Intermesh

Group-office

20 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.9

CVE-2026-34838

  • EPSS 0.51%
  • Veröffentlicht 02.04.2026 19:15:40
  • Zuletzt bearbeitet 15.04.2026 17:29:12

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.156, 25.0.90, and 26.0.12, a vulnerability in the AbstractSettingsCollection model leads to insecure deserialization when these settings are load...

8.8

CVE-2026-33755

Exploit
  • EPSS 0.03%
  • Veröffentlicht 27.03.2026 14:08:38
  • Zuletzt bearbeitet 20.04.2026 12:35:02

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.158, 25.0.92, and 26.0.17, an authenticated SQL Injection vulnerability in the JMAP `Contact/query` endpoint allows any authenticated user with b...

6.1

CVE-2026-30238

Exploit
  • EPSS 0.01%
  • Veröffentlicht 06.03.2026 21:14:03
  • Zuletzt bearbeitet 11.03.2026 13:32:48

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.155, 25.0.88, and 26.0.10, there is a reflected XSS vulnerability in GroupOffice on the external/index flow. The f parameter (Base64 JSON) is dec...

6.1

CVE-2026-30237

Exploit
  • EPSS 0.01%
  • Veröffentlicht 06.03.2026 21:13:33
  • Zuletzt bearbeitet 11.03.2026 13:33:49

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.155, 25.0.88, and 26.0.10, there is a reflected XSS vulnerability in the GroupOffice installer, endpoint install/license.php. The POST field lice...

8.8

CVE-2026-27947

  • EPSS 0.11%
  • Veröffentlicht 27.02.2026 19:52:41
  • Zuletzt bearbeitet 04.03.2026 16:07:30

Group-Office is an enterprise customer relationship management and groupware tool. Versions prior to 26.0.9, 25.0.87, and 6.8.154 have an authenticated Remote Code Execution vulnerability in the TNEF attachment processing flow. The vulnerable path ex...

8.8

CVE-2026-27832

  • EPSS 0.04%
  • Veröffentlicht 27.02.2026 19:49:57
  • Zuletzt bearbeitet 04.03.2026 16:10:29

Group-Office is an enterprise customer relationship management and groupware tool. Versions prior to 26.0.8, 25.0.87, and 6.8.153 have a SQL Injection (SQLi) vulnerability, exploitable through the `advancedQueryData` parameter (`comparator` field) on...

4.9

CVE-2026-25511

Exploit
  • EPSS 0.02%
  • Veröffentlicht 04.02.2026 20:40:04
  • Zuletzt bearbeitet 11.02.2026 19:16:29

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, an authenticated user within the System Administrator group can trigger a full SSRF via the WOPI service discovery URL,...

8.8

CVE-2026-25512

Exploit
  • EPSS 20.77%
  • Veröffentlicht 04.02.2026 20:39:08
  • Zuletzt bearbeitet 11.02.2026 19:15:49

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, there is a remote code execution (RCE) vulnerability in Group-Office. The endpoint email/message/tnefAttachmentFromTemp...

8.8

CVE-2026-25134

Exploit
  • EPSS 0.17%
  • Veröffentlicht 02.02.2026 23:16:09
  • Zuletzt bearbeitet 18.02.2026 17:35:28

Group-Office is an enterprise customer relationship management and groupware tool. Prior to 6.8.150, 25.0.82, and 26.0.5, the MaintenanceController exposes an action zipLanguage which takes a lang parameter and passes it directly to a system zip comm...

5.4

CVE-2026-23887

Exploit
  • EPSS 0.04%
  • Veröffentlicht 21.01.2026 23:39:05
  • Zuletzt bearbeitet 18.02.2026 15:03:12

Group-Office is an enterprise customer relationship management and groupware tool. In versions 6.8.148 and below, and 25.0.1 through 25.0.79, the application stores unsanitized filenames in the database, which can lead to Stored Cross-Site Scripting ...