CVE-2026-12993
- EPSS 0.24%
- Veröffentlicht 25.06.2026 23:23:20
- Zuletzt bearbeitet 06.07.2026 18:12:01
A flaw was found in Apicurio Registry. The DocumentBuilderAccessor correctly blocks external DTD and schema access but does not disable DOCTYPE declarations or enable FEATURE_SECURE_PROCESSING. An attacker with artifact-write permission can upload XM...
CVE-2026-12992
- EPSS 0.19%
- Veröffentlicht 25.06.2026 21:16:11
- Zuletzt bearbeitet 06.07.2026 18:12:29
A flaw was found in Apicurio Registry. The WSDLReaderAccessor creates a wsdl4j WSDLReader without disabling the javax.wsdl.importDocuments feature. When the VALIDITY rule is set to FULL, an attacker with Developer-role access can upload a WSDL docume...
CVE-2026-12975
- EPSS 0.23%
- Veröffentlicht 25.06.2026 21:12:31
- Zuletzt bearbeitet 06.07.2026 18:12:40
A flaw was found in Apicurio Registry. The ContentTypeUtil.isParsableXml() method creates a SAXParserFactory without enabling secure processing features or disabling external entity resolution. An attacker with artifact-write permission (or unauthent...