Lucene search
K

57 matches found

CVE
CVE
added 2026/05/22 12:16 p.m.42 views

CVE-2026-44930

Technical details are not publicly available in the provided documents. Monitor for updates.

9.8CVSS5.9AI score0.00722EPSS
CVE
CVE
added 2026/05/22 12:17 p.m.38 views

CVE-2026-44618

Technical details for CVE-2026-44618 are not publicly available in the provided documents. The records mention an XXE vulnerability in Apache CXF WS-Transfer and upgrade versions, but no further specifics are provided. Monitor for updates.

5.3CVSS5.7AI score0.00338EPSS
CVE
CVE
added 2026/06/12 9:0 a.m.36 views

CVE-2026-50632

CVE-2026-50632 : Apache CXF exposes a JNDI Injection vulnerability in the JMSConfigFactory. The issue arises when untrusted users configure JMS, potentially allowing code execution. Affected versions are addressed by upgrades to 4.2.2 or 4.1.7. The NVD/CVEs and related feeds document this as a co...

8.8CVSS5.8AI score0.00646EPSS
CVE
CVE
added 2026/06/12 8:55 a.m.32 views

CVE-2026-50627

The CVE-2026-50627 issue affects Apache CXF’s JwtAccessTokenValidator, which fails to validate the aud (Audience) claim in incoming JWT access tokens. As described in multiple sources (NVD/Red Hat/CVE List/etc.), a token issued for one Resource Server could be replayed against a different Resourc...

9.1CVSS5.2AI score0.00445EPSS
CVE
CVE
added 2026/06/12 8:58 a.m.29 views

CVE-2026-50630

The CVE-2026-50630 issue affects Apache CXF’s OAuth2 implementation, where the AuthorizationUtils class concatenates the realm parameter into the WWW-Authenticate header without sanitizing CR/LF characters. This can enable header injection or HTTP response splitting if an attacker controls the re...

6.5CVSS5.5AI score0.00404EPSS
CVE
CVE
added 2026/06/12 8:57 a.m.28 views

CVE-2026-50629

The CVE-2026-50629 issue affects Apache CXF’s OAuth2 server where the 'clientId' from HTTP requests is concatenated into log warning messages without sanitizing control characters. This creates log injection risk by allowing arbitrary content in logs. Root cause: unsanitized control characters in...

5.3CVSS5.4AI score0.0047EPSS
CVE
CVE
added 2026/06/12 8:52 a.m.26 views

CVE-2026-50623

CVE-2026-50623 affects Apache CXF’s OAuth2 TokenIntrospectionService. A missing 'throw' in the security context check permits access to the introspection endpoint (/services/oauth2/introspect) by any unauthenticated network attacker. This bypass is tied to a safeguard condition when authenticatio...

4.8CVSS5.4AI score0.00371EPSS
Total number of security vulnerabilities57