Lucene search
K

5 matches found

Vulnrichment
Vulnrichment
added 2026/04/02 7:15 p.m.2 views

CVE-2026-34838 Group-Office: Authenticated Remote Code Execution via PHP Insecure Deserialization in `AbstractSettingsCollection`

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.156, 25.0.90, and 26.0.12, a vulnerability in the AbstractSettingsCollection model leads to insecure deserialization when these settings are loaded. By injecting a serialized FileCookieJar...

9.9CVSS5.9AI score0.01026EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/02 7:15 p.m.3 views

EUVD-2026-18532

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.156, 25.0.90, and 26.0.12, a vulnerability in the AbstractSettingsCollection model leads to insecure deserialization when these settings are loaded. By injecting a serialized FileCookieJar...

9.9CVSS5.9AI score0.01026EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/02 7:15 p.m.20 views

CVE-2026-34838 Group-Office: Authenticated Remote Code Execution via PHP Insecure Deserialization in `AbstractSettingsCollection`

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.156, 25.0.90, and 26.0.12, a vulnerability in the AbstractSettingsCollection model leads to insecure deserialization when these settings are loaded. By injecting a serialized FileCookieJar...

9.9CVSS0.01026EPSS
Exploits0References4
CVE
CVE
added 2026/04/02 7:15 p.m.28 views

CVE-2026-34838

Group-Office contains an authenticated RCE in the AbstractSettingsCollection deserialization path. Before versions 6.8.156, 25.0.90, and 26.0.12, an attacker can inject a serialized FileCookieJar into a settings string, causing Arbitrary File Write and server RCE. This is fixed in 6.8.156, 25.0.9...

9.9CVSS5.9AI score0.01026EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.7 views

Group Office 代码问题漏洞

Group Office is a modular office suite developed by the Dutch company Group Office. Versions of Group Office prior to 6.8.156, 25.0.90, and 26.0.12 contained code vulnerabilities. These vulnerabilities stemmed from insecure deserialization in the AbstractSettingsCollection model, which could allo...

9.9CVSS6.3AI score0.01026EPSS
Exploits0References4
Rows per page
Query Builder