浏览 38+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-58344 | Carbon Forum 5.9.0 Persistent XSS via Forum Name Field | 94Cb | Carbon Forum | Medium | 6.4 | 2026-04-22 14:57:06 | Deep Dive |
| CVE-2025-13590 | Authenticated arbitrary file upload via a System REST API requiring administrator permission. | WSO2 | WSO2 API Manager | Critical | 9.1 | 2026-02-19 10:05:06 | Deep Dive |
| CVE-2025-9312 | Improper Certificate-Based Authentication Enforcement in Multiple WSO2 Products | WSO2 | WSO2 API Manager | Critical | 9.8 | 2025-11-18 12:05:22 | Deep Dive |
| CVE-2025-6670 | Cross-Site Request Forgery (CSRF) in Multiple WSO2 Products via HTTP GET in Admin Services | WSO2 | WSO2 Open Banking AM | High | 8.8 | 2025-11-18 11:28:37 | Deep Dive |
| CVE-2025-10853 | Reflected Cross-Site Scripting (XSS) in Management Console of Multiple WSO2 Products Due to Improper Output Encoding | WSO2 | WSO2 Open Banking IAM | Medium | 5.2 | 2025-11-05 19:21:33 | Deep Dive |
| CVE-2025-10907 | Authenticated Arbitrary File Upload in Multiple WSO2 Products via SOAP Admin Services Leading to Remote Code Execution | WSO2 | WSO2 API Manager | High | 8.4 | 2025-11-05 18:03:50 | Deep Dive |
| CVE-2025-10713 | XML External Entity (XXE) Vulnerability in Multiple WSO2 Products Due to Improper XML Parser Configuration | WSO2 | WSO2 Enterprise Integrator | Medium | 6.5 | 2025-11-05 17:18:25 | Deep Dive |
| CVE-2025-3125 | Authenticated Arbitrary File Upload in Multiple WSO2 Products via CarbonAppUploader Admin Service Leading to Remote Code Execution | WSO2 | WSO2 Identity Server | Medium | 6.7 | 2025-11-05 14:49:45 | Deep Dive |
| CVE-2025-5605 | Authentication Bypass via URI Manipulation in Multiple WSO2 Products' Management Console Leading to Partial Information Disclosure | WSO2 | WSO2 Identity Server | Medium | 4.3 | 2025-10-24 10:10:00 | Deep Dive |
| CVE-2025-5350 | SSRF and Reflected XSS Vulnerability in Deprecated Try-It Feature of Multiple WSO2 Products | WSO2 | WSO2 Identity Server | Medium | 5.9 | 2025-10-24 10:08:08 | Deep Dive |
| CVE-2025-9804 | Improper Access Control in Multiple WSO2 Products via Internal SOAP Admin Services and System REST APIs | WSO2 | WSO2 Identity Server as Key Manager | High | 8.9 | 2025-10-16 12:33:45 | Deep Dive |
| CVE-2025-9955 | Improper Access Control in WSO2 Enterprise Integrator Product via SOAP Admin Services for Logs and User-Store Configuration | WSO2 | WSO2 Enterprise Integrator | Medium | 5.7 | 2025-10-16 12:14:56 | Deep Dive |
| CVE-2025-10611 | Potential Broken Access Control in Multiple WSO2 Products via System REST APIs | WSO2 | WSO2 API Manager | Critical | 9.8 | 2025-10-16 12:09:32 | Deep Dive |
| CVE-2025-4760 | Authenticated Stored Cross-Site Scripting (XSS) in Multiple WSO2 Products via API Document Upload in Publisher | WSO2 | WSO2 API Manager | Medium | 4.8 | 2025-09-23 14:55:05 | Deep Dive |
| CVE-2025-0886 | Lenovo Elliptic Labs Virtual Lock Sensor 安全漏洞 | Lenovo | Elliptic Virtual Lock Sensor Service For ThinkPad P1 Gen 6 (Type 21FV, 21FW) | High | 7.8 | 2025-07-17 19:16:16 | Deep Dive |
| CVE-2024-3511 | Incorrect Authorization in Multiple WSO2 Products Allows Unauthorized Access to Registry Versioned Files | WSO2 | WSO2 Enterprise Integrator | Medium | 4.3 | 2025-06-23 08:47:55 | Deep Dive |
| CVE-2024-1440 | Open Redirection in Multiple WSO2 Products via Multi-Option Authentication Endpoint | WSO2 | WSO2 Identity Server | Medium | 5.4 | 2025-06-02 16:51:17 | Deep Dive |
| CVE-2024-8008 | Reflected Cross-Site Scripting (XSS) in Multiple WSO2 Products via JDBC User Store Connection Validation | WSO2 | WSO2 Enterprise Integrator | Medium | 5.2 | 2025-06-02 16:48:12 | Deep Dive |
| CVE-2024-3509 | Stored Cross-Site Scripting (XSS) in Management Console of Multiple WSO2 Products via Rich Text Editor | WSO2 | WSO2 Enterprise Integrator | Medium | 4.3 | 2025-06-02 16:44:29 | Deep Dive |
| CVE-2024-7074 | Authenticated Arbitrary File Upload in Multiple WSO2 Products via SOAP Admin Service Leading to Remote Code Execution | WSO2 | WSO2 Enterprise Integrator | Medium | 6.8 | 2025-06-02 16:42:19 | Deep Dive |