Known Vulnerabilities for Identity Server by Wso2
Listed below are 10 of the newest known vulnerabilities associated with "Identity Server" by "Wso2".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-40193 json | maddy is a composable, all-in-one mail server. Versions prior to 0.9.3 contain an LDAP injection vulnerability in the auth.ld... | Not Provided | 2026-04-16 | 2026-04-16 |
| CVE-2026-39864 json | Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.0.5 and 5.8.7, an out-of-bounds read in the a... | Not Provided | 2026-04-08 | 2026-04-08 |
| CVE-2026-35030 json | LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.0, when JWT authenticatio... | Not Provided | 2026-04-06 | 2026-04-07 |
| CVE-2026-33657 json | EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below have a stored HTML injection... | Not Provided | 2026-04-13 | 2026-04-13 |
| CVE-2026-33544 json | Tinyauth is an authentication and authorization server. Prior to version 5.0.5, all three OAuth service implementations (Gene... | Not Provided | 2026-04-02 | 2026-04-03 |
| CVE-2026-33496 json | ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on set... | Not Provided | 2026-03-26 | 2026-03-30 |
| CVE-2026-31717 json | In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate owner of durable handle on reconnect Cu... | Not Provided | 2026-05-01 | 2026-05-03 |
| CVE-2026-31245 json | The mem0 1.0.0 server lacks authentication and authorization controls for its memory creation API endpoint (POST /memories). ... | Not Provided | 2026-05-12 | 2026-05-12 |
| CVE-2026-31244 json | The mem0 1.0.0 server lacks authentication and authorization controls for its memory deletion API endpoint (DELETE /memories/... | Not Provided | 2026-05-12 | 2026-05-12 |
| CVE-2026-31240 json | The mem0 1.0.0 server lacks authentication and authorization controls for its memory management API endpoints. Critical funct... | Not Provided | 2026-05-12 | 2026-05-12 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Wso2 | Identity Server | 5.9.0 | |||
| Application | Wso2 | Identity Server | 5.8.0 | |||
| Application | Wso2 | Identity Server | 5.7.0 | |||
| Application | Wso2 | Identity Server | 5.6.0 | |||
| Application | Wso2 | Identity Server | 5.5.0 | |||
| Application | Wso2 | Identity Server | 5.4.1 | |||
| Application | Wso2 | Identity Server | 5.4.0 | |||
| Application | Wso2 | Identity Server | 5.3.0 | |||
| Application | Wso2 | Identity Server | 5.2.0 | |||
| Application | Wso2 | Identity Server | 5.10.0 | |||
| Application | Wso2 | Identity Server | 5.1.0 | |||
| Application | Wso2 | Identity Server | 5.0.0 | |||
| Application | Wso2 | Identity Server | 4.6.0 | |||
| Application | Wso2 | Identity Server | 4.5.0 | |||
| Application | Wso2 | Identity Server | 4.1.0 | |||
| Application | Wso2 | Identity Server | 4.0.0 | |||
| Application | Wso2 | Identity Server | 3.2.3 | |||
| Application | Wso2 | Identity Server | 3.2.2 | |||
| Application | Wso2 | Identity Server | 3.2.0 | |||
| Application | Wso2 | Identity Server | 3.0.1 |