CVE-2026-50744

A bypass to the admin‑only restriction of the XML‑RPC API in Revive Adserver 6.0.7. The API response for the ox.login method returned a session ID cookie in the HTTP headers, and although the method correctly returned an error, the associated session was not invalidated. As a result, the leaked...

Open-Xchange OX Dovecot Pro 安全漏洞

Open-Xchange OX Dovecot Pro is a mail storage and delivery system provided by the German company Open-Xchange. Open-Xchange OX Dovecot Pro has a security vulnerability. This vulnerability arises from the use of a security filter for variable expansion, where all subsequent pipes on the same strin...

PT-2026-22809

Name of the Vulnerable Software and Affected Versions FreeScout versions 1.8.206 and earlier Description FreeScout is susceptible to remote code execution RCE vulnerabilities CVE-2026-27636 and CVE-2026-28289. CVE-2026-27636 allows authenticated users with file upload permissions to execute code ...

CVE-2018-10986

OX Guard 2.8.0 has CSRF...

CVE-2021-33493

The middleware component in OX App Suite through 7.10.5 allows Code Injection via Java classes in a YAML format...

CVE-2021-33495

OX App Suite 7.10.5 allows XSS via an OX Chat system message...

CVE-2021-33491

OX App Suite through 7.10.5 allows Directory Traversal via ../ in an OOXML or ODF ZIP archive, because of the mishandling of relative paths in mail addresses in conjunction with auto-configuration DNS records...

CVE-2021-33492

OX App Suite 7.10.5 allows XSS via an OX Chat room name...

CVE-2021-33494

OX App Suite 7.10.5 allows XSS via an OX Chat room title during typing rendering...

CVE-2021-28094

OX Documents before 7.10.5-rev7 has Incorrect Access Control for converted documents because hash collisions can occur, due to use of CRC32...

CVE-2021-31934

OX App Suite 7.10.4 and earlier allows XSS via a crafted contact object payload in the position or company field that is mishandled in the App Suite UI on a smartphone...

CVE-2021-31935

OX App Suite 7.10.4 and earlier allows XSS via a crafted distribution list payload in the common name that is mishandled in the scheduling view...

CVE-2022-23101

OX App Suite through 7.10.6 allows XSS via appHandler in a deep link in an e-mail message...

CVE-2022-23099

OX App Suite through 7.10.6 allows XSS by forcing block-wise read...

CVE-2022-23100

OX App Suite through 7.10.6 allows OS Command Injection via Documentconverter e.g., through an email attachment...

CVE-2022-37311

OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large location request parameter to the redirect servlet...

CVE-2022-37307

OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, as demonstrated by the onerror attribute of an IMG element within an e-mail signature...

CVE-2022-37312

OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large request body containing a redirect URL to the deferrer servlet...

CVE-2022-31469

OX App Suite through 7.10.6 allows XSS via a deep link, as demonstrated by class="deep-link-app" for a /!!=%2e./ URI...

CVE-2022-31468

OX App Suite through 8.2 allows XSS via an attachment or OX Drive content when a client uses the len or off parameter...