Syncope

3 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-23795 MEDIUM PATCH This Month

Syncope versions up to 3.0.15 is affected by improper restriction of xml external entity reference (CVSS 4.9).

Apache XXE Syncope
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2026-23794 MEDIUM PATCH This Month

Reflected XSS in Apache Syncope's Enduser Login page. An attacker that tricks a legitimate user into clicking a malicious link and logging in to Syncope Enduser could steal that user's credentials. [CVSS 6.8 MEDIUM]

Apache XSS Syncope
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-65998 HIGH PATCH This Month

Apache Syncope can be configured to store the user password values in the internal database with AES encryption, though this is not the default option. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apache Syncope
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-23795
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Syncope versions up to 3.0.15 is affected by improper restriction of xml external entity reference (CVSS 4.9).

Apache XXE Syncope
NVD
CVE-2026-23794
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Reflected XSS in Apache Syncope's Enduser Login page. An attacker that tricks a legitimate user into clicking a malicious link and logging in to Syncope Enduser could steal that user's credentials. [CVSS 6.8 MEDIUM]

Apache XSS Syncope
NVD
CVE-2025-65998
EPSS 0% CVSS 7.5
HIGH PATCH This Month

Apache Syncope can be configured to store the user password values in the internal database with AES encryption, though this is not the default option. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apache Syncope
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy