CVE Tools

zimbra

Enterprise Softwarecommercial

34

Cumulative CVEs

10

Monthly snapshots

#93

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting zimbra.

CVE-2025-66376Zimbra Collaboration (ZCS) 10 before 10.0.18 and 10.1 before 10.1.13 allows Classic UI stored XSS via Cascading Style Sheets (CSS) @import directives in an HTML e-mail message.KEV7.2Jan 5, 2026
CVE-2025-67809An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A hardcoded Flickr API key and secret are present in the publicly accessible Flickr Zimlet used by Zimbra Collaboration. Because...4.7Dec 15, 2025
CVE-2025-62763Zimbra Collaboration (ZCS) before 10.1.12 allows SSRF because of the configuration of the chat proxy.5.0Oct 21, 2025
CVE-2024-45515An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A Cross-Site Scripting (XSS) vulnerability exists in Zimbra webmail due to insufficient validation of the content type metadata w...6.1Jul 30, 2025
CVE-2025-27914An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A Reflected Cross-Site Scripting (XSS) vulnerability exists in the /h/rest endpoint, allowing authenticated attackers to...5.4Mar 12, 2025
CVE-2024-9665Zimbra GraphQL Cross-Site Request Forgery Information Disclosure Vulnerability6.5Nov 22, 2024
CVE-2024-45518An issue was discovered in Zimbra Collaboration (ZCS) 10.1.x before 10.1.1, 10.0.x before 10.0.9, 9.0.0 before Patch 41, and 8.8.15 before Patch 46. It allows authenticated users to exploit Server-...8.8Oct 22, 2024
CVE-2024-33536An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The vulnerability occurs due to inadequate input validation of the res parameter, allowing an authenticated attacker to inject an...5.4Aug 12, 2024
CVE-2024-33535An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The vulnerability involves unauthenticated local file inclusion (LFI) in a web application, specifically impacting the handling o...7.5Aug 12, 2024
CVE-2024-33533An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0, issue 1 of 2. A reflected cross-site scripting (XSS) vulnerability has been identified in the Zimbra webmail admin interface. Thi...5.4Aug 12, 2024
CVE-2024-27443An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. A Cross-Site Scripting (XSS) vulnerability exists in the CalendarInvite feature of the Zimbra webmail classic user interface, bec...KEV6.1Aug 12, 2024
CVE-2024-27442An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The zmmailboxdmgr binary, a component of ZCS, is intended to be executed by the zimbra user with root privileges for specific mai...7.8Aug 12, 2024
CVE-2017-20191Zimbra zm-admin-ajax Form Textbox Field Error XFormItem.js XFormItem.prototype.setError cross site scripting3.5Mar 31, 2024
CVE-2023-50808Zimbra Collaboration before Kepler 9.0.0 Patch 38 GA allows DOM-based JavaScript injection in the Modern UI.6.1Feb 13, 2024
CVE-2023-48432An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. XSS, with resultant session stealing, can occur via JavaScript code in a link (for a webmail redirection endpoint) withi...6.1Feb 13, 2024