VYPR

Kerio Connect

by Gfi

CVEs (5)

  • CVE-2017-7440MedMay 2, 2017
    risk 0.42cvss 6.5epss 0.01

    Kerio Connect 8.0.0 through 9.2.2, and Kerio Connect Client desktop application for Windows and Mac 9.2.0 through 9.2.2, when e-mail preview is enabled, allows remote attackers to conduct clickjacking attacks via a crafted e-mail message.

  • CVE-2025-2977Mar 31, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in GFI KerioConnect 10.0.6. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component PDF File Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The…

  • CVE-2025-2976Mar 31, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in GFI KerioConnect 10.0.6. It has been classified as problematic. Affected is an unknown function of the component File Upload. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed…

  • CVE-2025-2975Mar 31, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in GFI KerioConnect 10.0.6 and classified as problematic. This issue affects some unknown processing of the file Settings/Email/Signature/EditHtmlSource of the component Signature Handler. The manipulation leads to cross site scripting. The attack may…

  • CVE-2023-25267Mar 15, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in GFI Kerio Connect 9.4.1 patch 1 (fixed in 10.0.0). There is a stack-based Buffer Overflow in the webmail component's 2FASetup function via an authenticated request with a long primaryEMailAddress field to the webmail/api/jsonrpc URI.