1285 matches found
OPENSUSE-SU-2026:21277-1 Security update for go-sendxmpp
This update for go-sendxmpp fixes the following issues: Changes in go-sendxmpp: - Update to 0.16.0: Added: Add Ox support to http-upload. Add Ox support for private group chats. Show error cause if joining MUCs failedi requires go-xmpp = v0.3.5. Changed: Fix --ox-delete-nodes. Fix receiving of 1-...
CVE-2026-50744
A bypass to the admin‑only restriction of the XML‑RPC API in Revive Adserver 6.0.7. The API response for the ox.login method returned a session ID cookie in the HTTP headers, and although the method correctly returned an error, the associated session was not invalidated. As a result, the leaked...
PT-2026-52651
Name of the Vulnerable Software and Affected Versions Revive Adserver version 6.0.7 Description An authentication bypass exists in the XML-RPC API. The ox.login method returns a session ID cookie in the HTTP headers even when the method returns an error. Because the associated session is not...
Open-Xchange OX Dovecot Pro 安全漏洞
Open-Xchange OX Dovecot Pro is a mail storage and delivery system provided by the German company Open-Xchange. Open-Xchange OX Dovecot Pro has a security vulnerability. This vulnerability arises from the use of a security filter for variable expansion, where all subsequent pipes on the same strin...
PT-2026-22809
Name of the Vulnerable Software and Affected Versions FreeScout versions 1.8.206 and earlier Description FreeScout is susceptible to remote code execution RCE vulnerabilities CVE-2026-27636 and CVE-2026-28289. CVE-2026-27636 allows authenticated users with file upload permissions to execute code ...
CVE-2018-10986
OX Guard 2.8.0 has CSRF...
CVE-2021-33493
The middleware component in OX App Suite through 7.10.5 allows Code Injection via Java classes in a YAML format...
CVE-2021-33495
OX App Suite 7.10.5 allows XSS via an OX Chat system message...
CVE-2021-33491
OX App Suite through 7.10.5 allows Directory Traversal via ../ in an OOXML or ODF ZIP archive, because of the mishandling of relative paths in mail addresses in conjunction with auto-configuration DNS records...
CVE-2021-33492
OX App Suite 7.10.5 allows XSS via an OX Chat room name...
CVE-2021-33494
OX App Suite 7.10.5 allows XSS via an OX Chat room title during typing rendering...
CVE-2021-28094
OX Documents before 7.10.5-rev7 has Incorrect Access Control for converted documents because hash collisions can occur, due to use of CRC32...
CVE-2021-31934
OX App Suite 7.10.4 and earlier allows XSS via a crafted contact object payload in the position or company field that is mishandled in the App Suite UI on a smartphone...
CVE-2021-31935
OX App Suite 7.10.4 and earlier allows XSS via a crafted distribution list payload in the common name that is mishandled in the scheduling view...
CVE-2022-23101
OX App Suite through 7.10.6 allows XSS via appHandler in a deep link in an e-mail message...
CVE-2022-23099
OX App Suite through 7.10.6 allows XSS by forcing block-wise read...
CVE-2022-23100
OX App Suite through 7.10.6 allows OS Command Injection via Documentconverter e.g., through an email attachment...
CVE-2022-37311
OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large location request parameter to the redirect servlet...
CVE-2022-37307
OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, as demonstrated by the onerror attribute of an IMG element within an e-mail signature...
CVE-2022-37312
OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large request body containing a redirect URL to the deferrer servlet...