Every CVE whose affected-product data names 63moons Wave 2.0, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2024-51558 — CVSS 9.8 (critical): This vulnerability exists in the Wave 2.0 due to missing restrictions for excessive failed authentication attempts on its API based login…
CVE-2024-51561 — CVSS 7.5 (high): This vulnerability exists in Aero due to improper implementation of OTP validation mechanism in certain API endpoints. An authenticated…
CVE-2024-51556 — CVSS 6.5 (medium): This vulnerability exists in the Wave 2.0 due to insufficient encryption of sensitive data received at the API response. An authenticated…
CVE-2024-51557 — CVSS 6.5 (medium): This vulnerability exists in the Wave 2.0 due to missing rate limiting on OTP requests in an API endpoint. An authenticated remote attacker…
CVE-2024-51559 — CVSS 6.5 (medium): This vulnerability exists in the Wave 2.0 due to improper authorization checks on certain API endpoints. An authenticated remote attacker…
CVE-2024-51560 — CVSS 4.3 (medium): This vulnerability exists in the Wave 2.0 due to improper exception handling for invalid inputs at certain API endpoint. An authenticated…