Aggregates CVE and security vulnerability intelligence across all hmailserver-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk path handling, vendor risk buffer overflow, and vendor risk input validation, with potential vendor impact memory corruption across vendor surface production workloads use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-52374 | Use of hardcoded cryptographic key in Encryption.cs in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords to other servers from hMailAdmin.exe.config file to access other hMailServer admin consoles with configured connections. | [email protected] | 4.6 | 0.18% | 2025-07-21 | 2025-08-07 |
| CVE-2025-52373 | Use of hardcoded cryptographic key in BlowFish.cpp in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords used in database connections from hMailServer.ini config file. | [email protected] | 4.6 | 0.28% | 2025-07-21 | 2025-08-07 |
| CVE-2025-52372 | An issue in hMailServer v.5.8.6 allows a local attacker to obtain sensitive information via the hmailserver/installation/hMailServerInnoExtension.iss and hMailServer.ini components. | [email protected] | 5.1 | 0.22% | 2025-07-21 | 2025-08-08 |
| CVE-2013-5571 | HMailServer 5.3.x and prior: Memory Corruption which could cause DOS | [email protected] | 5.9 | 0.89% | 2020-01-07 | 2024-11-21 |
| CVE-2008-3676 | Unspecified vulnerability in the IMAP server in hMailServer 4.4.1 allows remote authenticated users to cause a denial of service (resource exhaustion or daemon crash) via a long series of IMAP commands. | [email protected] | 4.3 | 2.76% | 2008-08-14 | 2026-04-23 |