CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4 matches found

CVE•added 2025/09/17 12:0 a.m.•10 views

CVE-2025-54390

Zimbra Collaboration (ZCS) CVE-2025-54390 is a CSRF in ResetPasswordRequest when zimbraFeatureResetPasswordStatus is enabled. An attacker can trick an authenticated user into visiting a malicious page that silently sends a crafted SOAP request to reset the user’s password due to missing CSRF toke...

6.3CVSS6.5AI score0.00025EPSS

Exploits0References3

Positive Technologies•added 2025/09/17 12:0 a.m.•2 views

PT-2025-38161

Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration affected versions not specified Description: A Cross-Site Request Forgery CSRF vulnerability exists in the ResetPasswordRequest operation of Zimbra Collaboration ZCS when the zimbraFeatureResetPasswordStatus attribute is...

6.3CVSS6.3AI score0.00025EPSS

Exploits0References6

CNNVD•added 2025/09/17 12:0 a.m.•0 views

Zimbra Collaboration 安全漏洞

Zimbra Collaboration is an open source enterprise-class email and collaboration platform from Zimbra, Inc. that supports email, calendaring, document management, and team collaboration features. A security vulnerability exists in Zimbra Collaboration that stems from a lack of CSRF token validatio...

6.3CVSS6.7AI score0.00025EPSS

Exploits0References4

Veracode•added 2022/08/05 5:4 a.m.•18 views

Cross-Site Request Forgery (CSRF)

org.apache.jspwiki:jspwiki-builder and org.apache.jspwiki, jspwiki-war are vulnerable to cross-site request forgery CSRF. A remote attacker is able to trigger an CSRF attack on the Image plugin via sending a specifically crafted request, which allows a group privilege escalation of the attacker's...

8.8CVSS8.8AI score0.01087EPSS

Exploits0References2Affected Software2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by