CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

55 matches found

VulnCheck KEV•added 2026/03/17 12:0 a.m.•2 views

VulnCheck KEV: CVE-2025-66376

Zimbra Collaboration ZCS 10 before 10.0.18 and 10.1 before 10.1.13 allows Classic UI stored XSS via Cascading Style Sheets CSS @import directives in an HTML e-mail message...

7.2CVSS5.8AI score0.10899EPSS

In wildExploits0References3

GithubExploit•added 2026/02/10 4:28 a.m.•138 views

Exploit for PHP Remote File Inclusion in Synacor Zimbra_Collaboration_Suite

CVE-2025-68645 — Zimbra Classic UI LFI Defender Pack This r...

8.8CVSS5.5AI score0.47553EPSS

Exploits5

VulnCheck KEV•added 2026/01/14 12:0 a.m.•2 views

VulnCheck KEV: CVE-2025-68645

A Local File Inclusion LFI vulnerability exists in the Webmail Classic UI of Zimbra Collaboration ZCS 10.0 and 10.1 because of improper handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote attacker can craft requests to the /h/rest endpoint to influenc...

8.8CVSS5.9AI score0.47553EPSS

In wildExploits5References43

RedhatCVE•added 2026/01/06 12:19 a.m.•1 views

CVE-2025-66376

Zimbra Collaboration ZCS 10 before 10.0.18 and 10.1 before 10.1.13 allows Classic UI stored XSS via Cascading Style Sheets CSS @import directives in an HTML e-mail message...

7.2CVSS6AI score0.10899EPSS

Exploits0References1

NVD•added 2026/01/05 3:15 p.m.•2 views

CVE-2025-66376

Zimbra Collaboration ZCS 10 before 10.0.18 and 10.1 before 10.1.13 allows Classic UI stored XSS via Cascading Style Sheets CSS @import directives in an HTML e-mail message...

7.2CVSS0.10899EPSS

Exploits0References6

Positive Technologies•added 2026/01/05 12:0 a.m.•4 views

PT-2026-1290

Name of the Vulnerable Software and Affected Versions Zimbra Collaboration ZCS versions prior to 10.0.18 Zimbra Collaboration ZCS versions prior to 10.1.13 Description The software contains a stored cross-site scripting XSS issue within the Classic UI. This occurs due to Cascading Style Sheets CS...

7.2CVSS6.1AI score0.10899EPSS

Exploits0References55

CVE•added 2026/01/05 12:0 a.m.•19 views

CVE-2025-66376

Zimbra Collaboration (ZCS) is affected in versions prior to 10.0.18 and prior to 10.1.13. The issue is a stored XSS in the Classic UI triggered by CSS @import directives in HTML emails, caused by improper handling of CSS imports. Impact is stored cross-site scripting within email rendering. Remed...

7.2CVSS5.6AI score0.10899EPSS

In wildExploits0References6Affected Software1

Packet Storm•added 2026/01/02 12:0 a.m.•497 views

📄 Zimbra Collaboration 10.0 / 10.1 Local File Inclusion

This is a proof of concept exploiting a local file inclusion vulnerability existing in the Webmail Classic UI of Zimbra Collaboration ZCS versions 10.0 and 10.1. The issue is due to improper handling of user-supplied request parameters in the RestFilter servlet. zimbramail-CVE-2025-68645-poc A...

8.8CVSS6.7AI score0.47553EPSS

Exploits5

GithubExploit•added 2026/01/01 10:29 a.m.•201 views

Exploit for CVE-2025-68645

zimbramail-CVE-2025-68645-poc A proof-of-concept exp...

8.8CVSS7AI score0.47553EPSS

Exploits5

NVD•added 2025/12/22 6:16 p.m.•1 views

CVE-2025-68645

8.8CVSS0.47553EPSS

Exploits5References3

OSV•added 2025/12/22 6:16 p.m.•1 views

CVE-2025-68645

8.8CVSS6.8AI score0.47553EPSS

Exploits5References3

Cvelist•added 2025/12/22 12:0 a.m.•20 views

CVE-2025-68645

0.47553EPSS

Exploits5References2

CVE•added 2025/12/22 12:0 a.m.•48 views

CVE-2025-68645

Summary: CVE-2025-68645 is a Local File Inclusion in Zimbra Collaboration (ZCS) Webmail Classic UI (10.0/10.1) caused by improper handling in the RestFilter servlet. An unauthenticated attacker can craft requests to the /h/rest endpoint to influence internal request dispatching and include arbitr...

8.8CVSS6.8AI score0.47553EPSS

In wildExploits5References3Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2020-0035

Malware in sbrugna...

4.8CVSS4.9AI score0.00608EPSS

Exploits0References10

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2015-7906

Malware in sbrugna...

6.1CVSS6.5AI score0.00354EPSS

Exploits0References7

EUVD•added 2025/10/07 12:30 a.m.•0 views

EUVD-2020-0042

Malware in sbrugna...

6.1CVSS6.1AI score0.02134EPSS

Exploits0References6

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-52646

Malicious code in bioql PyPI...

7.5CVSS6.5AI score0.0022EPSS

Exploits0References2

Tenable Nessus•added 2025/09/10 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2015-8010

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site scripting XSS vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject...

6.1CVSS6.3AI score0.00354EPSS

Exploits0References2

ATTACKERKB•added 2025/06/23 3:15 p.m.•0 views

CVE-2025-48700

An issue was discovered in Zimbra Collaboration ZCS 8.8.15 and 9.0 and 10.0 and 10.1. A Cross-Site Scripting XSS vulnerability in the Zimbra Classic UI allows attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to sensitive information...

6.1CVSS6.1AI score0.18191EPSS

Exploits0References4

RedhatCVE•added 2025/05/23 6:27 a.m.•3 views

CVE-2024-54663

An issue was discovered in the Webmail Classic UI in Zimbra Collaboration ZCS 9.0 and 10.0 and 10.1. A Local File Inclusion LFI vulnerability exists in the /h/rest endpoint, allowing authenticated remote attackers to include and access sensitive files in the WebRoot directory. Exploitation requir...

7.5CVSS6.7AI score0.0022EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by