| | CVE-2023-39231 |  ForgeRock | high | 7.3 | — | | PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring se… | Oct 25, 2023 | Nov 21, 2024 |
| | CVE-2023-39219 | ForgeRock | high | 7.5 | — | | PingFederate Administrative Console dependency contains a weakness where console becomes unresponsiv… | Oct 25, 2023 | Nov 21, 2024 |
| | CVE-2023-37283 | ForgeRock | high | 8.1 | — | | Under a very specific and highly unrecommended configuration, authentication bypass is possible in t… | Oct 25, 2023 | Nov 21, 2024 |
| | CVE-2023-34085 | ForgeRock | low | 2.6 | — | | When an AWS DynamoDB table is used for user attribute storage, it is possible to retrieve the attrib… | Oct 25, 2023 | Nov 21, 2024 |
| | CVE-2023-41843 |  Fortinet | high | 7.5 | 0.2%
| | A improper neutralization of input during web page generation ('cross-site scripting') vulnerability… | Oct 13, 2023 | Jan 14, 2026 |
| | CVE-2023-41836 | Fortinet | low | 3.5 | 0.1%
| | An improper neutralization of input during web page generation ('cross-site scripting') vulnerabilit… | Oct 13, 2023 | Jan 14, 2026 |
| | CVE-2023-41682 | Fortinet | high | 8.1 | 0.4%
| | A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fo… | Oct 13, 2023 | Jan 14, 2026 |
| | CVE-2023-41681 | Fortinet | high | 7.5 | 0.1%
| | A improper neutralization of input during web page generation ('cross-site scripting') vulnerability… | Oct 13, 2023 | Jan 14, 2026 |
| | CVE-2023-41680 | Fortinet | high | 7.5 | 0.1%
| | A improper neutralization of input during web page generation ('cross-site scripting') vulnerability… | Oct 13, 2023 | Jan 14, 2026 |
| | CVE-2023-36419 |  Microsoft | high | 8.8 | 0.7%
| | Azure HDInsight Apache Oozie Workflow Scheduler XXE Elevation of Privilege Vulnerability | Oct 10, 2023 | Feb 11, 2026 |
| | CVE-2023-34992 | Fortinet | critical | 10.0 | 75.9%
| | A improper neutralization of special elements used in an os command ('os command injection') vulnera… | Oct 10, 2023 | Jan 14, 2026 |
| | CVE-2023-44487 |  Apache | high | 7.5 | 94.4%
| ⚠ KEV | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancell… | Oct 10, 2023 | May 12, 2026 |
| | CVE-2023-38156 | Microsoft | high | 7.2 | 0.2%
| | Azure HDInsight Apache Ambari JDBC Injection Elevation of Privilege Vulnerability | Sep 12, 2023 | Feb 11, 2026 |
| | CVE-2023-38188 | Microsoft | medium | 4.5 | 0.3%
| | Azure Apache Hadoop Spoofing Vulnerability | Aug 8, 2023 | Feb 11, 2026 |
| | CVE-2023-36881 | Microsoft | medium | 4.5 | 0.3%
| | Azure Apache Ambari Spoofing Vulnerability | Aug 8, 2023 | Feb 11, 2026 |
| | CVE-2023-36877 | Microsoft | medium | 4.5 | 0.3%
| | Azure Apache Oozie Spoofing Vulnerability | Aug 8, 2023 | Feb 11, 2026 |
| | CVE-2023-35394 | Microsoft | medium | 4.6 | 0.2%
| | Azure HDInsight Jupyter Notebook Spoofing Vulnerability | Aug 8, 2023 | Feb 11, 2026 |
| | CVE-2023-35393 | Microsoft | medium | 4.5 | 0.3%
| | Azure Apache Hive Spoofing Vulnerability | Aug 8, 2023 | Feb 11, 2026 |
| | CVE-2023-26210 | Fortinet | high | 7.8 | 0.1%
| | Multiple improper neutralization of special elements used in an os command ('OS Command Injection') … | Jun 13, 2023 | Jan 14, 2026 |
| | CVE-2023-29240 |  F5 | medium | 5.4 | 0.1%
| | An authenticated attacker granted a Viewer or Auditor role on a BIG-IQ can upload arbitrary files us… | May 3, 2023 | Jan 27, 2026 |
| | CVE-2022-40725 | ForgeRock | high | 7.3 | — | | PingID Desktop prior to the latest released version 1.7.4 contains a vulnerability that can be explo… | Apr 25, 2023 | Nov 21, 2024 |
| | CVE-2022-40724 | ForgeRock | medium | 6.4 | — | | The PingFederate Local Identity Profiles '/pf/idprofile.ping' endpoint is vulnerable to Cross-Site R… | Apr 25, 2023 | Nov 21, 2024 |
| | CVE-2022-40723 | ForgeRock | medium | 6.5 | — | | The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID MFA… | Apr 25, 2023 | Nov 21, 2024 |
| | CVE-2022-40722 | ForgeRock | high | 7.7 | — | | A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offl… | Apr 25, 2023 | Nov 21, 2024 |
| | CVE-2022-23721 | ForgeRock | low | 3.8 | — | | PingID integration for Windows login prior to 2.9 does not handle duplicate usernames, which can lea… | Apr 25, 2023 | Nov 21, 2024 |
