VYPR

Vendor CVEs

Mendix

All CVEs

41 total · sorted by risk
  • CVE-2026-6264CriApr 14, 2026
    risk 0.64cvss 9.8epss 0.01

    A critical vulnerability in the Talend JobServer and Talend Runtime allows unauthenticated remote code execution via the JMX monitoring port. The attack vector is the JMX monitoring port of the Talend JobServer. The vulnerability can be mitigated for the Talend JobServer by…

  • CVE-2022-44457CriNov 8, 2022
    risk 0.64cvss 9.8epss 0.01

    A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.0 < V1.17.2), Mendix SAML (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML (Mendix 8 compatible) (All versions >=…

  • CVE-2022-37011CriSep 13, 2022
    risk 0.64cvss 9.8epss 0.01

    A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML (Mendix 9 compatible, New Track) (All versions < V3.3.1), Mendix SAML (Mendix 9 compatible, Upgrade Track)…

  • CVE-2022-26314CriMar 8, 2022
    risk 0.64cvss 9.8epss 0.01

    A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3.3.0 < V3.5.1), Mendix Forgot Password Appstore module (Mendix 7 compatible) (All versions < V3.2.2). Initial passwords are generated in an insecure manner. This could allow an…

  • CVE-2022-26313CriMar 8, 2022
    risk 0.64cvss 9.8epss 0.01

    A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3.3.0 < V3.5.1). In certain configurations of the affected product, a threat actor could use the sign up flow to hijack arbitrary user accounts.

  • CVE-2026-7891CriMay 7, 2026
    risk 0.60cvss epss 0.00

    The VerySecureApp made by DIVD using Mendix Studio Pro 11.8.0 Beta allows unintended data exposure due to authorization misconfiguration. The VerySecureApp allows anonymous users of the MyFirstModule with the anonymous user role to gain access to all stored records, even though…

  • CVE-2022-46823CriJan 10, 2023
    risk 0.60cvss 9.3epss 0.00

    A vulnerability has been identified in Mendix SAML (Mendix 8 compatible) (All versions >= V2.3.0 < V2.3.4), Mendix SAML (Mendix 9 compatible, New Track) (All versions >= V3.3.0 < V3.3.9), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions >= V3.3.0 < V3.3.8). The…

  • CVE-2023-29129CriJun 13, 2023
    risk 0.59cvss 9.1epss 0.01

    A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.3 < V1.18.0), Mendix SAML (Mendix 7 compatible) (All versions >= V1.16.4 < V1.17.3), Mendix SAML (Mendix 8 compatible) (All versions >= V2.3.0 < V2.4.0), Mendix SAML (Mendix 8…

  • CVE-2023-25957CriMar 14, 2023
    risk 0.59cvss 9.1epss 0.01

    A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions >= V1.16.4 < V1.17.3), Mendix SAML (Mendix 8 compatible) (All versions >= V2.2.0 < V2.3.0), Mendix SAML (Mendix 9 latest compatible, New Track) (All versions >= V3.1.9 < V3.3.1), Mendix SAML…

  • CVE-2021-33712HigJun 8, 2021
    risk 0.57cvss 8.8epss 0.01

    A vulnerability has been identified in Mendix SAML Module (All versions < V2.1.2). The configuration of the SAML module does not properly check various restrictions and validations imposed by an identity provider. This could allow a remote authenticated attacker to escalate…

  • CVE-2021-27394HigApr 16, 2021
    risk 0.57cvss 8.8epss 0.01

    A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.19), Mendix Applications using Mendix 8 (All versions < V8.17.0), Mendix Applications using Mendix 8 (V8.12) (All versions < V8.12.5), Mendix Applications using Mendix 8 (V8.6) (All…

  • CVE-2021-25672HigMar 15, 2021
    risk 0.57cvss 8.8epss 0.01

    A vulnerability has been identified in Mendix Forgot Password Appstore module (All Versions < V3.2.1). The Forgot Password Marketplace module does not properly control access. An attacker could take over accounts.

  • CVE-2022-46664HigDec 13, 2022
    risk 0.53cvss 8.1epss 0.01

    A vulnerability has been identified in Mendix Workflow Commons (All versions < V2.4.0), Mendix Workflow Commons V2.1 (All versions < V2.1.4), Mendix Workflow Commons V2.3 (All versions < V2.3.2). Affected versions of the module improperly handle access control for some module…

  • CVE-2022-45936HigDec 13, 2022
    risk 0.53cvss 8.1epss 0.01

    A vulnerability has been identified in Mendix Email Connector (All versions < V2.0.0). Affected versions of the module improperly handle access control for some module entities. This could allow authenticated remote attackers to read and manipulate sensitive information.

