Every CVE whose affected-product data names H-mdm Headwind Mdm, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2023-47315 — CVSS 8.8 (high): Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to a hard-coded JWT Secret. The secret is hardcoded into the…
CVE-2023-47312 — CVSS 6.5 (medium): Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to Login Credential Leakage via Audit Entries.
CVE-2025-43720 — CVSS 6.5 (medium): Headwind MDM before 5.33.1 makes configuration details accessible to unauthorized users. The Configuration profile is exposed to the…
CVE-2023-47313 — CVSS 5.4 (medium): Headwind MDM Web panel 5.22.1 is vulnerable to Directory Traversal. The application uses an API call to move the uploaded temporary file to…
CVE-2023-47314 — CVSS 5.4 (medium): Headwind MDM Web panel 5.22.1 is vulnerable to cross-site scripting (XSS). The file upload function allows APK and arbitrary files to be…
CVE-2023-47316 — CVSS 5.4 (medium): Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control. The Web panel allows users to gain access to potentially sensitive…