| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-6429 | Content Spoofing in Multiple WSO2 Products via Error Message Injection | WSO2 | WSO2 Identity Server as Key Manager | Medium | 4.3 | 2025-09-23 16:37:58 | Deep Dive |
| CVE-2025-5717 | Authenticated Remote Code Execution in Multiple WSO2 Products via Event Processor Admin Service | WSO2 | WSO2 API Manager | Medium | 6.8 | 2025-09-23 16:05:20 | Deep Dive |
| CVE-2025-4760 | Authenticated Stored Cross-Site Scripting (XSS) in Multiple WSO2 Products via API Document Upload in Publisher | WSO2 | WSO2 API Manager | Medium | 4.8 | 2025-09-23 14:55:05 | Deep Dive |
| CVE-2024-4598 | Information Disclosure in Multiple WSO2 Products Due to Improper Handling in Enrich Mediator | WSO2 | WSO2 API Manager | Medium | 6.5 | 2025-09-23 10:39:16 | Deep Dive |
| CVE-2024-3511 | Incorrect Authorization in Multiple WSO2 Products Allows Unauthorized Access to Registry Versioned Files | WSO2 | WSO2 Enterprise Integrator | Medium | 4.3 | 2025-06-23 08:47:55 | Deep Dive |
| CVE-2024-1440 | Open Redirection in Multiple WSO2 Products via Multi-Option Authentication Endpoint | WSO2 | WSO2 Identity Server | Medium | 5.4 | 2025-06-02 16:51:17 | Deep Dive |
| CVE-2024-8008 | Reflected Cross-Site Scripting (XSS) in Multiple WSO2 Products via JDBC User Store Connection Validation | WSO2 | WSO2 Enterprise Integrator | Medium | 5.2 | 2025-06-02 16:48:12 | Deep Dive |
| CVE-2024-3509 | Stored Cross-Site Scripting (XSS) in Management Console of Multiple WSO2 Products via Rich Text Editor | WSO2 | WSO2 Enterprise Integrator | Medium | 4.3 | 2025-06-02 16:44:29 | Deep Dive |
| CVE-2024-7074 | Authenticated Arbitrary File Upload in Multiple WSO2 Products via SOAP Admin Service Leading to Remote Code Execution | WSO2 | WSO2 Enterprise Integrator | Medium | 6.8 | 2025-06-02 16:42:19 | Deep Dive |
| CVE-2024-7097 | Incorrect Authorization in Multiple WSO2 Products via SOAP Admin Service Allowing Unauthorized User Signup | WSO2 | WSO2 Open Banking AM | Medium | 4.3 | 2025-05-30 15:04:10 | Deep Dive |
| CVE-2024-7096 | Privilege Escalation in Multiple WSO2 Products via SOAP Admin Service Due to Business Logic Flaw | WSO2 | WSO2 Open Banking IAM | Medium | 4.2 | 2025-05-30 14:54:32 | Deep Dive |
| CVE-2024-5962 | Reflected Cross-Site Scripting (XSS) in Authentication Endpoint of Multiple WSO2 Products Due to Missing Output Encoding | WSO2 | WSO2 API Manager | Medium | 6.1 | 2025-05-22 19:34:06 | Deep Dive |
| CVE-2024-6914 | Incorrect Authorization in Multiple WSO2 Products via Account Recovery SOAP Admin Service Leading to Account Takeover | WSO2 | WSO2 API Manager | High | 8.8 | 2025-05-22 18:26:15 | Deep Dive |
| CVE-2025-2905 | An XML External Entity (XXE) vulnerability in Multiple WSO2 Products | WSO2 | WSO2 API Manager | Critical | 9.1 | 2025-05-05 09:02:01 | Deep Dive |
| CVE-2024-5848 | Reflected Cross-Site Scripting (XSS) in Multiple WSO2 Products Due to Improper Input Validation | WSO2 | WSO2 API Manager | Medium | 6.1 | 2025-02-27 07:08:07 | Deep Dive |
| CVE-2024-2321 | Incorrect Authorization in Multiple WSO2 Products Allows API Access via Refresh Token | WSO2 | WSO2 API Manager | Medium | 5.6 | 2025-02-27 04:08:34 | Deep Dive |
| CVE-2023-6911 | 部分WSO2产品 跨站脚本漏洞 | WSO2 | WSO2 API Manager | Medium | 4.8 | 2023-12-18 08:32:59 | Deep Dive |
| CVE-2023-6839 | WSO2 API Manager 安全漏洞 | WSO2 | WSO2 API Manager | Medium | 5.3 | 2023-12-15 10:14:15 | Deep Dive |
| CVE-2023-6838 | WSO2 API Manager 跨站脚本漏洞 | WSO2 | WSO2 API Manager | Medium | 6.1 | 2023-12-15 09:50:52 | Deep Dive |
| CVE-2023-6837 | Incorrect Authorization in Multiple WSO2 Products via Federated Authentication with JIT Provisioning Leading to User Impersonation | WSO2 | WSO2 API Manager | High | 8.5 | 2023-12-15 09:41:23 | Deep Dive |