Groupware
This hub aggregates every CVE we track for Groupware, a product in the communications space. Use it to gauge the current risk picture and drill into individual advisories.
50
CVEs tracked
3
Critical
11
High
0
In CISA KEV
Severity distribution
MEDIUM36HIGH11CRITICAL3
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Groupware.
- CVE-2025-41066Disclosure of sensitive information in Horde Groupware5.3
- CVE-2023-45800Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hanbiro Hanbiro groupware allows Information Elicitation.This issue affects Hanbiro groupware: ...7.5
- CVE-2022-30287Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP obj...8.0
- CVE-2021-26630HANDY Groupware file download and execute vulnerability7.8
- CVE-2021-26929An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 (where the Horde_Text_Filter library before 2.3.7 is used). The attacker can send a plain text e-mail message, with Jav...6.1
- CVE-2020-8034Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.22 and other products, is affected by a reflected Cross-Site Scripting (XSS) vulnerability via the HTTP GET dir parameter in the...6.1
- CVE-2020-8035The image view functionality in Horde Groupware Webmail Edition before 5.2.22 is affected by a stored Cross-Site Scripting (XSS) vulnerability via an SVG image upload containing a JavaScript payloa...6.1
- CVE-2020-7804ActiveX Control(HShell.dll) in Handy Groupware 1.7.3.1 for Windows 7, 8, and 10 allows an attacker to execute arbitrary command via the ShellExec method.6.4
- CVE-2020-8866This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. T...6.5
- CVE-2020-8865This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. ...6.3
- CVE-2020-8518Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution.9.8
- CVE-2013-6275Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earlier in basic.php.6.5
- CVE-2013-6365Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions5.3
- CVE-2013-6364Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book8.8
- CVE-2019-12095Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server. NOT...8.8
Product normalization is registry-driven with AI assist and human review. How it works