12 matches found
CISA Flags Four Security Flaws Under Active Exploitation in Latest KEV Update
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added four security flaws to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows - CVE-2026-2441 CVSS score: 8.8 - A use-after-free...
EUVD-2016-5025
Malware in sbrugna...
EUVD-2016-4440
Malware in sbrugna...
EUVD-2016-4430
Malware in sbrugna...
EUVD-2016-4428
Malware in sbrugna...
EUVD-2022-48756
Malicious code in bioql PyPI...
CVE-2024-45512
An issue was discovered in webmail in Zimbra Collaboration ZCS through 10.1. An attacker can exploit this vulnerability by creating a folder in the Briefcase module with a malicious payload and sharing it with a victim. When the victim interacts with the folder share notification, the malicious...
CVE-2022-27925
Zimbra Collaboration aka ZCS 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated user with administrator rights has the ability to upload arbitrary files to the system, leading to directory traversal...
CVE-2022-45912
An issue was discovered in Zimbra Collaboration ZCS 8.8.15 and 9.0. Remote code execution can occur through ClientUploader by an authenticated admin user. An authenticated admin user can upload files through the ClientUploader utility, and traverse to any other directory for remote code execution...
CVE-2018-14013
Synacor Zimbra Collaboration Suite Collaboration before 8.8.11 has XSS in the AJAX and html web clients...
CVE-2022-41347
An issue was discovered in Zimbra Collaboration ZCS 8.8.x and 9.x e.g., 8.8.15. The Sudo configuration permits the zimbra user to execute the NGINX binary as root with arbitrary parameters. As part of its intended functionality, NGINX can load a user-defined configuration file, which includes...
CVE-2016-3413
CVE-2016-3413 affects Zimbra Collaboration Server prior to 8.7.0. The description indicates an unspecified vulnerability that allows remote attackers to affect integrity via unknown vectors (Bug 103996). From the associated metrics, CVSS v3 base score is 7.5 (HIGH) with NETWORK attack, low attack...