WSO2 Enterprise Integrator 安全漏洞

WSO2 Enterprise Integrator is an open source hybrid integration platform from WSO2, Inc. in the United States. The platform supports communication between multiple applications. A security vulnerability exists in WSO2 Enterprise Integrator that stems from the BPEL uploader SOAP service endpoint n...

PT-2025-39522

Name of the Vulnerable Software and Affected Versions WSO2 products affected versions not specified Description An arbitrary file upload issue exists because of insufficient validation of filenames submitted by users in the BPEL uploader SOAP service endpoint. An attacker with administrative acce...

CVE-2025-55912

An issue in ClipBucket 5.5.0 and prior versions allows an unauthenticated attacker can exploit the plupload endpoint in photouploader.php to upload arbitrary files without any authentication, due to missing access controls in the upload handler...

PT-2025-38416

Name of the Vulnerable Software and Affected Versions ClipBucket versions prior to 5.5.0 Description An issue exists in ClipBucket that allows an unauthenticated attacker to upload arbitrary files via the photo uploader.php plupload endpoint due to missing access controls in the upload handler...

Active exploitation of SAP NetWeaver Visual Composer CVE-2025-31324

On Thursday, April 24, enterprise resource planning company SAP published a CVE and a day later, an advisory behind login for CVE-2025-31324, a zero-day vulnerability in NetWeaver Visual Composer that carries a CVSSv3 score of 10. The vulnerability arises from a missing authorization check in...

ClipBucket OS Command Injection Vulnerability

ClipBucket is an open source video sharing software developed by Arslan team. The software allows you to share videos to video sites and supports the lights off effect when watching a movie. A security vulnerability exists in versions prior to ClipBucket 4.0.0 Release 4902. The vulnerability can ...