Vulnerabilities in Open-Xchange GmbH
47 resultsCVE-2026-33603MEDIUMAttacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the atEPSS 0.2%CVE-2024-25584MEDIUMDovecot accepts dot LF DOT LF symbol as end of DATA command. RFC requires that it should always be CR LF DOT CR LF. This causes Dovecot to cEPSS 0.2%CVE-2025-59025MEDIUMMalicious e-mail content can be used to execute script code. Unintended actions can be executed in the context of the users account, includiEPSS 0.2%CVE-2025-30191MEDIUMMalicious content from E-Mail can be used to perform a redressing attack. Users can be tricked to perform unintended actions or provide sensEPSS 0.2%CVE-2025-30190MEDIUMMalicious content at office documents can be used to inject script code when editing a document. Unintended actions can be executed in the cEPSS 0.2%CVE-2025-30186MEDIUMMalicious content uploaded as file can be used to execute script code when following attacker-controlled links. Unintended actions can be exEPSS 0.2%CVE-2025-59026MEDIUMMalicious content uploaded as file can be used to execute script code when following attacker-controlled links. Unintended actions can be exEPSS 0.2%