VYPR
Vendor

Mendix

Products
16
CVEs
41
Across products
44
Status
Private

Products

16

Recent CVEs

41
View all 41 CVEs →
  • CVE-2026-6264CriApr 14, 2026
    risk 0.64cvss 9.8epss 0.01

    A critical vulnerability in the Talend JobServer and Talend Runtime allows unauthenticated remote code execution via the JMX monitoring port. The attack vector is the JMX monitoring port of the Talend JobServer. The vulnerability can be mitigated for the Talend JobServer by…

  • CVE-2022-44457CriNov 8, 2022
    risk 0.64cvss 9.8epss 0.01

    A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.0 < V1.17.2), Mendix SAML (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML (Mendix 8 compatible) (All versions >=…

  • CVE-2022-37011CriSep 13, 2022
    risk 0.64cvss 9.8epss 0.01

    A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML (Mendix 9 compatible, New Track) (All versions < V3.3.1), Mendix SAML (Mendix 9 compatible, Upgrade Track)…

  • CVE-2022-26314CriMar 8, 2022
    risk 0.64cvss 9.8epss 0.01

    A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3.3.0 < V3.5.1), Mendix Forgot Password Appstore module (Mendix 7 compatible) (All versions < V3.2.2). Initial passwords are generated in an insecure manner. This could allow an…

  • CVE-2022-26313CriMar 8, 2022
    risk 0.64cvss 9.8epss 0.01

    A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3.3.0 < V3.5.1). In certain configurations of the affected product, a threat actor could use the sign up flow to hijack arbitrary user accounts.

  • CVE-2026-7891CriMay 7, 2026
    risk 0.60cvss epss 0.00

    The VerySecureApp made by DIVD using Mendix Studio Pro 11.8.0 Beta allows unintended data exposure due to authorization misconfiguration. The VerySecureApp allows anonymous users of the MyFirstModule with the anonymous user role to gain access to all stored records, even though…

  • CVE-2022-46823CriJan 10, 2023
    risk 0.60cvss 9.3epss 0.00

    A vulnerability has been identified in Mendix SAML (Mendix 8 compatible) (All versions >= V2.3.0 < V2.3.4), Mendix SAML (Mendix 9 compatible, New Track) (All versions >= V3.3.0 < V3.3.9), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions >= V3.3.0 < V3.3.8). The…

  • CVE-2023-29129CriJun 13, 2023
    risk 0.59cvss 9.1epss 0.01

    A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.3 < V1.18.0), Mendix SAML (Mendix 7 compatible) (All versions >= V1.16.4 < V1.17.3), Mendix SAML (Mendix 8 compatible) (All versions >= V2.3.0 < V2.4.0), Mendix SAML (Mendix 8…

  • CVE-2023-25957CriMar 14, 2023
    risk 0.59cvss 9.1epss 0.01

    A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions >= V1.16.4 < V1.17.3), Mendix SAML (Mendix 8 compatible) (All versions >= V2.2.0 < V2.3.0), Mendix SAML (Mendix 9 latest compatible, New Track) (All versions >= V3.1.9 < V3.3.1), Mendix SAML…

  • CVE-2021-33712HigJun 8, 2021
    risk 0.57cvss 8.8epss 0.01

    A vulnerability has been identified in Mendix SAML Module (All versions < V2.1.2). The configuration of the SAML module does not properly check various restrictions and validations imposed by an identity provider. This could allow a remote authenticated attacker to escalate…

  • CVE-2021-27394HigApr 16, 2021
    risk 0.57cvss 8.8epss 0.01

    A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.19), Mendix Applications using Mendix 8 (All versions < V8.17.0), Mendix Applications using Mendix 8 (V8.12) (All versions < V8.12.5), Mendix Applications using Mendix 8 (V8.6) (All…

  • CVE-2021-25672HigMar 15, 2021
    risk 0.57cvss 8.8epss 0.01

    A vulnerability has been identified in Mendix Forgot Password Appstore module (All Versions < V3.2.1). The Forgot Password Marketplace module does not properly control access. An attacker could take over accounts.

  • CVE-2022-46664HigDec 13, 2022
    risk 0.53cvss 8.1epss 0.01

    A vulnerability has been identified in Mendix Workflow Commons (All versions < V2.4.0), Mendix Workflow Commons V2.1 (All versions < V2.1.4), Mendix Workflow Commons V2.3 (All versions < V2.3.2). Affected versions of the module improperly handle access control for some module…

  • CVE-2022-45936HigDec 13, 2022
    risk 0.53cvss 8.1epss 0.01

    A vulnerability has been identified in Mendix Email Connector (All versions < V2.0.0). Affected versions of the module improperly handle access control for some module entities. This could allow authenticated remote attackers to read and manipulate sensitive information.

  • CVE-2022-31257HigJul 12, 2022
    risk 0.49cvss 7.5epss 0.01

    A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.31), Mendix Applications using Mendix 8 (All versions < V8.18.18), Mendix Applications using Mendix 9 (All versions < V9.14.0), Mendix Applications using Mendix 9 (V9.12) (All…

  • CVE-2022-32285HigJun 14, 2022
    risk 0.49cvss 7.5epss 0.01

    A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.16.6), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.2.2), Mendix SAML Module (Mendix 9 compatible) (All versions < V3.2.3). The affected module is vulnerable to XML…

  • CVE-2022-27241HigApr 12, 2022
    risk 0.49cvss 7.5epss 0.01

    A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.31), Mendix Applications using Mendix 8 (All versions < V8.18.18), Mendix Applications using Mendix 9 (All versions < V9.11), Mendix Applications using Mendix 9 (V9.6) (All versions <…

  • CVE-2023-45794MedNov 14, 2023
    risk 0.44cvss 6.8epss 0.00

    A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions < V10.4.0), Mendix Applications using Mendix 7 (All versions < V7.23.37), Mendix Applications using Mendix 8 (All versions < V8.18.27), Mendix Applications using Mendix 9 (All versions <…

  • CVE-2022-24309MedMar 8, 2022
    risk 0.44cvss 6.8epss 0.01

    A vulnerability has been identified in Mendix Runtime V7 (All versions < V7.23.29), Mendix Runtime V8 (All versions < V8.18.16), Mendix Runtime V9 (All versions < V9.13 only with Runtime Custom Setting *DataStorage.UseNewQueryHandler* set to False). If an entity has an…

  • CVE-2022-34467MedJul 12, 2022
    risk 0.42cvss 6.5epss 0.01

    A vulnerability has been identified in Mendix Excel Importer Module (Mendix 8 compatible) (All versions < V9.2.2), Mendix Excel Importer Module (Mendix 9 compatible) (All versions < V10.1.2). The affected component is vulnerable to XML Entity Expansion Injection. An attacker may…