📦 Mailcow\

This vulnerability in mailcow: dockerized allows attackers to manipulate the Host HTTP header during password reset requests, generating malicious reset links that point to attacker-controlled domains...

This is a cross-site scripting (XSS) vulnerability in mailcow: dockerized that allows unauthenticated attackers to inject malicious JavaScript into API logs. When administrators view these logs, the s...

This vulnerability in mailcow allows authenticated attackers to manipulate internal Dovecot variables by using specially crafted passwords during authentication. Attackers can bypass security controls...

This vulnerability in mailcow's Sync Job feature allows authenticated users with specific permissions to execute arbitrary shell commands via command injection in the imapsync Perl script. Attackers c...

CVE-2022-31138 is an OS command injection vulnerability in mailcow mailserver suite that allows authenticated users to execute arbitrary code by manipulating specific parameters. This affects all mail...

CVE-2022-31245 is an OS command injection vulnerability in mailcow email server software that allows authenticated users to execute arbitrary commands with domain admin privileges. Attackers can explo...

This vulnerability allows authenticated attackers to bypass two-factor authentication (2FA) in mailcow: dockerized email systems. Attackers need credentials for both their own account and a target acc...