VYPR
Vendor

Csm

Products
1
CVEs
7
Across products
7
Status
Private

Products

1

Recent CVEs

7
  • CVE-2024-32399HigApr 22, 2024
    risk 0.56cvss 7.6epss 0.03

    Directory Traversal vulnerability in RaidenMAILD Mail Server v.4.9.4 and before allows a remote attacker to obtain sensitive information via the /webeditor/ component.

  • CVE-2024-50601MedNov 11, 2024
    risk 0.40cvss 6.1epss 0.00

    Persistent and reflected XSS vulnerabilities in the themeMode cookie and _h URL parameter of Axigen Mail Server up to version 10.5.28 allow attackers to execute arbitrary Javascript. Exploitation could lead to session hijacking, data leakage, and further exploitation via a…

  • CVE-2025-68721Feb 5, 2026
    risk 0.00cvss epss 0.00

    Axigen Mail Server before 10.5.57 contains an improper access control vulnerability in the WebAdmin interface. A delegated admin account with zero permissions can bypass access control checks and gain unauthorized access to the SSL Certificates management endpoint…

  • CVE-2025-68723Feb 5, 2026
    risk 0.00cvss epss 0.00

    Axigen Mail Server before 10.5.57 contains multiple stored Cross-Site Scripting (XSS) vulnerabilities in the WebAdmin interface. Three instances exist: (1) the log file name parameter in the Local Services Log page, (2) certificate file content in the SSL Certificates View Usage…

  • CVE-2025-68722Feb 5, 2026
    risk 0.00cvss epss 0.00

    Axigen Mail Server before 10.5.57 and 10.6.x before 10.6.26 contains a Cross-Site Request Forgery (CSRF) vulnerability in the WebAdmin interface through improper handling of the _s (breadcrumb) parameter. The application accepts state-changing requests via the GET method and…

  • CVE-2025-68643Feb 5, 2026
    risk 0.00cvss epss 0.00

    Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting (XSS) in the handling of the timeFormat account preference parameter. Attackers can exploit this by deploying a multi-stage attack. In the first stage, a malicious JavaScript payload is injected into the…

  • CVE-2000-0042Dec 29, 1999
    risk 0.00cvss epss 0.03

    Buffer overflow in CSM mail server allows remote attackers to cause a denial of service or execute commands via a long HELO command.