Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now
Associated Vulnerability
Clear Filters
Found 39 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2025-12624 Improper Token Invalidation in WSO2 Identity Server Allows Access After Account Lock WSO2WSO2 Identity Server Medium 6.0 2026-04-16 10:25:20 Deep Dive
CVE-2025-6024 Cross-Site Scripting via Authentication Endpoint in Multiple WSO2 Products Allows Redirection to Malicious Websites WSO2WSO2 API Manager Medium 6.1 2026-04-16 09:48:45 Deep Dive
CVE-2024-2374 XML External Entity Injection in Multiple WSO2 Products Allows Arbitrary file read and Denial of Service WSO2WSO2 API Manager High 7.5 2026-04-16 08:12:58 Deep Dive
CVE-2024-1524 A local user can be impersonated when using federated authentication with Silent JIT Provisioning. WSO2WSO2 API Manager High 7.7 2026-02-24 08:51:11 Deep Dive
CVE-2025-12107 Potential authenticated Server-Side Template Injection (SSTI) vulnerability. WSO2WSO2 Identity Server High 8.4 2026-02-19 10:04:48 Deep Dive
CVE-2025-9312 Improper Certificate-Based Authentication Enforcement in Multiple WSO2 Products WSO2WSO2 API Manager Critical 9.8 2025-11-18 12:05:22 Deep Dive
CVE-2025-6670 Cross-Site Request Forgery (CSRF) in Multiple WSO2 Products via HTTP GET in Admin Services WSO2WSO2 Open Banking AM High 8.8 2025-11-18 11:28:37 Deep Dive
CVE-2025-10853 Reflected Cross-Site Scripting (XSS) in Management Console of Multiple WSO2 Products Due to Improper Output Encoding WSO2WSO2 Open Banking IAM Medium 5.2 2025-11-05 19:21:33 Deep Dive
CVE-2025-5770 Reflected Cross-Site Scripting (XSS) in Authentication Endpoints of Multiple WSO2 Products WSO2WSO2 Identity Server Medium 6.1 2025-11-05 19:02:48 Deep Dive
CVE-2025-11093 Arbitrary Code Execution with higher privileged users in Multiple WSO2 Products via Script Mediator Engines (GraalJS and NashornJS) WSO2WSO2 Micro Integrator High 8.4 2025-11-05 18:31:18 Deep Dive
CVE-2025-10907 Authenticated Arbitrary File Upload in Multiple WSO2 Products via SOAP Admin Services Leading to Remote Code Execution WSO2WSO2 API Manager High 8.4 2025-11-05 18:03:50 Deep Dive
CVE-2025-10713 XML External Entity (XXE) Vulnerability in Multiple WSO2 Products Due to Improper XML Parser Configuration WSO2WSO2 Enterprise Integrator Medium 6.5 2025-11-05 17:18:25 Deep Dive
CVE-2025-3125 Authenticated Arbitrary File Upload in Multiple WSO2 Products via CarbonAppUploader Admin Service Leading to Remote Code Execution WSO2WSO2 Identity Server Medium 6.7 2025-11-05 14:49:45 Deep Dive
CVE-2025-5605 Authentication Bypass via URI Manipulation in Multiple WSO2 Products' Management Console Leading to Partial Information Disclosure WSO2WSO2 Identity Server Medium 4.3 2025-10-24 10:10:00 Deep Dive
CVE-2025-5350 SSRF and Reflected XSS Vulnerability in Deprecated Try-It Feature of Multiple WSO2 Products WSO2WSO2 Identity Server Medium 5.9 2025-10-24 10:08:08 Deep Dive
CVE-2025-9804 Improper Access Control in Multiple WSO2 Products via Internal SOAP Admin Services and System REST APIs WSO2WSO2 Identity Server as Key Manager High 8.9 2025-10-16 12:33:45 Deep Dive
CVE-2025-10611 Potential Broken Access Control in Multiple WSO2 Products via System REST APIs WSO2WSO2 API Manager Critical 9.8 2025-10-16 12:09:32 Deep Dive
CVE-2025-1862 Authenticated Arbitrary File Upload in Multiple WSO2 Products via BPEL Uploader SOAP Service Leading to Remote Code Execution WSO2WSO2 Enterprise Integrator Medium 6.7 2025-09-26 08:18:22 Deep Dive
CVE-2025-1396 Username Enumeration in Multiple WSO2 Products with Multi-Attribute Login Enabled WSO2WSO2 Identity Server Low 3.7 2025-09-26 07:52:52 Deep Dive
CVE-2025-0672 Authentication Bypass in Multiple WSO2 Products via Stale FIDO Credential Association WSO2WSO2 Identity Server as Key Manager Low 3.3 2025-09-23 17:30:43 Deep Dive