These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2025-48700 is listed by CISA as a known exploited vulnerability affecting Synacor Zimbra Collaboration Suite (ZCS). The supplied corpus identifies it as a cross-site scripting issue and sets a CISA due date of 2026-04-23 for remediation planning. Because the available record is a KEV entry rather than a full vendor advisory, defenders should treat it as urgent and rely on official vendor guidance for [truncated]
CVE-2025-66376 is a cross-site scripting issue affecting Synacor Zimbra Collaboration Suite (ZCS) that CISA added to its Known Exploited Vulnerabilities catalog on 2026-03-18. Because it is flagged as known exploited, organizations running ZCS should treat it as a high-priority defensive item and follow vendor guidance and CISA remediation expectations.
CVE-2020-7796 is a server-side request forgery issue affecting Synacor Zimbra Collaboration Suite (ZCS). CISA has added it to the Known Exploited Vulnerabilities catalog, which means defenders should treat it as a live risk and prioritize mitigation using vendor guidance. The supplied CISA record does not provide a CVSS score, so operational urgency here is driven by known exploitation status rather than [truncated]
CVE-2025-68645 is a Synacor Zimbra Collaboration Suite (ZCS) PHP remote file inclusion vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2026-01-22. Because it is listed in KEV, defenders should treat it as actively exploited or at least exploitation-confirmed enough to require prompt remediation. CISA’s stated due date for action is 2026-02-12.
CVE-2025-27915 is a cross-site scripting (XSS) vulnerability affecting Synacor Zimbra Collaboration Suite (ZCS). CISA added it to the Known Exploited Vulnerabilities (KEV) catalog on 2025-10-07, which means federal agencies and other defenders should treat it as a prioritized remediation item. The supplied source corpus confirms the KEV listing and vendor/product naming, but does not provide patch version [truncated]
CVE-2019-9621 is identified in the supplied corpus as a server-side request forgery (SSRF) vulnerability in Synacor Zimbra Collaboration Suite (ZCS). CISA lists it in the Known Exploited Vulnerabilities (KEV) catalog, which makes it a higher-priority defensive item even though no CVSS score was supplied here. The supplied timeline shows CISA adding the entry on 2025-07-07 with a remediation due date of 2025-07-28.
CVE-2024-27443 affects Synacor Zimbra Collaboration Suite (ZCS) and is listed in CISA's Known Exploited Vulnerabilities catalog. The CISA entry points to vendor security-fix releases for Zimbra 8.8.15 P46, 9.0.0 P39, and 10.0.7, and sets a mitigation deadline of 2025-06-09. Organizations running ZCS should prioritize remediation and confirm exposure as soon as possible.
CVE-2023-34192 is a cross-site scripting (XSS) vulnerability affecting Synacor Zimbra Collaboration Suite (ZCS). CISA added it to the Known Exploited Vulnerabilities catalog on 2025-02-25, which means defenders should treat it as known-exploited exposure and prioritize mitigation using official vendor guidance.
CVE-2024-45519 is a Synacor Zimbra Collaboration Suite (ZCS) command execution vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2024-10-03. Because it is listed as known exploited, organizations running ZCS should prioritize remediation using vendor guidance and treat exposed deployments as urgent.
CVE-2023-37580 is a cross-site scripting (XSS) vulnerability affecting Synacor Zimbra Collaboration Suite (ZCS). CISA added it to the Known Exploited Vulnerabilities (KEV) catalog on 2023-07-27, indicating known exploitation and an urgent need for remediation. CISA’s stated guidance is to apply vendor mitigations or discontinue use of the product if mitigations are unavailable.
CVE-2022-27926 is a cross-site scripting (XSS) vulnerability in Synacor Zimbra Collaboration Suite (ZCS). CISA added it to the Known Exploited Vulnerabilities catalog on 2023-04-03 and set a remediation due date of 2023-04-24, indicating it should be treated as a high-priority remediation item for exposed ZCS environments.
