Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

559 matches found

CNNVD
CNNVDadded 2022/03/29 12:0 a.m.2 views

Sophos Firewall 信息泄露漏洞

Sophos Firewall is a firewall from Sophos UK. A security vulnerability exists in Sophos Firewall version v18.5 MR2 and earlier, which stems from an information disclosure vulnerability in Webadmin that could allow an unauthenticated, remote attacker to read device serial numbers...

5.3CVSS5.8AI score0.00335EPSS
Exploits0References3
ThreatPost
ThreatPostadded 2022/03/28 5:33 p.m.391 views

Critical Sophos Security Bug Allows RCE on Firewalls

Cybersecurity stalwart Sophos has plugged a critical vulnerability in its firewall product, which could allow remote code-execution. The flaw, tracked as CVE-2022-1040, is specifically an authentication-bypass vulnerability in the User Portal and Webadmin of the Sophos Firewall. It affects versio...

9.8CVSS7.5AI score0.94439EPSS
Exploits9References5
OSV
OSVadded 2022/03/25 12:15 p.m.0 views

CVE-2022-1040

An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older...

9.8CVSS7.5AI score0.94439EPSS
Exploits9References4
NVD
NVDadded 2022/03/25 12:15 p.m.22 views

CVE-2022-1040

An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older...

9.8CVSS0.94439EPSS
Exploits9References4
Prion
Prionadded 2022/03/25 12:15 p.m.26 views

Authentication flaw

An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older...

7.5CVSS9.7AI score0.94439EPSS
Exploits9References3Affected Software1
Cvelist
Cvelistadded 2022/03/25 12:10 p.m.26 views

CVE-2022-1040

An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older...

9.8CVSS9.9AI score0.94439EPSS
Exploits9References3
Positive Technologies
Positive Technologiesadded 2022/03/25 12:0 a.m.3 views

PT-2022-2444

Name of the Vulnerable Software and Affected Versions Sophos Firewall versions prior to v18.5 MR3 18.5.3 Sophos XG Firewall version 17.0.10 MR-10 Description An authentication bypass issue exists in the User Portal and Webadmin components of Sophos Firewall, potentially allowing a remote attacker...

10CVSS7.4AI score0.94439EPSS
Exploits9References46
CISA KEV Catalog
CISA KEV Catalogadded 2022/03/25 12:0 a.m.50 views

Sophos SG UTM Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM...

10CVSS2.6AI score0.94293EPSS
In wildExploits9
ATTACKERKB
ATTACKERKBadded 2022/03/25 12:0 a.m.270 views

CVE-2022-1040

An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older. Recent assessments: jbaines-r7 at April 15, 2022 7:28pm UTC reported: On March 25, 2022, Sophos published a critical security advisory fo...

9.8CVSS10AI score0.94439EPSS
In wildExploits9References5
CNNVD
CNNVDadded 2022/03/25 12:0 a.m.2 views

Sophos Firewall 授权问题漏洞

Sophos Firewall is a firewall from Sophos UK. An authorization issue vulnerability exists in the User Portal and Webadmin modules of Sophos Firewall version v18.5 MR3 and earlier versions, which stems from an authentication bypass vulnerability in the User Portal and Webadmin modules. An attacker...

9.8CVSS8.8AI score0.94439EPSS
Exploits9References8
VulnCheck KEV
VulnCheck KEVadded 2022/03/25 12:0 a.m.0 views

VulnCheck KEV: CVE-2020-25223

A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM...

10CVSS8AI score0.94293EPSS
Exploits9References1
NCSC
NCSCadded 2022/03/25 12:0 a.m.1 views

Vulnerability fixed in Sophos Firewall

Sophos has fixed a vulnerability in Sophos Firewall. The vulnerability allows a malicious party to bypass authentication in the User Portal and Webadmin interfaces to bypass authentication. Subsequently, the malicious party executes code on the vulnerable system. Sophos has released updates to fi...

9.8CVSS7.3AI score0.94439EPSS
Exploits9
VulnCheck KEV
VulnCheck KEVadded 2022/03/21 12:0 a.m.0 views

VulnCheck KEV: CVE-2022-1040

An authentication bypass vulnerability in User Portal and Webadmin of Sophos Firewall allows for remote code execution...

9.8CVSS7.7AI score0.94439EPSS
Exploits9References1
CNVD
CNVDadded 2021/11/17 12:0 a.m.17 views

AtMail Cross-Site Scripting Vulnerability (CNVD-2021-93369)

AtMail is an open source WebMail client from Atmail Australia, which provides Webmail interface, address book management, calendar and other features, and supports IMAP, video mail, etc. A cross-site scripting vulnerability exists in the WebAdmin control panel of AtMail version 6.5.0. An attacker...

6.1CVSS3.3AI score0.2925EPSS
Exploits0References1
NVD
NVDadded 2021/11/15 3:15 p.m.11 views

CVE-2021-43574

WebAdmin Control Panel in Atmail 6.5.0 a version released in 2012 allows XSS via the format parameter to the default URI. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

6.1CVSS0.2925EPSS
Exploits0References2
OSV
OSVadded 2021/11/15 3:15 p.m.1 views

CVE-2021-43574

WebAdmin Control Panel in Atmail 6.5.0 a version released in 2012 allows XSS via the format parameter to the default URI. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

6.1CVSS5.8AI score0.2925EPSS
Exploits0References2
Prion
Prionadded 2021/11/15 3:15 p.m.14 views

Cross site scripting

UNSUPPORTED WHEN ASSIGNED WebAdmin Control Panel in Atmail 6.5.0 a version released in 2012 allows XSS via the format parameter to the default URI. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

4.3CVSS5.9AI score0.2925EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2021/11/15 2:18 p.m.54 views

CVE-2021-43574

CVE-2021-43574 affects Atmail 6.5.0 (WebAdmin/Control Panel). The vulnerability is a cross-site scripting (XSS) flaw exposed via the format parameter to the default URI, allowing injected script/HTML to run in the victim’s browser. Documented across multiple sources (NVD, Nuclei template, CNVD/CN...

6.1CVSS5.9AI score0.2925EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2021/11/15 2:18 p.m.12 views

CVE-2021-43574

WebAdmin Control Panel in Atmail 6.5.0 a version released in 2012 allows XSS via the format parameter to the default URI. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

5.8AI score0.2925EPSS
Exploits0References2
Cvelist
Cvelistadded 2021/11/15 2:18 p.m.14 views

CVE-2021-43574

WebAdmin Control Panel in Atmail 6.5.0 a version released in 2012 allows XSS via the format parameter to the default URI. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

6.1AI score0.2925EPSS
Exploits0References2
Rows per page
Query Builder