Lucene search
K

1613 matches found

Nuclei
Nuclei
added 10 hours ago199 views

Zimbra Collaboration Suite 8.8.15/9.0 - Remote Code Execution

Zimbra Collaboration Suite ZCS 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication i.e., not having an authtoken, an attacker can upload arbitrary files to the system, leading to directory traversal and remote code...

9.8CVSS7.3AI score0.98586EPSS
Exploits16References5
Nuclei
Nuclei
added 10 hours ago45 views

Zimbra Collaboration Server 7.2.2/8.0.2 Local File Inclusion

A directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. dot dot in the skin parameter. This can be leveraged to execute arbitrary code by obtaining LDAP...

5CVSS7.3AI score0.86196EPSS
Exploits7References5
Nuclei
Nuclei
added 10 hours ago58 views

Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting

Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function. id: CVE-2023-34192 info: name: Zimbra Collaboration Suite ZCS v.8.8.15 - Cross-Site Scripting author: ritikchaddha...

9CVSS7.4AI score0.77266EPSS
Exploits0References5
Nuclei
Nuclei
added 10 hours ago46 views

Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting

Zimbra Collaboration ZCS 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client. id: CVE-2023-37580 info: name: Zimbra Collaboration Suite ZCS v.8.8.15 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Zimbra Collaboration ZCS 8 before 8.8.15 Patch 41 allow...

6.1CVSS6.8AI score0.59041EPSS
Exploits0References5
Nuclei
Nuclei
added 10 hours ago72 views

Synacor Zimbra Collaboration Suite Collaboration <8.8.11 - Cross-Site Scripting

Synacor Zimbra Collaboration Suite Collaboration before 8.8.11 is vulnerable to cross-site scripting via the AJAX and html web clients. id: CVE-2018-14013 info: name: Synacor Zimbra Collaboration Suite Collaboration 8.8.11 - Cross-Site Scripting author: pikpikcu severity: medium description:...

6.1CVSS6.3AI score0.07376EPSS
Exploits2References5
Nuclei
Nuclei
added 10 hours ago77 views

Zimbra Collaboration Suite < 8.8.15 Patch 7 - Server-Side Request Forgery

Zimbra Collaboration Suite ZCS before 8.8.15 Patch 7 is susceptible to server-side request forgery when WebEx zimlet is installed and zimlet JSP is enabled. id: CVE-2020-7796 info: name: Zimbra Collaboration Suite 8.8.15 Patch 7 - Server-Side Request Forgery author: gy741 severity: critical...

9.8CVSS7.1AI score0.85416EPSS
Exploits0References5
Nuclei
Nuclei
added 10 hours ago68 views

Zimbra Collaboration (ZCS) - Cross Site Scripting

A reflected cross-site scripting XSS vulnerability in the /public/launchNewWindow.jsp component of Zimbra Collaboration aka ZCS 9.0 allows unauthenticated attackers to execute arbitrary web script or HTML via request parameters. id: CVE-2022-27926 info: name: Zimbra Collaboration ZCS - Cross Site...

6.1CVSS6.6AI score0.17634EPSS
Exploits0References5
Nuclei
Nuclei
added 10 hours ago25 views

Zimbra Collaboration Suite - Memcached Command Injection

Zimbra Collaboration Suite versions 8.8.15 and 9.0 contain a memcached command injection vulnerability that allows an unauthenticated attacker to inject arbitrary memcache commands into a targeted instance, leading to cache poisoning and potential credential theft. id: CVE-2022-27924 info: name:...

7.5CVSS7.1AI score0.85398EPSS
Exploits2References2
Nuclei
Nuclei
added 10 hours ago19 views

Zimbra - Cross-Site Scripting via ICS Files

Detects Zimbra Collaboration Suite versions vulnerable to CVE-2025-27915, a stored XSS vulnerability in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an email with a malicious ICS entry, embedded JavaScript executes via an ontoggle event...

5.4CVSS6.7AI score0.04241EPSS
Exploits1References3
Nuclei
Nuclei
added 10 hours ago16 views

Zimbra Collaboration - Cross-Site Scripting (XSS)

An issue was discovered in Zimbra Collaboration ZCS 9.0 and 10.0. A Cross-Site Scripting XSS vulnerability exists in the CalendarInvite feature of the Zimbra webmail classic user interface, because of improper input validation in the handling of the calendar header. An attacker can exploit this v...

