CVE-2024-3511 – WSO2 Registry Unauthorized File Access Vulnerability

June 23, 2025

CVE ID : CVE-2024-3511

Published : June 23, 2025, 9:15 a.m. | 5 hours, 31 minutes ago

Description : An incorrect authorization vulnerability exists in multiple WSO2 products that allows unauthorized access to versioned files stored in the registry. Due to flawed authorization logic, a malicious actor with access to the management console can exploit a specific bypass method to retrieve versioned files without proper authorization.

Successful exploitation of this vulnerability could lead to unauthorized disclosure of configuration or resource files that may be stored as registry versions, potentially aiding further attacks or system reconnaissance.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2024-45347 – Xiaomi Mi Connect Service APP Unauthorized Access Vulnerability

Next Article Critical Citrix NetScaler bug fixed, upgrade ASAP! (CVE-2025-5777)

Highlights

CVE-2025-3820 – Tenda W12 and i24 Remote Stack-Based Buffer Overflow

April 23, 2025

CVE ID : CVE-2025-3820

Published : April 19, 2025, 9:15 p.m. | 3 days, 12 hours ago

Description : A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644) and classified as critical. Affected by this issue is the function cgiSysUplinkCheckSet of the file /bin/httpd. The manipulation of the argument hostIp1/hostIp2 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Decoding The SVG path Element: Curve And Arc Commands

This week in AI dev tools: Gemini 2.5 Pro and Flash GA, GitHub Copilot Spaces, and more (June 20, 2025)

Gemini 2.5 Pro and Flash are generally available and Gemini 2.5 Flash-Lite preview is announced

CSS Cascade Layers Vs. BEM Vs. Utility Classes: Specificity Control

I recommend this Chromebook over many Windows laptops that cost twice as much

Why I recommend this flagship TCL TV over OLED models that cost more (and don’t regret it)

Finally, a Lenovo ThinkPad that impressed me in performance, design, and battery life

3 productivity gadgets I can’t work without (and why they make such a big difference)

SQL Joins

SQL Joins

Dividing Collections with Laravel’s splitIn Helper

PayHere for Laravel

Distribution Release: IPFire 2.29 Core 195

Distribution Release: IPFire 2.29 Core 195

TeleSculptor – transforms aerial videos and images into Geospatial 3D models

Rilasciato IceWM 3.8: Gestore di Finestre per il Sistema X

CVE-2024-3511 – WSO2 Registry Unauthorized File Access Vulnerability

Zyxel Devices Hit by Active Exploits Targeting CVE-2023-28771 Vulnerability

Critical Citrix NetScaler bug fixed, upgrade ASAP! (CVE-2025-5777)

NHS Charter Urges Vendors to Improve Cybersecurity to Prevent Ransomware

TacticAI: an AI assistant for football tactics

Researchers Uncover Malware in Fake Discord PyPI Package Downloaded 11,500+ Times

Skywork AI Advances Multimodal Reasoning: Introducing Skywork R1V2 with Hybrid Reinforcement Learning

CVE-2025-3820 – Tenda W12 and i24 Remote Stack-Based Buffer Overflow

CVE-2025-30359 – Webpack-dev-server Cross-Site Scripting (XSS) and Prototype Pollution

Peter Green Chilled Cyberattack Disrupts Supermarket Supply Chain Across the UK

CoGUI Phishing Kit: Advanced Evasion Tactics Target Japan

CVE-2024-3511 – WSO2 Registry Unauthorized File Access Vulnerability

Related Posts