Lucene search
K

231 matches found

CVE
CVE
added 6 days ago7 views

CVE-2026-58501

Zeep (Python SOAP client) is affected in versions 4.0.0 through before 4.3.3, where Settings.forbid_external is defined but not enforced during WSDL/XSD parsing. This allows transitive xsd:import, xsd:include, wsdl:import, and lxml entity or DTD references to fetch attacker‑controlled HTTP/HTTPS ...

5.9CVSS6AI score0.00252EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/26 12:32 a.m.6 views

EUVD-2026-39577

A flaw was found in Apicurio Registry. The WSDLReaderAccessor creates a wsdl4j WSDLReader without disabling the javax.wsdl.importDocuments feature. When the VALIDITY rule is set to FULL, an attacker with Developer-role access can upload a WSDL document containing attacker-controlled import...

7.4CVSS6AI score0.00187EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 10:17 p.m.10 views

CVE-2026-12992

A flaw was found in Apicurio Registry. The WSDLReaderAccessor creates a wsdl4j WSDLReader without disabling the javax.wsdl.importDocuments feature. When the VALIDITY rule is set to FULL, an attacker with Developer-role access can upload a WSDL document containing attacker-controlled import...

7.4CVSS0.00187EPSS
Exploits0References3
CVE
CVE
added 2026/06/25 9:16 p.m.22 views

CVE-2026-12992

Apicurio Registry is affected by an SSRF flaw in the WSDL handling path. The WSDLReaderAccessor constructs a wsdl4j WSDLReader without disabling javax.wsdl.importDocuments, and with the FULL VALIDITY rule enabled, a Developer-role user can upload a WSDL with attacker-controlled import locations, ...

7.4CVSS6AI score0.00187EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/25 9:16 p.m.7 views

CVE-2026-12992 Apicurio/apicurio-registry: apicurio-registry: ssrf via wsdl4j import dereference in wsdl full validation

A flaw was found in Apicurio Registry. The WSDLReaderAccessor creates a wsdl4j WSDLReader without disabling the javax.wsdl.importDocuments feature. When the VALIDITY rule is set to FULL, an attacker with Developer-role access can upload a WSDL document containing attacker-controlled import...

7.4CVSS6AI score0.00187EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/25 9:16 p.m.25 views

CVE-2026-12992 Apicurio/apicurio-registry: apicurio-registry: ssrf via wsdl4j import dereference in wsdl full validation

A flaw was found in Apicurio Registry. The WSDLReaderAccessor creates a wsdl4j WSDLReader without disabling the javax.wsdl.importDocuments feature. When the VALIDITY rule is set to FULL, an attacker with Developer-role access can upload a WSDL document containing attacker-controlled import...

7.4CVSS0.00187EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/25 9:16 p.m.6 views

CVE-2026-12992

A flaw was found in Apicurio Registry. The WSDLReaderAccessor creates a wsdl4j WSDLReader without disabling the javax.wsdl.importDocuments feature. When the VALIDITY rule is set to FULL, an attacker with Developer-role access can upload a WSDL document containing attacker-controlled import...

7.4CVSS6AI score0.00187EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52594

Name of the Vulnerable Software and Affected Versions Apicurio Registry affected versions not specified Description A flaw exists where the WSDLReaderAccessor creates a wsdl4j WSDLReader without disabling the javax.wsdl.importDocuments feature. When the VALIDITY rule is set to FULL, a user with...

7.4CVSS5.9AI score0.00187EPSS
Exploits0References7
OSV
OSV
added 2026/06/19 10:10 p.m.12 views

GHSA-4CC2-G9W2-FHF6 Zeep: Server-Side Request Forgery (SSRF)

Summary When parsing a WSDL or XSD document, python-zeep follows transitive references — xsd:import, xsd:include, wsdl:import, and lxml entity/DTD resolution — and will fetch http/https URLs found in those references. The Settings.forbidexternal option, intended to disable this transitive remote...

5.9CVSS6AI score0.00252EPSS
Exploits0References4
NCSC
NCSC
added 2025/12/11 1:53 p.m.7 views

Vulnerability fixed in Barracuda Service Center

Barracuda has fixed a vulnerability in Barracuda Service Center Specifically for RMM solutions, versions prior to 2025.1.1. The vulnerability is in the inadequate URL authentication in WSDL files that can be manipulated by attackers. This can lead to the overwriting of arbitrary files and externa...

10CVSS7.2AI score0.22791EPSS
Exploits1References2
The Hacker News
The Hacker News
added 2025/12/10 7:21 p.m.9 views

.NET SOAPwn Flaw Opens Door for File Writes and Remote Code Execution via Rogue WSDL

New research has uncovered exploitation primitives in the .NET Framework that could be leveraged against enterprise-grade applications to achieve remote code execution. WatchTowr Labs, which has codenamed the "invalid cast vulnerability" SOAPwn , said the issue impacts Barracuda Service Center RM...

10CVSS8.4AI score0.22791EPSS
Exploits1
EUVD
EUVD
added 2025/12/10 6:30 p.m.5 views

EUVD-2025-202446

Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not correctly verify the name of an attacker-controlled WSDL service, leading to insecure reflection. This can result in remote code execution through either invocation of arbitrary methods or...

10CVSS7.7AI score0.00603EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/10 6:30 p.m.8 views

EUVD-2025-202447

Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not verify the URL defined in an attacker-controlled WSDL that is later loaded by the application. This can lead to arbitrary file write and remote code execution via webshell upload...

10CVSS7.7AI score0.22791EPSS
Exploits1References5
OSV
OSV
added 2025/12/10 4:16 p.m.6 views

CVE-2025-34392

Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not verify the URL defined in an attacker-controlled WSDL that is later loaded by the application. This can lead to arbitrary file write and remote code execution via webshell upload...

9.8CVSS6.5AI score0.22791EPSS
Exploits1References4
NVD
NVD
added 2025/12/10 4:16 p.m.5 views

CVE-2025-34392

Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not verify the URL defined in an attacker-controlled WSDL that is later loaded by the application. This can lead to arbitrary file write and remote code execution via webshell upload...

10CVSS0.22791EPSS
Exploits1References4
CVE
CVE
added 2025/12/10 3:45 p.m.19 views

CVE-2025-34393

Barracuda Service Center (RMM solution) before 2025.1.1 is affected. The root cause is improper validation of the name of an attacker-controlled WSDL service, enabling insecure reflection that can lead to remote code execution via invocation of arbitrary methods or deserialization of untrusted ty...

10CVSS7.9AI score0.00603EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2025/12/10 3:44 p.m.19 views

CVE-2025-34392

Barracuda Service Center (as implemented in Barracuda RMM) prior to version 2025.1.1 contains an insufficient WSDL URL validation in attacker-controlled WSDLs, enabling arbitrary file write and remote code execution via webshell uploads. Affected products include Barracuda RMM’s Service Center in...

10CVSS7.9AI score0.22791EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.9 views

PT-2025-50336

Name of the Vulnerable Software and Affected Versions Barracuda Service Center versions prior to 2025.1.1 Description The Barracuda Service Center, within the RMM solution, improperly validates the name of a WSDL service controlled by an attacker. This insecure reflection can lead to remote code...

10CVSS8AI score0.00603EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2013-1666

Malware in sbrugna...

7.5CVSS9.2AI score0.09747EPSS
Exploits0References16
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-8603

Malware in sbrugna...

10CVSS9.5AI score0.02166EPSS
Exploits0References4
Rows per page
Query Builder