55 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-39179
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A SQL injection vulnerability in SOGo before 5.12.7 allows authenticated users to execute arbitrary SQL statements via the newPassword parameter in the password...
Linux Distros Unpatched Vulnerability : CVE-2026-39178
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A SQL injection vulnerability in SOGo before 5.12.7 allows authenticated users to execute arbitrary SQL statements via the search parameter of the...
UBUNTU-CVE-2026-39178
A SQL injection vulnerability in SOGo before 5.12.7 allows authenticated users to execute arbitrary SQL statements via the search parameter of the allContactSearch endpoint...
CVE-2026-39178
A SQL injection vulnerability in SOGo before 5.12.7 allows authenticated users to execute arbitrary SQL statements via the search parameter of the allContactSearch endpoint...
Linux Distros Unpatched Vulnerability : CVE-2026-8851
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SOGo versions 5.12.7 and prior contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated users to...
DEBIAN-CVE-2026-46446
SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to cpassword = '%@' in changePasswordForLogin...
CVE-2026-46445
SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection...
CVE-2026-46446
SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to cpassword = '%@' in changePasswordForLogin...
UBUNTU-CVE-2026-46446
SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to cpassword = '%@' in changePasswordForLogin...
CVE-2026-46446
SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to cpassword = '%@' in changePasswordForLogin...
CVE-2026-46446
SOGo before 5.12.7, when using PostgreSQL or MariaDB, stores passwords in cleartext and is vulnerable to SQL injection via c_password = '%@' in changePasswordForLogin. The CVE notes an impact on confidentiality and integrity with a high base score (7.1) and a network attack vector requiring low p...
CVE-2026-46446
SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to cpassword = '%@' in changePasswordForLogin...
CVE-2026-46446
SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to cpassword = '%@' in changePasswordForLogin...
CVE-2026-46445
SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection...
EUVD-2026-30212
SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection...
PT-2026-40846
Name of the Vulnerable Software and Affected Versions SOGo versions prior to 5.12.7 Description SOGo allows SQL injection when PostgreSQL is used. SQL injection is a type of flaw that allows an attacker to interfere with the queries that an application makes to its database. Recommendations Updat...
PT-2026-40847
Name of the Vulnerable Software and Affected Versions SOGo versions prior to 5.12.7 Description An issue exists when PostgreSQL or MariaDB is used and cleartext passwords are stored, allowing SQL injection. This occurs due to the use of c password = '%@' within the changePasswordForLogin function...
Linux Distros Unpatched Vulnerability : CVE-2026-46445
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection. CVE-2026-46445 Note that Nessus relies on the presence of the package as reported by the...
CVE-2026-33550
SOGo before 5.12.5 does not renew the OTP if a user disables/enables it, and has a too short length only 12 digits instead of the 20 recommended...
PT-2026-48586
Name of the Vulnerable Software and Affected Versions SOGo versions prior to 5.12.7 Description An issue exists in the contact search component where the software fails to properly protect the SQL query structure. This allows authenticated users to execute arbitrary SQL statements through the...