Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Vulnerability List
Clear Filters
Found 31 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2024-2374 XML External Entity Injection in Multiple WSO2 Products Allows Arbitrary file read and Denial of Service WSO2WSO2 API Manager High 7.5 2026-04-16 08:12:58 Deep Dive
CVE-2025-9312 Improper Certificate-Based Authentication Enforcement in Multiple WSO2 Products WSO2WSO2 API Manager Critical 9.8 2025-11-18 12:05:22 Deep Dive
CVE-2025-6670 Cross-Site Request Forgery (CSRF) in Multiple WSO2 Products via HTTP GET in Admin Services WSO2WSO2 Open Banking AM High 8.8 2025-11-18 11:28:37 Deep Dive
CVE-2025-10853 Reflected Cross-Site Scripting (XSS) in Management Console of Multiple WSO2 Products Due to Improper Output Encoding WSO2WSO2 Open Banking IAM Medium 5.2 2025-11-05 19:21:33 Deep Dive
CVE-2025-11093 Arbitrary Code Execution with higher privileged users in Multiple WSO2 Products via Script Mediator Engines (GraalJS and NashornJS) WSO2WSO2 Micro Integrator High 8.4 2025-11-05 18:31:18 Deep Dive
CVE-2025-10907 Authenticated Arbitrary File Upload in Multiple WSO2 Products via SOAP Admin Services Leading to Remote Code Execution WSO2WSO2 API Manager High 8.4 2025-11-05 18:03:50 Deep Dive
CVE-2025-10713 XML External Entity (XXE) Vulnerability in Multiple WSO2 Products Due to Improper XML Parser Configuration WSO2WSO2 Enterprise Integrator Medium 6.5 2025-11-05 17:18:25 Deep Dive
CVE-2025-3125 Authenticated Arbitrary File Upload in Multiple WSO2 Products via CarbonAppUploader Admin Service Leading to Remote Code Execution WSO2WSO2 Identity Server Medium 6.7 2025-11-05 14:49:45 Deep Dive
CVE-2025-5605 Authentication Bypass via URI Manipulation in Multiple WSO2 Products' Management Console Leading to Partial Information Disclosure WSO2WSO2 Identity Server Medium 4.3 2025-10-24 10:10:00 Deep Dive
CVE-2025-5350 SSRF and Reflected XSS Vulnerability in Deprecated Try-It Feature of Multiple WSO2 Products WSO2WSO2 Identity Server Medium 5.9 2025-10-24 10:08:08 Deep Dive
CVE-2025-9804 Improper Access Control in Multiple WSO2 Products via Internal SOAP Admin Services and System REST APIs WSO2WSO2 Identity Server as Key Manager High 8.9 2025-10-16 12:33:45 Deep Dive
CVE-2025-10611 Potential Broken Access Control in Multiple WSO2 Products via System REST APIs WSO2WSO2 API Manager Critical 9.8 2025-10-16 12:09:32 Deep Dive
CVE-2025-1862 Authenticated Arbitrary File Upload in Multiple WSO2 Products via BPEL Uploader SOAP Service Leading to Remote Code Execution WSO2WSO2 Enterprise Integrator Medium 6.7 2025-09-26 08:18:22 Deep Dive
CVE-2025-1396 Username Enumeration in Multiple WSO2 Products with Multi-Attribute Login Enabled WSO2WSO2 Identity Server Low 3.7 2025-09-26 07:52:52 Deep Dive
CVE-2025-0672 Authentication Bypass in Multiple WSO2 Products via Stale FIDO Credential Association WSO2WSO2 Identity Server as Key Manager Low 3.3 2025-09-23 17:30:43 Deep Dive
CVE-2025-0663 Potential cross-tenant account takeover vulnerability in Multiple WSO2 Products via Adaptive Authentication and Auto-Login WSO2WSO2 Open Banking IAM Medium 6.8 2025-09-23 16:58:07 Deep Dive
CVE-2025-6056 Ergon Informatik AG Airlock IAM 安全漏洞 Ergon Informatik AGAirlock IAM 中危 -2025-07-04 11:21:43 Deep Dive
CVE-2024-3511 Incorrect Authorization in Multiple WSO2 Products Allows Unauthorized Access to Registry Versioned Files WSO2WSO2 Enterprise Integrator Medium 4.3 2025-06-23 08:47:55 Deep Dive
CVE-2024-1440 Open Redirection in Multiple WSO2 Products via Multi-Option Authentication Endpoint WSO2WSO2 Identity Server Medium 5.4 2025-06-02 16:51:17 Deep Dive
CVE-2024-8008 Reflected Cross-Site Scripting (XSS) in Multiple WSO2 Products via JDBC User Store Connection Validation WSO2WSO2 Enterprise Integrator Medium 5.2 2025-06-02 16:48:12 Deep Dive