Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

漏洞数据库 - AI 增强中文 CVE 平台 与情报

浏览 42+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。

Clear Filters
Found 42 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2025-6024 Cross-Site Scripting via Authentication Endpoint in Multiple WSO2 Products Allows Redirection to Malicious Websites WSO2WSO2 API Manager Medium 6.1 2026-04-16 09:48:45 Deep Dive
CVE-2024-10242 Reflected Cross-Site Scripting via Authentication Endpoint in WSO2 API Manager Allows UI Modification and Redirection WSO2WSO2 API Manager Medium 6.1 2026-04-16 09:45:46 Deep Dive
CVE-2024-8010 XML External Entity Injection via Publisher in WSO2 API Manager Allows Reading Arbitrary Files WSO2WSO2 API Manager Low 3.5 2026-04-16 09:39:20 Deep Dive
CVE-2024-4867 Cross-Site Scripting via Developer Portal in WSO2 API Manager Enables UI Modification and Information Retrieval WSO2WSO2 API Manager Medium 5.4 2026-04-16 09:32:41 Deep Dive
CVE-2024-2374 XML External Entity Injection in Multiple WSO2 Products Allows Arbitrary file read and Denial of Service WSO2WSO2 API Manager High 7.5 2026-04-16 08:12:58 Deep Dive
CVE-2024-1524 A local user can be impersonated when using federated authentication with Silent JIT Provisioning. WSO2WSO2 API Manager High 7.7 2026-02-24 08:51:11 Deep Dive
CVE-2025-13590 Authenticated arbitrary file upload via a System REST API requiring administrator permission. WSO2WSO2 API Manager Critical 9.1 2026-02-19 10:05:06 Deep Dive
CVE-2025-9312 Improper Certificate-Based Authentication Enforcement in Multiple WSO2 Products WSO2WSO2 API Manager Critical 9.8 2025-11-18 12:05:22 Deep Dive
CVE-2025-6670 Cross-Site Request Forgery (CSRF) in Multiple WSO2 Products via HTTP GET in Admin Services WSO2WSO2 Open Banking AM High 8.8 2025-11-18 11:28:37 Deep Dive
CVE-2025-10853 Reflected Cross-Site Scripting (XSS) in Management Console of Multiple WSO2 Products Due to Improper Output Encoding WSO2WSO2 Open Banking IAM Medium 5.2 2025-11-05 19:21:33 Deep Dive
CVE-2025-5770 Reflected Cross-Site Scripting (XSS) in Authentication Endpoints of Multiple WSO2 Products WSO2WSO2 Identity Server Medium 6.1 2025-11-05 19:02:48 Deep Dive
CVE-2025-11093 Arbitrary Code Execution with higher privileged users in Multiple WSO2 Products via Script Mediator Engines (GraalJS and NashornJS) WSO2WSO2 Micro Integrator High 8.4 2025-11-05 18:31:18 Deep Dive
CVE-2025-10907 Authenticated Arbitrary File Upload in Multiple WSO2 Products via SOAP Admin Services Leading to Remote Code Execution WSO2WSO2 API Manager High 8.4 2025-11-05 18:03:50 Deep Dive
CVE-2025-10713 XML External Entity (XXE) Vulnerability in Multiple WSO2 Products Due to Improper XML Parser Configuration WSO2WSO2 Enterprise Integrator Medium 6.5 2025-11-05 17:18:25 Deep Dive
CVE-2025-3125 Authenticated Arbitrary File Upload in Multiple WSO2 Products via CarbonAppUploader Admin Service Leading to Remote Code Execution WSO2WSO2 Identity Server Medium 6.7 2025-11-05 14:49:45 Deep Dive
CVE-2025-5605 Authentication Bypass via URI Manipulation in Multiple WSO2 Products' Management Console Leading to Partial Information Disclosure WSO2WSO2 Identity Server Medium 4.3 2025-10-24 10:10:00 Deep Dive
CVE-2025-5350 SSRF and Reflected XSS Vulnerability in Deprecated Try-It Feature of Multiple WSO2 Products WSO2WSO2 Identity Server Medium 5.9 2025-10-24 10:08:08 Deep Dive
CVE-2025-9152 Improper Privilege Management in Multiple WSO2 API Manager via keymanager-operations DCR Endpoint WSO2WSO2 API Manager Critical 9.8 2025-10-16 12:37:01 Deep Dive
CVE-2025-9804 Improper Access Control in Multiple WSO2 Products via Internal SOAP Admin Services and System REST APIs WSO2WSO2 Identity Server as Key Manager High 8.9 2025-10-16 12:33:45 Deep Dive
CVE-2025-10611 Potential Broken Access Control in Multiple WSO2 Products via System REST APIs WSO2WSO2 API Manager Critical 9.8 2025-10-16 12:09:32 Deep Dive