Lucene search
K

855 matches found

RedhatCVE
RedhatCVE
added 2025/05/21 9:10 p.m.8 views

CVE-2009-3172

Unspecified vulnerability in Hitachi Groupmax Groupware Server 07-00 through 07-50-/A, Groupmax Server Set 03-00 through 06-52, Groupware Server Set 03-00 through 06-52, and Scheduler Server Set 03-00 through 06-52 has unknown impact and attack vectors related to invalid access rights...

7.5CVSS6.8AI score0.01377EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2025/04/15 12:0 a.m.19 views

Tiki Wiki CMS Groupware < 21.12, 22.0 < 24.8, 25.0 < 27.2, 28.0 < 28.3 Code Injection Vulnerability

Tiki Wiki CMS Groupware is prone to a code injection vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

9.9CVSS7.4AI score0.00781EPSS
Exploits1References7
OpenVAS
OpenVAS
added 2025/03/19 12:0 a.m.9 views

Tiki Wiki CMS Groupware <= 29.0 Multiple XSS Vulnerabilities

Tiki Wiki CMS Groupware is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

4.8CVSS5.8AI score0.00236EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2025/03/18 12:0 a.m.6 views

Tiki Wiki CMS Groupware < 28.0 Multiple Vulnerabilities

Tiki Wiki CMS Groupware is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

9.8CVSS6.9AI score0.01515EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/08 7:38 p.m.16 views

CVE-2025-25191

Group-Office is an enterprise CRM and groupware tool. This Stored XSS vulnerability exists where user input in the Name field is not properly sanitized before being stored. This vulnerability is fixed in 6.8.100...

6.9CVSS5.7AI score0.00262EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/14 6:23 p.m.6 views

CVE-2025-25198

mailcow: dockerized is an open source groupware/email suite based on docker. Prior to version 2025-01a, a vulnerability in mailcow's password reset functionality allows an attacker to manipulate the Host HTTP header to generate a password reset link pointing to an attacker-controlled domain. This...

8.8CVSS6.9AI score0.01052EPSS
Exploits4References1
NVD
NVD
added 2025/02/12 6:15 p.m.17 views

CVE-2025-25198

mailcow: dockerized is an open source groupware/email suite based on docker. Prior to version 2025-01a, a vulnerability in mailcow's password reset functionality allows an attacker to manipulate the Host HTTP header to generate a password reset link pointing to an attacker-controlled domain. This...

8.8CVSS0.01052EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2025/02/06 3:40 a.m.6 views

CVE-2021-26630

Improper input validation vulnerability in HANDY Groupware’s ActiveX moudle allows attackers to download or execute arbitrary files. This vulnerability can be exploited by using the file download or execution path as the parameter value of the vulnerable function...

9.8CVSS7.5AI score0.00726EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/10/19 12:0 a.m.10 views

Debian dla-3924 : php-horde-mime-viewer - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-3924 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3924-1 [email protected] https://www.debian.org/lts/security/...

5.4CVSS5.5AI score0.01035EPSS
Exploits1References4
NVD
NVD
added 2024/08/05 8:15 p.m.40 views

CVE-2024-41960

mailcow: dockerized is an open source groupware/email suite based on docker. An authenticated admin user can inject a JavaScript payload into the Relay Hosts configuration. The injected payload is executed whenever the configuration page is viewed, enabling the attacker to execute arbitrary scrip...

4.8CVSS0.00308EPSS
Exploits0References2
NVD
NVD
added 2024/08/05 8:15 p.m.32 views

CVE-2024-41959

mailcow: dockerized is an open source groupware/email suite based on docker. An unauthenticated attacker can inject a JavaScript payload into the API logs. This payload is executed whenever the API logs page is viewed, potentially allowing an attacker to run malicious scripts in the context of th...

7.6CVSS0.00332EPSS
Exploits0References2
OSV
OSV
added 2024/08/05 7:59 p.m.20 views

CVE-2024-41960 Cross-site Scripting (XSS) via Relay Hosts Configuration in mailcow: dockerized

mailcow: dockerized is an open source groupware/email suite based on docker. An authenticated admin user can inject a JavaScript payload into the Relay Hosts configuration. The injected payload is executed whenever the configuration page is viewed, enabling the attacker to execute arbitrary scrip...

3.8CVSS7.1AI score0.00308EPSS
Exploits0References4
CVE
CVE
added 2024/08/05 7:59 p.m.42 views

CVE-2024-41960

CVE-2024-41960 affects mailcow: dockerized (Relay Hosts configuration). An authenticated admin can inject a JavaScript payload into the Relay Hosts config, and the payload executes in the user’s browser when the configuration page is viewed, enabling arbitrary script execution in the user context...

4.8CVSS4.7AI score0.00308EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/08/05 7:59 p.m.21 views

CVE-2024-41959 Cross-site Scripting (XSS) via API Logs in mailcow: dockerized

mailcow: dockerized is an open source groupware/email suite based on docker. An unauthenticated attacker can inject a JavaScript payload into the API logs. This payload is executed whenever the API logs page is viewed, potentially allowing an attacker to run malicious scripts in the context of th...

7.6CVSS6.8AI score0.00332EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2024/06/15 12:0 a.m.11 views

Fedora: Security Advisory (FEDORA-2024-123f2b3666)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.5AI score0.00836EPSS
Exploits0References4
Fedora
Fedora
added 2024/06/14 4:43 a.m.24 views

[SECURITY] Fedora 39 Update: cyrus-imapd-3.8.3-1.fc39

The Cyrus IMAP Internet Message Access Protocol server provides access to personal mail, system-wide bulletin boards, news-feeds, calendar and contacts through the IMAP, JMAP, NNTP, CalDAV and CardDAV protocols. The Cyrus IMAP server is a scalable enterprise groupware system designed for use from...

6.5CVSS6.5AI score0.00836EPSS
Exploits0
Fedora
Fedora
added 2024/06/14 1:45 a.m.26 views

[SECURITY] Fedora 40 Update: cyrus-imapd-3.8.3-1.fc40

The Cyrus IMAP Internet Message Access Protocol server provides access to personal mail, system-wide bulletin boards, news-feeds, calendar and contacts through the IMAP, JMAP, NNTP, CalDAV and CardDAV protocols. The Cyrus IMAP server is a scalable enterprise groupware system designed for use from...

6.5CVSS6.5AI score0.00836EPSS
Exploits0
CVE
CVE
added 2024/04/04 8:37 p.m.70 views

CVE-2024-31204

CVE-2024-31204 affects mailcow: dockerized prior to 2024-04. The issue is in the exception handling path when DEV_MODE is disabled: exception details are stored in a session array without proper sanitization and later rendered into HTML/JavaScript without escaping, enabling Cross-Site Scripting (...

6.1CVSS5.8AI score0.08249EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2024/04/01 12:0 a.m.3 views

Axigen 安全漏洞

Axigen is a mail server with groupware and collaboration features from Axigen, Inc. A security vulnerability exists in Axigen version 10.x prior to 10.3.3.62, which stems from the presence of a cross-site scripting XSS vulnerability...

4.7CVSS5.8AI score0.00344EPSS
Exploits0References3
NVD
NVD
added 2024/01/18 9:15 p.m.30 views

CVE-2024-22418

Group-Office is an enterprise CRM and groupware tool. Affected versions are subject to a vulnerability which is present in the file upload mechanism of Group Office. It allows an attacker to execute arbitrary JavaScript code by embedding it within a file's name. For instance, using a filename suc...

6.5CVSS6.7AI score0.00424EPSS
Exploits1References2
Rows per page
Query Builder