Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
| # | POC Description | Source Link | Shenlong Link |
|---|
No public POC found.
Login to generate AI POC| CVE-2026-54782 | 10.0 CRITICAL | CoreWCF: Authentication bypass in CoreWCF SAML 1.1 / 2.0 token signature validation |
| CVE-2026-54772 | 7.5 HIGH | CoreWCF: Pre-authentication infinite-loop CPU exhaustion in CoreWCF net.tcp / net.pipe / n |
| CVE-2026-54783 | 7.4 HIGH | CoreWCF: XML Signature Wrapping in WS-Security endorsing/supporting signature verification |
| CVE-2026-54774 | 7.4 HIGH | CoreWCF: SamlSerializer skips SignatureValue verification when SAML signing token is not a |
| CVE-2026-54781 | 7.4 HIGH | CoreWCF: SAML SubjectConfirmation methods and holder-of-key proof keys are not enforced |
| CVE-2026-54784 | 7.4 HIGH | CoreWCF: SPNEGO SecurityContextToken proof key wrapped without confidentiality |
| CVE-2026-54775 | 6.5 MEDIUM | CoreWCF: Kafka consume pump halts permanently on a Kafka tombstone (null-value record), ca |
| CVE-2026-54777 | 6.5 MEDIUM | CoreWCF NetNamedPipe transport accepts attach to a pre-existing named pipe instance |
| CVE-2026-54778 | 6.2 MEDIUM | CoreWCF: UnixDomainSocket Non-Reentrant POSIX Identity Resolution |
| CVE-2026-54773 | 5.9 MEDIUM | CoreWCF: WS-Security signature substitution via document-wide Signature lookup |
| CVE-2026-54776 | 4.4 MEDIUM | CoreWCF: Unix Domain Socket PosixIdentity transport accepts connections that skip the secu |
| CVE-2026-54780 | 3.7 LOW | CoreWCF: WS-Security Reference DigestMethod Algorithm-Suite Bypass |
No comments yet