| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-5962 | Reflected Cross-Site Scripting (XSS) in Authentication Endpoint of Multiple WSO2 Products Due to Missing Output Encoding | WSO2 | WSO2 API Manager | Medium | 6.1 | 2025-05-22 19:34:06 | Deep Dive |
| CVE-2024-7487 | Improper Authentication in WSO2 Identity Server 7.0.0 Allows Bypass of App-Native Authentication | WSO2 | WSO2 Identity Server | Medium | 5.8 | 2025-05-22 19:03:13 | Deep Dive |
| CVE-2024-7103 | Reflected Cross-Site Scripting (XSS) in WSO2 Identity Server 7.0.0 Sub-Organization Login Flow | WSO2 | WSO2 Identity Server | Medium | 4.6 | 2025-05-22 18:41:12 | Deep Dive |
| CVE-2024-6914 | Incorrect Authorization in Multiple WSO2 Products via Account Recovery SOAP Admin Service Leading to Account Takeover | WSO2 | WSO2 API Manager | High | 8.8 | 2025-05-22 18:26:15 | Deep Dive |
| CVE-2025-20267 | Cisco Identity Services Stored Cross-Site Scripting Vulnerability | Cisco | Cisco Identity Services Engine Software | Medium | 4.8 | 2025-05-21 16:20:15 | Deep Dive |
| CVE-2025-20152 | ISE restart | Cisco | Cisco Identity Services Engine Software | High | 8.6 | 2025-05-21 16:19:34 | Deep Dive |
| CVE-2025-26685 | Microsoft Defender for Identity Spoofing Vulnerability | Microsoft | Microsoft Defender for Identity | Medium | 6.5 | 2025-05-13 16:58:56 | Deep Dive |
| CVE-2025-32016 | Microsoft Identity Web Exposes Client Secrets and Certificate Information in Service Logs | AzureAD | microsoft-identity-web | Medium | 4.7 | 2025-04-09 15:48:57 | Deep Dive |
| CVE-2024-12799 | Insufficiently Protected Credentials | OpenText | Identity Manager Advanced Edition | 中危 | - | 2025-03-05 14:55:55 | Deep Dive |
| CVE-2025-1969 | Request approval spoofing in Temporary Elevated Access Management (TEAM) for AWS IAM Identity Center | AWS | Temporary Elevated Access Management (TEAM) for AWS IAM Identity Center | Medium | 4.3 | 2025-03-04 18:49:02 | Deep Dive |
| CVE-2024-2321 | Incorrect Authorization in Multiple WSO2 Products Allows API Access via Refresh Token | WSO2 | WSO2 API Manager | Medium | 5.6 | 2025-02-27 04:08:34 | Deep Dive |
| CVE-2025-0760 | Stored Credential Disclosure Vulnerability | Tenable | Tenable Identity Exposure | Low | 2.7 | 2025-02-25 23:31:24 | Deep Dive |
| CVE-2025-1091 | Broken Authorization Schema | Tenable | Tenable Identity Exposure | Medium | 4.3 | 2025-02-25 23:27:44 | Deep Dive |
| CVE-2025-20059 | PingAM Java Policy Agent path traversal | Ping Identity | PingAM Java Policy Agent | 超危 | - | 2025-02-20 14:11:28 | Deep Dive |
| CVE-2025-20205 | Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability | Cisco | Cisco Identity Services Engine Software | Medium | 4.8 | 2025-02-05 16:14:57 | Deep Dive |
| CVE-2025-20204 | Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability | Cisco | Cisco Identity Services Engine Software | Medium | 4.8 | 2025-02-05 16:14:47 | Deep Dive |
| CVE-2025-20125 | Cisco Identity Services Engine Insufficient Authorization Bypass Vulnerability | Cisco | Cisco Identity Services Engine Software | Critical | 9.1 | 2025-02-05 16:12:17 | Deep Dive |
| CVE-2025-20124 | Cisco Identity Services Engine Java Deserialization Vulnerability | Cisco | Cisco Identity Services Engine Software | Critical | 9.9 | 2025-02-05 16:12:08 | Deep Dive |
| CVE-2024-56404 | One Identity Identity Manager 安全漏洞 | OneIdentity | Identity Manager | Critical | 9.9 | 2025-01-24 00:00:00 | Deep Dive |
| CVE-2020-3525 | Cisco Identity Services Engine Password Disclosure to an Unauthorized Actor Vulnerability | Cisco | Cisco Identity Services Engine Software | 中危 | - | 2024-11-18 15:54:18 | Deep Dive |