| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-27935 | Authentication Bypass in OTP (One-time Passcode) IdP Adapter Integration Kit | Ping Identity | One-Time Passcode Integration Kit for PingFederate | - | - | 2025-12-04 20:38:32 | Deep Dive |
| CVE-2025-9312 | Improper Certificate-Based Authentication Enforcement in Multiple WSO2 Products | WSO2 | WSO2 API Manager | Critical | 9.8 | 2025-11-18 12:05:22 | Deep Dive |
| CVE-2025-6670 | Cross-Site Request Forgery (CSRF) in Multiple WSO2 Products via HTTP GET in Admin Services | WSO2 | WSO2 Open Banking AM | High | 8.8 | 2025-11-18 11:28:37 | Deep Dive |
| CVE-2025-10853 | Reflected Cross-Site Scripting (XSS) in Management Console of Multiple WSO2 Products Due to Improper Output Encoding | WSO2 | WSO2 Open Banking IAM | Medium | 5.2 | 2025-11-05 19:21:33 | Deep Dive |
| CVE-2025-5770 | Reflected Cross-Site Scripting (XSS) in Authentication Endpoints of Multiple WSO2 Products | WSO2 | WSO2 Identity Server | Medium | 6.1 | 2025-11-05 19:02:48 | Deep Dive |
| CVE-2025-11093 | Arbitrary Code Execution with higher privileged users in Multiple WSO2 Products via Script Mediator Engines (GraalJS and NashornJS) | WSO2 | WSO2 Micro Integrator | High | 8.4 | 2025-11-05 18:31:18 | Deep Dive |
| CVE-2025-10907 | Authenticated Arbitrary File Upload in Multiple WSO2 Products via SOAP Admin Services Leading to Remote Code Execution | WSO2 | WSO2 API Manager | High | 8.4 | 2025-11-05 18:03:50 | Deep Dive |
| CVE-2025-10713 | XML External Entity (XXE) Vulnerability in Multiple WSO2 Products Due to Improper XML Parser Configuration | WSO2 | WSO2 Enterprise Integrator | Medium | 6.5 | 2025-11-05 17:18:25 | Deep Dive |
| CVE-2025-20304 | Cisco Identity Services Engine 跨站脚本漏洞 | Cisco | Cisco Identity Services Engine Software | Medium | 5.4 | 2025-11-05 16:33:28 | Deep Dive |
| CVE-2025-20305 | Cisco Identity Services Engine 安全漏洞 | Cisco | Cisco Identity Services Engine Software | Medium | 4.3 | 2025-11-05 16:32:53 | Deep Dive |
| CVE-2025-20289 | Cisco Identity Services Engine 跨站脚本漏洞 | Cisco | Cisco Identity Services Engine Software | Medium | 4.8 | 2025-11-05 16:32:29 | Deep Dive |
| CVE-2025-20303 | Cisco Identity Services Engine 跨站脚本漏洞 | Cisco | Cisco Identity Services Engine Software | Medium | 5.4 | 2025-11-05 16:32:02 | Deep Dive |
| CVE-2025-20343 | Cisco Identity Services Engine Radius Suppression Denial of Service Vulnerability | Cisco | Cisco Identity Services Engine Software | High | 8.6 | 2025-11-05 16:31:05 | Deep Dive |
| CVE-2025-3125 | Authenticated Arbitrary File Upload in Multiple WSO2 Products via CarbonAppUploader Admin Service Leading to Remote Code Execution | WSO2 | WSO2 Identity Server | Medium | 6.7 | 2025-11-05 14:49:45 | Deep Dive |
| CVE-2025-26862 | PingFederate unexpected browser flow initiation in redirectless mode | Ping Identity | PingFederate | - | - | 2025-10-27 14:39:41 | Deep Dive |
| CVE-2025-5605 | Authentication Bypass via URI Manipulation in Multiple WSO2 Products' Management Console Leading to Partial Information Disclosure | WSO2 | WSO2 Identity Server | Medium | 4.3 | 2025-10-24 10:10:00 | Deep Dive |
| CVE-2025-5350 | SSRF and Reflected XSS Vulnerability in Deprecated Try-It Feature of Multiple WSO2 Products | WSO2 | WSO2 Identity Server | Medium | 5.9 | 2025-10-24 10:08:08 | Deep Dive |
| CVE-2025-61757 | Oracle Fusion Middleware 安全漏洞 | Oracle Corporation | Identity Manager | Critical | 9.8 | 2025-10-21 20:03:11 | Deep Dive |
| CVE-2025-9804 | Improper Access Control in Multiple WSO2 Products via Internal SOAP Admin Services and System REST APIs | WSO2 | WSO2 Identity Server as Key Manager | High | 8.9 | 2025-10-16 12:33:45 | Deep Dive |
| CVE-2025-10611 | Potential Broken Access Control in Multiple WSO2 Products via System REST APIs | WSO2 | WSO2 API Manager | Critical | 9.8 | 2025-10-16 12:09:32 | Deep Dive |