Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

565 matches found

CVE
CVEadded 2022/09/07 6:0 p.m.60 views

CVE-2022-1807

CVE-2022-1807 describes multiple SQL injection vulnerabilities in the Webadmin component of Sophos Firewall, enabling privilege escalation from admin to super-admin. Affected products/versions: Sophos Firewall Webadmin prior to 18.5 MR4 and prior to 19.0 MR1. Root cause: SQLi in Webadmin leading ...

7.2CVSS7.3AI score0.00967EPSS
Exploits0References2Affected Software1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2022/06/08 9:1 a.m.1 views

Malicious code in misk-webadmin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c95d346bc698d7dce6f83414d095998dfefca847f29f4078d474bf305d9191b9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSVadded 2022/06/08 9:1 a.m.6 views

MAL-2022-4615 Malicious code in misk-webadmin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c95d346bc698d7dce6f83414d095998dfefca847f29f4078d474bf305d9191b9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Tenable Nessus
Tenable Nessusadded 2022/05/13 12:0 a.m.415 views

Sophos XG Firewall User Portal and Webadmin Authentication Bypass (CVE-2022-1040)

Binary data sophosxgfirewallcve-2022-1040.nbin...

9.8CVSS9.9AI score0.99796EPSS
Exploits9References4
OSV
OSVadded 2022/05/05 6:15 p.m.1 views

CVE-2021-25268

Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from MySophos admin to SFOS admin in Sophos Firewall older than version 19.0 GA...

8.4CVSS5.8AI score0.00926EPSS
Exploits0References1
NVD
NVDadded 2022/05/05 6:15 p.m.11 views

CVE-2021-25268

Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from MySophos admin to SFOS admin in Sophos Firewall older than version 19.0 GA...

8.4CVSS0.00926EPSS
Exploits0References1
Prion
Prionadded 2022/05/05 6:15 p.m.14 views

Design/Logic Flaw

Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 19.0 GA...

8.5CVSS8.3AI score0.0108EPSS
Exploits0References1Affected Software1
Prion
Prionadded 2022/05/05 6:15 p.m.16 views

Design/Logic Flaw

Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from MySophos admin to SFOS admin in Sophos Firewall older than version 19.0 GA...

6CVSS8.3AI score0.00926EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2022/05/05 6:5 p.m.19 views

CVE-2021-25268

Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from MySophos admin to SFOS admin in Sophos Firewall older than version 19.0 GA...

8.4CVSS8.5AI score0.00926EPSS
Exploits0References1
CVE
CVEadded 2022/05/05 6:5 p.m.75 views

CVE-2021-25268

CVE-2021-25268 describes multiple XSS flaws in Sophos Firewall Webadmin that enable privilege escalation from a MySophos admin to an SFOS admin on systems running Sophos Firewall older than version 19.0 GA. The root cause is XSS in the Webadmin interface leading to higher-privilege access. Docume...

8.4CVSS8.3AI score0.00926EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2022/05/05 6:5 p.m.19 views

CVE-2021-25267

Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 19.0 GA...

6.8CVSS8.5AI score0.0108EPSS
Exploits0References1
CVE
CVEadded 2022/05/05 6:5 p.m.74 views

CVE-2021-25267

CVE-2021-25267 : Multiple XSS vulnerabilities in Sophos Firewall Webadmin allow privilege escalation from admin to super-admin on SFOS versions older than 19.0 GA. The issue is public in the CVE record and is referenced by multiple external advisories. Affected component: Webadmin (Sophos Firewal...

8.5CVSS8.3AI score0.0108EPSS
Exploits0References1Affected Software1
CNNVD
CNNVDadded 2022/05/05 12:0 a.m.3 views

Sophos Firewall 跨站脚本漏洞

Sophos Firewall is a firewall from Sophos UK. A security vulnerability exists in Sophos Firewall versions prior to 19.0 GA that allows an attacker to escalate privileges from MySophos Administrator to SFOS Administrator in the Webadmin of Sophos Firewall...

8.4CVSS7.8AI score0.00926EPSS
Exploits0References3
CNNVD
CNNVDadded 2022/05/05 12:0 a.m.2 views

Sophos Firewall 跨站脚本漏洞

Sophos Firewall is a firewall from Sophos UK. A security vulnerability exists in Sophos Firewall versions prior to 19.0 GA that allows an attacker to escalate privileges from Administrator to Super Administrator in Webadmin of Sophos Firewall...

8.5CVSS7.8AI score0.0108EPSS
Exploits0References3
Tenable Nessus
Tenable Nessusadded 2022/04/06 12:0 a.m.281 views

Sophos XG Firewall <= 18.5.3 RCE

An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEV...

9.8CVSS9.1AI score0.99796EPSS
Exploits9References2
CISA KEV Catalog
CISA KEV Catalogadded 2022/03/31 12:0 a.m.44 views

Sophos Firewall Authentication Bypass Vulnerability

An authentication bypass vulnerability in User Portal and Webadmin of Sophos Firewall allows for remote code execution...

9.8CVSS3.7AI score0.99796EPSS
In wildExploits9
hivepro
hiveproadded 2022/03/30 1:16 p.m.110 views

Sophos Firewall RCE vulnerability actively exploited

THREAT LEVEL: Amber For a detailed advisory, download the pdf file here A security researcher has discovered an authentication bypass vulnerability that resides in the User Portal and Webadmin areas of Sophos Firewall. Attackers are actively exploiting this vulnerability to attack enterprises in...

7.5CVSS2.1AI score0.99796EPSS
Exploits9
OSV
OSVadded 2022/03/29 1:15 a.m.1 views

CVE-2022-0331

An information disclosure vulnerability in Webadmin allows an unauthenticated remote attacker to read the device serial number in Sophos Firewall version v18.5 MR2 and older...

5.3CVSS5.8AI score0.01447EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2022/03/29 1:15 a.m.2 views

CVE-2022-0331

An information disclosure vulnerability in Webadmin allows an unauthenticated remote attacker to read the device serial number in Sophos Firewall version v18.5 MR2 and older...

5.3CVSS6AI score0.01447EPSS
Exploits0References2
NVD
NVDadded 2022/03/29 1:15 a.m.14 views

CVE-2022-0331

An information disclosure vulnerability in Webadmin allows an unauthenticated remote attacker to read the device serial number in Sophos Firewall version v18.5 MR2 and older...

5.3CVSS0.01447EPSS
Exploits0References1
Rows per page
Query Builder