Lucene search
K

4383 matches found

Cvelist
Cvelist
added 2026/03/20 12:0 a.m.24 views

CVE-2026-33369

Zimbra Collaboration ZCS 10.0 and 10.1 contains an LDAP injection vulnerability in the Mailbox SOAP service within a FolderAction operation. The application fails to properly sanitize user-supplied input before incorporating it into an LDAP search filter. An authenticated attacker can exploit thi...

0.00227EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/20 12:0 a.m.26 views

CVE-2026-33370

An issue was discovered in Zimbra Collaboration ZCS 10.0 and 10.1. A stored cross-site scripting XSS vulnerability exists in the Zimbra Briefcase feature due to insufficient sanitization of specific uploaded file types. When a user opens a publicly shared Briefcase file containing malicious...

0.00205EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/20 12:0 a.m.29 views

CVE-2026-33371

An issue was discovered in Zimbra Collaboration ZCS 10.0 and 10.1. An XML External Entity XXE vulnerability exists in the Zimbra Exchange Web Services EWS SOAP interface due to improper handling of XML input. An authenticated attacker can submit crafted XML data that is processed by an XML parser...

0.00234EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.10 views

Zimbra Collaboration 安全漏洞

Zimbra Collaboration is an open-source enterprise-level email and collaboration platform developed by Zimbra Corporation. It supports email, calendar, document management, and team collaboration features. Versions 10.0 and 10.1 of Zimbra Collaboration contain security vulnerabilities. These...

4.3CVSS5.8AI score0.00234EPSS
Exploits0References4
CVE
CVE
added 2026/03/20 12:0 a.m.19 views

CVE-2026-33372

CVE-2026-33372 affects Zimbra Collaboration (ZCS) 10.0 and 10.1. A CSRF vulnerability in Zimbra Webmail arises from improper validation of CSRF tokens, accepting tokens in the request body instead of requiring them in the header. An attacker can lure an authenticated user into submitting a crafte...

5.4CVSS5.6AI score0.00144EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.7 views

Zimbra Collaboration 安全漏洞

Zimbra Collaboration is an open-source enterprise-level email and collaboration platform developed by Zimbra Corporation. It supports email, calendar, document management, and team collaboration features. Versions 10.0 and 10.1 of Zimbra Collaboration contain security vulnerabilities. These...

5.4CVSS5.8AI score0.00144EPSS
Exploits0References4
CVE
CVE
added 2026/03/20 12:0 a.m.20 views

CVE-2026-33371

CVE-2026-33371 affects Zimbra Collaboration (ZCS) 10.0 and 10.1. The issue is an XML External Entity (XXE) vulnerability in the Zimbra Exchange Web Services (EWS) SOAP interface caused by improper handling of XML input. An authenticated attacker can submit crafted XML data that is processed by a ...

4.3CVSS5.8AI score0.00234EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.3 views

PT-2026-26613

Zimbra Collaboration ZCS 10.0 and 10.1 contains an LDAP injection vulnerability in the Mailbox SOAP service within a FolderAction operation. The application fails to properly sanitize user-supplied input before incorporating it into an LDAP search filter. An authenticated attacker can exploit thi...

5.8AI score0.00227EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2026/03/18 5:26 p.m.7 views

@ckeditor/ckeditor-cloud-services-collaboration (>=23.0.0 <=29.0.0), @ckeditor/ckeditor5-real-time-collaboration (>=29.1.0 <=33.0.0) +2 more potentially affected by CVE-2026-33151 via socket.io-parser (=3.4.1)

socket.io-parser NPM version =3.4.1 is affected by a known vulnerability. The following packages have a transitive dependency on socket.io-parser and may be impacted: - @ckeditor/ckeditor-cloud-services-collaboration =23.0.0, =29.1.0, =29.0.0, =1.5.3, =2.1.0 Source cves: CVE-2026-33151 Source...

