PT-2026-40764

A cross-site scripting XSS vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript execution within the authenticated SOGo webmail session. The issue occurs because SVG content embedded in the description field of an ICS...

CVE-2025-34428 MailEnable < 10.54 Cleartext Credential Storage in AUTH.SAV

MailEnable versions prior to 10.54 contain a cleartext storage of credentials vulnerability that can lead to local credential compromise and account takeover. The product stores user and administrative passwords in plaintext within AUTH.SAV with overly permissive filesystem access. A local...

EUVD-2020-2585

Malware in sbrugna...

EUVD-2021-9285

Malicious code in bioql PyPI...

EUVD-2023-37465

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-8034

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.22 and other products, is affected by a reflected Cross-Site Scripting XSS vulnerability vi...

PT-2025-13782 · Fortinet · Fortindr +1

Name of the Vulnerable Software and Affected Versions: FortiMail versions 6.4.0 through 6.4.4 FortiMail versions prior to 6.2.6 FortiNDR versions prior to 7.1.0 FortiNDR version 7.2.0 Description: A buffer copy without checking the size of input, also known as a 'classic buffer overflow', allows ...

UBUNTU-CVE-2020-8034

Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.22 and other products, is affected by a reflected Cross-Site Scripting XSS vulnerability via the HTTP GET dir parameter in the browser functionality, affecting breadcrumb output. An attacker can obtain access to a victim's webma...

cPanel Code Execution Vulnerability (CNVD-2019-26342)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A security vulnerability exists in versions of cPanel prior to 64.0.21. The vulnerability can be exploited by an attacker to...

IceWarp Server webmail component cross-site scripting vulnerability

IceWarp Server is a mail server product from IceWarp USA. The product supports email archiving, SmartAttach attachments, automatic migration, etc. webmail component is one of the mailbox components. A cross-site scripting vulnerability exists in the 'language' parameter of the webmail component i...

Atmail WebAdmin / Webmail Control Panel SQL Root Password Disclosure

Vuln Title: Atmail WebAdmin and webmail Control Panel Remote Access SQL Root password Vulnerability Author: FaryadR a.k.a Ciph3r tested on : Atmail Email Server 6.20.8 Twitter : https://twitter.com/faryadR Mail : [email protected] Website : http://0c0c0c0c.com Vendor : http://atmail.com...

[SECURITY] Fedora 7 Update: imp-4.1.6-1.fc7

IMP is the Internet Messaging Program, one of the Horde applications. It provides webmail access to IMAP and POP3 accounts. The Horde Project writes web applications in PHP and releases them under Open Source licenses. For more information including help with IMP please visit http://www.horde.org...

SAMBAR WebMail authentication cleartext passwords

Cleartext poassword authentication in WebMail access...