Browse all 4 CVE security advisories affecting Horde. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Horde is an open-source web application suite providing email, calendar, task management, and groupware functionality. Historically, Horde has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, often stemming from improper input validation and insecure session handling. The application's modular architecture has introduced additional attack surfaces, with several critical vulnerabilities allowing unauthorized access or system compromise. While no major public security incidents have been widely documented, the presence of four CVEs indicates ongoing security challenges that require regular patching and careful configuration to mitigate risks associated with this complex web-based collaboration platform.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-41066 | Disclosure of sensitive information in Horde Groupware — GroupwareCWE-200 | 5.3AI | MediumAI | 2025-12-02 |
| CVE-2025-30349 | IMP 安全漏洞 — IMPCWE-79 | 7.2 | High | 2025-03-21 |
| CVE-2020-8865 | Horde Groupware Webmail 路径遍历漏洞 — Groupware Webmail EditionCWE-23 | 8.8 | - | 2020-03-23 |
| CVE-2020-8866 | Horde Groupware Webmail 代码问题漏洞 — Groupware Webmail EditionCWE-434 | 8.1 | - | 2020-03-23 |
This page lists every published CVE security advisory associated with Horde. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.