Skip to main content

Mail Server

16 CVEs product

Monthly

CVE-2025-2848 MEDIUM PATCH This Month

A vulnerability in Synology Mail Server allows remote authenticated attackers to read and write non-sensitive settings, and disable some non-critical functions.

Synology Authentication Bypass Mail Server
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-40632 LOW Monitor

Cross-site scripting (XSS) in Icewarp Mail Server affecting version 11.4.0. Rated low severity (CVSS 2.0), this vulnerability is no authentication required. No vendor patch available.

XSS Mail Server
NVD
CVSS 4.0
2.0
EPSS
0.2%
CVE-2025-40631 LOW Monitor

HTTP host header injection vulnerability in Icewarp Mail Server affecting version 11.4.0. Rated low severity (CVSS 2.0), this vulnerability is no authentication required. No vendor patch available.

RCE Mail Server
NVD
CVSS 4.0
2.0
EPSS
0.2%
CVE-2025-40630 MEDIUM POC This Month

Open redirection vulnerability in IceWarp Mail Server affecting version 11.4.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Mozilla Mail Server Firefox
NVD
CVSS 4.0
5.1
EPSS
0.7%
CVE-2023-39700 MEDIUM POC This Month

IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the color parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mail Server
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2023-39699 CRITICAL POC Act Now

IceWarp Mail Server v10.4.5 was discovered to contain a local file inclusion (LFI) vulnerability via the component /calendar/minimizer/index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Mail Server
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-36580 MEDIUM POC This Month

Open Redirect vulnerability exists in IceWarp MailServer IceWarp Server Deep Castle 2 Update 1 (13.0.1.2) via the referer parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Icewarp Server Mail Server
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2020-27982 MEDIUM POC This Month

IceWarp 11.4.5.0 allows XSS via the language parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mail Server
NVD
CVSS 3.1
6.1
EPSS
5.3%
CVE-2020-23824 HIGH POC This Week

ArGo Soft Mail Server 1.8.8.9 is affected by Cross Site Request Forgery (CSRF) for perform remote arbitrary code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE CSRF Mail Server
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-14066 HIGH This Week

IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaScript files that are dangerous for clients to access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Mail Server
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-14065 MEDIUM This Month

IceWarp Email Server 12.3.0.1 allows remote attackers to upload files and consume disk space. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Mail Server
NVD GitHub
CVSS 3.1
6.5
EPSS
1.5%
CVE-2020-14064 MEDIUM This Month

IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user accounts. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Mail Server
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2019-12593 HIGH POC THREAT This Week

IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Mail Server
NVD GitHub Exploit-DB
CVSS 3.0
7.5
EPSS
41.0%
CVE-2018-16324 MEDIUM POC This Month

In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ username field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mail Server
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-7475 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability for webdav/ticket/ URIs in IceWarp Mail Server 12.0.3 allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mail Server
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2017-12844 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the admin panel in IceWarp Mail Server 10.4.4 allows remote authenticated domain administrators to inject arbitrary web script or HTML via a crafted user. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mail Server
NVD
CVSS 3.0
4.8
EPSS
0.2%
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

A vulnerability in Synology Mail Server allows remote authenticated attackers to read and write non-sensitive settings, and disable some non-critical functions.

Synology Authentication Bypass Mail Server
NVD
EPSS 0% CVSS 2.0
LOW Monitor

Cross-site scripting (XSS) in Icewarp Mail Server affecting version 11.4.0. Rated low severity (CVSS 2.0), this vulnerability is no authentication required. No vendor patch available.

XSS Mail Server
NVD
EPSS 0% CVSS 2.0
LOW Monitor

HTTP host header injection vulnerability in Icewarp Mail Server affecting version 11.4.0. Rated low severity (CVSS 2.0), this vulnerability is no authentication required. No vendor patch available.

RCE Mail Server
NVD
EPSS 1% CVSS 5.1
MEDIUM POC This Month

Open redirection vulnerability in IceWarp Mail Server affecting version 11.4.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Mozilla Mail Server +1
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the color parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mail Server
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

IceWarp Mail Server v10.4.5 was discovered to contain a local file inclusion (LFI) vulnerability via the component /calendar/minimizer/index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Mail Server
NVD
EPSS 2% CVSS 6.1
MEDIUM POC This Month

Open Redirect vulnerability exists in IceWarp MailServer IceWarp Server Deep Castle 2 Update 1 (13.0.1.2) via the referer parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Icewarp Server Mail Server
NVD
EPSS 5% CVSS 6.1
MEDIUM POC This Month

IceWarp 11.4.5.0 allows XSS via the language parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mail Server
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

ArGo Soft Mail Server 1.8.8.9 is affected by Cross Site Request Forgery (CSRF) for perform remote arbitrary code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE CSRF Mail Server
NVD GitHub
EPSS 2% CVSS 8.8
HIGH This Week

IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaScript files that are dangerous for clients to access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Mail Server
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

IceWarp Email Server 12.3.0.1 allows remote attackers to upload files and consume disk space. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Mail Server
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user accounts. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Mail Server
NVD GitHub
EPSS 41% CVSS 7.5
HIGH POC THREAT This Week

IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Mail Server
NVD GitHub Exploit-DB
EPSS 1% CVSS 6.1
MEDIUM POC This Month

In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ username field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mail Server
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability for webdav/ticket/ URIs in IceWarp Mail Server 12.0.3 allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mail Server
NVD
EPSS 0% CVSS 4.8
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the admin panel in IceWarp Mail Server 10.4.4 allows remote authenticated domain administrators to inject arbitrary web script or HTML via a crafted user. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mail Server
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy