CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

455 matches found

Mitel MiCollab <= 9.8.0.33 - SQL Injection

A vulnerability in NuPoint Messenger NPM of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access sensitive information and execute arbitrary...

9.8CVSS8.4AI score0.93912EPSS

Exploits3References2

Nuclei•added 2 days ago•42 views

Mitel MiCollab AWV 8.1.2.4 and 9.1.3 - Directory Traversal

A Directory Traversal vulnerability in the web conference component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an attacker to access arbitrary files from restricted directories of the server via a crafted URL, due to insufficient access validation. A successful exploit...

5.3CVSS6AI score0.84928EPSS

Exploits3References5

Nuclei•added 5 days ago•11 views

Mitel MiCollab - Information Disclosure & Denial of Service

Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 contain a vulnerability in the TP-240 component caused by improper handling, letting remote attackers obtain sensitive information and cause denial of service, exploit requires remote access. id: CVE-2022-26143 info: name:...

9.8CVSS7.5AI score0.89149EPSS

Exploits1References1

RedhatCVE•added 2026/03/27 2:25 p.m.•5 views

CVE-2021-27401

The Join Meeting page of Mitel MiCollab Web Client before 9.2 FP2 could allow an attacker to access view and modify user data by executing arbitrary code due to insufficient input validation, aka Cross-Site Scripting XSS...

6.1CVSS6.8AI score0.00275EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 12:42 p.m.•5 views

CVE-2023-25597

A vulnerability in the web conferencing component of Mitel MiCollab through 9.6.2.9 could allow an unauthenticated attacker to download a shared file via a crafted request - including the exact path and filename - due to improper authentication control. A successful exploit could allow access to...

5.9CVSS7AI score0.00376EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 12:10 p.m.•6 views

CVE-2018-18819

A vulnerability in the web conference chat component of MiCollab, versions 7.3 PR6 7.3.0.601 and earlier, and 8.0 8.0.0.40 through 8.0 SP2 FP2 8.0.2.202, and MiVoice Business Express versions 7.3 PR3 7.3.1.302 and earlier, and 8.0 8.0.0.40 through 8.0 SP2 FP1 8.0.2.202, could allow creation of...

5.3CVSS7.1AI score0.00343EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:42 a.m.•8 views

CVE-2022-26143

The TP-240 aka tp240dvr component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service performance degradation and excessive outbound traffic. This was exploited in the wild in February...

9.8CVSS6.9AI score0.89149EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:34 a.m.•4 views

CVE-2024-41714

A vulnerability in the Web Interface component of Mitel MiCollab through 9.8 SP1 9.8.1.5 and MiVoice Business Solution Virtual Instance MiVB SVI through 1.0.0.27 could allow an authenticated attacker to conduct a command injection attack, due to insufficient parameter sanitization. A successful...

8.8CVSS8.1AI score0.02022EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:29 a.m.•8 views

CVE-2019-12165

MiCollab 7.3 PR2 7.3.0.204 and earlier, 7.2 7.2.2.13 and earlier, and 7.1 7.1.0.57 and earlier and MiCollab AWV 6.3 6.3.0.103, 6.2 6.2.2.8, 6.1 6.1.0.28, 6.0 6.0.0.61, and 5.0 5.0.5.7 have a Command Execution Vulnerability. Successful exploit of this vulnerability could allow an attacker to execu...

10CVSS7.7AI score0.00782EPSS

Exploits0References1