Lucene search
K

1246 matches found

NVD
NVD
added last week8 views

CVE-2026-54780

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, the CoreWCF WS-Security 1.0 receive pipeline validates ds:SignedInfo SignatureMethod against the configured SecurityAlgorithmSuite but does not validate each ds:Reference...

3.7CVSS0.00157EPSS
Exploits0References6
NVD
NVD
added last week7 views

CVE-2026-54773

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF WS-Security signature verification performs a document-wide ds:Signature lookup, allowing an unauthenticated remote attacker to place a SOAP header before wsse:Security an...

5.9CVSS0.00238EPSS
Exploits0References6
Cvelist
Cvelist
added last week32 views

CVE-2026-54783 CoreWCF: XML Signature Wrapping in WS-Security endorsing/supporting signature verification allows replay of captured signed messages

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF WS-Security endorsing and supporting signature verification does not ensure the selected ds:Signature covers the expected Security header target, allowing an attacker with...

7.4CVSS0.00143EPSS
Exploits0References6
OSV
OSV
added last week7 views

CVE-2026-54780 CoreWCF: WS-Security Reference DigestMethod Algorithm-Suite Bypass

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, the CoreWCF WS-Security 1.0 receive pipeline validates ds:SignedInfo SignatureMethod against the configured SecurityAlgorithmSuite but does not validate each ds:Reference...

3.7CVSS6.1AI score0.00157EPSS
Exploits0References8
Cvelist
Cvelist
added last week30 views

CVE-2026-54780 CoreWCF: WS-Security Reference DigestMethod Algorithm-Suite Bypass

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, the CoreWCF WS-Security 1.0 receive pipeline validates ds:SignedInfo SignatureMethod against the configured SecurityAlgorithmSuite but does not validate each ds:Reference...

3.7CVSS0.00157EPSS
Exploits0References6
OSV
OSV
added last week2 views

CVE-2026-54773 CoreWCF: WS-Security signature substitution via document-wide Signature lookup

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF WS-Security signature verification performs a document-wide ds:Signature lookup, allowing an unauthenticated remote attacker to place a SOAP header before wsse:Security an...

5.9CVSS6.1AI score0.00238EPSS
Exploits0References8
OSV
OSV
added 2026/07/07 10:16 a.m.21 views

ROOT-APP-NPM-CVE-2026-45736 CVE-2026-45736 in @rootio/ws - Patched by Root

Root has patched CVE-2026-45736 in the @rootio/ws package for Root:npm. Multiple fixed versions available...

4.4CVSS5.3AI score0.00745EPSS
Exploits1
NVD
NVD
added 2026/07/01 7:16 a.m.8 views

CVE-2026-11562

The WS Form LITE WordPress plugin before 1.11.8 does not have a capability check on one of its settings-update actions, allowing authenticated users with subscriber-level access and above to modify the WS Form LITE WordPress plugin before 1.11.8's settings...

4.3CVSS0.00162EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 8:16 a.m.10 views

CVE-2026-2053

The WSO2 API Manager's message flow component, when processing WS-Addressing headers, does not sufficiently validate or restrict user-controlled input within these headers. This omission allows an attacker to manipulate WS-Addressing headers to specify arbitrary destinations for server-initiated...

10CVSS0.00222EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 7:26 a.m.16 views

CVE-2026-2053

The CVE-2026-2053 entry concerns the WSO2 API Manager: the message flow component mishandles WS-Addressing headers by not adequately validating user-controlled input, allowing an attacker to manipulate headers to set arbitrary destinations for server-initiated requests. This results in unauthenti...

10CVSS5.9AI score0.00222EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/26 7:26 a.m.44 views

CVE-2026-2053 Unauthenticated Server-Side Request Forgery via WS-Addressing in WSO2 API Manager

The WSO2 API Manager's message flow component, when processing WS-Addressing headers, does not sufficiently validate or restrict user-controlled input within these headers. This omission allows an attacker to manipulate WS-Addressing headers to specify arbitrary destinations for server-initiated...

8.3CVSS0.00222EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.26 views

PT-2026-52667

Name of the Vulnerable Software and Affected Versions WSO2 API Manager affected versions not specified Description The message flow component fails to sufficiently validate or restrict user-controlled input within WS-Addressing headers. This allows an unauthenticated attacker to manipulate these...

10CVSS5.9AI score0.00222EPSS
Exploits0References6
CVE
CVE
added 2026/06/22 2:43 p.m.42 views

CVE-2026-10845

CVE-2026-10845 affects IBM WebSphere Application Server 8.5 and 9.0, where an authentication bypass could allow a remote attacker to gain unauthorized access to JAX-WS applications. The root cause is an authentication bypass vulnerability in these WAS components, exposing potential impact on conf...

7.3CVSS5.9AI score0.00337EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-48779

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ws is an open source WebSocket client and server for Node.js. All versions from 1.1.0 up to but not including 5.2.5, from 6.0.0 up to 6.2.4, from 7.0.0 up to...

7.5CVSS5.9AI score0.00782EPSS
Exploits1References4
Snyk
Snyk
added 2026/06/19 8:47 p.m.7 views

Improper Verification of Cryptographic Signature

Overview CoreWCF.Primitives is a port of the service side of Windows Communication Foundation WCF to .NET Core. The goal of this project is to enable existing WCF services to move to .NET Core. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in...

9.1CVSS6AI score0.00143EPSS
Exploits0References3
OSV
OSV
added 2026/06/19 8:47 p.m.6 views

GHSA-GQV6-PWCG-87R8 CoreWCF: XML Signature Wrapping in WS-Security endorsing/supporting signature verification allows replay of captured signed messages

Impact The attacker, with one captured signed SOAP envelope from a victim and no other privileges, can invoke arbitrary operations on the service as the victim principal for the lifetime of the captured signing key. There is no rate limit on replays. The DetectReplays setting on transport-securit...

7.4CVSS6AI score0.00143EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/19 8:47 p.m.9 views

CoreWCF: WS-Security Reference DigestMethod Algorithm-Suite Bypass

Impact CoreWCF’s WS-Security 1.0 receive pipeline validates the SignatureMethod of an incoming ds:SignedInfo against the configured SecurityAlgorithmSuite, but does not validate the DigestMethod declared on each ds:Reference. As a result, a sender can populate ds:SignedInfo with SignatureMethod...

3.7CVSS5.8AI score0.00157EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 8:46 p.m.6 views

CoreWCF: WS-Security signature substitution via document-wide Signature lookup

Impact An unauthenticated remote attacker who can place a SOAP header lexically before wsse:Security can embed a ds:Signature of their choosing inside that header and cause the server to verify the attacker-supplied signature instead of the one carried in the security header. Preconditions...

5.9CVSS5.9AI score0.00238EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.17 views

PT-2026-51071

Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.8.1 CoreWCF versions prior to 1.9.1 Description The SamlSerializer skips the final SignatureValue verification when a service validates SAML tokens using a non-X.509 signing token. This occurs when the service is...

7.4CVSS5.9AI score0.0015EPSS
Exploits0References15
OSV
OSV
added 2026/06/18 9:16 p.m.3 views

MINI-QMC6-GP98-5W5H

Bulletin has no description...

6.1CVSS5.7AI score0.00178EPSS
Exploits0
Rows per page
Query Builder