Home/Product/group office group office
Product

group office group office

29 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-34838
< 6.8.156
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.156, 25.0.90, and 26.0.12
9.9CRITICAL
 CVE-2026-33755
< 6.8.158
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.158, 25.0.92, and 26.0.17
8.8HIGH
 CVE-2026-30238
< 6.8.155
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.155, 25.0.88, and 26.0.10
6.1MEDIUM
 CVE-2026-30237
< 6.8.155
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.155, 25.0.88, and 26.0.10
6.1MEDIUM
 CVE-2026-27947
< 6.8.154
Group-Office is an enterprise customer relationship management and groupware tool. Versions prior to 26.0.9, 25.0.87, and 6.8.154
8.8HIGH
 CVE-2026-27832
< 6.8.153
Group-Office is an enterprise customer relationship management and groupware tool. Versions prior to 26.0.8, 25.0.87, and 6.8.153
8.8HIGH
 CVE-2026-25512
< 6.8.150
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5,
8.8HIGH
 CVE-2026-25511
>= 6.8.0 and < 6.8.150
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5,
4.9MEDIUM
 CVE-2026-25134
< 6.8.150
Group-Office is an enterprise customer relationship management and groupware tool. Prior to 6.8.150, 25.0.82, and 26.0.5, the Main
8.8HIGH
 CVE-2026-23887
< 6.8.149
Group-Office is an enterprise customer relationship management and groupware tool. In versions 6.8.148 and below, and 25.0.1 throu
5.4MEDIUM
 CVE-2025-63406
< 6.8.136
An issue in Intermesh BV GroupOffice vulnerable before v.25.0.47 and 6.8.136 allows a remote attacker to execute arbitrary code vi
8.8HIGH
 CVE-2025-53505
< 6.8.119
Group-Office versions prior to 6.8.119 and prior to 25.0.20 provided by Intermesh BV contain a path traversal vulnerability. If th
5.3MEDIUM
 CVE-2025-53504
< 6.8.119
Group-Office versions prior to 6.8.119 and prior to 25.0.20 provided by Intermesh BV contain a cross-site scripting vulnerability.
5.4MEDIUM
 CVE-2025-48993
< 6.8.123
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.123 and 25.0.27, a malici
6.1MEDIUM
 CVE-2025-48992
< 6.8.123
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.123 and 25.0.27, a stored
4.8MEDIUM
 CVE-2025-48369
< 6.8.199
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a persis
5.4MEDIUM
 CVE-2025-48368
< 6.8.199
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a DOM-ba
5.4MEDIUM
 CVE-2025-48366
< 6.8.199
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a stored
5.4MEDIUM
 CVE-2025-25191
all versions
Group-Office is an enterprise CRM and groupware tool. This Stored XSS vulnerability exists where user input in the Name field is n
5.4MEDIUM
 CVE-2024-23941
< 6.6.182
Cross-site scripting vulnerability exists in Group Office prior to v6.6.182, prior to v6.7.64 and prior to v6.8.31, which may allo
5.4MEDIUM
 CVE-2024-22418
< 6.8.29
Group-Office is an enterprise CRM and groupware tool. Affected versions are subject to a vulnerability which is present in the fil
6.5MEDIUM
 CVE-2023-46730
>= 6.3.1 and < 6.6.177
Group-Office is an enterprise CRM and groupware tool. In affected versions there is full Server-Side Request Forgery (SSRF) vulner
7.4HIGH
 CVE-2023-25292
all versions
Reflected Cross Site Scripting (XSS) in Intermesh BV Group-Office version 6.6.145, allows attackers to gain escalated privileges a
6.1MEDIUM
 CVE-2021-28060
all versions
A Server-Side Request Forgery (SSRF) vulnerability in Group Office 6.4.196 allows a remote attacker to forge GET requests to arbit
5.3MEDIUM
 CVE-2020-35419
all versions
Cross Site Scripting (XSS) in Group Office CRM 6.4.196 via the SET_LANGUAGE parameter.
6.1MEDIUM
 CVE-2020-35418
all versions
Cross Site Scripting (XSS) in the contact page of Group Office CRM 6.4.196 by uploading a crafted svg file.
5.4MEDIUM
 CVE-2012-4240
<= 4.0.89
SQL injection vulnerability in modules/calendar/json.php in Group-Office community before 4.0.90 allows remote authenticated users
 CVE-2010-3428
all versions
SQL injection vulnerability in modules/notes/json.php in Intermesh Group-Office 3.5.9 allows remote attackers to execute arbitrary
 CVE-2007-2720
all versions
Group-Office before 2.16-13 does not properly validate user IDs, which allows remote attackers to obtain sensitive information via
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh