CVE-2025-0769

PixelYourSite - Your smart PIXEL TAG and API Manager 10.1.1.1 was found to be vulnerable. Unvalidated user input is used directly in an unserialize function in myapp/modules/facebook/facebook-server-a sync-task.php...

CVE-2025-0769

PixelYourSite - Your smart PIXEL TAG and API Manager 10.1.1.1 was found to be vulnerable. Unvalidated user input is used directly in an unserialize function in myapp/modules/facebook/facebook-server-a sync-task.php...

CVE-2025-0769 PixelYourSite 10.1.1.1 - Insecure deserialization

PixelYourSite - Your smart PIXEL TAG and API Manager 10.1.1.1 was found to be vulnerable. Unvalidated user input is used directly in an unserialize function in myapp/modules/facebook/facebook-server-a sync-task.php...

CVE-2025-0769

PixelYourSite – Your smart PIXEL (TAG) and API Manager plugin (WordPress) version 10.1.1.1 is affected by CVE-2025-0769 due to unvalidated user input being used directly in an unserialize call inside myapp/modules/facebook/facebook-server-sync-task.php. The vulnerability is described as an unauth...

WSO2 API Manager和WSO2 Open Banking AM 跨站脚本漏洞

WSO2 API Manager and WSO2 Open Banking AM are products of WSO2, Inc. WSO2 API Manager is an API lifecycle management solution and WSO2 Open Banking AM is an open banking gas pedal. A security vulnerability exists in WSO2 API Manager and WSO2 Open Banking AM that stems from improper input validati...

CVE-2020-12719

XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as Key Manager 5.9.0 and earlier, Identity Server 5.9.0 and earlier, and Identity...

CVE-2020-24703

An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2....

CVE-2020-24590

The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML Entity Expansion attacks...

CVE-2020-24589

The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection XXE attacks...

Exploit for Path Traversal in Wso2 Api_Manager

Exploit CVE-2022-29464 Este repositorio contiene un script pa...

PT-2025-3690

Name of the Vulnerable Software and Affected Versions WSO2 API Manager affected versions not specified Description The issue allows for unauthenticated account creation, potentially leading to a fully compromised system. It requires the WSDLs of admin services to be enabled first. Recommendations...

Metasploit Wrap-Up 01/10/2025

New module content 5 OneDev Unauthenticated Arbitrary File Read Authors: Siebene and vultza Type: Auxiliary Pull request: 19614 contributed by vultza Path: gather/onedevarbitraryfileread AttackerKB reference: CVE-2024-45309 Description: This adds an exploit module for an unauthenticated arbitrary...

WSO2 API Manager Exposed Dangerous Function Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of WSO2 API Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the user self-registration process. The issue results from the...

WSO2 API Manager SynapseArtifactUploaderAdmin Unrestricted File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of WSO2 API Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the SynapseArtifactUploaderAdmin endpoint, which listens on TCP port 9443 by default. The...

PT-2024-37954 · Wso2 · Wso2 Api Manager

Name of the Vulnerable Software and Affected Versions: WSO2 API Manager affected versions not specified Description: The issue allows remote attackers to bypass authentication on affected installations. Authentication is not required to exploit this issue. The specific flaw exists in an exposed...

PT-2024-38061 · Wso2 · Wso2 Api Manager

Name of the Vulnerable Software and Affected Versions: WSO2 API Manager affected versions not specified Description: The issue allows remote attackers to execute arbitrary code on affected installations of WSO2 API Manager. Authentication is required to exploit this issue. The specific flaw exist...

WSO2 API Manager Documentation File Upload Remote Code Execution

A vulnerability in the 'Add API Documentation' feature allows malicious users with specific permissions /permission/admin/login and /permission/admin/manage/api/publish to upload arbitrary files to a user-controlled server location. This flaw could be exploited to execute remote code, enabling an...

VulnCheck KEV: CVE-2020-24589

The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection XXE attacks...

WSO2 API Manager allows attackers to change the API rating

Multiple WSO2 products have been identified as vulnerable due to lack of server-side input validation in the Forum feature, API rating could be manipulated...

GHSA-W7RX-824V-RGX5 WSO2 API Manager allows attackers to change the API rating

Multiple WSO2 products have been identified as vulnerable due to lack of server-side input validation in the Forum feature, API rating could be manipulated...