Lucene search
+L

92 matches found

Cvelist
Cvelist
added 2026/02/05 12:0 a.m.32 views

CVE-2025-68721

Axigen Mail Server before 10.5.57 contains an improper access control vulnerability in the WebAdmin interface. A delegated admin account with zero permissions can bypass access control checks and gain unauthorized access to the SSL Certificates management endpoint page=sslcerts. This allows the...

0.0031EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/05 12:0 a.m.29 views

CVE-2025-68722

Axigen Mail Server before 10.5.57 and 10.6.x before 10.6.26 contains a Cross-Site Request Forgery CSRF vulnerability in the WebAdmin interface through improper handling of the s breadcrumb parameter. The application accepts state-changing requests via the GET method and automatically processes...

0.00244EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/02/05 12:0 a.m.29 views

CVE-2025-68643

Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting XSS in the handling of the timeFormat account preference parameter. Attackers can exploit this by deploying a multi-stage attack. In the first stage, a malicious JavaScript payload is injected into the timeFormat preference by...

0.00177EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/05 12:0 a.m.8 views

Axigen Mail Server 安全漏洞

Axigen Mail Server is a mail server software developed by Axigen Corporation. Versions of Axigen Mail Server prior to 10.5.57 contained security vulnerabilities. These vulnerabilities stemmed from multiple stored-cross-site scripts in the WebAdmin interface. Attackers could inject and execute...

9CVSS5.9AI score0.00261EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.11 views

PT-2026-6561

Name of the Vulnerable Software and Affected Versions Axigen Mail Server versions prior to 10.5.57 Axigen Mail Server versions 10.6.0 through 10.6.25 Description The software contains a Cross-Site Request Forgery CSRF issue in the WebAdmin interface. This is due to improper handling of the s...

8.8CVSS5.8AI score0.00244EPSS
Exploits1References6
CVE
CVE
added 2026/02/05 12:0 a.m.15 views

CVE-2025-68723

Axigen Mail Server before 10.5.57 contains multiple stored XSS in the WebAdmin interface. The three vulnerable areas are: (1) log file name parameter on the Local Services Log page, (2) certificate file content in the SSL Certificates View Usage feature, and (3) the Certificate File name paramete...

9CVSS5.5AI score0.00261EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/05 12:0 a.m.6 views

CVE-2025-68722

Axigen Mail Server before 10.5.57 and 10.6.x before 10.6.26 contains a Cross-Site Request Forgery CSRF vulnerability in the WebAdmin interface through improper handling of the s breadcrumb parameter. The application accepts state-changing requests via the GET method and automatically processes...

5.8AI score0.00244EPSS
Exploits1References2
CVE
CVE
added 2026/02/05 12:0 a.m.21 views

CVE-2025-68721

Axigen Mail Server prior to version 10.5.57 is affected by an improper access control in the WebAdmin interface. A delegated admin account with zero permissions can bypass access checks and gain unauthorized access to the SSL Certificates management endpoint (page=sslcerts), enabling viewing, dow...

8.1CVSS5.4AI score0.0031EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/02/05 12:0 a.m.16 views

EUVD-2025-206861

Axigen Mail Server before 10.5.57 contains multiple stored Cross-Site Scripting XSS vulnerabilities in the WebAdmin interface. Three instances exist: 1 the log file name parameter in the Local Services Log page, 2 certificate file content in the SSL Certificates View Usage feature, and 3 the...

5.5AI score0.00261EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.7 views

PT-2026-6593

Name of the Vulnerable Software and Affected Versions Axigen Mail Server versions prior to 10.5.57 Description Axigen Mail Server contains multiple stored Cross-Site Scripting XSS issues within the WebAdmin interface. These issues exist in three areas: the log file name parameter on the Local...

5.5AI score0.00261EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2015-5335

Malware in sbrugna...

5.4CVSS5.5AI score0.01552EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2012-2578

Malware in sbrugna...

4.3CVSS6.4AI score0.01824EPSS
Exploits2References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2010-3457

Malware in sbrugna...

4.3CVSS7.5AI score0.01285EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2009-1481

Malware in sbrugna...

4.3CVSS6.3AI score0.01261EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 7:45 a.m.10 views

CVE-2024-28589

An issue was discovered in Axigen Mail Server for Windows versions 10.5.18 and before, allows local low-privileged attackers to execute arbitrary code and escalate privileges via insecure DLL loading from a world-writable directory during service initialization...

6.7CVSS8AI score0.00342EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:28 a.m.8 views

CVE-2024-50601

Persistent and reflected XSS vulnerabilities in the themeMode cookie and h URL parameter of Axigen Mail Server up to version 10.5.28 allow attackers to execute arbitrary Javascript. Exploitation could lead to session hijacking, data leakage, and further exploitation via a multi-stage attack. Fixe...

6.1CVSS6.8AI score0.00235EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:9 p.m.6 views

CVE-2020-26942

An issue discovered in Axigen Mail Server 10.3.x before 10.3.1.27 and 10.3.2.x before 10.3.3.1 allows unauthenticated attackers to submit a setAdminPassword operation request, subsequently setting a new arbitrary password for the admin account...

9.1CVSS7.3AI score0.00457EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/21 8:18 p.m.13 views

CVE-2009-1484

Cross-site scripting XSS vulnerability in the web mail interface feature in AXIGEN Mail Server 6.2.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving e-mail messages. NOTE: the provenance of this information is unknown; the details are obtained sole...

4.3CVSS5.7AI score0.01261EPSS
Exploits0References1
NVD
NVD
added 2024/11/11 11:15 p.m.16 views

CVE-2024-50601

Persistent and reflected XSS vulnerabilities in the themeMode cookie and h URL parameter of Axigen Mail Server up to version 10.5.28 allow attackers to execute arbitrary Javascript. Exploitation could lead to session hijacking, data leakage, and further exploitation via a multi-stage attack. Fixe...

6.1CVSS0.00235EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/11 12:0 a.m.6 views

Axigen Mail Server 安全漏洞

Axigen Mail Server is a mail server software from Gecad Technologies. A security vulnerability exists in Axigen Mail Server version 10.5.28 and earlier, which stems from vulnerability to cross-site scripting attacks...

6.1CVSS6AI score0.00235EPSS
Exploits0References1
Rows per page
Query Builder