Synacor Zimbra CVE-2025-48700 security patch release
Security Patch Release
Summary
Hide ▲
Show ▼
Synacor released security patches for CVE-2025-48700, fixing an XSS flaw in Zimbra Classic UI that could be triggered by a malicious email and expose sensitive session data. The update covered ZCS 8.8.15, 9.0, 10.0, and 10.1, making the patch relevant to widely deployed email and collaboration servers. Because the bug required no user interaction beyond viewing the crafted message, unpatched systems remained exposed to low-friction exploitation.
Related Happenings
Linux kernel Dirty Frag patch release (CVE-2026-43284, CVE-2026-43500)
Security Patch Release
First: 11.05.2026 17:30
Last: 11.05.2026 17:30
Sources 1
About this happening:
**Major Linux distributions** are rolling out fixes for **Dirty Frag**, the **Linux kernel** patch release that covers **CVE-2026-43284** and **CVE-2026-43500**. The update matter...
Linux kernel Dirty Frag patch release (CVE-2026-43284, CVE-2026-43500)
Security Patch ReleaseAbout this happening: **Major Linux distributions** are rolling out fixes for **Dirty Frag**, the **Linux kernel** patch release that covers **CVE-2026-43284** and **CVE-2026-43500**. The update matter...
Linux kernel security update for Copy Fail (CVE-2026-31431)
Security Patch Release
First: 30.04.2026 16:54
Last: 30.04.2026 16:54
Sources 1
About this happening:
**Linux kernel** maintainers have fixed **CVE-2026-31431** and are rolling out updates to close a **local privilege escalation** flaw that lets an unprivileged attacker gain **roo...
Linux kernel security update for Copy Fail (CVE-2026-31431)
Security Patch ReleaseAbout this happening: **Linux kernel** maintainers have fixed **CVE-2026-31431** and are rolling out updates to close a **local privilege escalation** flaw that lets an unprivileged attacker gain **roo...
Microsoft April 2026 Patch Tuesday security update (165 CVEs)
Security Patch Release
First: 15.04.2026 00:22
Last: 15.04.2026 00:22
Sources 1
About this happening:
**Microsoft** shipped **April 2026 Patch Tuesday** updates covering **165 CVEs**, including an **actively exploited zero-day** and a **publicly disclosed** flaw, creating immediat...
Microsoft April 2026 Patch Tuesday security update (165 CVEs)
Security Patch ReleaseAbout this happening: **Microsoft** shipped **April 2026 Patch Tuesday** updates covering **165 CVEs**, including an **actively exploited zero-day** and a **publicly disclosed** flaw, creating immediat...
Progress security patch release for CVE-2026-2699
Security Patch Release
First: 02.04.2026 16:33
Last: 02.04.2026 16:33
Sources 1
About this happening:
**Progress** released **ShareFile 5.12.4** on **March 10** to fix **CVE-2026-2699** and **CVE-2026-2701** in the **Storage Zones Controller (SZC)** for **branch 5.x**. The update...
Progress security patch release for CVE-2026-2699
Security Patch ReleaseAbout this happening: **Progress** released **ShareFile 5.12.4** on **March 10** to fix **CVE-2026-2699** and **CVE-2026-2701** in the **Storage Zones Controller (SZC)** for **branch 5.x**. The update...
GIGABYTE security patch release for CVE-2026-4415
Security Patch Release
First: 01.04.2026 01:28
Last: 01.04.2026 01:28
Sources 1
About this happening:
**GIGABYTE** is directing users of **Control Center** to upgrade to **25.12.10.01** to mitigate **CVE-2026-4415**, a flaw that exposed systems to remote file writes. The update ma...
GIGABYTE security patch release for CVE-2026-4415
Security Patch ReleaseAbout this happening: **GIGABYTE** is directing users of **Control Center** to upgrade to **25.12.10.01** to mitigate **CVE-2026-4415**, a flaw that exposed systems to remote file writes. The update ma...
Timeline
-
24.04.2026 16:35 1 articles · 1mo ago
Synacor Zimbra CVE-2025-48700 security patch release
Initial DisclosureIn **June 2025**, Synacor issued fixes for **CVE-2025-48700** after warning that a crafted email viewed in **Zimbra Classic UI** could trigger the flaw without user interaction.
Show sources
- Over 10,000 Zimbra servers vulnerable to ongoing XSS attacks — www.bleepingcomputer.com — 24.04.2026 16:35