Lucene search
+L

55 matches found

Tenable Nessus
Tenable Nessus
added 2026/07/10 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-39179

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A SQL injection vulnerability in SOGo before 5.12.7 allows authenticated users to execute arbitrary SQL statements via the newPassword parameter in the password...

6.3CVSS7.3AI score0.00157EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/10 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-39178

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A SQL injection vulnerability in SOGo before 5.12.7 allows authenticated users to execute arbitrary SQL statements via the search parameter of the...

6.3CVSS7.3AI score0.00157EPSS
Exploits0References3
OSV
OSV
added 2026/07/08 10:17 p.m.5 views

UBUNTU-CVE-2026-39178

A SQL injection vulnerability in SOGo before 5.12.7 allows authenticated users to execute arbitrary SQL statements via the search parameter of the allContactSearch endpoint...

6.3CVSS6.3AI score0.00157EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/08 12:0 a.m.29 views

CVE-2026-39178

A SQL injection vulnerability in SOGo before 5.12.7 allows authenticated users to execute arbitrary SQL statements via the search parameter of the allContactSearch endpoint...

0.00157EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/19 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-8851

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SOGo versions 5.12.7 and prior contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated users to...

8.6CVSS6.2AI score0.00316EPSS
Exploits0References3
OSV
OSV
added 2026/05/14 4:17 a.m.17 views

DEBIAN-CVE-2026-46446

SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to cpassword = '%@' in changePasswordForLogin...

7.1CVSS5.9AI score0.00239EPSS
Exploits0References1
NVD
NVD
added 2026/05/14 4:17 a.m.33 views

CVE-2026-46445

SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection...

7.1CVSS0.00239EPSS
Exploits0References3
NVD
NVD
added 2026/05/14 4:17 a.m.63 views

CVE-2026-46446

SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to cpassword = '%@' in changePasswordForLogin...

7.1CVSS0.00239EPSS
Exploits0References3
OSV
OSV
added 2026/05/14 4:17 a.m.15 views

UBUNTU-CVE-2026-46446

SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to cpassword = '%@' in changePasswordForLogin...

7.1CVSS5.9AI score0.00239EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/14 3:13 a.m.10 views

CVE-2026-46446

SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to cpassword = '%@' in changePasswordForLogin...

7.1CVSS5.9AI score0.00239EPSS
Exploits0References4
CVE
CVE
added 2026/05/14 3:13 a.m.25 views

CVE-2026-46446

SOGo before 5.12.7, when using PostgreSQL or MariaDB, stores passwords in cleartext and is vulnerable to SQL injection via c_password = '%@' in changePasswordForLogin. The CVE notes an impact on confidentiality and integrity with a high base score (7.1) and a network attack vector requiring low p...

7.1CVSS5.9AI score0.00239EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/14 3:13 a.m.10 views

CVE-2026-46446

SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to cpassword = '%@' in changePasswordForLogin...

7.1CVSS5.9AI score0.00239EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/05/14 3:13 a.m.11 views

CVE-2026-46446

SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to cpassword = '%@' in changePasswordForLogin...

7.1CVSS5.9AI score0.00239EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/05/14 3:10 a.m.9 views

CVE-2026-46445

SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection...

7.1CVSS5.9AI score0.00239EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/14 3:10 a.m.16 views

EUVD-2026-30212

SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection...

7.1CVSS5.9AI score0.00239EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.20 views

PT-2026-40846

Name of the Vulnerable Software and Affected Versions SOGo versions prior to 5.12.7 Description SOGo allows SQL injection when PostgreSQL is used. SQL injection is a type of flaw that allows an attacker to interfere with the queries that an application makes to its database. Recommendations Updat...

7.1CVSS6AI score0.00239EPSS
Exploits0References25
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.17 views

PT-2026-40847

Name of the Vulnerable Software and Affected Versions SOGo versions prior to 5.12.7 Description An issue exists when PostgreSQL or MariaDB is used and cleartext passwords are stored, allowing SQL injection. This occurs due to the use of c password = '%@' within the changePasswordForLogin function...

7.1CVSS6AI score0.00239EPSS
Exploits0References25
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-46445

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection. CVE-2026-46445 Note that Nessus relies on the presence of the package as reported by the...

7.1CVSS6.1AI score0.00239EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:16 p.m.4 views

CVE-2026-33550

SOGo before 5.12.5 does not renew the OTP if a user disables/enables it, and has a too short length only 12 digits instead of the 20 recommended...

2.6CVSS5.8AI score0.00135EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.9 views

PT-2026-48586

Name of the Vulnerable Software and Affected Versions SOGo versions prior to 5.12.7 Description An issue exists in the contact search component where the software fails to properly protect the SQL query structure. This allows authenticated users to execute arbitrary SQL statements through the...

10CVSS7.6AI score0.00157EPSS
Exploits0References7
Rows per page
Query Builder