Zimbra
This hub aggregates every CVE we track for Zimbra, a product in the communications space. Use it to gauge the current risk picture and drill into individual advisories.
5
CVEs tracked
0
Critical
1
High
0
In CISA KEV
Severity distribution
MEDIUM4HIGH1
Monthly trend
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-082026-07
Latest CVEs
The 5 most recently published vulnerabilities affecting Zimbra.
- CVE-2024-9665Zimbra GraphQL Cross-Site Request Forgery Information Disclosure Vulnerability6.5
- CVE-2023-38750In Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41, 9 before 9.0.0 Patch 34, and 10 before 10.0.2, internal JSP and XML files can be exposed.7.5
- CVE-2020-11737A cross-site scripting (XSS) vulnerability in Web Client in Zimbra 9.0 allows a remote attacker to craft links in an E-Mail message or calendar invite to execute arbitrary JavaScript. The attack re...6.1
- CVE-2013-1938Zimbra 2013 has XSS in aspell.php6.1
- CVE-2012-1213Cross-site scripting (XSS) vulnerability in zimbra/h/calendar in Zimbra Web Client in Zimbra Collaboration Suite (ZCS) 6.x before 6.0.15 and 7.x before 7.1.3 allows remote attackers to inject arbit...4.3
Product normalization is registry-driven with AI assist and human review. How it works