Home/Product/mailcow mailcow\
Product

mailcow mailcow\

16 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-53909
< 2025-07
mailcow: dockerized is an open source groupware/email suite based on docker. A Server-Side Template Injection (SSTI) vulnerability
9.1CRITICAL
 CVE-2025-25198
< 2025-01a
mailcow: dockerized is an open source groupware/email suite based on docker. Prior to version 2025-01a, a vulnerability in mailcow
7.1HIGH
 CVE-2024-41960
< 2024-07
mailcow: dockerized is an open source groupware/email suite based on docker. An authenticated admin user can inject a JavaScript p
3.8LOW
 CVE-2024-41959
< 2024-07
mailcow: dockerized is an open source groupware/email suite based on docker. An unauthenticated attacker can inject a JavaScript p
7.6HIGH
 CVE-2024-41958
< 2024-07
mailcow: dockerized is an open source groupware/email suite based on docker. A vulnerability has been discovered in the two-factor
6.6MEDIUM
 CVE-2024-31204
< 2024-04
mailcow: dockerized is an open source groupware/email suite based on docker. A security vulnerability has been identified in mailc
6.1MEDIUM
 CVE-2024-30270
< 2024-04
mailcow: dockerized is an open source groupware/email suite based on docker. A security vulnerability has been identified in mailc
6.2MEDIUM
 CVE-2024-24760
< 2024-01c
mailcow is a dockerized email package, with multiple containers linked in one bridged network. A security vulnerability has been i
8.8HIGH
 CVE-2024-23824
< 2024-01
mailcow is a dockerized email package, with multiple containers linked in one bridged network. The application is vulnerable to pi
4.7MEDIUM
 CVE-2023-49077
< 2023-11
Mailcow: dockerized is an open source groupware/email suite based on docker. A Cross-Site Scripting (XSS) vulnerability has been i
8.3HIGH
 CVE-2023-34108
<= 2023-05
mailcow is a mail server suite based on Dovecot, Postfix and other open source software, that provides a modern web UI for user/se
8.8HIGH
 CVE-2023-26490
< 2023-03
mailcow is a dockerized email package, with multiple containers linked in one bridged network. The Sync Job feature - which can be
7.3HIGH
 CVE-2022-39258
< 2022-09
mailcow is a mailserver suite. A vulnerability innversions prior to 2022-09 allows an attacker to craft a custom Swagger API templ
8.1HIGH
 CVE-2022-31138
< 2022-06a
mailcow is a mailserver suite. Prior to mailcow-dockerized version 2022-06a, an extended privilege vulnerability can be exploited
8.8HIGH
 CVE-2022-31245
< 2022-05d
mailcow before 2022-05d allows a remote authenticated user to inject OS commands and escalate privileges to domain admin via the -
8.8HIGH
 CVE-2017-8928
all versions
mailcow 0.14, as used in "mailcow: dockerized" and other products, has CSRF.
8.8HIGH
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Coverage report
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh