Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

75 matches found

AstraLinux
AstraLinuxadded 2026/05/03 11:59 p.m.9 views

Astra Linux - уязвимость в dovecot

A issue was discovered in the auth component of Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings, incorrect usernamefilter and mechanism settings can be applied to passdb definitions. These incorrectly applied settings can lead ...

8.8CVSS7AI score0.00307EPSS
Exploits1References2
SUSE CVE
SUSE CVEadded 2026/03/28 12:28 a.m.3 views

SUSE CVE-2026-27855

Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache is enabled, and username is altered in passdb, then OTP credentials can be cached so that same OTP reply is valid. An attacker able to observe an OTP exchange is able to log in as the user. If...

6.8CVSS5.9AI score0.00042EPSS
Exploits1References5
EUVD
EUVDadded 2026/03/27 9:31 a.m.3 views

EUVD-2026-16563

Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache is enabled, and username is altered in passdb, then OTP credentials can be cached so that same OTP reply is valid. An attacker able to observe an OTP exchange is able to log in as the user. If...

6.8CVSS5.9AI score0.00042EPSS
Exploits1References2
NVD
NVDadded 2026/03/27 9:16 a.m.1 views

CVE-2026-27855

Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache is enabled, and username is altered in passdb, then OTP credentials can be cached so that same OTP reply is valid. An attacker able to observe an OTP exchange is able to log in as the user. If...

6.8CVSS0.00042EPSS
Exploits1References1
OSV
OSVadded 2026/03/27 9:16 a.m.4 views

ALPINE-CVE-2026-27855

Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache is enabled, and username is altered in passdb, then OTP credentials can be cached so that same OTP reply is valid. An attacker able to observe an OTP exchange is able to log in as the user. If...

5.9CVSS5.9AI score0.00042EPSS
Exploits1References1
OSV
OSVadded 2026/03/27 12:0 a.m.4 views

UBUNTU-CVE-2026-27855

Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache is enabled, and username is altered in passdb, then OTP credentials can be cached so that same OTP reply is valid. An attacker able to observe an OTP exchange is able to log in as the user. If...

6.8CVSS5.8AI score0.00042EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2026/01/01 12:0 a.m.2 views

PT-2026-28363

Name of the Vulnerable Software and Affected Versions Dovecot versions prior to 2.4.3 Description Dovecot OTP authentication is susceptible to a replay attack under certain conditions. Specifically, if the authentication cache is enabled and a username is modified within the passdb, OTP credentia...

7.7CVSS5.8AI score0.0009EPSS
Exploits7References31
NVD
NVDadded 2025/10/31 9:15 a.m.3 views

CVE-2025-30189

When cache is enabled, some passdb/userdb drivers incorrectly cache all users with same cache key, causing wrong cached information to be used for these users. After cached login, all subsequent logins are for same user. Install fixed version or disable caching either globally or for the impacted...

7.4CVSS0.00012EPSS
Exploits0References3
OSV
OSVadded 2025/10/31 9:15 a.m.4 views

AZL-69835 CVE-2025-30189 affecting package dovecot 2.3.20-1

When cache is enabled, some passdb/userdb drivers incorrectly cache all users with same cache key, causing wrong cached information to be used for these users. After cached login, all subsequent logins are for same user. Install fixed version or disable caching either globally or for the impacted...

7.4CVSS5.7AI score0.00012EPSS
Exploits0References1
OSV
OSVadded 2025/10/31 9:15 a.m.2 views

UBUNTU-CVE-2025-30189

When cache is enabled, some passdb/userdb drivers incorrectly cache all users with same cache key, causing wrong cached information to be used for these users. After cached login, all subsequent logins are for same user. Install fixed version or disable caching either globally or for the impacted...

7.4CVSS5.8AI score0.00012EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/10/31 9:2 a.m.3 views

CVE-2025-30189

When cache is enabled, some passdb/userdb drivers incorrectly cache all users with same cache key, causing wrong cached information to be used for these users. After cached login, all subsequent logins are for same user. Install fixed version or disable caching either globally or for the impacted...

7.4CVSS6.2AI score0.00012EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/10/31 9:2 a.m.9 views

CVE-2025-30189

When cache is enabled, some passdb/userdb drivers incorrectly cache all users with same cache key, causing wrong cached information to be used for these users. After cached login, all subsequent logins are for same user. Install fixed version or disable caching either globally or for the impacted...

7.4CVSS0.00012EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2025/10/31 9:2 a.m.4 views

CVE-2025-30189

When cache is enabled, some passdb/userdb drivers incorrectly cache all users with same cache key, causing wrong cached information to be used for these users. After cached login, all subsequent logins are for same user. Install fixed version or disable caching either globally or for the impacted...

7.4CVSS5.9AI score0.00012EPSS
Exploits0References3
CVE
CVEadded 2025/10/31 9:2 a.m.19 views

CVE-2025-30189

CVE-2025-30189 affects Open-Xchange OX Dovecot Pro (and dovecot-based components) where enabling authentication caching causes incorrect caching: multiple users sharing the same cache key leads to the cached entry being reused for subsequent logins. The issue is described in multiple advisories (...

7.4CVSS6.2AI score0.00012EPSS
Exploits0References3
AlpineLinux
AlpineLinuxadded 2025/10/31 9:2 a.m.5 views

CVE-2025-30189

When cache is enabled, some passdb/userdb drivers incorrectly cache all users with same cache key, causing wrong cached information to be used for these users. After cached login, all subsequent logins are for same user. Install fixed version or disable caching either globally or for the impacted...

7.4CVSS6.7AI score0.00012EPSS
Exploits0
SUSE CVE
SUSE CVEadded 2025/10/30 12:29 a.m.3 views

SUSE CVE-2025-30189

When cache is enabled, some passdb/userdb drivers incorrectly cache all users with same cache key, causing wrong cached information to be used for these users. After cached login, all subsequent logins are for same user. Install fixed version or disable caching either globally or for the impacted...

6.4CVSS6.7AI score0.00012EPSS
Exploits0References4
Rosalinux
Rosalinuxadded 2025/09/29 1:37 p.m.5 views

Advisory ROSA-SA-2025-3015

Software: dovecot 2.3.21.1 OS: ROSA-CHROME unaffected versions = dovecot-2.3.21.1-6 affected versions dovecot-2.3.21.1-6 CVE-ID: CVE-2022-30550 BDU-ID: 2022-04273 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the passdb account database of the Dovecot mail server is related to configuration...

8.8CVSS7.1AI score0.00307EPSS
Exploits1
Rosalinux
Rosalinuxadded 2025/09/29 1:37 p.m.4 views

Advisory ROSA-SA-2025-3014

software: cert-sh-functions 1.0.6 WASP: ROSA-CHROME unaffected versions = cert-sh-functions-1.0.6-5 affected versions cert-sh-functions-1.0.6-5 CVE-ID: CVE-2022-30550 BDU-ID: 2022-04273 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the passdb account database of the Dovecot mail server is relate...

8.8CVSS7.1AI score0.00307EPSS
Exploits1
Tenable Nessus
Tenable Nessusadded 2025/08/27 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2022-30550

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args...

8.8CVSS7.1AI score0.00307EPSS
Exploits1References2
Tenable Nessus
Tenable Nessusadded 2023/10/30 12:0 a.m.28 views

GLSA-202310-19 : Dovecot: Privilege Escalation

The remote host is affected by the vulnerability described in GLSA-202310-19 Dovecot: Privilege Escalation - An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings, incorrect...

8.8CVSS7.2AI score0.00307EPSS
Exploits1References3
Rows per page
Query Builder