CVE-2025-10611
- EPSS 0.18%
- Veröffentlicht 16.10.2025 12:09:31
- Zuletzt bearbeitet 21.11.2025 21:38:23
Due to an insufficient access control implementation in multiple WSO2 Products, authentication and authorization checks for certain REST APIs can be bypassed, allowing them to be invoked without proper validation. Successful exploitation of this vul...
CVE-2025-5717
- EPSS 0.4%
- Veröffentlicht 23.09.2025 16:15:33
- Zuletzt bearbeitet 21.11.2025 21:34:06
An authenticated remote code execution (RCE) vulnerability exists in multiple WSO2 products due to improper input validation in the event processor admin service. A user with administrative access to the SOAP admin services can exploit this flaw by d...
CVE-2025-4760
- EPSS 0.04%
- Veröffentlicht 23.09.2025 15:15:31
- Zuletzt bearbeitet 21.11.2025 21:29:56
An authenticated stored cross-site scripting (XSS) vulnerability exists in multiple WSO2 products due to improper validation of user-supplied input during API document upload in the Publisher portal. A user with publisher privileges can upload a craf...