Lucene search
K

108 matches found

Vulnrichment
Vulnrichment
added 2025/05/30 3:4 p.m.16 views

CVE-2024-7097 Incorrect Authorization in Multiple WSO2 Products via SOAP Admin Service Allowing Unauthorized User Signup

An incorrect authorization vulnerability exists in multiple WSO2 products due to a flaw in the SOAP admin service, which allows user account creation regardless of the self-registration configuration settings. This vulnerability enables malicious actors to create new user accounts without proper...

4.3CVSS6.7AI score0.00606EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/30 3:4 p.m.20 views

CVE-2024-7097 Incorrect Authorization in Multiple WSO2 Products via SOAP Admin Service Allowing Unauthorized User Signup

An incorrect authorization vulnerability exists in multiple WSO2 products due to a flaw in the SOAP admin service, which allows user account creation regardless of the self-registration configuration settings. This vulnerability enables malicious actors to create new user accounts without proper...

4.3CVSS0.00606EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/30 2:54 p.m.17 views

CVE-2024-7096 Privilege Escalation in Multiple WSO2 Products via SOAP Admin Service Due to Business Logic Flaw

A privilege escalation vulnerability exists in multiple WSO2 products due to a business logic flaw in SOAP admin services. A malicious actor can create a new user with elevated permissions only when all of the following conditions are met: SOAP admin services are accessible to the attacker. The...

4.2CVSS6.4AI score0.00594EPSS
Exploits0References1
NVD
NVD
added 2025/05/22 7:15 p.m.24 views

CVE-2024-6914

An incorrect authorization vulnerability exists in multiple WSO2 products due to a business logic flaw in the account recovery-related SOAP admin service. A malicious actor can exploit this vulnerability to reset the password of any user account, leading to a complete account takeover, including...

9.8CVSS0.00585EPSS
Exploits0References2
OSV
OSV
added 2025/05/22 7:15 p.m.5 views

CVE-2024-6914

An incorrect authorization vulnerability exists in multiple WSO2 products due to a business logic flaw in the account recovery-related SOAP admin service. A malicious actor can exploit this vulnerability to reset the password of any user account, leading to a complete account takeover, including...

9.8CVSS7AI score
Exploits0References2
Cvelist
Cvelist
added 2025/05/22 6:26 p.m.35 views

CVE-2024-6914 Incorrect Authorization in Multiple WSO2 Products via Account Recovery SOAP Admin Service Leading to Account Takeover

An incorrect authorization vulnerability exists in multiple WSO2 products due to a business logic flaw in the account recovery-related SOAP admin service. A malicious actor can exploit this vulnerability to reset the password of any user account, leading to a complete account takeover, including...

9.8CVSS0.00585EPSS
Exploits0References2
Snyk
Snyk
added 2025/04/17 5:46 p.m.5 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection through the admin/service/run process. An attacker can execute arbitrary code on the server by sending crafted requests. Remediation There is no fixed version for litepubl/cms. References - GitHub Issue...

8.6CVSS8.2AI score0.00446EPSS
Exploits1References2
Snyk
Snyk
added 2025/02/24 2:40 a.m.5 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview shopxo/shopxo is an e-commerce system. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' due to insufficient input validation in the ThemeAdminService component. Authenticated attackers wit...

5.8CVSS6.9AI score0.00527EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/02/05 2:50 p.m.10 views

CVE-2020-15170

apollo-adminservice before version 1.7.1 does not implement access controls. If users expose apollo-adminservice to internetwhich is not recommended, there are potential security issues since apollo-adminservice is designed to work in intranet and it doesn't have access control built-in. Maliciou...

7CVSS6.9AI score0.01315EPSS
Exploits0
VulnCheck KEV
VulnCheck KEV
added 2025/02/02 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-7097

The SOAP admin service in WSO2 products has a security vulnerability that allows the creation of new user accounts regardless of the self-registration configuration settings...

4.3CVSS5.8AI score0.00606EPSS
Exploits0References1
OSV
OSV
added 2024/05/14 3:44 p.m.6 views

CVE-2024-4732

A vulnerability, which was classified as problematic, has been found in Campcodes Legal Case Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/service. The manipulation of the argument name leads to cross site scripting. The attack may be launched...

5.4CVSS3.8AI score0.0061EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.3 views

Campcodes Legal Case Management System 跨站脚本漏洞

Campcodes Legal Case Management System is a legal case management system from Campcodes, Inc. A cross-site scripting vulnerability exists in Campcodes Legal Case Management System version 1.0, which stems from a vulnerability in the /admin/service file...

5.4CVSS4.5AI score0.0061EPSS
Exploits1References6
OSV
OSV
added 2024/03/01 12:15 p.m.3 views

CVE-2024-2059

A vulnerability was found in SourceCodester Petrol Pump Management Software 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/app/servicecrud.php. The manipulation of the argument photo leads to unrestricted upload. The attack may be...

7.2CVSS5.5AI score0.00593EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2024/01/09 2:51 a.m.3 views

SUSE CVE-2023-51441

UNSUPPORTED WHEN ASSIGNED Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF This issue affects Apache Axis: through 1.3. As Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache Axis...

4.9CVSS8.1AI score0.01213EPSS
Exploits0References5
OSV
OSV
added 2024/01/06 12:30 p.m.4 views

GHSA-HR2C-P8RH-238H Apache Axis Improper Input Validation vulnerability

UNSUPPORTED WHEN ASSIGNED Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF. This issue affects Apache Axis through 1.3. As Axis 1 has been EOL, we recommend you migrate to a different SOAP engine, such as Apache Axis...

7.2CVSS7.1AI score0.01213EPSS
Exploits0References4
NVD
NVD
added 2024/01/06 12:15 p.m.16 views

CVE-2023-51441

UNSUPPORTED WHEN ASSIGNED Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF This issue affects Apache Axis: through 1.3. As Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache Axis...

7.2CVSS7.1AI score0.01213EPSS
Exploits0References2
OSV
OSV
added 2024/01/06 12:15 p.m.2 views

DEBIAN-CVE-2023-51441

UNSUPPORTED WHEN ASSIGNED Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF This issue affects Apache Axis: through 1.3. As Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache Axis...

7.2CVSS7AI score0.01213EPSS
Exploits0References1
OSV
OSV
added 2024/01/06 12:15 p.m.9 views

UBUNTU-CVE-2023-51441

UNSUPPORTED WHEN ASSIGNED Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF This issue affects Apache Axis: through 1.3. As Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache Axis...

7.2CVSS7AI score0.01213EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2024/01/06 11:59 a.m.46 views

CVE-2023-51441

UNSUPPORTED WHEN ASSIGNED Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF This issue affects Apache Axis: through 1.3. As Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache Axis...

7.2CVSS7AI score0.01213EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/01/06 12:0 a.m.5 views

PT-2024-14125 · Apache +2 · Apache Axis +2

Name of the Vulnerable Software and Affected Versions: Apache Axis versions through 1.3 Description: The issue is related to an Improper Input Validation vulnerability in Apache Axis, which allows users with access to the admin service to perform possible Server-Side Request Forgery SSRF. This...

7.2CVSS8.1AI score0.01213EPSS
Exploits0References33
Rows per page
Query Builder