sophos

173 tracked vulnerabilities.

CVE-2025-10159 CRITICAL
Sophos AP6 Series Wireless Access Points < 1.7.2563 (MR7) - Authentication Bypass
Sep 09, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-7624 CRITICAL
Sophos Firewall <21.0 - SQL Injection
Jul 21, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-7382 HIGH
Sophos Firewall < 21.0.2 - Unauthenticated Remote Code Execution via WebAdmin
Jul 21, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-6704 CRITICAL
Sophos Firewall < 21.0.2 - Unauthenticated Remote Code Execution via SPX Feature in HA Mode
Jul 21, 2025
CVSS 9.8
EPSS 0.02
CVE-2025-7433 HIGH
Sophos Intercept X for Windows <2025.1 - Privilege Escalation
Jul 17, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-7472 HIGH
Intercept X for Windows <1.22 - Privilege Escalation
Jul 17, 2025
CVSS 7.5
EPSS 0.00
CVE-2024-13974 HIGH
Sophos Firewall < 21.0.1 - Remote Code Execution via Up2Date DNS Control
Jul 21, 2025
CVSS 8.1
EPSS 0.01
CVE-2024-13973 MEDIUM
Sophos Firewall < 21.0.1 - Authenticated SQL Injection in WebAdmin
Jul 21, 2025
CVSS 6.8
EPSS 0.00
CVE-2024-13972 HIGH
Intercept X for Windows <2024.3.2 - Privilege Escalation
Jul 17, 2025
CVSS 8.8
EPSS 0.00
CVE-2024-13861 HIGH
Sophos Taegis Endpoint Agent < 1.3.10 - Local Code Injection via Debian Package Component
Apr 11, 2025
CVSS 7.8
EPSS 0.00
CVE-2024-12729 HIGH
Sophos Firewall < 21.0.1 - Authenticated Remote Code Execution via User Portal
Dec 19, 2024
CVSS 8.8
EPSS 0.00
CVE-2024-12728 CRITICAL
Sophos Firewall <20.0.3 - Privilege Escalation
Dec 19, 2024
CVSS 9.8
EPSS 0.00
CVE-2024-12727 CRITICAL
Sophos Firewall < 21.0.1 - Unauthenticated SQL Injection in Email Protection Feature
Dec 19, 2024
CVSS 9.8
EPSS 0.03
CVE-2024-8885 HIGH
Sophos Intercept X <2024.2.0 - Privilege Escalation
Oct 02, 2024
CVSS 8.8
EPSS 0.00
CVE-2023-5552 HIGH
Sophos Firewall < 19.5.3 - Password Disclosure via Secure PDF eXchange Feature
Oct 18, 2023
CVSS 7.1
EPSS 0.00
CVE-2023-33335 MEDIUM
Sophos iView - Stored Cross-Site Scripting via grpname Parameter
Jul 05, 2023
CVSS 6.1
EPSS 0.00
CVE-2023-33336 MEDIUM
Sophos Web Appliance <4.3.9.1 - XSS
Jun 30, 2023
CVSS 4.8
EPSS 0.00
CVE-2023-1671 CRITICAL KEVNUCLEI
Sophos Web Appliance <4.3.10.4 - Command Injection
Apr 04, 2023
CVSS 9.8
EPSS 0.94
CVE-2022-4934 HIGH
Sophos Web Appliance < 4.3.10.4 - Authenticated Command Injection in Exception Wizard
Apr 04, 2023
CVSS 7.2
EPSS 0.00
CVE-2022-4901 LOW
Sophos Connect < 2.2.90 - Stored Cross-Site Scripting via Malicious VPN Configuration
Mar 01, 2023
CVSS 3.3
EPSS 0.00
CVE-2022-48310 MEDIUM
Sophos Connect < 2.2.90 - Sensitive Key Material Exposure in Technical Support Archives
Mar 01, 2023
CVSS 5.5
EPSS 0.00
CVE-2022-48309 MEDIUM
Sophos Connect < 2.2.90 - Cross-Site Request Forgery
Mar 01, 2023
CVSS 4.3
EPSS 0.00
CVE-2022-3713 HIGH
Sophos XG Firewall Firmware < 19.0 - Code Injection in Wifi Controller
Dec 01, 2022
CVSS 8.8
EPSS 0.00
CVE-2022-3711 MEDIUM
Sophos XG Firewall Firmware < 19.0 - Authenticated SQL Injection
Dec 01, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-3710 LOW
Sophos XG Firewall Firmware < 19.5 - Authenticated SQL Injection via API Controller
Dec 01, 2022
CVSS 2.7
EPSS 0.00
Products
sophos_anti-virus 35 web_appliance 17 anti-virus 12 firewall_firmware 10 sophos_puremessage_anti-virus 9 unified_threat_management_software 9 xg_firewall_firmware 9 safeguard_easy_device_encryption_client 8 sfos 8 sophos_small_business_suite 8 safeguard_enterprise_client 7 safeguard_lan_crypt_client 7 unified_threat_management 6 web_appliance_firmware 6 connect 4 hitmanpro 4 hitmanpro.alert 4 scanning_engine 4 endpoint_protection 3 endpoint_security 3 firewall 3 puremessage_for_microsoft_exchange 3 small_business_suite 3 anti-virus7.6.3 2 cyberoamos 2 es1000 2 es4000 2 intercept_x 2 intercept_x_endpoint 2 intercept_x_for_server 2
Quick Filters
Critical CVEs With Exploits In CISA KEV