Alinto Sogo
12 CVEs affecting Alinto Sogo. Latest disclosed: 2026-05-14. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2015-5395 | High | 8.8 | 2017-09-20 | Cross-site request forgery (CSRF) vulnerability in SOGo before 3.1.0. |
CVE-2026-46446 | High | 7.1 | 2026-05-14 | SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to c_password = '%@' in chang… |
CVE-2026-46445 | High | 7.1 | 2026-05-14 | SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection. |
CVE-2016-6188 | Medium | 6.5 | 2017-02-03 | Memory leak in SOGo 2.3.7 allows remote attackers to cause a denial of service (memory consumption) via a large number of attempts to upload a large attachment… |
CVE-2025-71276 | Medium | 6.4 | 2026-03-22 | SOGo before 5.12.5 is prone to a XSS vulnerability with events, tasks, and contacts categories. |
CVE-2016-6191 | Medium | 6.1 | 2017-02-17 | Multiple cross-site scripting (XSS) vulnerabilities in the View Raw Source page in the Web Calendar in SOGo before 3.1.3 allow remote attackers to inject arbit… |
CVE-2014-9905 | Medium | 6.1 | 2017-02-17 | Multiple cross-site scripting (XSS) vulnerabilities in the Web Calendar in SOGo before 2.2.0 allow remote attackers to inject arbitrary web script or HTML via… |
CVE-2026-3054 | Medium | 4.3 | 2026-02-24 | A vulnerability was identified in Alinto SOGo 5.12.3/5.12.4. This impacts an unknown function. The manipulation of the argument hint leads to cross site script… |
CVE-2016-6189 | Medium | 4.3 | 2017-02-17 | Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the… |
CVE-2022-4558 | Low | 3.5 | 2022-12-16 | A vulnerability was found in Alinto SOGo up to 5.7.1. It has been classified as problematic. This affects an unknown part of the file SoObjects/SOGo/NSString+U… |
CVE-2022-4556 | Low | 3.5 | 2022-12-16 | A vulnerability was found in Alinto SOGo up to 5.7.1 and classified as problematic. Affected by this issue is the function _migrateMailIdentities of the file S… |
CVE-2026-33550 | Low | 2.0 | 2026-03-22 | SOGo before 5.12.5 does not renew the OTP if a user disables/enables it, and has a too short length (only 12 digits instead of the 20 recommended). |