VYPR
Vendor

Intermesh

Products
4
CVEs
31
Across products
51
Status
Private

Products

4

Recent CVEs

31
View all 31 CVEs →
  • CVE-2026-34838CriApr 2, 2026
    risk 0.57cvss 9.9epss 0.01

    Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.156, 25.0.90, and 26.0.12, a vulnerability in the AbstractSettingsCollection model leads to insecure deserialization when these settings are loaded. By injecting a serialized…

  • CVE-2026-33755HigMar 27, 2026
    risk 0.50cvss 8.8epss 0.00

    Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.158, 25.0.92, and 26.0.17, an authenticated SQL Injection vulnerability in the JMAP `Contact/query` endpoint allows any authenticated user with basic addressbook access to…

  • CVE-2026-45551MedMay 29, 2026
    risk 0.26cvss epss 0.00

    Group-Office is an enterprise customer relationship management and groupware tool. Prior to 26.0.25, 25.0.100, and 6.8.165, GroupOffice allows authenticated users to persist arbitrary legacy settings for any user_id via index.php?r=core/saveSetting. A separate client-side sink…

  • CVE-2012-4240Sep 11, 2014
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in modules/calendar/json.php in Group-Office community before 4.0.90 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter.

  • CVE-2010-3428Sep 16, 2010
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in modules/notes/json.php in Intermesh Group-Office 3.5.9 allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a category action.

  • CVE-2026-25512Feb 4, 2026
    risk 0.01cvss epss 0.19

    Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, there is a remote code execution (RCE) vulnerability in Group-Office. The endpoint email/message/tnefAttachmentFromTempFile directly concatenates…

  • CVE-2026-30238Mar 6, 2026
    risk 0.00cvss epss 0.00

    Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.155, 25.0.88, and 26.0.10, there is a reflected XSS vulnerability in GroupOffice on the external/index flow. The f parameter (Base64 JSON) is decoded and then injected into…

  • CVE-2026-30237Mar 6, 2026
    risk 0.00cvss epss 0.00

    Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.155, 25.0.88, and 26.0.10, there is a reflected XSS vulnerability in the GroupOffice installer, endpoint install/license.php. The POST field license is rendered without…

  • CVE-2026-27947Feb 27, 2026
    risk 0.00cvss epss 0.01

    Group-Office is an enterprise customer relationship management and groupware tool. Versions prior to 26.0.9, 25.0.87, and 6.8.154 have an authenticated Remote Code Execution vulnerability in the TNEF attachment processing flow. The vulnerable path extracts attacker-controlled…

  • CVE-2026-27832Feb 27, 2026
    risk 0.00cvss epss 0.00

    Group-Office is an enterprise customer relationship management and groupware tool. Versions prior to 26.0.8, 25.0.87, and 6.8.153 have a SQL Injection (SQLi) vulnerability, exploitable through the `advancedQueryData` parameter (`comparator` field) on an authenticated endpoint.…

  • CVE-2026-25511Feb 4, 2026
    risk 0.00cvss epss 0.00

    Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, an authenticated user within the System Administrator group can trigger a full SSRF via the WOPI service discovery URL, including access to internal…

  • CVE-2026-25134Feb 2, 2026
    risk 0.00cvss epss 0.01

    Group-Office is an enterprise customer relationship management and groupware tool. Prior to 6.8.150, 25.0.82, and 26.0.5, the MaintenanceController exposes an action zipLanguage which takes a lang parameter and passes it directly to a system zip command via exec(). This can be…

  • CVE-2026-23887Jan 21, 2026
    risk 0.00cvss epss 0.00

    Group-Office is an enterprise customer relationship management and groupware tool. In versions 6.8.148 and below, and 25.0.1 through 25.0.79, the application stores unsanitized filenames in the database, which can lead to Stored Cross-Site Scripting (XSS). Users who interact…

  • CVE-2025-63406Nov 13, 2025
    risk 0.00cvss epss 0.01

    An issue in Intermesh BV GroupOffice vulnerable before v.25.0.47 and 6.8.136 allows a remote attacker to execute arbitrary code via the dbToApi() and eval() in the FunctionField.php

  • CVE-2025-53505Aug 21, 2025
    risk 0.00cvss epss 0.00

    Group-Office versions prior to 6.8.119 and prior to 25.0.20 provided by Intermesh BV contain a path traversal vulnerability. If this vulnerability is exploited, information on the server hosting the product may be exposed.

  • CVE-2025-53504Aug 21, 2025
    risk 0.00cvss epss 0.00

    Group-Office versions prior to 6.8.119 and prior to 25.0.20 provided by Intermesh BV contain a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed in the user's web browser.

  • CVE-2025-48993Jun 17, 2025
    risk 0.00cvss epss 0.00

    Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.123 and 25.0.27, a malicious JavaScript payload can be executed via the Look and Feel formatting fields. Any user can update their Look and Feel Formatting input fields, but…

  • CVE-2025-48992Jun 16, 2025
    risk 0.00cvss epss 0.00

    Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.123 and 25.0.27, a stored and blind cross-site scripting (XSS) vulnerability exists in the Name Field of the user profile. A malicious attacker can change their name to a…

  • CVE-2025-48369May 22, 2025
    risk 0.00cvss epss 0.00

    Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a persistent Cross-Site Scripting (XSS) vulnerability exists in Groupoffice's tasks comment functionality, allowing attackers to execute arbitrary JavaScript…

  • CVE-2025-48368May 22, 2025
    risk 0.00cvss epss 0.00

    Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a DOM-based Cross-Site Scripting (XSS) vulnerability exists in the GroupOffice application, allowing attackers to execute arbitrary JavaScript code in the…