8.7CVSS5.8AI score0.00514EPSS
Exploits0
CISA
CISA
added 2026/03/18 12:0 p.m.6 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-66376link is external Synacor Zimbra Collaboration Suite ZCS Cross-Site Scripting Vulnerability This type of vulnerability is a frequent attack vector for...

7.2CVSS5.8AI score0.12009EPSS
In wildExploits0References6
CISA KEV Catalog
CISA KEV Catalog
added 2026/03/18 12:0 a.m.18 views

Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability

Synacor Zimbra Collaboration Suite ZCS contains a cross-site scripting vulnerability in the Classic UI where attackers could abuse Cascading Style Sheets CSS @import directives in email HTML...

7.2CVSS5.6AI score0.12009EPSS
In wildExploits0
Github Security Blog
Github Security Blog
added 2026/03/17 4:0 p.m.8 views

Investing in the people shaping open source and securing the future together

Open source has always been about community. It's about maintainers who review pull requests late at night. Volunteers who respond to security reports from strangers. And communities that quietly power the world's software. The reality behind the commits is that maintainers get stretched thin. Th...

5.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/17 3:5 p.m.8 views

@ckeditor/ckeditor-cloud-services-collaboration (>=23.0.0 <=29.0.0), @ckeditor/ckeditor5-real-time-collaboration (>=29.1.0 <=33.0.0) +2 more potentially affected by CVE-2026-33151 via socket.io-parser (=3.4.1)

socket.io-parser NPM version =3.4.1 is affected by a known vulnerability. The following packages have a transitive dependency on socket.io-parser and may be impacted: - @ckeditor/ckeditor-cloud-services-collaboration =23.0.0, =29.1.0, =29.0.0, =1.5.3, =2.1.0 Source cves: CVE-2026-33151 Source...

8.7CVSS5.8AI score0.00514EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/17 7:49 a.m.7 views

Security Bulletin: SPSS Collaboration and Deployment Services is affected by vulnerabilities in js-yaml, minimatch, and react-router

Summary SPSS Collaboration and Deployment Services is affected by vulnerabilities in js-yaml CVE-2025-64718, minimatch CVE-2026-26996, CVE-2026-27903, CVE-2026-27904, react-router CVE-2025-59057, CVE-2025-68470, CVE-2026-21884, CVE-2026-22029, CVE-2026-22030. This has been addressed in the...

8.7CVSS6AI score0.00519EPSS
Exploits3Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2026/03/17 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-66376

Zimbra Collaboration ZCS 10 before 10.0.18 and 10.1 before 10.1.13 allows Classic UI stored XSS via Cascading Style Sheets CSS @import directives in an HTML e-mail message...

7.2CVSS5.8AI score0.12009EPSS
In wildExploits0References3
NVD
NVD
added 2026/03/16 2:19 p.m.4 views

CVE-2026-2493

IceWarp collaboration Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of IceWarp. Authentication is not required to exploit this vulnerability. The specific flaw exists within handling...

7.5CVSS0.03929EPSS
Exploits0References1
CNVD
CNVD
added 2026/03/16 12:0 a.m.5 views

Microsoft SharePoint Server Spoofing Vulnerability (CNVD-2026-16164)

Microsoft SharePoint Server is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A spoofing...

9.3CVSS5.7AI score0.01262EPSS
Exploits0
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.8 views

IceWarp 路径遍历漏洞

IceWarp is an integrated enterprise communication and collaboration platform developed by the Czech company IceWarp. It aims to provide organizations with various tools and features to support internal and external communication, collaboration, and business processes. IceWarp has a path traversal...

7.5CVSS7.1AI score0.03929EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/13 9:31 p.m.5 views

EUVD-2026-11993

Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Atarim: from n/a through = 4.3.2...

4.3CVSS5.8AI score0.00159EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/13 8:42 p.m.395 views

CVE-2026-2493 IceWarp collaboration Directory Traversal Information Disclosure Vulnerability

IceWarp collaboration Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of IceWarp. Authentication is not required to exploit this vulnerability. The specific flaw exists within handling...

7.5CVSS0.03929EPSS
Exploits0References1
Rows per page
Query Builder