CVE-2025-10907

An arbitrary file upload vulnerability exists in multiple WSO2 products due to insufficient validation of uploaded content and destination in SOAP admin services. A malicious actor with administrative privileges can upload a specially crafted file to a user-controlled location within the...

SQL Injection Vulnerability in Web Service Platform of Civil Explosives Information System

The Civil Explosives Information System Web Service Platform is a management system provided by the Ministry of Public Security for provinces to manage blasting operators. A SQL injection vulnerability exists in the Civil Explosives Information System Web Service Platform, which can be exploited ...

The vulnerability of the Apache Axis web service platform, related to insufficient validation of incoming requests, allows attackers to execute SSRF attacks.

The vulnerability of the Apache Axis web-service platform lies in the insufficient checking of incoming requests. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack remotely...

The vulnerability of the Apache Axis web service platform, which exists due to the lack of measures taken to protect the structure of the web page, allows attackers to carry out XSS attacks.

The vulnerability of the Apache Axis web service platform exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to perform XSS attacks remotely...