| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-34838 | Group-Office: Authenticated Remote Code Execution via PHP Insecure Deserialization in `AbstractSettingsCollection` | Intermesh | groupoffice | Critical | 9.9 | 2026-04-02 19:15:41 | Deep Dive |
| CVE-2026-33755 | Authenticated SQL Injection in Contact/query addressBookIds filter | Intermesh | groupoffice | High | 8.8 | 2026-03-27 14:08:39 | Deep Dive |
| CVE-2026-30238 | Group-Office: Reflected XSS in JavaScript context | Intermesh | groupoffice | 中危 | - | 2026-03-06 21:14:03 | Deep Dive |
| CVE-2026-30237 | Group-Office: Self XSS in GroupOffice Installer License Page (install/license.php) | Intermesh | groupoffice | 中危 | - | 2026-03-06 21:13:34 | Deep Dive |
| CVE-2026-27947 | Group-Office Vulnerable to Remote Code Execution (RCE) | Intermesh | groupoffice | 中危 | - | 2026-02-27 19:52:42 | Deep Dive |
| CVE-2026-27832 | Group-Office Has Authenticated SQL Injection in advancedQueryData.comparator | Intermesh | groupoffice | 中危 | - | 2026-02-27 19:49:58 | Deep Dive |
| CVE-2026-25511 | Group-Office is vulnerable to SSRF and File Read in WOPI service discovery | Intermesh | groupoffice | - | - | 2026-02-04 20:40:04 | Deep Dive |
| CVE-2026-25512 | Group-Office is vulnerable to RCE due to Command Injection via TNEF Attachment Handler | Intermesh | groupoffice | - | - | 2026-02-04 20:39:08 | Deep Dive |
| CVE-2026-25134 | Group-Office Argument Injection in MaintenanceController::actionZipLanguage | Intermesh | groupoffice | - | - | 2026-02-02 22:40:15 | Deep Dive |
| CVE-2026-23887 | Group-Office has stored XSS vulnerability via unsanitized filenames | Intermesh | groupoffice | - | - | 2026-01-21 23:39:05 | Deep Dive |
| CVE-2025-53505 | Group Office 路径遍历漏洞 | Intermesh BV | Group-Office | 中危 | - | 2025-08-21 04:29:45 | Deep Dive |
| CVE-2025-53504 | Group Office 跨站脚本漏洞 | Intermesh BV | Group-Office | 中危 | - | 2025-08-21 04:29:14 | Deep Dive |
| CVE-2025-48993 | Group-Office vulnerable to reflected XSS via Look and Feel Formatting input | Intermesh | groupoffice | - | - | 2025-06-17 00:43:35 | Deep Dive |
| CVE-2025-48992 | Group-Office vulnerable to blind XSS | Intermesh | groupoffice | - | - | 2025-06-16 22:17:29 | Deep Dive |
| CVE-2025-48369 | GroupOffice vulnerable to Stored XSS in Tasks Comment Section | Intermesh | groupoffice | - | - | 2025-05-22 17:33:06 | Deep Dive |
| CVE-2025-48368 | GroupOffice's DOM-Based XSS in all Date Input Fields Allows Arbitrary JavaScript Execution | Intermesh | groupoffice | - | - | 2025-05-22 17:29:58 | Deep Dive |
| CVE-2025-48366 | GroupOffice's Blind Stored XSS in Phone Number Field Enables Forced Redirect and Unauthorized Actions | Intermesh | groupoffice | - | - | 2025-05-22 17:28:27 | Deep Dive |
| CVE-2025-25191 | Group-Office has a Stored XSS Vulnerability via user's name field | Intermesh | groupoffice | 中危 | - | 2025-03-06 18:41:01 | Deep Dive |
| CVE-2024-47904 | Siemens InterMesh 7177和Siemens InterMesh 7707 安全漏洞 | Siemens | InterMesh 7177 Hybrid 2.0 Subscriber | High | 7.8 | 2024-10-23 14:21:23 | Deep Dive |
| CVE-2024-47903 | Siemens InterMesh 7177和Siemens InterMesh 7707 安全漏洞 | Siemens | InterMesh 7177 Hybrid 2.0 Subscriber | Medium | 5.8 | 2024-10-23 14:21:22 | Deep Dive |