Every CVE whose affected-product data names Wso2 Open Banking Km, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2025-10611 — CVSS 9.8 (critical): Due to an insufficient access control implementation in multiple WSO2 Products, authentication and authorization checks for certain REST…
CVE-2024-6914 — CVSS 9.8 (critical): An incorrect authorization vulnerability exists in multiple WSO2 products due to a business logic flaw in the account recovery-related SOAP…
CVE-2025-9312 — CVSS 9.8 (critical): A missing authentication enforcement vulnerability exists in the mutual TLS (mTLS) implementation used by System REST APIs and SOAP…
CVE-2025-9804 — CVSS 9.6 (critical): An improper access control vulnerability exists in multiple WSO2 products due to insufficient permission enforcement in certain internal…
CVE-2024-7073 — CVSS 6.5 (medium): A server-side request forgery (SSRF) vulnerability exists in multiple WSO2 products due to improper input validation in SOAP admin…
CVE-2024-7097 — CVSS 4.3 (medium): An incorrect authorization vulnerability exists in multiple WSO2 products due to a flaw in the SOAP admin service, which allows user…
CVE-2024-7096 — CVSS 4.2 (medium): A privilege escalation vulnerability exists in multiple WSO2 products due to a business logic flaw in SOAP admin services. A malicious…