Lucene search
K

29 matches found

EUVD
EUVD
added 2026/04/21 7:19 p.m.4 views

EUVD-2026-24258

mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the user dashboard's "Seen successful connections" login history renders the client IP from login logs without HTML escaping. Because the server trusts the X-Real-IP header as the source IP...

7CVSS5.8AI score0.00182EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2026/02/16 12:0 a.m.172 views

📄 mailcow: Dockerized Host Header Password Reset Poisoning

mailcow: dockerized versions prior to 2025-01a are vulnerable to Host header poisoning in the password reset workflow. The application incorrectly trusts the Host header when generating password reset links, allowing an attacker to inject an attacker-controlled domain into the reset URL. If a...

8.8CVSS5.5AI score0.01052EPSS
Exploits4
RedhatCVE
RedhatCVE
added 2026/01/09 10:48 a.m.8 views

CVE-2022-31245

mailcow before 2022-05d allows a remote authenticated user to inject OS commands and escalate privileges to domain admin via the --debug option in conjunction with the ---PIPEMESS option in Sync Jobs...

9CVSS7.1AI score0.05162EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:42 a.m.11 views

CVE-2022-31138

mailcow is a mailserver suite. Prior to mailcow-dockerized version 2022-06a, an extended privilege vulnerability can be exploited by manipulating the custom parameters regexmess, skipmess, regexflag, delete2foldersonly, delete2foldersbutnot, regextrans2, pipemess, or maxlinelengthcmd to execute...

9CVSS7.4AI score0.02336EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2025-21774

Malicious code in bioql PyPI...

9.1CVSS6.5AI score0.00464EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-29108

Malicious code in bioql PyPI...

6.1CVSS6.6AI score0.08249EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-41770

Malicious code in bioql PyPI...

8.2CVSS8.1AI score0.00614EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-22150

Malicious code in bioql PyPI...

8.8CVSS7.4AI score0.00868EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-53178

Malicious code in bioql PyPI...

7.1CVSS6.5AI score0.00406EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-4084

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.01052EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2025/07/19 2:2 p.m.13 views

CVE-2025-53909

mailcow: dockerized is an open source groupware/email suite based on docker. A Server-Side Template Injection SSTI vulnerability exists in versions prior to 2025-07 in the notification template system used by mailcow for sending quota and quarantine alerts. The template rendering engine allows...

9.1CVSS7AI score0.00464EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:8 a.m.8 views

CVE-2024-30270

mailcow: dockerized is an open source groupware/email suite based on docker. A security vulnerability has been identified in mailcow affecting versions prior to 2024-04. This vulnerability is a combination of path traversal and arbitrary code execution, specifically targeting the rspamdmaps...

6.2CVSS7.6AI score0.27346EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:44 a.m.9 views

CVE-2024-23824

mailcow is a dockerized email package, with multiple containers linked in one bridged network. The application is vulnerable to pixel flood attack, once the payload has been successfully uploaded in the logo the application goes slow and doesn't respond in the admin page. It is tested on the...

4.7CVSS6.8AI score0.00597EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:38 a.m.12 views

CVE-2023-26490

mailcow is a dockerized email package, with multiple containers linked in one bridged network. The Sync Job feature - which can be made available to standard users by assigning them the necessary permission - suffers from a shell command injection. A malicious user can abuse this vulnerability to...

8.8CVSS7.9AI score0.0222EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/14 6:23 p.m.6 views

CVE-2025-25198

mailcow: dockerized is an open source groupware/email suite based on docker. Prior to version 2025-01a, a vulnerability in mailcow's password reset functionality allows an attacker to manipulate the Host HTTP header to generate a password reset link pointing to an attacker-controlled domain. This...

8.8CVSS6.9AI score0.01052EPSS
Exploits4References1
NVD
NVD
added 2025/02/12 6:15 p.m.14 views

CVE-2025-25198

mailcow: dockerized is an open source groupware/email suite based on docker. Prior to version 2025-01a, a vulnerability in mailcow's password reset functionality allows an attacker to manipulate the Host HTTP header to generate a password reset link pointing to an attacker-controlled domain. This...

8.8CVSS0.01052EPSS
Exploits4References1
CVE
CVE
added 2025/02/12 5:46 p.m.94 views

CVE-2025-25198

CVE-2025-25198 affects mailcow: dockerized prior to 2025-01a. The password reset function can be manipulated via the Host HTTP header to generate a reset link pointing to an attacker‑controlled domain, enabling potential account takeover if a user clicks the poisoned link. A patch is available in...

8.8CVSS7AI score0.01052EPSS
Exploits4References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/05 7:36 p.m.10 views

CVE-2022-39258

mailcow is a mailserver suite. A vulnerability innversions prior to 2022-09 allows an attacker to craft a custom Swagger API template to spoof Authorize links. This could redirect a victim to an attacker controller place to steal Swagger authorization credentials or create a phishing page to stea...

8.2CVSS6.6AI score0.00614EPSS
Exploits1References1
NVD
NVD
added 2025/01/28 11:15 p.m.7 views

CVE-2024-56529

Mailcow through 2024-11b has a session fixation vulnerability in the web panel. It allows remote attackers to set a session identifier when HSTS is disabled on a victim's browser. After a user logs in, they are authenticated and the session identifier is valid. Then, a remote attacker can access...

7.1CVSS0.00406EPSS
Exploits0References1
OSV
OSV
added 2025/01/28 11:15 p.m.6 views

CVE-2024-56529

Mailcow through 2024-11b has a session fixation vulnerability in the web panel. It allows remote attackers to set a session identifier when HSTS is disabled on a victim's browser. After a user logs in, they are authenticated and the session identifier is valid. Then, a remote attacker can access...

7.1CVSS6.8AI score
Exploits0References1
Rows per page
Query Builder