  • CVE-2022-31257HigJul 12, 2022
    risk 0.49cvss 7.5epss 0.01

    A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.31), Mendix Applications using Mendix 8 (All versions < V8.18.18), Mendix Applications using Mendix 9 (All versions < V9.14.0), Mendix Applications using Mendix 9 (V9.12) (All…

  • CVE-2022-32285HigJun 14, 2022
    risk 0.49cvss 7.5epss 0.01

    A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.16.6), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.2.2), Mendix SAML Module (Mendix 9 compatible) (All versions < V3.2.3). The affected module is vulnerable to XML…

  • CVE-2022-27241HigApr 12, 2022
    risk 0.49cvss 7.5epss 0.01

    A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.31), Mendix Applications using Mendix 8 (All versions < V8.18.18), Mendix Applications using Mendix 9 (All versions < V9.11), Mendix Applications using Mendix 9 (V9.6) (All versions <…

  • CVE-2023-45794MedNov 14, 2023
    risk 0.44cvss 6.8epss 0.00

    A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions < V10.4.0), Mendix Applications using Mendix 7 (All versions < V7.23.37), Mendix Applications using Mendix 8 (All versions < V8.18.27), Mendix Applications using Mendix 9 (All versions <…

  • CVE-2022-24309MedMar 8, 2022
    risk 0.44cvss 6.8epss 0.01

    A vulnerability has been identified in Mendix Runtime V7 (All versions < V7.23.29), Mendix Runtime V8 (All versions < V8.18.16), Mendix Runtime V9 (All versions < V9.13 only with Runtime Custom Setting *DataStorage.UseNewQueryHandler* set to False). If an entity has an…

  • CVE-2022-34467MedJul 12, 2022
    risk 0.42cvss 6.5epss 0.01

    A vulnerability has been identified in Mendix Excel Importer Module (Mendix 8 compatible) (All versions < V9.2.2), Mendix Excel Importer Module (Mendix 9 compatible) (All versions < V10.1.2). The affected component is vulnerable to XML Entity Expansion Injection. An attacker may…

  • CVE-2022-34466MedJul 12, 2022
    risk 0.42cvss 6.5epss 0.01

    A vulnerability has been identified in Mendix Applications using Mendix 9 (All versions >= V9.11 < V9.15), Mendix Applications using Mendix 9 (V9.12) (All versions < V9.12.3). An expression injection vulnerability was discovered in the Workflow subsystem of Mendix Runtime, that…

  • CVE-2022-25650MedApr 12, 2022
    risk 0.42cvss 6.5epss 0.01

    A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.27), Mendix Applications using Mendix 8 (All versions < V8.18.14), Mendix Applications using Mendix 9 (All versions < V9.12.0), Mendix Applications using Mendix 9 (V9.6) (All versions…

  • CVE-2022-26317MedMar 8, 2022
    risk 0.42cvss 6.5epss 0.01

    A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.29). When returning the result of a completed Microflow execution call the affected framework does not correctly verify, if the request was initially made by the user requesting the…

  • CVE-2021-42025MedNov 9, 2021
    risk 0.42cvss 6.5epss 0.01

    A vulnerability has been identified in Mendix Applications using Mendix 8 (All versions < V8.18.13), Mendix Applications using Mendix 9 (All versions < V9.6.2). Applications built with affected versions of Mendix Studio Pro do not properly control write access for certain client…

  • CVE-2025-40592MedJun 12, 2025
    risk 0.40cvss 6.1epss 0.00

    A vulnerability has been identified in Mendix Studio Pro 10 (All versions < V10.23.0), Mendix Studio Pro 10.12 (All versions < V10.12.17), Mendix Studio Pro 10.18 (All versions < V10.18.7), Mendix Studio Pro 10.6 (All versions < V10.6.24), Mendix Studio Pro 11 (All versions <…

  • CVE-2022-32286MedJun 14, 2022
    risk 0.40cvss 6.1epss 0.01

    A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.16.6), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.2.2), Mendix SAML Module (Mendix 9 compatible) (All versions < V3.2.3). In certain configurations SAML module is…

  • CVE-2020-8160MedJan 6, 2021
    risk 0.40cvss 6.1epss 0.01

    MendixSSO <= 2.1.1 contains endpoints that make use of the openid handler, which is suffering from a Cross-Site Scripting vulnerability via the URL path. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a…

