Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
| # | POC Description | Source Link | Shenlong Link |
|---|
| CVE-2026-54782 | 10.0 CRITICAL | CoreWCF: Authentication bypass in CoreWCF SAML 1.1 / 2.0 token signature validation |
| CVE-2026-54772 | 7.5 HIGH | CoreWCF: Pre-authentication infinite-loop CPU exhaustion in CoreWCF net.tcp / net.pipe / n |
| CVE-2026-54783 | 7.4 HIGH | CoreWCF: XML Signature Wrapping in WS-Security endorsing/supporting signature verification |
| CVE-2026-54774 | 7.4 HIGH | CoreWCF: SamlSerializer skips SignatureValue verification when SAML signing token is not a |
| CVE-2026-54784 | 7.4 HIGH | CoreWCF: SPNEGO SecurityContextToken proof key wrapped without confidentiality |
| CVE-2026-54775 | 6.5 MEDIUM | CoreWCF: Kafka consume pump halts permanently on a Kafka tombstone (null-value record), ca |
| CVE-2026-54777 | 6.5 MEDIUM | CoreWCF NetNamedPipe transport accepts attach to a pre-existing named pipe instance |
| CVE-2026-54778 | 6.2 MEDIUM | CoreWCF: UnixDomainSocket Non-Reentrant POSIX Identity Resolution |
| CVE-2026-54779 | 5.9 MEDIUM | CoreWCF: SAML token replay protection is inoperative |
| CVE-2026-54773 | 5.9 MEDIUM | CoreWCF: WS-Security signature substitution via document-wide Signature lookup |
| CVE-2026-54776 | 4.4 MEDIUM | CoreWCF: Unix Domain Socket PosixIdentity transport accepts connections that skip the secu |
| CVE-2026-54780 | 3.7 LOW | CoreWCF: WS-Security Reference DigestMethod Algorithm-Suite Bypass |
No comments yet