CVE-2016-6188 — CVSS 6.5 (medium): Memory leak in SOGo 2.3.7 allows remote attackers to cause a denial of service (memory consumption) via a large number of attempts to…
CVE-2014-9905 — CVSS 6.1 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the Web Calendar in SOGo before 2.2.0 allow remote attackers to inject arbitrary web…
CVE-2016-6191 — CVSS 6.1 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the View Raw Source page in the Web Calendar in SOGo before 3.1.3 allow remote…
CVE-2024-24510 — CVSS 6.1 (medium): Cross Site Scripting vulnerability in Alinto SOGo before 5.10.0 allows a remote attacker to execute arbitrary code via the import function…
CVE-2026-3054 — CVSS 4.3 (medium): A vulnerability was identified in Alinto SOGo 5.12.3/5.12.4. This impacts an unknown function. The manipulation of the argument hint leads…
CVE-2016-6189 — CVSS 4.3 (medium): Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by…
CVE-2022-4556 — CVSS 3.5 (low): A vulnerability was found in Alinto SOGo up to 5.7.1 and classified as problematic. Affected by this issue is the function…
CVE-2022-4558 — CVSS 3.5 (low): A vulnerability was found in Alinto SOGo up to 5.7.1. It has been classified as problematic. This affects an unknown part of the file…
CVE-2026-33550 — CVSS 2.0 (low): SOGo before 5.12.5 does not renew the OTP if a user disables/enables it, and has a too short length (only 12 digits instead of the 20…