Lucene search
+L

312 matches found

Tenable Nessus
Tenable Nessus
added yesterday4 views

Linux Distros Unpatched Vulnerability : CVE-2026-62642

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, an infinite loop was discovered in the TNEF decoder, which may lead to denial of service upon opening...

4.3CVSS6.1AI score0.0026EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2 days ago6 views

Linux Distros Unpatched Vulnerability : CVE-2026-62641

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, the TNEF decoder was subject to denial of service via a crafted compressed-RTF size. CVE-2026-62641...

4.3CVSS6.1AI score0.00234EPSS
Exploits0References3
OSV
OSV
added 3 days ago2 views

DEBIAN-CVE-2026-62642

In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, an infinite loop was discovered in the TNEF decoder, which may lead to denial of service upon opening an email with a TNEF attachment...

4.3CVSS6.1AI score0.0026EPSS
Exploits0References1
NVD
NVD
added 3 days ago6 views

CVE-2026-62641

In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, the TNEF decoder was subject to denial of service via a crafted compressed-RTF size...

4.3CVSS0.00234EPSS
Exploits0References5
NVD
NVD
added 3 days ago4 views

CVE-2026-62642

In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, an infinite loop was discovered in the TNEF decoder, which may lead to denial of service upon opening an email with a TNEF attachment...

4.3CVSS0.0026EPSS
Exploits0References7
CVE
CVE
added 3 days ago7 views

CVE-2026-62642

The data identifies Roundcube Webmail as affected. Vulnerable component: the TNEF decoder, with an infinite loop leading to denial of service when opening emails containing TNEF attachments. Affected versions are Roundcube Webmail before 1.6.17 and before 1.7.2 (1.7.x). Remediation: upgrade to Ro...

4.3CVSS6.1AI score0.0026EPSS
Exploits0References7
OSV
OSV
added 3 days ago3 views

CVE-2026-62642

In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, an infinite loop was discovered in the TNEF decoder, which may lead to denial of service upon opening an email with a TNEF attachment...

4.3CVSS6.1AI score0.0026EPSS
Exploits0References9
OSV
OSV
added 3 days ago3 views

CVE-2026-62641

In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, the TNEF decoder was subject to denial of service via a crafted compressed-RTF size...

4.3CVSS6.1AI score0.00234EPSS
Exploits0References7
CVE
CVE
added 2026/02/27 7:52 p.m.24 views

CVE-2026-27947

CVE-2026-27947 affects Group-Office and enables authenticated Remote Code Execution through the TNEF attachment processing flow. In affected versions (prior to 26.0.9, 25.0.87, and 6.8.154), processing winmail.dat extracts attacker-controlled files and then calls zip with a shell wildcard. Due to...

9.4CVSS6.2AI score0.00725EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/02/27 7:52 p.m.8 views

EUVD-2026-9060

Group-Office is an enterprise customer relationship management and groupware tool. Versions prior to 26.0.9, 25.0.87, and 6.8.154 have an authenticated Remote Code Execution vulnerability in the TNEF attachment processing flow. The vulnerable path extracts attacker-controlled files from winmail.d...

9.4CVSS6.2AI score0.00725EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/27 7:52 p.m.21 views

CVE-2026-27947 Group-Office Vulnerable to Remote Code Execution (RCE)

Group-Office is an enterprise customer relationship management and groupware tool. Versions prior to 26.0.9, 25.0.87, and 6.8.154 have an authenticated Remote Code Execution vulnerability in the TNEF attachment processing flow. The vulnerable path extracts attacker-controlled files from winmail.d...

9.4CVSS0.00725EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/27 7:52 p.m.2 views

CVE-2026-27947 Group-Office Vulnerable to Remote Code Execution (RCE)

Group-Office is an enterprise customer relationship management and groupware tool. Versions prior to 26.0.9, 25.0.87, and 6.8.154 have an authenticated Remote Code Execution vulnerability in the TNEF attachment processing flow. The vulnerable path extracts attacker-controlled files from winmail.d...

9.4CVSS6.2AI score0.00725EPSS
Exploits0References1
OSV
OSV
added 2026/02/27 7:52 p.m.6 views

CVE-2026-27947 Group-Office Vulnerable to Remote Code Execution (RCE)

Group-Office is an enterprise customer relationship management and groupware tool. Versions prior to 26.0.9, 25.0.87, and 6.8.154 have an authenticated Remote Code Execution vulnerability in the TNEF attachment processing flow. The vulnerable path extracts attacker-controlled files from winmail.d...

9.4CVSS6.2AI score0.00725EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/06 1:25 a.m.6 views

CVE-2026-25512

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, there is a remote code execution RCE vulnerability in Group-Office. The endpoint email/message/tnefAttachmentFromTempFile directly concatenates the user-controlled...

9.4CVSS6.7AI score0.18536EPSS
Exploits2References1
GithubExploit
GithubExploit
added 2026/02/04 10:59 p.m.222 views

Exploit for CVE-2026-25512

CVE-2026-25512 PoC – Group-Office Authenticated RCE via TNEF H...

9.4CVSS5.3AI score0.18536EPSS
Exploits2
ATTACKERKB
ATTACKERKB
added 2026/02/04 8:39 p.m.5 views

CVE-2026-25512

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, there is a remote code execution RCE vulnerability in Group-Office. The endpoint email/message/tnefAttachmentFromTempFile directly concatenates the user-controlled...

9.4CVSS6.7AI score0.18536EPSS
Exploits2References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/04 8:39 p.m.3 views

CVE-2026-25512 Group-Office is vulnerable to RCE due to Command Injection via TNEF Attachment Handler

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, there is a remote code execution RCE vulnerability in Group-Office. The endpoint email/message/tnefAttachmentFromTempFile directly concatenates the user-controlled...

9.4CVSS6.7AI score0.18536EPSS
Exploits2References2
Cvelist
Cvelist
added 2026/02/04 8:39 p.m.29 views

CVE-2026-25512 Group-Office is vulnerable to RCE due to Command Injection via TNEF Attachment Handler

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, there is a remote code execution RCE vulnerability in Group-Office. The endpoint email/message/tnefAttachmentFromTempFile directly concatenates the user-controlled...

9.4CVSS0.18536EPSS
Exploits2References2
CVE
CVE
added 2026/02/04 8:39 p.m.37 views

CVE-2026-25512

CVE-2026-25512 affects Group-Office prior to versions 6.8.150, 25.0.82, and 26.0.5. The vulnerability is an authenticated remote code execution via the /email/message/tnefAttachmentFromTempFile endpoint, where the user-controlled parameter tmp_file is directly concatenated into an exec() call. In...

9.4CVSS6.7AI score0.18536EPSS
Exploits2References2Affected Software1
CNNVD
CNNVD
added 2026/02/04 12:0 a.m.10 views

Group Office 操作系统命令注入漏洞

Group Office is a modular office suite developed by the Dutch company Group Office. Versions of Group Office prior to 6.8.150, 25.0.82, and 26.0.5 contained an operating system command injection vulnerability. This vulnerability stemmed from improper parameter concatenation in the...

9.4CVSS5.8AI score0.18536EPSS
Exploits2References2
Rows per page
Query Builder