Known Vulnerabilities for Apache CXF by Apache Software Foundation
Listed below are 10 of the newest known vulnerabilities associated with "Apache CXF" by "Apache Software Foundation".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-57915 json | It is possible to bypass the Kerberos pre-authentication check in Apache Kerby by sending a PA-DATA with an unrecognized or u... | Not Provided | 2026-06-26 | 2026-06-30 |
| CVE-2026-57914 json | By sending a deeply nested ASN1 structure to a Apache Kerby client or service, it's possible to trigger a StackOverFlow Excep... | Not Provided | 2026-06-26 | 2026-06-26 |
| CVE-2026-56130 json | "Remember me" cookie age is not verified on the server. This potentially allows an attacker to intercept a valid cookie and r... | Not Provided | 2026-06-25 | 2026-06-25 |
| CVE-2026-56091 json | When using Apache Shiro with the shiro-guice module in a web servlet context, a specially crafted HTTP request may cause an a... | Not Provided | 2026-06-25 | 2026-06-25 |
| CVE-2026-55957 json | Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to authenticate bind... | Not Provided | 2026-06-29 | 2026-06-30 |
| CVE-2026-55956 json | Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignorin... | Not Provided | 2026-06-29 | 2026-06-30 |
| CVE-2026-55955 json | Improper Authentication vulnerability in Apache Tomcat allowed a replay attack against the EncryptionInterceptor in the clust... | Not Provided | 2026-06-29 | 2026-06-30 |
| CVE-2026-55276 json | Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat meant that special roles and empty authorisation ... | Not Provided | 2026-06-29 | 2026-06-30 |
| CVE-2026-55223 json | c3p0 is a JDBC Connection pooling library. In versions prior to 0.14.0, c3p0 in combination with other libraries, can compos... | Not Provided | 2026-06-30 | 2026-07-01 |
| CVE-2026-54665 json | Apache NiFi 0.0.1 through 2.9.0 support building qualified URLs from one of several HTTP request headers that provide an alte... | Not Provided | 2026-06-22 | 2026-06-22 |