CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/04/16 12:31 p.m.•1 views

EUVD-2024-55547

The WSO2 API Manager developer portal accepts user-supplied input without enforcing expected validation constraints or proper output encoding. This deficiency allows a malicious actor to inject script content that is executed within the context of a user's browser. By leveraging this cross-site...

EUVD•added 2026/04/16 12:31 p.m.•0 views

Exploits0References2

EUVD-2025-209495

Active access tokens are not revoked or invalidated when a user account is locked within WSO2 Identity Server. This failure to enforce revocation allows previously issued, valid tokens to remain usable, enabling continued access to protected resources by locked user accounts. The security...

6CVSS5.8AI score0.00011EPSS

Exploits0References2

CVE•added 2026/04/16 10:25 a.m.•7 views

CVE-2025-12624

WSO2 Identity Server is affected by CVE-2025-12624, where active access tokens are not revoked when a user account is locked. The underlying issue is a failure to enforce revocation of previously issued, valid tokens, allowing locked accounts to maintain access to protected resources via unexpire...

6CVSS5.8AI score0.00011EPSS

NVD•added 2026/04/16 10:16 a.m.•1 views

CVE-2024-4867

5.4CVSS0.00012EPSS

CVE•added 2026/04/16 9:48 a.m.•2 views

CVE-2025-6024

CVE-2025-6024 affects multiple WSO2 products, where the authentication endpoint fails to encode user-supplied input before rendering, enabling a Cross-Site Scripting (XSS) vector in the authentication flow. The vulnerability arises from improper input encoding at the end-user page, allowing an at...

6.1CVSS5.7AI score0.00013EPSS

CVE•added 2026/04/16 9:45 a.m.•4 views

CVE-2024-10242

The CVE-2024-10242 entry describes a reflected cross-site scripting vulnerability in the authentication endpoint of WSO2 API Manager. The flaw stems from inadequate validation of user-supplied input that is reflected in the response, enabling an attacker to inject script payloads that execute in ...

6.1CVSS5.8AI score0.00013EPSS

CVE•added 2026/04/16 9:32 a.m.•3 views

CVE-2024-4867

The CVE-2024-4867 entry describes a cross-site scripting (XSS) vulnerability in the WSO2 API Manager developer portal. User-supplied input is not properly validated or output-encoded, enabling injection of script content executed in the user’s browser. Exploitation can cause the UI to redirect to...

Cvelist•added 2026/04/16 9:32 a.m.•22 views

CVE-2024-4867 Cross-Site Scripting via Developer Portal in WSO2 API Manager Enables UI Modification and Information Retrieval

5.4CVSS0.00012EPSS

Vulnrichment•added 2026/04/16 9:32 a.m.•2 views

CVE-2024-4867 Cross-Site Scripting via Developer Portal in WSO2 API Manager Enables UI Modification and Information Retrieval

CVE•added 2026/04/16 8:12 a.m.•4 views

CVE-2024-2374

The CVE-2024-2374 entry describes an XML External Entity (XXE) issue in the XML parsers of multiple WSO2 products, where user-supplied XML data is not configured to disable external-resource resolution. This allows an attacker to read files from the file system and access limited HTTP resources r...

9.1CVSS5.7AI score0.00016EPSS

Vulnrichment•added 2026/04/16 8:12 a.m.•3 views

CVE-2024-2374 XML External Entity Injection in Multiple WSO2 Products Allows Arbitrary file read and Denial of Service

The XML parsers within multiple WSO2 products accept user-supplied XML data without properly configuring to prevent the resolution of external entities. This omission allows malicious actors to craft XML payloads that exploit the parser's behavior, leading to the inclusion of external resources. ...

7.5CVSS5.7AI score0.00016EPSS

ATTACKERKB•added 2026/04/16 8:12 a.m.•3 views

CVE-2024-2374

7.5CVSS5.7AI score0.00016EPSS

Exploits0References2Affected Software5

CNNVD•added 2026/04/16 12:0 a.m.•4 views

WSO2 Identity Server 安全漏洞

WSO2 Identity Server IS is an identity authentication server developed by the American company WSO2. There is a security vulnerability present in the WSO2 Identity Server authentication endpoint. This vulnerability stems from insufficient validation of user inputs, which may lead to cross-site...

6.1CVSS5.6AI score0.00013EPSS

CNNVD•added 2026/04/16 12:0 a.m.•2 views

WSO2 API Manager 安全漏洞

The WSO2 API Manager is a set of API lifecycle management solutions provided by the American company WSO2. There is a security vulnerability present in the WSO2 API Manager developer portal. This vulnerability stems from the lack of enforceable validation constraints on user inputs and output...

5.4CVSS5.6AI score0.00012EPSS

CNNVD•added 2026/04/16 12:0 a.m.•5 views

WSO2 Identity Server 安全漏洞

WSO2 Identity Server is an identity authentication server developed by the American company WSO2. There is a security vulnerability in WSO2 Identity Server; this vulnerability arises from the failure to revoke active access tokens when user accounts are locked, which may lead to bypassing access...

6CVSS5.8AI score0.00011EPSS

Positive Technologies•added 2026/04/16 12:0 a.m.•4 views

PT-2026-33283

7.5CVSS5.7AI score0.00016EPSS

CNNVD•added 2026/04/16 12:0 a.m.•3 views

WSO2 Identity Server和WSO2 API Manager Developer Portal 安全漏洞

WSO2 Identity Server IS and WSO2 API Manager Developer Portal are both products of the American company WSO2. WSO2 Identity Server is an identity authentication server. WSO2 API Manager Developer Portal is a developer portal platform. Both WSO2 Identity Server and WSO2 API Manager Developer Porta...

9.1CVSS5.9AI score0.00016EPSS

Positive Technologies•added 2026/04/16 12:0 a.m.•1 views

PT-2026-33303

CNNVD•added 2026/02/19 12:0 a.m.•3 views

Exploits0References2

WSO2多款产品安全漏洞

WSO2 API Manager, among others, are products of the American company WSO2. The WSO2 API Manager is a suite of API lifecycle management solutions. The WSO2 API Control Plane is a control panel. The WSO2 Traffic Manager is a component designed to regulate and manage API traffic. Several WSO2 produc...

9.1CVSS6.3AI score0.00108EPSS