Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Openfind — Vulnerabilities & Security Advisories 16

Browse all 16 CVE security advisories affecting Openfind. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Openfind is a search technology provider primarily used for enterprise search and information retrieval solutions. Historically, the product has been vulnerable to multiple remote code execution (RCE) and cross-site scripting (XSS) flaws, along with privilege escalation vulnerabilities in its administrative interfaces. Security researchers have identified consistent patterns in authentication bypass and input validation weaknesses across versions. While no major public security incidents have been widely documented, the 16 recorded CVEs indicate a history of security concerns that require regular patching and hardening of deployment environments. Organizations using Openfind should implement strict access controls and monitor for exploitation attempts of these known vulnerabilities.

Top products by Openfind: MAIL2000 MailGates Mail2000 V7.0 Mail2000 V8.0 MailGates 5.0
CVE IDTitleCVSSSeverityPublished
CVE-2026-6351 Openfind|MailGates/MailAudit - CRLF Injection — MailGatesCWE-93 7.5 High2026-04-16
CVE-2026-6350 Openfind|MailGates/MailAudit - Stack-based Buffer Overflow — MailGatesCWE-121 9.8 Critical2026-04-16
CVE-2024-6741 Openfind Mail2000 - HttpOnly flag bypass — Mail2000 V7.0CWE-693 5.8 Medium2024-07-15
CVE-2024-6740 Openfind Mail2000 - Stored XSS — Mail2000 V7.0CWE-79 6.1 Medium2024-07-15
CVE-2024-6739 Openfind MailGates and MailAudit - Sensitive Cookie Without 'HttpOnly' Flag — MailGatesCWE-1004 5.3 Medium2024-07-15
CVE-2024-6048 Openfind MailGates and MailAudit - OS Command Injection — MailGates 5.0CWE-78 9.8 Critical2024-06-17
CVE-2024-5400 Openfind Mail2000 - OS Command Injection — Mail2000 V8.0CWE-78 8.8 High2024-05-27
CVE-2024-5399 Openfind Mail2000 - OS Command Injection — Mail2000 V7.0CWE-78 7.2 High2024-05-27
CVE-2023-28705 Openfind Mail2000 - XSS (Reflected Cross-site scripting) — Mail2000CWE-79 5.4 Medium2023-06-02
CVE-2023-22902 Openfind Mail2000 - XSS — Mail2000CWE-79 5.4 Medium2023-03-27
CVE-2020-25849 Openfind MailGates/MailAudit - Command Injection — MailGatesCWE-78 8.8 High2020-11-01
CVE-2020-12776 Openfind Mail2000 - Broken Access Control — Mail2000 6.6 Medium2020-09-01
CVE-2020-12782 Openfind MailGates - Command Injection — MailGates 9.8 Critical2020-06-23
CVE-2019-15072 Openfind MAIL2000 Webmail Post-Auth Cross-Site Scripting — MAIL2000CWE-79 6.1 -2019-11-20
CVE-2019-15073 Openfind MAIL2000 Webmail Pre-Auth Open Redirect — MAIL2000CWE-601 6.1 -2019-11-20
CVE-2019-15071 Openfind MAIL2000 Webmail Pre-Auth Cross-Site Scripting — MAIL2000CWE-79 6.1 -2019-11-20

This page lists every published CVE security advisory associated with Openfind. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.