884 matches found
CVE-2025-5350 SSRF and Reflected XSS Vulnerability in Deprecated Try-It Feature of Multiple WSO2 Products
SSRF and Reflected XSS Vulnerabilities exist in multiple WSO2 products within the deprecated Try-It feature, which was accessible only to administrative users. This feature accepted user-supplied URLs without proper validation, leading to server-side request forgery SSRF. Additionally, the...
CVE-2025-5350
CVE-2025-5350 affects WSO2 products via the deprecated Try-It feature. The vulnerability is caused by insufficient validation of user-supplied URLs, enabling SSRF and reflected XSS in the admin context when an administrator is tricked into visiting a crafted link. The SSRF could reach internal se...
PT-2025-43610
Name of the Vulnerable Software and Affected Versions WSO2 products affected versions not specified Description An authentication bypass exists in the Management Console of WSO2 products. An attacker with access to the console can modify the request URI to circumvent authentication and access...
CVE-2025-9955
An improper access control vulnerability exists in WSO2 Enterprise Integrator product due to insufficient permission restrictions on internal SOAP admin services related to system logs and user-store configuration. A low-privileged user can access log data and user-store configuration details tha...
CVE-2025-9804
An improper access control vulnerability exists in multiple WSO2 products due to insufficient permission enforcement in certain internal SOAP Admin Services and System REST APIs. A low-privileged user may exploit this flaw to perform unauthorized operations, including accessing server-level...
CVE-2025-9804
An improper access control vulnerability exists in multiple WSO2 products due to insufficient permission enforcement in certain internal SOAP Admin Services and System REST APIs. A low-privileged user may exploit this flaw to perform unauthorized operations, including accessing server-level...
CVE-2025-9152
An improper privilege management vulnerability exists in WSO2 API Manager due to missing authentication and authorization checks in the keymanager-operations Dynamic Client Registration DCR endpoint. A malicious user can exploit this flaw to generate access tokens with elevated privileges,...
CVE-2025-10611
Due to an insufficient access control implementation in multiple WSO2 Products, authentication and authorization checks for certain REST APIs can be bypassed, allowing them to be invoked without proper validation. Successful exploitation of this vulnerability could lead to a malicious actor gaini...
CVE-2025-10611
Due to an insufficient access control implementation in multiple WSO2 Products, authentication and authorization checks for certain REST APIs can be bypassed, allowing them to be invoked without proper validation. Successful exploitation of this vulnerability could lead to a malicious actor gaini...
CVE-2025-9804
The CVE-2025-9804 entry concerns multiple WSO2 products (e.g., API Manager family) with an improper access-control flaw due to insufficient permission enforcement in internal SOAP Admin Services and System REST APIs. The root cause is limited access-control checks on internal interfaces, allowing...
CVE-2025-9804 Improper Access Control in Multiple WSO2 Products via Internal SOAP Admin Services and System REST APIs
An improper access control vulnerability exists in multiple WSO2 products due to insufficient permission enforcement in certain internal SOAP Admin Services and System REST APIs. A low-privileged user may exploit this flaw to perform unauthorized operations, including accessing server-level...
CVE-2025-9955 Improper Access Control in WSO2 Enterprise Integrator Product via SOAP Admin Services for Logs and User-Store Configuration
An improper access control vulnerability exists in WSO2 Enterprise Integrator product due to insufficient permission restrictions on internal SOAP admin services related to system logs and user-store configuration. A low-privileged user can access log data and user-store configuration details tha...
CVE-2025-10611
CVE-2025-10611 describes an insufficient access-control implementation across multiple WSO2 Products, allowing bypass of authentication and authorization checks on certain REST APIs. This could let an unauthenticated actor invoke APIs and perform unauthenticated/unauthorized administrative operat...
PT-2025-42462
Name of the Vulnerable Software and Affected Versions WSO2 API Manager affected versions not specified Description A flaw exists due to missing authentication and authorization checks in the keymanager-operations Dynamic Client Registration DCR endpoint. This can allow a malicious user to generat...
WSO2 Enterprise Integrator 安全漏洞
WSO2 Enterprise Integrator is an open source hybrid integration platform from WSO2, Inc. in the United States. The platform supports communication between multiple applications. A security vulnerability exists in WSO2 Enterprise Integrator that stems from insufficient privilege restrictions in th...
EUVD-2020-6582
Malware in sbrugna...
EUVD-2016-5311
Malware in sbrugna...
EUVD-2020-17307
Malware in sbrugna...
EUVD-2020-17417
Malware in sbrugna...
EUVD-2019-10988
Malware in sbrugna...