Mail server

This hub aggregates every CVE we track for Mail server, a product in the communications space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Mail server.

• CVE-2025-2848A vulnerability in Synology Mail Server allows remote authenticated attackers to read and write non-sensitive settings, and disable some non-critical functions.6.3Dec 4, 2025
• CVE-2025-40632Cross-site scripting (XSS) vulnerability in IceWarp Mail Server6.1May 16, 2025
• CVE-2025-40631HTTP host header injection vulnerability in IceWarp Mail Server6.1May 16, 2025
• CVE-2025-40630Open redirection vulnerability in IceWarp Mail Server6.1May 16, 2025
• CVE-2023-39699IceWarp Mail Server v10.4.5 was discovered to contain a local file inclusion (LFI) vulnerability via the component /calendar/minimizer/index.php. This vulnerability allows attackers to include or e...9.8Aug 24, 2023
• CVE-2023-39700IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the color parameter.6.1Aug 24, 2023
• CVE-2021-36580Open Redirect vulnerability exists in IceWarp MailServer IceWarp Server Deep Castle 2 Update 1 (13.0.1.2) via the referer parameter.6.1Jul 27, 2023
• CVE-2020-27982IceWarp 11.4.5.0 allows XSS via the language parameter.6.1Nov 9, 2020
• CVE-2020-23824ArGo Soft Mail Server 1.8.8.9 is affected by Cross Site Request Forgery (CSRF) for perform remote arbitrary code execution. The component is the Administration dashboard. When using admin/user cred...8.8Sep 11, 2020
• CVE-2020-14066IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaScript files that are dangerous for clients to access.8.8Jul 15, 2020
• CVE-2020-14065IceWarp Email Server 12.3.0.1 allows remote attackers to upload files and consume disk space.6.5Jul 15, 2020
• CVE-2020-14064IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user accounts.6.5Jul 15, 2020
• CVE-2019-19265IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 1 of 2) in notes for contacts.6.1Jan 6, 2020
• CVE-2019-19266IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 2 of 2) in notes for objects.5.4Jan 6, 2020
• CVE-2019-12593IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal.7.5Jun 3, 2019