CVE-2022-41352 is a Synacor Zimbra Collaboration Suite (ZCS) arbitrary file upload vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2022-10-20. The KEV listing indicates known exploitation and makes this a high-priority patching item. CISA’s guidance for the entry is to apply updates per vendor instructions.
CVE-2022-37042 is an authentication bypass vulnerability affecting Synacor Zimbra Collaboration Suite (ZCS). It was added to CISA’s Known Exploited Vulnerabilities (KEV) catalog on 2022-08-11, with a remediation due date of 2022-09-01. CISA also marks it as having known ransomware campaign use, so organizations running ZCS should treat this as an urgent patching item.
CVE-2022-27925 is a Synacor Zimbra Collaboration Suite (ZCS) vulnerability that CISA has classified as a Known Exploited Vulnerability (KEV). The public record describes it as an arbitrary file upload issue, and CISA’s notes also point to a Zimbra advisory discussing an authentication bypass in mailboxImportServlet. Because it is already in the KEV catalog and marked with known ransomware campaign use, de [truncated]
CVE-2022-27924 is a command injection vulnerability in Synacor Zimbra Collaboration Suite (ZCS). CISA added it to the Known Exploited Vulnerabilities catalog on 2022-08-04 and marked it as known to be used in ransomware campaigns, so organizations running ZCS should treat remediation as urgent.
CVE-2018-6882 is a cross-site scripting (XSS) vulnerability affecting Synacor Zimbra Collaboration Suite (ZCS). CISA added it to the Known Exploited Vulnerabilities (KEV) catalog on 2022-04-19 and marked it as having known ransomware campaign use, which makes it a high-priority remediation item for any organization running ZCS. The supplied sources instruct defenders to apply vendor updates per vendor instructions.
CVE-2022-24682 is a cross-site scripting vulnerability affecting Synacor Zimbra Collaborate Suite (ZCS). CISA added it to the Known Exploited Vulnerabilities catalog on 2022-02-25, indicating known exploitation and making remediation a high priority for organizations running ZCS.
CVE-2019-9670 is a Synacor Zimbra Collaboration Suite (ZCS) vulnerability described as an improper restriction of XML External Entity (XXE) reference handling. CISA has placed it in the Known Exploited Vulnerabilities catalog, so defenders should treat it as a high-priority patching item and follow vendor update guidance.
CVE-2016-4019 is a high-severity vulnerability affecting Zimbra Collaboration versions before 8.7.0. The public record describes it only as an unspecified issue that can let remote attackers affect integrity through unknown vectors. Because the details are not publicly specific, the safest response is to treat any pre-8.7.0 deployment as exposed and verify vendor guidance and upgrade status promptly.
CVE-2016-3999 is a medium-severity cross-site scripting issue in Zimbra Collaboration before 8.7.0. The CVE description says multiple XSS vulnerabilities could let a remote attacker inject arbitrary web script or HTML through unspecified vectors. NVD rates the issue 6.1/10 with a network attack vector, low complexity, no privileges required, and user interaction required. The practical remediation path in [truncated]
CVE-2016-3415 is a critical deserialization flaw affecting Zimbra Collaboration before 8.7.0. According to the supplied NVD record, remote attackers could trigger deserialization attacks via unspecified vectors, and the issue is tracked as bug 102276. The vulnerability is rated 9.1/CRITICAL, with network reachability and no privileges or user interaction required.
CVE-2016-3414 is an unspecified vulnerability in Zimbra Collaboration before 8.6.0 Patch 7. According to the CVE description, remote authenticated users can affect availability via unknown vectors. NVD assigns a medium severity score of 6.5, with an availability-only impact profile.
