Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

RedhatCVE
RedhatCVEadded 2025/11/06 3:2 p.m.1 views

CVE-2025-3125

An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper input validation in the CarbonAppUploader admin service endpoint. An authenticated attacker with appropriate privileges can upload a malicious file to a user-controlled location on the server, potentially...

7.2CVSS8.2AI score0.00269EPSS
Exploits0References1
EUVD
EUVDadded 2025/11/05 6:3 p.m.1 views

EUVD-2025-37942

An arbitrary file upload vulnerability exists in multiple WSO2 products due to insufficient validation of uploaded content and destination in SOAP admin services. A malicious actor with administrative privileges can upload a specially crafted file to a user-controlled location within the...

8.4CVSS7.7AI score0.0052EPSS
Exploits0References3
OSV
OSVadded 2025/11/05 3:15 p.m.2 views

CVE-2025-3125

An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper input validation in the CarbonAppUploader admin service endpoint. An authenticated attacker with appropriate privileges can upload a malicious file to a user-controlled location on the server, potentially...

7.2CVSS8.1AI score
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/11/05 2:49 p.m.1 views

CVE-2025-3125 Authenticated Arbitrary File Upload in Multiple WSO2 Products via CarbonAppUploader Admin Service Leading to Remote Code Execution

An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper input validation in the CarbonAppUploader admin service endpoint. An authenticated attacker with appropriate privileges can upload a malicious file to a user-controlled location on the server, potentially...

6.7CVSS7.8AI score0.00269EPSS
Exploits0References1
OSV
OSVadded 2025/02/27 5:15 a.m.1 views

CVE-2024-2321

An incorrect authorization vulnerability exists in multiple WSO2 products, allowing protected APIs to be accessed directly using a refresh token instead of the expected access token. Due to improper authorization checks and token mapping, session cookies are not required for API access, potential...

5.6CVSS6.8AI score
Exploits0References1
CNVD
CNVDadded 2016/05/18 12:0 a.m.2 views

WSO2 SOA Enablement Server for Java Cross-Site Scripting Vulnerability

WSO2 SOA Enablement Server for Java is a set of enterprise Web services platform of the U.S. WSO2 company . The platform supports the creation, publishing and use of Web services and other functions. A cross-site scripting vulnerability exists in WSO2 SOA Enablement Server for Java version 6.6...

6.1CVSS6.2AI score0.00236EPSS
Exploits2References1
Rows per page
Query Builder