Search CVE reports


Toggle filters

1 – 10 of 24 results


CVE-2026-8851

Medium priority

Some fixes available 4 of 5

SOGo versions 5.12.7 and prior contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated users to extract arbitrary data from the database by injecting SQL subqueries...

1 affected package

sogo

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
sogo Fixed Not in release Fixed Fixed Fixed
Show less packages

CVE-2026-46446

Medium priority

Some fixes available 4 of 5

SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to c_password = '%@' in changePasswordForLogin.

1 affected package

sogo

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
sogo Fixed Not in release Fixed Fixed Fixed
Show less packages

CVE-2026-46445

Medium priority

Some fixes available 4 of 5

SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection.

1 affected package

sogo

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
sogo Fixed Not in release Fixed Fixed Fixed
Show less packages

CVE-2026-8496

Medium priority

Some fixes available 1 of 2

A cross-site scripting (XSS) vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript execution within the authenticated SOGo webmail session. The issue...

1 affected package

sogo

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
sogo Fixed Not in release Not affected Not affected Not affected
Show less packages

CVE-2026-33550

Medium priority

Some fixes available 2 of 4

SOGo before 5.12.5 does not renew the OTP if a user disables/enables it, and has a too short length (only 12 digits instead of the 20 recommended).

1 affected package

sogo

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
sogo Fixed Not in release Fixed Not affected Not affected
Show less packages

CVE-2025-71276

Medium priority

Some fixes available 4 of 6

SOGo before 5.12.5 is prone to a XSS vulnerability with events, tasks, and contacts categories.

1 affected package

sogo

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
sogo Fixed Not in release Fixed Fixed Fixed
Show less packages

CVE-2026-3054

Medium priority

Some fixes available 1 of 3

A vulnerability was identified in Alinto SOGo 5.12.3/5.12.4. This impacts an unknown function. The manipulation of the argument hint leads to cross site scripting. The attack can be initiated remotely. The exploit is publicly...

1 affected package

sogo

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
sogo Fixed Not in release Not affected Not affected Not affected
Show less packages

CVE-2025-63499

Medium priority

Some fixes available 3 of 6

Alinto Sogo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the theme parameter.

1 affected package

sogo

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
sogo Not affected Not in release Fixed Fixed Fixed
Show less packages

CVE-2025-63498

Medium priority

Some fixes available 3 of 6

alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the "userName" parameter.

1 affected package

sogo

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
sogo Not affected Not in release Fixed Fixed Fixed
Show less packages

CVE-2025-50340

Medium priority
Needs evaluation

An Insecure Direct Object Reference (IDOR) vulnerability was discovered in SOGo Webmail thru 5.6.0, allowing an authenticated user to send emails on behalf of other users by manipulating a user-controlled identifier in...

1 affected package

sogo

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
sogo Needs evaluation Not in release Needs evaluation Needs evaluation Needs evaluation
Show less packages