CVE-2025-9804
- EPSS 0.08%
- Veröffentlicht 16.10.2025 12:33:45
- Zuletzt bearbeitet 21.11.2025 21:40:09
An improper access control vulnerability exists in multiple WSO2 products due to insufficient permission enforcement in certain internal SOAP Admin Services and System REST APIs. A low-privileged user may exploit this flaw to perform unauthorized ope...
CVE-2025-10611
- EPSS 0.12%
- Veröffentlicht 16.10.2025 12:09:31
- Zuletzt bearbeitet 21.11.2025 21:38:23
Due to an insufficient access control implementation in multiple WSO2 Products, authentication and authorization checks for certain REST APIs can be bypassed, allowing them to be invoked without proper validation. Successful exploitation of this vul...
CVE-2025-4760
- EPSS 0.02%
- Veröffentlicht 23.09.2025 15:15:31
- Zuletzt bearbeitet 21.11.2025 21:29:56
An authenticated stored cross-site scripting (XSS) vulnerability exists in multiple WSO2 products due to improper validation of user-supplied input during API document upload in the Publisher portal. A user with publisher privileges can upload a craf...