6.1CVSS6.8AI score0.19543EPSS
Exploits1References3
Nuclei
Nuclei
added 10 hours ago11 views

Zimbra Collaboration Suite < 8.8.15 - Improper Encoding

An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 update 1, as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing...

6.1CVSS6.8AI score0.3106EPSS
Exploits2References2
Nuclei
Nuclei
added 10 hours ago16 views

Zimbra Collaboration Suite - SSRF

Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3 allows SSRF via the ProxyServlet component. id: CVE-2019-9621 info: name: Zimbra Collaboration Suite - SSRF author: riteshs4hu severity: high description: |...

7.5CVSS6.9AI score0.80906EPSS
Exploits10References5
Nuclei
Nuclei
added 10 hours ago21 views

Zimbra Collaboration Suite - Cross-site Scripting

Cross-site scripting XSS vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite ZCS before 8.7 Patch 1 and 8.8.x before 8.8.7 might allow remote attackers to inject arbitrary web script or HTML via a Content-Location header in an email attachment. id:...

6.1CVSS6.9AI score0.23717EPSS
Exploits2References2
Nuclei
Nuclei
added 2026/06/30 4:56 a.m.22 views

Zimbra Collaboration - Unrestricted File Upload

An issue was discovered in Zimbra Collaboration ZCS 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole extraction to /opt/zimbra/jetty/webapps/zimbra/public that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also,...

9.8CVSS7.7AI score0.95478EPSS
Exploits7References2
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.16 views

Zimbra Collaboration Server < 8.8.15 Patch 7 Server-Side Request Forgery Vulnerability

According to its self-reported version number, Zimbra Collaboration Server is affected by a server-side request forgery vulnerability: - Zimbra Collaboration Suite ZCS before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled. CVE-2020-7796 Note that Nessus has no...

9.8CVSS7.5AI score0.85416EPSS
Exploits0References2
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.80 views

Synacor Zimbra Collaboration <8.7.11p10 - XML External Entity Injection

Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML external entity injection XXE vulnerability via the mailboxd component. id: CVE-2019-9670 info: name: Synacor Zimbra Collaboration 8.7.11p10 - XML External Entity Injection author: ree4pwn severity: critical description: Synacor...

9.8CVSS8.4AI score0.99986EPSS
Exploits4References7
GithubExploit
GithubExploit
added 2026/05/06 7:21 a.m.116 views

Exploit for PHP Remote File Inclusion in Synacor Zimbra_Collaboration_Suite

CVE-2025-68645 - Zimbra Path Traversal Vulnerability !Secur...

8.8CVSS6.1AI score0.31769EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.7 views

Zimbra Collaboration Server 8.8.15 < 8.8.15 Patch 47, 9.x < 9.0.0 Patch 43, 10.0.x < 10.0.12, 10.1.x < 10.1.4 XSS

According to its self-reported version number, Zimbra Collaboration Server is affected by a cross-site scripting vulnerability: - A Cross-Site Scripting XSS vulnerability exists in the Zimbra Classic UI due to improper sanitization of crafted HTML content. An attacker can exploit this to execute...

6.1CVSS8.2AI score0.01761EPSS
Exploits0References7
The Hacker News
The Hacker News
added 2026/04/21 6:23 a.m.14 views

CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added eight new vulnerabilities to its Known Exploited Vulnerabilities KEV catalog, including three flaws impacting Cisco Catalyst SD-WAN Manager, citing evidence of active exploitation. The list of vulnerabilities is as...

10CVSS7.7AI score0.99991EPSS
Exploits28
CISA
CISA
added 2026/04/20 12:0 p.m.14 views

CISA Adds Eight Known Exploited Vulnerabilities to Catalog

CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2023-27351link is external PaperCut NG/MF Improper Authentication Vulnerability CVE-2024-27199link is external JetBrains TeamCity Relative Path Traversal...

8.2CVSS5.8AI score0.99991EPSS
In wildExploits28References13
Rows per page
Query Builder