Vulnerabilidades en Alinto
9 resultadosCVE-2025-53603HIGHIn Alinto SOPE SOGo 2.0.2 through 5.12.2, sope-core/NGExtensions/NGHashMap.m allows a NULL pointer dereference and SOGo crash via a request EPSS 0.6%CVE-2022-4558LOWAlinto SOGo Folder/Mail NSString+Utilities.m cross site scriptingEPSS 0.6%CVE-2022-4556LOWAlinto SOGo Identity SOGoUserDefaults.m _migrateMailIdentities cross site scriptingEPSS 0.6%CVE-2026-3054MEDIUMAlinto SOGo cross site scriptingEPSS 0.4%CVE-2026-8851HIGHSOGo < 5.12.8 SQL Injection via addUserInAcls endpointEPSS 0.3%CVE-2026-46446HIGHSOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to c_passwEPSS 0.2%CVE-2026-46445HIGHSOGo before 5.12.7, when PostgreSQL is used, allows SQL injection.EPSS 0.2%CVE-2025-71276MEDIUMSOGo before 5.12.5 is prone to a XSS vulnerability with events, tasks, and contacts categories.EPSS 0.1%CVE-2026-33550LOWSOGo before 5.12.5 does not renew the OTP if a user disables/enables it, and has a too short length (only 12 digits instead of the 20 recommEPSS 0.1%