  • CVE-2024-33500MedJun 11, 2024
    risk 0.38cvss 5.9epss 0.00

    A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions < V10.11.0), Mendix Applications using Mendix 10 (V10.6) (All versions < V10.6.9), Mendix Applications using Mendix 9 (All versions >= V9.3.0 < V9.24.22). Affected applications could allow…

  • CVE-2023-23835MedFeb 14, 2023
    risk 0.38cvss 5.9epss 0.01

    A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.34), Mendix Applications using Mendix 8 (All versions < V8.18.23), Mendix Applications using Mendix 9 (All versions < V9.22.0), Mendix Applications using Mendix 9 (V9.12) (All…

  • CVE-2025-40834MedNov 17, 2025
    risk 0.37cvss 5.7epss 0.00

    A vulnerability has been identified in Mendix RichText (All versions >= V4.0.0 < V4.6.1). Affected widget does not properly neutralize the input. This could allow an attacker to execute cross-site scripting attacks.

  • CVE-2021-42015MedNov 9, 2021
    risk 0.36cvss 5.5epss 0.00

    A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.26), Mendix Applications using Mendix 8 (All versions < V8.18.12), Mendix Applications using Mendix 9 (All versions < V9.6.1). Applications built with affected versions of Mendix…

  • CVE-2019-12996MedSep 10, 2019
    risk 0.35cvss 5.3epss 0.01

    In Mendix 7.23.5 and earlier, issue in XML import mappings allow DOCTYPE declarations in the XML input that is potentially unsafe.

  • CVE-2025-30280MedApr 8, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.21.0), Mendix Runtime V10.12 (All versions < V10.12.16), Mendix Runtime V10.18 (All versions < V10.18.5), Mendix Runtime V10.6 (All versions < V10.6.22), Mendix Runtime V8 (All versions < V8.18.35),…

  • CVE-2023-43623MedOct 10, 2023
    risk 0.34cvss 5.3epss 0.01

    A vulnerability has been identified in Mendix Forgot Password (Mendix 10 compatible) (All versions < V5.4.0), Mendix Forgot Password (Mendix 7 compatible) (All versions < V3.7.3), Mendix Forgot Password (Mendix 8 compatible) (All versions < V4.1.3), Mendix Forgot Password…

  • CVE-2023-27464MedApr 11, 2023
    risk 0.34cvss 5.3epss 0.00

    A vulnerability has been identified in Mendix Forgot Password (Mendix 7 compatible) (All versions < V3.7.1), Mendix Forgot Password (Mendix 8 compatible) (All versions < V4.1.1), Mendix Forgot Password (Mendix 9 compatible) (All versions < V5.1.1). The affected versions of the…

  • CVE-2021-33718MedJul 13, 2021
    risk 0.34cvss 5.3epss 0.01

    A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.22), Mendix Applications using Mendix 8 (All versions < V8.18.7), Mendix Applications using Mendix 9 (All versions < V9.3.0). Write access checks of attributes of an object could be…

  • CVE-2021-42026MedNov 9, 2021
    risk 0.28cvss 4.3epss 0.01

    A vulnerability has been identified in Mendix Applications using Mendix 8 (All versions < V8.18.13), Mendix Applications using Mendix 9 (All versions < V9.6.2). Applications built with affected versions of Mendix Studio Pro do not properly control read access for certain client…

  • CVE-2021-31341MedMay 12, 2021
    risk 0.28cvss 4.3epss 0.01

    Uploading a table mapping using a manipulated XML file results in an exception that could expose information about the application-server and the used XML-framework on the Mendix Database Replication Module (All versions prior to v7.0.1).

  • CVE-2021-31339MedMay 12, 2021
    risk 0.28cvss 4.3epss 0.01

    A vulnerability has been identified in Mendix Excel Importer Module (All versions < V9.0.3). Uploading a manipulated XML File results in an exception that could expose information about the Application-Server and the used XML-Framework.

  • CVE-2021-47810Jan 15, 2026
    risk 0.00cvss epss 0.00

    WibuKey Runtime 6.51 contains an unquoted service path vulnerability in the WkSvW32.exe service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\PROGRAM FILES (X86)\WIBUKEY\SERVER\WkSvW32.exe' to inject malicious…

  • CVE-2024-50313Nov 12, 2024
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.16.0 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.12 (All versions < V10.12.7 only if the basic authentication mechanism is used by the application),…