CVE-2016-3413 is an unspecified vulnerability in Zimbra Collaboration before 8.7.0 that can let a remote attacker affect integrity through unknown vectors. The public record does not disclose the exact flaw, but the machine-readable NVD data shows the issue is network-reachable, requires no privileges or user interaction, and is rated as high integrity impact. For organizations running Zimbra, this is a p [truncated]
CVE-2016-3412 describes multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0. The issue is rated medium severity and is mainly a web-facing risk: an attacker can get arbitrary script or HTML processed in a user’s browser through unspecified vectors. Because the attack requires user interaction and affects browser content, the primary concern is session exposure, content [truncated]
CVE-2016-3411 is a medium-severity cross-site scripting issue in Zimbra Collaboration before 8.7.0. The NVD record maps it to CWE-79 and indicates vulnerable versions through 8.6.0. Because the attack requires network access and user interaction, the main risk is malicious web content or injected HTML/script reaching Zimbra users through the web interface.
CVE-2016-3410 describes multiple cross-site scripting (XSS) issues in Zimbra Collaboration before 8.7.0. The vulnerability is network-reachable and requires user interaction, which makes it especially relevant for webmail and collaboration deployments where attackers can lure users into viewing crafted content. The NVD record classifies the weakness as CWE-79 and rates it medium severity.
CVE-2016-3409 is a cross-site scripting (XSS) issue affecting Zimbra Collaboration before 8.7.0. According to NVD, the flaw allows remote attackers to inject arbitrary web script or HTML through unspecified vectors, with the vulnerable range ending at 8.6.0. The issue was publicly recorded on 2017-01-18 and is rated medium severity (CVSS 6.1).
CVE-2016-3408 is a cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0. The published record says remote attackers could inject arbitrary web script or HTML via unspecified vectors, and NVD maps the issue to CWE-79 with a CVSS 3.0 score of 6.1 (network exploitable, no privileges required, but user interaction is needed). The affected-version data in NVD marks Zimbra Collaboration [truncated]
CVE-2016-3407 covers multiple cross-site scripting (XSS) issues in Zimbra Collaboration before 8.7.0. According to NVD, the flaw allows remote attackers to inject arbitrary web script or HTML through unspecified vectors, and the CVSS v3.0 vector shows user interaction is required. The affected CPE range in NVD includes Zimbra Collaboration Suite through 8.6.0, while the vendor-linked references point to Z [truncated]
CVE-2016-3406 covers multiple cross-site request forgery (CSRF) issues in Zimbra Collaboration before 8.7.0. NVD says remote attackers could hijack the authentication of affected victims through either the Client uploader extension or extension REST handlers. The issue is rated high severity, but it requires user interaction because the attack depends on a victim being induced to process malicious cross-s [truncated]
CVE-2016-3405 covers multiple unspecified vulnerabilities in Zimbra Collaboration before 8.7.0, also referenced as bugs 103961 and 104828. NVD rates the issue as high severity with a network-reachable attack path, no privileges, no user interaction, and high integrity impact. The practical defensive takeaway is straightforward: systems running Zimbra Collaboration Suite 8.6.0 and earlier should be treated [truncated]
CVE-2016-3404 is a high-severity vulnerability in Zimbra Collaboration that can let remote attackers affect integrity through unspecified vectors. The public record does not describe the root cause or attack path, but the issue is treated as network-reachable and requires no privileges or user interaction. Use the vendor's 8.7.0 release materials and security advisories as the remediation context.
CVE-2016-3402 is a high-severity Zimbra Collaboration issue that can let a remote attacker affect confidentiality in versions before 8.7.0. The NVD record indicates network access, no privileges, and no user interaction are required, but the public record does not describe the exact attack path. The vendor-linked release notes and security advisories point to 8.7.0 as the relevant fixed release.
CVE-2016-3401 is an unspecified vulnerability in Zimbra Collaboration that can let a remote authenticated user affect integrity in versions before 8.7.0. The CVE record identifies it as bug 99810 and the NVD entry rates it as a network-reachable issue with high integrity impact but no confidentiality or availability impact. The linked Zimbra release notes and security advisory pages are the primary mitiga [truncated]
