13 matches found
EUVD-2025-23544
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2025-50340
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An Insecure Direct Object Reference IDOR vulnerability was discovered in SOGo Webmail thru 5.6.0, allowing an authenticated user to send emails on behalf of oth...
CVE-2025-50340
An Insecure Direct Object Reference IDOR vulnerability was discovered in SOGo Webmail thru 5.6.0, allowing an authenticated user to send emails on behalf of other users by manipulating a user-controlled identifier in the email-sending request. The server fails to verify whether the authenticated...
Exploit for Improper Neutralization in Alinto Sogo
CVE-2022-4556 - Stored XSS in SOGo Webmail v5.7.1 🧠 Summ...
CVE-2025-50340
An Insecure Direct Object Reference IDOR vulnerability was discovered in SOGo Webmail thru 5.6.0, allowing an authenticated user to send emails on behalf of other users by manipulating a user-controlled identifier in the email-sending request. The server fails to verify whether the authenticated...
CVE-2025-50340
An Insecure Direct Object Reference IDOR vulnerability was discovered in SOGo Webmail thru 5.6.0, allowing an authenticated user to send emails on behalf of other users by manipulating a user-controlled identifier in the email-sending request. The server fails to verify whether the authenticated...
UBUNTU-CVE-2025-50340
An Insecure Direct Object Reference IDOR vulnerability was discovered in SOGo Webmail thru 5.6.0, allowing an authenticated user to send emails on behalf of other users by manipulating a user-controlled identifier in the email-sending request. The server fails to verify whether the authenticated...
CVE-2025-50340
CVE-2025-50340 affects SOGo Webmail up to version 5.6.0 (authenticated IDOR). The vulnerability lets an authenticated user send emails on behalf of other users by manipulating a sender identity in the email-sending request, due to insufficient verification of authorization to use the specified se...
CVE-2025-50340
An Insecure Direct Object Reference IDOR vulnerability was discovered in SOGo Webmail thru 5.6.0, allowing an authenticated user to send emails on behalf of other users by manipulating a user-controlled identifier in the email-sending request. The server fails to verify whether the authenticated...
PT-2025-31860 · Unknown +1 · Sogo Web Mail +1
Name of the Vulnerable Software and Affected Versions: SOGo Webmail versions through 5.6.0 Description: An Insecure Direct Object Reference IDOR vulnerability allows an authenticated user to send emails on behalf of other users by manipulating a user-controlled identifier in the email-sending...
CVE-2025-50340
An Insecure Direct Object Reference IDOR vulnerability was discovered in SOGo Webmail thru 5.6.0, allowing an authenticated user to send emails on behalf of other users by manipulating a user-controlled identifier in the email-sending request. The server fails to verify whether the authenticated...
CVE-2025-50340
Removed by vendor...
SOGo Webmail 安全漏洞
SOGo Webmail is a SOGo open source webmail and collaboration system. A security vulnerability exists in SOGo Webmail 5.6.0 and earlier versions, which stems from an insecure direct object reference that could lead to an authenticated user impersonating another user to send mail...