| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-49846 | wire-ios accidentally logs message contents | wireapp | wire-ios | - | - | 2025-07-03 16:41:34 | Deep Dive |
| CVE-2025-48066 | wire-webapp has no database deletion on client logout | wireapp | wire-webapp | Medium | 6.0 | 2025-05-22 17:20:27 | Deep Dive |
| CVE-2025-48061 | wire-webapp Has Insufficient Session Invalidation after User Logout | wireapp | wire-webapp | Medium | 5.6 | 2025-05-22 17:04:43 | Deep Dive |
| CVE-2023-48221 | wire-avs remote format string vulnerability | wireapp | wire-avs | High | 7.3 | 2023-11-20 17:18:19 | Deep Dive |
| CVE-2023-22737 | wire-server vulnerable to unauthorized removal of Bots from Conversations | wireapp | wire-server | Medium | 6.5 | 2023-01-27 23:14:34 | Deep Dive |
| CVE-2022-39380 | wire-webapp contains Improper Handling of Exceptional Conditions leading to a DoS via Markdown Rendering | wireapp | wire-webapp | Medium | 5.3 | 2023-01-27 20:43:13 | Deep Dive |
| CVE-2022-31122 | Wire-server vulnerable to Token Recipient Confusion resulting in account impersonation, deletion or malicious account creation | wireapp | wire-server | Critical | 9.8 | 2022-10-18 00:00:00 | Deep Dive |
| CVE-2022-29168 | Cross Site Scripting in Wire Messages | wireapp | wire-webapp | Critical | 9.6 | 2022-06-25 07:05:09 | Deep Dive |
| CVE-2022-31009 | DoS vulnerability: Invalid Accent Colors | wireapp | wire-ios | Medium | 5.7 | 2022-06-23 06:40:10 | Deep Dive |
| CVE-2022-24799 | Cross Site Scripting in Wire Webapp | wireapp | wire-webapp | Critical | 9.6 | 2022-04-20 17:55:09 | Deep Dive |
| CVE-2021-41119 | DoS vulnerabiliity in wire-server json parser | wireapp | wire-server | Medium | 5.3 | 2022-04-13 18:25:11 | Deep Dive |
| CVE-2022-23610 | Improper Verification of Cryptographic Signature in wire-server | wireapp | wire-server | Critical | 9.1 | 2022-03-16 17:40:10 | Deep Dive |
| CVE-2022-23625 | DoS vulnerability: Malformed Resource Identifiers | wireapp | wire-ios | Medium | 6.5 | 2022-03-11 18:00:15 | Deep Dive |
| CVE-2021-41193 | Use of Externally-Controlled Format String in wire-avs | wireapp | wire-avs | Critical | 9.8 | 2022-03-01 18:25:22 | Deep Dive |
| CVE-2022-23605 | Expired Ephemeral Messages not reliably removed in wire-webapp | wireapp | wire-webapp | Medium | 4.4 | 2022-02-04 22:32:05 | Deep Dive |
| CVE-2021-41100 | Account takeover when having only access to a user's short lived token in wire-server | wireapp | wire-server | High | 7.4 | 2021-10-04 18:25:10 | Deep Dive |
| CVE-2021-41094 | Mandatory encryption at rest can be bypassed (UI) in Wire app | wireapp | wire-ios | Medium | 4.2 | 2021-10-04 18:20:13 | Deep Dive |
| CVE-2021-41093 | Account takeover when having only access to a user's short lived token | wireapp | wire-ios | High | 7.4 | 2021-10-04 18:15:11 | Deep Dive |
| CVE-2021-41101 | CORS `Access-Control-Allow-Origin` settings are too lenient | wireapp | wire-server | Medium | 5.7 | 2021-09-30 19:20:09 | Deep Dive |
| CVE-2021-32755 | Certificate pinning is not enforced on the web socket connection | wireapp | wire-ios-transport | Medium | 5.4 | 2021-07-13 20:55:09 | Deep Dive |