Every CVE whose affected-product data names Sagedpw Sage Dpw, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2024-56883 — CVSS 8.1 (high): Sage DPW before 2024_12_001 is vulnerable to Incorrect Access Control. The implemented role-based access controls are not always enforced…
CVE-2025-51532 — CVSS 7.5 (high): Incorrect access control in Sage DPW 2024_12_004 and earlier allows unauthorized attackers to access the built-in Database Monitor via a…
CVE-2025-51531 — CVSS 6.1 (medium): A reflected cross-site scripting (XSS) vulnerability in Sage DPW 2024_12_004 and earlier allows attackers to execute arbitrary JavaScript…
CVE-2020-26583 — CVSS 6.1 (medium): An issue was discovered in Sage DPW 2020_06_x before 2020_06_002. It allows unauthenticated users to upload JavaScript (in a file) via the…
CVE-2020-26584 — CVSS 6.1 (medium): An issue was discovered in Sage DPW 2020_06_x before 2020_06_002. The search field "Kurs suchen" on the page Kurskatalog is vulnerable to…
CVE-2025-67805 — CVSS 5.9 (medium): A non-default configuration in Sage DPW 2025_06_004 allows unauthenticated access to diagnostic endpoints within the Database Monitor…
CVE-2024-56882 — CVSS 5.4 (medium): Sage DPW before 2024_12_000 is vulnerable to Cross Site Scripting (XSS). Low-privileged Sage users with employee role privileges can…
CVE-2025-51533 — CVSS 5.3 (medium): An Insecure Direct Object Reference (IDOR) in Sage DPW v2024_12_004 and below allows unauthorized attackers to access internal forms via…
CVE-2025-67807 — CVSS 4.7 (medium): The login mechanism of Sage DPW 2025_06_004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing…
CVE-2025-67806 — CVSS 3.7 (low): The login mechanism of Sage DPW 2021_06_004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing…