pkg:Maven/org.apache.cxf:cxf-core

All known vulnerabilities

• CRITICAL9.8CVE-2022-46364Apache CXF Server-Side Request Forgery vulnerability
  from 0, < 3.4.10
• HIGH7.5CVE-2025-23184Apache CXF: Denial of Service vulnerability with temporary files
  from 0, < 3.5.10
• HIGH7.5CVE-2022-46363Apache CXF vulnerable to Exposure of Sensitive Information
  from 0, < 3.4.10
• HIGH7.5Improper Restriction of XML External Entity Reference in Apache CXF JAX-RS
  from 0, < 3.0.12
• HIGH7.5Session Fixation in Apache CXF
  >= 3.1.0, < 3.1.11
• MEDIUM6.1Improper Neutralization of Input During Web Page Generation in Apache CXF
  from 0, < 3.0.12
• MEDIUM5.6Apache CXF is vulnerable to DoS attacks as entire files are read into memory and logged
  from 0, < 3.5.11
• MEDIUM5.5Improper Input Validation in Apache CXF
  >= 3.2.0, < 3.2.1
• MEDIUM5.3Improper Certificate Validation in Apache CXF
  >= 3.1.0, < 3.1.11
• —Cleartext Transmission of Sensitive Information in Apache CXF
  from 0, < 2.6.13
• —Uncontrolled Resource Consumption in Apache CXF
  from 0, < 2.6.14
• —Uncontrolled Resource Consumption in Apache CXF
  from 0, < 2.6.14