Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2026/04/03 11:1 p.m.6 views

CVE-2026-34838

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.156, 25.0.90, and 26.0.12, a vulnerability in the AbstractSettingsCollection model leads to insecure deserialization when these settings are loaded. By injecting a serialized FileCookieJar...

9.9CVSS5.9AI score0.01026EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/02 7:15 p.m.18 views

CVE-2026-34838 Group-Office: Authenticated Remote Code Execution via PHP Insecure Deserialization in `AbstractSettingsCollection`

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.156, 25.0.90, and 26.0.12, a vulnerability in the AbstractSettingsCollection model leads to insecure deserialization when these settings are loaded. By injecting a serialized FileCookieJar...

9.9CVSS0.01026EPSS
Exploits0References4
CVE
CVE
added 2026/04/02 7:15 p.m.25 views

CVE-2026-34838

Group-Office contains an authenticated RCE in the AbstractSettingsCollection deserialization path. Before versions 6.8.156, 25.0.90, and 26.0.12, an attacker can inject a serialized FileCookieJar into a settings string, causing Arbitrary File Write and server RCE. This is fixed in 6.8.156, 25.0.9...

9.9CVSS5.9AI score0.01026EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/02 7:15 p.m.3 views

CVE-2026-34838

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.156, 25.0.90, and 26.0.12, a vulnerability in the AbstractSettingsCollection model leads to insecure deserialization when these settings are loaded. By injecting a serialized FileCookieJar...

9.9CVSS5.9AI score0.01026EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/02 2:32 p.m.2 views

CVE-2025-15438 PluXml Media Management medias.php __destruct deserialization

A vulnerability was determined in PluXml up to 5.8.22. Affected is the function FileCookieJar::destruct of the file core/admin/medias.php of the component Media Management Module. Executing a manipulation of the argument File can lead to deserialization. The attack can be launched remotely. The...

5.8CVSS4.7AI score0.00386EPSS
Exploits1References4
Rows per page
Query Builder