Lucene search
K

378 matches found

Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.14 views

PT-2026-40847

SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to c password = '%@' in changePasswordForLogin...

7.1CVSS5.9AI score0.00239EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.13 views

SOGo SQL注入漏洞

SOGo is a highly fast and scalable modern collaboration suite open source by Alinto. It offers calendar management, address book management, a fully functional webmail client, as well as features for resource sharing and permission handling. Versions of SOGo prior to 5.12.7 had an SQL injection...

7.1CVSS5.8AI score0.00239EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2026-8496

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cross-site scripting XSS vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript...

6.1CVSS6.2AI score0.00283EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.18 views

PT-2026-40846

SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection...

7.1CVSS5.9AI score0.00239EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-46445

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection. CVE-2026-46445 Note that Nessus relies on the presence of the package as reported by the...

7.1CVSS5.9AI score0.00239EPSS
Exploits0References3
NVD
NVD
added 2026/05/13 7:17 p.m.38 views

CVE-2026-8496

A cross-site scripting XSS vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript execution within the authenticated SOGo webmail session. The issue occurs because SVG content embedded in the description field of an ICS...

6.1CVSS0.00283EPSS
Exploits0References3
OSV
OSV
added 2026/05/13 7:17 p.m.4 views

DEBIAN-CVE-2026-8496

A cross-site scripting XSS vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript execution within the authenticated SOGo webmail session. The issue occurs because SVG content embedded in the description field of an ICS...

6.1CVSS6AI score0.00283EPSS
Exploits0References1
OSV
OSV
added 2026/05/13 7:17 p.m.6 views

UBUNTU-CVE-2026-8496

A cross-site scripting XSS vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript execution within the authenticated SOGo webmail session. The issue occurs because SVG content embedded in the description field of an ICS...

6.1CVSS6AI score0.00283EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2026/05/13 7:17 p.m.11 views

CVE-2026-8496

A cross-site scripting XSS vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript execution within the authenticated SOGo webmail session. The issue occurs because SVG content embedded in the description field of an ICS...

6.1CVSS5.9AI score0.00283EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/13 6:2 p.m.44 views

CVE-2026-8496 A cross-site scripting (XSS) vulnerability in Alinto SOGo, version 5.12.7

A cross-site scripting XSS vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript execution within the authenticated SOGo webmail session. The issue occurs because SVG content embedded in the description field of an ICS...

0.00283EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/13 6:2 p.m.9 views

CVE-2026-8496

A cross-site scripting XSS vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript execution within the authenticated SOGo webmail session. The issue occurs because SVG content embedded in the description field of an ICS...

6.1CVSS6AI score0.00283EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/13 6:2 p.m.6 views

CVE-2026-8496 A cross-site scripting (XSS) vulnerability in Alinto SOGo, version 5.12.7

A cross-site scripting XSS vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript execution within the authenticated SOGo webmail session. The issue occurs because SVG content embedded in the description field of an ICS...

6AI score0.00283EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/05/13 6:2 p.m.9 views

CVE-2026-8496

A cross-site scripting XSS vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript execution within the authenticated SOGo webmail session. The issue occurs because SVG content embedded in the description field of an ICS...

6.1CVSS6AI score0.00283EPSS
Exploits0
CVE
CVE
added 2026/05/13 6:2 p.m.32 views

CVE-2026-8496

Alinto SOGo 5.12.7 is affected by a cross-site scripting (XSS) vulnerability triggered by SVG content in ICS calendar invites. The issue stems from unsanitized SVG in the ICS file description with an onrepeat handler, allowing arbitrary JavaScript execution within an authenticated webmail session...

6.1CVSS6AI score0.00283EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

Alinto SOGo 安全漏洞

Alinto SOGo is an open-source collaboration office software developed by Alinto. Version 5.12.7 of Alinto SOGo contains a security vulnerability. This vulnerability stems from insufficient SVG content cleaning in the ICS calendar invitation files. It may allow remote attackers to execute JavaScri...

6.1CVSS5.9AI score0.00283EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.16 views

PT-2026-40764

A cross-site scripting XSS vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript execution within the authenticated SOGo webmail session. The issue occurs because SVG content embedded in the description field of an ICS...

6.1CVSS6AI score0.00283EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:16 p.m.4 views

CVE-2026-33550

SOGo before 5.12.5 does not renew the OTP if a user disables/enables it, and has a too short length only 12 digits instead of the 20 recommended...

2.6CVSS5.8AI score0.00135EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:13 p.m.3 views

CVE-2025-71276

SOGo before 5.12.5 is prone to a XSS vulnerability with events, tasks, and contacts categories...

6.4CVSS5.8AI score0.00137EPSS
Exploits0References1
NVD
NVD
added 2026/03/22 3:16 a.m.4 views

CVE-2026-33550

SOGo before 5.12.5 does not renew the OTP if a user disables/enables it, and has a too short length only 12 digits instead of the 20 recommended...

2.6CVSS0.00135EPSS
Exploits0References2
OSV
OSV
added 2026/03/22 3:16 a.m.2 views

DEBIAN-CVE-2026-33550

SOGo before 5.12.5 does not renew the OTP if a user disables/enables it, and has a too short length only 12 digits instead of the 20 recommended...

2.6CVSS5.3AI score0.00135EPSS
Exploits0References1
Rows per page
Query Builder