnerability is due to Jaxp13XPathTemplate using a code path for StreamSource and SAXSource inputs that parses attacker-controlled XML with the default DocumentBuilderFactory configuration instead of Spring's hardened XM...

8.2CVSS5.4AI score0.00352EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2026/06/16 7:55 a.m.9 views

Information Disclosure

Spring Web Services is vulnerable to Information Disclosure. The vulnerability is due to overly detailed authentication error handling in Spring Security integration paths, where account state information such as whether a user account is locked or disabled can be exposed through SOAP fault...

5.3CVSS5.3AI score0.00366EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2026/06/16 6:52 a.m.10 views

Weak Cryptography

Spring Web Services is vulnerable to Weak Cryptography. The vulnerability is due to Wss4jSecurityInterceptor defaulting allowRSA15KeyTransportAlgorithm to true, causing inbound WS-Security decryption to accept the weaker RSA PKCS1 v1.5 rsa-15 key transport algorithm instead of Apache WSS4J's safe...

4.8CVSS5.2AI score0.00129EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.15 views

PT-2026-49845

Vulnerability in the Identity Manager product of Oracle Fusion Middleware component: REST WebServices. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager...

7.5CVSS5.1AI score0.00354EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.18 views

PT-2026-49735

Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.12.25 Description The Body Limit Middleware trusts the Content-Length header to determine if a request body is within the allowed limit. In environments such as AWS Lambda including API Gateway v1/v2, ALB, VPC Lattice,...

6.5CVSS5.8AI score0.00103EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.16 views

PT-2026-49843

Name of the Vulnerable Software and Affected Versions Oracle Fusion Middleware Identity Manager version 12.2.1.4.0 Oracle Fusion Middleware Identity Manager version 14.1.2.1.0 Description An issue exists in the REST WebServices component of the Identity Manager product. A low privileged attacker...

8.8CVSS5.8AI score0.00432EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 7:19 p.m.8 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is affected by Uncontrolled Resource Consumption.

Summary netty-codec-4.1.127.Final.jar is used by IBM Sterling Connect:Direct Web Services CVE-2026-42583. Vulnerability Details CVEID:CVE-2026-42583 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Lz4FrameDecoder allocate...

7.5CVSS5.3AI score0.00429EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 7:15 p.m.12 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is Affected by Multiple Vulnerabilities.

Summary spring-boot-3.5.13.jar is used by IBM Sterling Connect:Direct Web Services CVE-2026-40973, CVE-2026-40975, CVE-2026-40977. Vulnerability Details CVEID:CVE-2026-40973 DESCRIPTION: A local attacker on the same host as the application may be able to take control of the directory used by...

8.2CVSS5.5AI score0.00312EPSS
Exploits0Affected Software1
GithubExploit
GithubExploit
added 2026/06/13 2:34 p.m.103 views

Exploit for CVE-2026-11417

CVE-2026-11417-AWS-CDK-RCE Techn...

7.3CVSS5.6AI score0.00936EPSS
Exploits1
EUVD
EUVD
added 2026/06/12 6:35 p.m.40 views

EUVD-2026-36541

Improper handling of HPACK dynamic table size updates in the AWS Common Runtime aws-c-http library might allow a remote threat actor operating a server to cause memory corruption on a connecting client application, potentially leading to arbitrary code execution, via a crafted sequence of HTTP/2...

8.8CVSS5.8AI score0.00351EPSS
Exploits0References3
CVE
CVE
added 2026/06/12 6:35 p.m.31 views

CVE-2026-12043

CVE-2026-12043 affects the AWS Common Runtime aws-c-http library due to improper handling of HPACK dynamic table size updates, which can cause memory corruption on a connecting client via a crafted sequence of HTTP/2 HEADERS frames. The vulnerability could lead to arbitrary code execution on vuln...

8.8CVSS5.8AI score0.00351EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/12 9:5 a.m.11 views

EUVD-2026-36402

A vulnerability in Apache CXF's JwsJsonContainerRequestFilter can be exploited to cause CXF to process metadata that was not authenticated by the accepted signature. This can bypass the application's assumption that accepted Content-Type or protected HTTP-header metadata came from a verified...

6.5CVSS5.2AI score0.00278EPSS
Exploits0References1
Rows per page
Query Builder