Horde CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (116 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2006-2195	1 Horde	1 Horde	2025-04-03	N/A
Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php.
CVE-2006-1491	1 Horde	1 Application Framework	2025-04-03	N/A
Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to execute arbitrary code via the help viewer.
CVE-2006-1260	1 Horde	1 Horde	2025-04-03	N/A
Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check.
CVE-2005-4242	1 Horde	1 Turba H3	2025-04-03	N/A
Multiple cross-site scripting (XSS) vulnerabilities in Horde Turba H3 2.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the address book and (2) contact data.
CVE-2005-4192	1 Horde	1 Mnemo Note Manager H3	2025-04-03	N/A
Multiple cross-site scripting (XSS) vulnerabilities in templates/notepads/notepads.inc in Horde Mnemo Note Manager H3 before 2.0.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) the notepad's name or (2) description, when creating a new notepad.
CVE-2005-4080	1 Horde	1 Imp	2025-04-03	N/A
Horde IMP 4.0.4 and earlier does not sanitize strings containing UTF16 null characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via UTF16 encoded attachments and strings that will be executed when viewed using Internet Explorer, which ignores the characters.
CVE-2000-0910	1 Horde	1 Horde	2025-04-03	N/A
Horde library 1.02 allows attackers to execute arbitrary commands via shell metacharacters in the "from" address.
CVE-2005-3759	1 Horde	1 Horde	2025-04-03	N/A
Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) gzip/tar and (2) css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments.
CVE-2005-3570	1 Horde	1 Horde	2025-04-03	N/A
Unspecified cross-site scripting (XSS) vulnerability in Horde before 2.2.9 allows remote attackers to inject arbitrary web script or HTML via "not properly escaped error messages".
CVE-2005-3344	1 Horde	1 Horde	2025-04-03	N/A
The default installation of Horde 3.0.4 contains an administrative account with a blank password, which allows remote attackers to gain access.
CVE-2005-1322	1 Horde	1 Nag	2025-04-03	N/A
Cross-site scripting (XSS) vulnerability in Horde Nag Task List Manager before 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
CVE-2005-1321	1 Horde	1 Vaction	2025-04-03	N/A
Cross-site scripting (XSS) vulnerability in Horde Vacation module before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
CVE-2005-1320	1 Horde	1 Mnemo	2025-04-03	N/A
Cross-site scripting (XSS) vulnerability in Horde Mnemo Note Manager before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
CVE-2005-1319	1 Horde	1 Imp	2025-04-03	N/A
Cross-site scripting (XSS) vulnerability in Horde IMP Webmail client before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
CVE-2005-1318	1 Horde	1 Forwards	2025-04-03	N/A
Cross-site scripting (XSS) vulnerability in Horde Forwards E-Mail Forwarding Manager before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
CVE-2005-1317	1 Horde	1 Chora	2025-04-03	N/A
Cross-site scripting (XSS) vulnerability in Horde Chora module before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
CVE-2005-1316	1 Horde	1 Accounts	2025-04-03	N/A
Cross-site scripting (XSS) vulnerability in Horde Accounts module before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
CVE-2005-1315	1 Horde	1 Turba	2025-04-03	N/A
Cross-site scripting (XSS) vulnerability in Horde Turba module before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
CVE-2005-1314	1 Horde	1 Kronolith	2025-04-03	N/A
Cross-site scripting (XSS) vulnerability in Horde Kronolith module before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
CVE-2022-30287	2 Debian, Horde	2 Debian Linux, Groupware	2024-11-21	8.0 High
Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP objects.

« first previous Page 5 of 6. next last »