VYPR
Vendor

Mulesoft

Products
7
CVEs
7
Across products
9
Status
Private

Products

7

Recent CVEs

7
  • CVE-2021-1628CriMar 26, 2021
    risk 0.64cvss 9.8epss 0.01

    MuleSoft is aware of a XML External Entity (XXE) vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers. Affected versions: Mule 4.x runtime released before February 2, 2021.

  • CVE-2021-1627CriMar 26, 2021
    risk 0.64cvss 9.8epss 0.01

    MuleSoft is aware of a Server Side Request Forgery vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers. This affects: Mule 3.8.x,3.9.x,4.x runtime released before February 2, 2021.

  • CVE-2021-1626CriMar 26, 2021
    risk 0.64cvss 9.8epss 0.02

    MuleSoft is aware of a Remote Code Execution vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers. Versions affected: Mule 4.1.x and 4.2.x runtime released before February 2, 2021.

  • CVE-2019-15631CriDec 2, 2019
    risk 0.64cvss 9.8epss 0.02

    Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before October 31, 2019 allows remote attackers to execute arbitrary code.

  • CVE-2020-6937HigMay 29, 2020
    risk 0.49cvss 7.5epss 0.01

    A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion.

  • CVE-2014-9000Nov 20, 2014
    risk 0.04cvss epss 0.09

    Mule Enterprise Management Console (MMC) does not properly restrict access to handler/securityService.rpc, which allows remote authenticated users to gain administrator privileges and execute arbitrary code via a crafted request that adds a new user. NOTE: this issue was…

  • CVE-2025-64319Nov 4, 2025
    risk 0.00cvss epss 0.00

    Incorrect Permission Assignment for Critical Resource vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Manipulating Writeable Configuration Files.This issue affects Mulesoft Anypoint Code Builder: before 1.12.1