VYPR

Org.wso2.carbon:org.wso2.carbon.utils

by Wso2

CVEs (2)

  • CVE-2025-10907Nov 5, 2025
    risk 0.00cvss epss 0.00

    An arbitrary file upload vulnerability exists in multiple WSO2 products due to insufficient validation of uploaded content and destination in SOAP admin services. A malicious actor with administrative privileges can upload a specially crafted file to a user-controlled location…

  • CVE-2025-9955Oct 16, 2025
    risk 0.00cvss epss 0.00

    An improper access control vulnerability exists in WSO2 Enterprise Integrator product due to insufficient permission restrictions on internal SOAP admin services related to system logs and user-store configuration. A low-privileged user can access log data and user-store…