open-xchange

272 tracked vulnerabilities.

CVE-2026-42006 MEDIUM
OX Dovecot Pro < 3.0.5, < 3.1.4, < 2.4.3 - Unauthenticated Uncontrolled Resource Consumption via IMAP Bracing
May 12, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-40020 LOW
OX Dovecot Pro < 2.3.0 - Improper Access Control via IMAP SETACL Command
May 12, 2026
CVSS 3.1
EPSS 0.00
CVE-2026-40016 MEDIUM
OX Dovecot Pro < 2.3.0 - Uncontrolled Resource Consumption via Sieve Script CPU Limit Bypass
May 12, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-33603 MEDIUM
Open-xchange Gmbh OX Dovecot Pro - Improper Control of Resource Identifiers ('Resource Injection')
May 12, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-27851 HIGH
OX Dovecot Pro < 2.4.3 and < 3.1.4 - SQL and LDAP Injection via Safe Filter Bypass
May 12, 2026
CVSS 7.4
EPSS 0.00
CVE-2026-27860 LOW
OX Dovecot Pro <3.1.0 - Auth Bypass
Mar 27, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-27859 MEDIUM
OX Dovecot Pro < 2.4.0, < 3.0.2, < 3.1.0 - Uncontrolled Resource Consumption via RFC 2231 MIME Parameters
Mar 27, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-27858 HIGH
OX Dovecot Pro < 2.3.0, < 3.1.0, < 2.4.0 - Unauthenticated Denial of Service via Managesieve Memory Allocation
Mar 27, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-27857 MEDIUM
OX Dovecot Pro < 2.3.0 - Denial of Service via NOOP Command Memory Exhaustion
Mar 27, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-27856 HIGH
OX Dovecot Pro <2.3.0 - Timing Oracle
Mar 27, 2026
CVSS 7.4
EPSS 0.00
CVE-2026-27855 MEDIUM
OX Dovecot Pro <2.3.0 - Replay Attack
Mar 27, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-24031 HIGH
OX Dovecot Pro <3.1.0 - Auth Bypass
Mar 27, 2026
CVSS 7.7
EPSS 0.00
CVE-2026-0394 MEDIUM
OX Dovecot Pro - Path Traversal via Per-Domain Passwd File Configuration
Mar 27, 2026
CVSS 5.3
EPSS 0.00
CVE-2025-59032 HIGH
OX Dovecot Pro < 2.4.0 and < 3.1.0 - Denial of Service via ManageSieve AUTHENTICATE Command
Mar 27, 2026
CVSS 7.5
EPSS 0.00
CVE-2025-59031 MEDIUM
OX Dovecot Pro <2.3.0 - Info Disclosure
Mar 27, 2026
CVSS 4.3
EPSS 0.00
CVE-2025-59028 MEDIUM
OX Dovecot Pro < 2.4.0 and < 3.1.0 - Denial of Service via Invalid BASE64 SASL Data
Mar 27, 2026
CVSS 5.3
EPSS 0.00
CVE-2024-4367 HIGH
Firefox < 126 and ESR < 115.11 - Arbitrary JavaScript Execution in PDF.js via Missing Type Check
May 14, 2024
CVSS 8.8
EPSS 0.38
CVE-2024-23193 MEDIUM
OX App Suite < 8.22 - Unauthorized E-Mail Exposure via PDF Export Cache
May 06, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-23187 MEDIUM
OX App Suite < 8.22 - Cross-Site Scripting via Content-ID Embedding
May 06, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-23186 MEDIUM
OX App Suite < 8.22 - Cross-Site Scripting via Malicious E-Mail Display Name
May 06, 2024
CVSS 6.5
EPSS 0.00
CVE-2023-41708 MEDIUM
Open-Xchange AppSuite < 7.10.6 - Cross-Site Scripting via App Loader Redirect
Feb 12, 2024
CVSS 5.4
EPSS 0.00
CVE-2023-41707 MEDIUM
Open-xchange Appsuite < 7.6.3 - Denial of Service
Feb 12, 2024
CVSS 6.5
EPSS 0.00
CVE-2023-41706 MEDIUM
Open-xchange Appsuite < 7.6.3 - Denial of Service
Feb 12, 2024
CVSS 6.5
EPSS 0.00
CVE-2023-41705 MEDIUM
Open-xchange Appsuite < 7.6.3 - Denial of Service
Feb 12, 2024
CVSS 6.5
EPSS 0.00
CVE-2023-41704 HIGH
Open-Xchange AppSuite < 7.6.3 - Stored Cross-Site Scripting via CID Reference Handling
Feb 12, 2024
CVSS 7.1
EPSS 0.00
Products
open-xchange_appsuite 157 ox_app_suite 48 dovecot 16 open-xchange_appsuite_backend 14 open-xchange_server 13 ox_guard 11 open-xchange_appsuite_frontend 8 open-xchange_appsuite_office 4 open-xchange_documents 3 app_suite 2 open-xchange 2 documentconverter-api 1 office_web 1 ox_cloud 1
Quick Filters
Critical CVEs With Exploits In CISA KEV