Where
AND
-Infinity
0

Trending

Last week
Last month
Last year

Apache CXFIn versions of Apache CXF before 3.6.4 and 4.0.5 (3.5.x and lower versions are not impacted), a CXF …

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2298829

Apache CXFInput Validation

Risk 18
Severity
4
First published (updated )
REDHAT-BUG-2298828

IBM Security GuardiumApache CXF Reflected XSS in the services listing page via the styleSheetPath

Risk 39
Severity
6.1
First published (updated )
CVE-2020-13954

IBM Security GuardiumInfoleak

Risk 37
Severity
5.9
First published (updated )
CVE-2020-1954

redhat/eap7-apache-cxfXSS

Risk 39
Severity
6.1
First published (updated )
CVE-2019-17573
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

IBM Security GuardiumApache CXF is vulnerable to a denial of service, caused by the failure to restrict the number of mes…

Risk 39
Severity
6.5
First published (updated )
CVE-2019-12406

IBM Security GuardiumInput Validation

Risk 33
Severity
5.5
First published (updated )
CVE-2017-12624

maven/org.apache.cxf:cxf-coreJAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that th…

Risk 27
Severity
5.3
First published (updated )
CVE-2017-5653

Apache CXFXSS

Risk 39
Severity
6.1
First published (updated )
CVE-2016-6812

maven/org.apache.cxf:cxf-rt-rs-security-sso-samlThe SAML Web SSO module in Apache CXF before 2.7.18, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allo…

Risk 22
Severity
4
First published (updated )
CVE-2015-5253
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache CXFThe SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before 2.7.8, and 3.0.x before 3.0.1 allo…

Risk 27
Severity
5
First published (updated )
CVE-2014-3584

redhat/wss4jApache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x…

Risk 26
Severity
5
First published (updated )
CVE-2014-3623

Apache CXFThe SymmetricBinding in Apache CXF before 2.6.13 and 2.7.x before 2.7.10, when EncryptBeforeSigning …

Risk 23
Severity
4.3
First published (updated )
CVE-2014-0035

Apache CXFInput Validation

Risk 23
Severity
4.3
First published (updated )
CVE-2014-0034

Apache CXFApache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of servic…

Risk 23
Severity
4.3
First published (updated )
CVE-2014-0110
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache CXFApache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of servic…

Risk 23
Severity
4.3
First published (updated )
CVE-2014-0109

Apache CXFThe streaming XML parser in Apache CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before 2.7…

Risk 27
Severity
5
First published (updated )
CVE-2013-2160

Apache CXFApache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToke…

Risk 26
Severity
5
First published (updated )
CVE-2013-0239

Apache CXFThe URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, wh…

Risk 36
Severity
5.8
First published (updated )
CVE-2012-5633

Apache CXFApache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enfor…

Risk 22
Severity
4.3
First published (updated )
CVE-2012-2378
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache CXFApache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify t…

Risk 41
Severity
6.4
First published (updated )
CVE-2012-5575

Apache CXFInput Validation

Risk 35
Severity
5.8
First published (updated )
CVE-2012-5786

maven/org.apache.cxf:cxfInput Validation

Risk 22
Severity
4.3
First published (updated )
CVE-2012-3451

Apache CXFApache CXF is vulnerable to SOAPAction spoofing attacks under certain conditions. If web services ar…

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-851896

redhat/aopallianceThe implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache W…

Risk 36
Severity
5.9
First published (updated )
CVE-2011-2487
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203