Known Vulnerabilities for products from Synacor
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Synacor".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-33373 json | An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A Cross-Site Request Forgery (CSRF) vulnerability exists... | Not Provided | 2026-03-30 | 2026-04-07 |
| CVE-2026-33372 json | An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A cross-site request forgery (CSRF) vulnerability exists... | Not Provided | 2026-03-20 | 2026-04-01 |
| CVE-2026-33371 json | An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. An XML External Entity (XXE) vulnerability exists in the... | Not Provided | 2026-03-20 | 2026-04-01 |
| CVE-2026-33370 json | An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A stored cross-site scripting (XSS) vulnerability exists... | Not Provided | 2026-03-20 | 2026-04-01 |
| CVE-2026-33369 json | Zimbra Collaboration (ZCS) 10.0 and 10.1 contains an LDAP injection vulnerability in the Mailbox SOAP service within a Folder... | Not Provided | 2026-03-20 | 2026-04-01 |
| CVE-2026-33368 json | Zimbra Collaboration Suite (ZCS) 10.0 and 10.1 contains a reflected cross-site scripting (XSS) vulnerability in the Classic W... | Not Provided | 2026-03-20 | 2026-04-01 |
| CVE-2025-48700 json | An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0 and 10.0 and 10.1. A Cross-Site Scripting (XSS) vulnerab... | Not Provided | 2025-06-23 | 2026-04-21 |
| CVE-2022-3569 json | Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation i... | 7.8 - HIGH | 2022-10-17 | 2023-07-21 |
| CVE-2020-18985 json | An issue in /domain/service/.ewell-known/caldav of Zimbra Collaboration 8.8.12 allows attackers to redirect users to any arbi... | 6.1 - MEDIUM | 2021-12-15 | 2021-12-20 |
| CVE-2020-18984 json | A reflected cross-site scripting (XSS) vulnerability in the zimbraAdmin/public/secureRequest.jsp component of Zimbra Collabor... | 6.1 - MEDIUM | 2021-12-15 | 2021-12-20 |
| CVE-2020-13653 json | An XSS vulnerability exists in the Webmail component of Zimbra Collaboration Suite before 8.8.15 Patch 11. It allows an attac... | 6.1 - MEDIUM | 2020-07-02 | 2020-07-09 |
| CVE-2020-12846 json | Zimbra before 8.8.15 Patch 10 and 9.x before 9.0.0 Patch 3 allows remote code execution via an avatar file. There is potentia... | 8 - HIGH | 2020-06-03 | 2020-06-05 |
| CVE-2020-8633 json | An issue was discovered in Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7. When grantors revoked a shared calendar in... | 5.3 - MEDIUM | 2020-02-18 | 2020-02-25 |
| CVE-2020-7796 json | Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled. | 9.8 - CRITICAL | 2020-02-18 | 2020-02-24 |
| CVE-2019-11318 json | Zimbra Collaboration before 8.8.12 Patch 1 has persistent XSS. | 5.4 - MEDIUM | 2020-01-27 | 2020-01-28 |
| CVE-2019-9670 json | mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vu... | 9.8 - CRITICAL | 2019-05-29 | 2021-06-26 |
| CVE-2019-6981 json | Zimbra Collaboration Suite 8.7.x through 8.8.11 allows Blind SSRF in the Feed component. | 6.5 - MEDIUM | 2019-05-29 | 2019-05-30 |
| CVE-2019-6980 json | Synacor Zimbra Collaboration Suite 8.7.x through 8.8.11 allows insecure object deserialization in the IMAP component. | 9.8 - CRITICAL | 2019-05-29 | 2019-05-30 |
| CVE-2018-20160 json | ZxChat (aka ZeXtras Chat), as used for zimbra-chat and zimbra-talk in Synacor Zimbra Collaboration Suite 8.7 and 8.8 and in o... | 9.8 - CRITICAL | 2019-05-29 | 2019-05-30 |
| CVE-2018-18631 json | mailboxd component in Synacor Zimbra Collaboration Suite 8.6, 8.7 before 8.7.11 Patch 7, and 8.8 before 8.8.10 Patch 2 has Pe... | 6.1 - MEDIUM | 2019-05-29 | 2019-05-30 |
Known software with vulnerabilities from Synacor
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Synacor | Zimbra Collaboration Server | 6.0.10 |
| Application | Synacor | Zimbra Collaboration Suite | 6.0.0 |