| | CVE-2022-3748 | ForgeRock | critical | 9.8 | — | | Improper Authorization vulnerability in ForgeRock Inc. Access Management allows Authentication Bypas… | Apr 14, 2023 | Nov 21, 2024 |
| | CVE-2018-25084 | ForgeRock | low | 3.5 | — | | A vulnerability, which was classified as problematic, has been found in Ping Identity Self-Service A… | Apr 10, 2023 | Nov 21, 2024 |
| | CVE-2023-27533 |  Splunk | high | 8.8 | 0.1%
| | A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protoc… | Mar 30, 2023 | Feb 13, 2026 |
| | CVE-2023-1656 | ForgeRock | high | 7.5 | — | | Cleartext Transmission of Sensitive Information vulnerability in ForgeRock Inc. OpenIDM and Java Rem… | Mar 29, 2023 | Apr 14, 2025 |
| | CVE-2023-23408 | Microsoft | medium | 4.5 | 2.4%
| | Azure Apache Ambari Spoofing Vulnerability | Mar 14, 2023 | Feb 11, 2026 |
| | CVE-2023-27532 |  Veeam | high | 7.5 | — | | Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the con… | Mar 10, 2023 | Nov 3, 2025 |
| | CVE-2023-0511 | ForgeRock | critical | 9.1 | — | | Relative Path Traversal vulnerability in ForgeRock Access Management Java Policy Agent allows Authen… | Feb 28, 2023 | Apr 14, 2025 |
| | CVE-2023-0339 | ForgeRock | critical | 9.1 | — | | Relative Path Traversal vulnerability in ForgeRock Access Management Web Policy Agent allows Authent… | Feb 28, 2023 | Apr 14, 2025 |
| | CVE-2023-23915 | Splunk | medium | 6.5 | 0.0%
| | A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could c… | Feb 23, 2023 | Feb 13, 2026 |
| | CVE-2023-21529 | Microsoft | high | 8.8 | 58.9%
| ⚠ KEV | Microsoft Exchange Server Remote Code Execution Vulnerability | Feb 14, 2023 | Apr 14, 2026 |
| | CVE-2022-43551 | Splunk | high | 7.5 | 0.0%
| | A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using H… | Dec 23, 2022 | Feb 13, 2026 |
| | CVE-2022-43549 | Veeam | critical | 9.8 | — | | Improper authentication in Veeam Backup for Google Cloud v1.0 and v3.0 allows attackers to bypass au… | Dec 5, 2022 | Apr 24, 2025 |
| | CVE-2022-32221 | Splunk | critical | 9.8 | 1.8%
| | When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION… | Dec 5, 2022 | Feb 13, 2026 |
| | CVE-2022-45047 | Apache | critical | 9.8 | 5.7%
| | Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1… | Nov 16, 2022 | May 1, 2026 |
| | CVE-2022-42916 | Splunk | high | 7.5 | 0.1%
| | In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using it… | Oct 29, 2022 | Feb 13, 2026 |
| | CVE-2022-24670 | ForgeRock | high | 7.1 | — | | An attacker can use the unrestricted LDAP queries to determine configuration entries | Oct 27, 2022 | Nov 21, 2024 |
| | CVE-2022-24669 | ForgeRock | medium | 6.5 | — | | It may be possible to gain some details of the deployment through a well-crafted attack. This may al… | Oct 27, 2022 | Nov 21, 2024 |
| | CVE-2022-40684 | Fortinet | critical | 9.8 | 94.4%
| ⚠ KEV | An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.… | Oct 18, 2022 | Jan 14, 2026 |
| | CVE-2022-20775 |  Cisco | high | 7.8 | 0.5%
| ⚠ KEV | A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to … | Sep 30, 2022 | Feb 26, 2026 |
| | CVE-2022-23726 | ForgeRock | medium | 5.4 | — | | PingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with admini… | Sep 30, 2022 | Nov 21, 2024 |
| | CVE-2022-0143 | ForgeRock | critical | 9.3 | — | | When the LDAP connector is started with StartTLS configured, unauthenticated access is granted. This… | Sep 19, 2022 | Nov 21, 2024 |
| | CVE-2022-35737 | Splunk | high | 7.5 | 51.9%
| | SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of … | Aug 3, 2022 | Feb 13, 2026 |
| | CVE-2022-32225 | Veeam | medium | 6.1 | — | | A reflected DOM-Based XSS vulnerability has been discovered in the Help directory of Veeam Managemen… | Jul 14, 2022 | Nov 21, 2024 |
| | CVE-2022-23725 | ForgeRock | high | 7.7 | — | | PingID Windows Login prior to 2.8 does not properly set permissions on the Windows Registry entries … | Jun 30, 2022 | Nov 21, 2024 |
| | CVE-2022-23720 | ForgeRock | high | 7.5 | — | | PingID Windows Login prior to 2.8 does not alert or halt operation if it has been provisioned with t… | Jun 30, 2022 | Nov 21, 2024 |