9 matches found
CVE-2026-33373
An issue was discovered in Zimbra Collaboration ZCS 10.0 and 10.1. A Cross-Site Request Forgery CSRF vulnerability exists in Zimbra Web Client due to the issuance of authentication tokens without CSRF protection during certain account state transitions. Specifically, tokens generated after...
CVE-2026-33373
An issue was discovered in Zimbra Collaboration ZCS 10.0 and 10.1. A Cross-Site Request Forgery CSRF vulnerability exists in Zimbra Web Client due to the issuance of authentication tokens without CSRF protection during certain account state transitions. Specifically, tokens generated after...
CVE-2026-33373
CVE-2026-33373 (Zimbra Collaboration) affects ZCS 10.0 and 10.1. The vulnerability is a CSRF flaw in the Zimbra Web Client where authentication tokens issued during account state transitions (e.g., enabling two-factor authentication or changing a password) may not be CSRF-protected. While such a ...
PT-2026-29034
An issue was discovered in Zimbra Collaboration ZCS 10.0 and 10.1. A Cross-Site Request Forgery CSRF vulnerability exists in Zimbra Web Client due to the issuance of authentication tokens without CSRF protection during certain account state transitions. Specifically, tokens generated after...
CVE-2026-33373
An issue was discovered in Zimbra Collaboration ZCS 10.0 and 10.1. A Cross-Site Request Forgery CSRF vulnerability exists in Zimbra Web Client due to the issuance of authentication tokens without CSRF protection during certain account state transitions. Specifically, tokens generated after...
CVE-2025-34298
Nagios Log Server versions prior to 2024R1.3.2 contain a privilege escalation vulnerability in the account email-change workflow. A user could set their own email to an invalid value and, due to insufficient validation and authorization checks tied to email identity state, trigger inconsistent...
CVE-2025-34298
Nagios Log Server versions prior to 2024R1.3.2 contain a privilege escalation vulnerability in the account email-change workflow. A user could set their own email to an invalid value and, due to insufficient validation and authorization checks tied to email identity state, trigger inconsistent...
CVE-2025-34298
Nagios Log Server (prior to 2024R1.3.2) contains a privilege escalation in the account email-change workflow. An attacker could set their own email to an invalid value, and due to insufficient validation and authorization checks tied to email identity state, trigger an inconsistent account state ...
PT-2025-44525
Name of the Vulnerable Software and Affected Versions Nagios Log Server versions prior to 2024R1.3.2 Description Nagios Log Server versions prior to 2024R1.3.2 contain a privilege escalation issue in the account email-change workflow. A user can set their email to an invalid value, and due to...