softnext CVE Vulnerabilities & Metrics

Focus on softnext vulnerabilities and metrics.

Last updated: 16 Apr 2025, 22:25 UTC

About softnext Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with softnext. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total softnext CVEs: 9
Earliest CVE date: 31 Oct 2022, 07:15 UTC
Latest CVE date: 29 Jul 2024, 03:15 UTC

Latest CVE reference: CVE-2024-5670

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): -80.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): -80.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical softnext CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 0.0

Max CVSS: 0

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	9
4.0-6.9	0
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS softnext CVEs

These are the five CVEs with the highest CVSS scores for softnext, sorted by severity first and recency.

CVE-2024-5670 softnext Published on 29 Jul 2024, 03:15 UTC (CVSS: 0)
The web services of Softnext's products, Mail SQR Expert and Mail Archiving Expert do not properly validate user input, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the remote server.
CVE-2023-48382 softnext Published on 15 Dec 2023, 09:15 UTC (CVSS: 0)
Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion (LFI) vulnerability in a mail deliver-related URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system information but does not affect service availability.
CVE-2023-48381 softnext Published on 15 Dec 2023, 09:15 UTC (CVSS: 0)
Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion (LFI) vulnerability in a special URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system information but does not affect service availability.
CVE-2023-48380 softnext Published on 15 Dec 2023, 09:15 UTC (CVSS: 0)
Softnext Mail SQR Expert is an email management platform, it has insufficient filtering for a special character within a spcific function. A remote attacker authenticated as a localhost can exploit this vulnerability to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service.
CVE-2023-48379 softnext Published on 15 Dec 2023, 08:15 UTC (CVSS: 0)
Softnext Mail SQR Expert is an email management platform, it has inadequate filtering for a specific URL parameter within a specific function. An unauthenticated remote attacker can perform Blind SSRF attack to discover internal network topology base on URL error response.

All CVEs for softnext

CVE-2024-5670 softnext vulnerability CVSS: 0 29 Jul 2024, 03:15 UTC

The web services of Softnext's products, Mail SQR Expert and Mail Archiving Expert do not properly validate user input, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the remote server.

CVE-2023-48382 softnext vulnerability CVSS: 0 15 Dec 2023, 09:15 UTC

Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion (LFI) vulnerability in a mail deliver-related URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system information but does not affect service availability.

CVE-2023-48381 softnext vulnerability CVSS: 0 15 Dec 2023, 09:15 UTC

Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion (LFI) vulnerability in a special URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system information but does not affect service availability.

CVE-2023-48380 softnext vulnerability CVSS: 0 15 Dec 2023, 09:15 UTC

Softnext Mail SQR Expert is an email management platform, it has insufficient filtering for a special character within a spcific function. A remote attacker authenticated as a localhost can exploit this vulnerability to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service.

CVE-2023-48379 softnext vulnerability CVSS: 0 15 Dec 2023, 08:15 UTC

Softnext Mail SQR Expert is an email management platform, it has inadequate filtering for a specific URL parameter within a specific function. An unauthenticated remote attacker can perform Blind SSRF attack to discover internal network topology base on URL error response.

CVE-2023-48378 softnext vulnerability CVSS: 0 15 Dec 2023, 08:15 UTC

Softnext Mail SQR Expert has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files.

CVE-2023-24835 softnext vulnerability CVSS: 0 27 Mar 2023, 04:15 UTC

Softnext Technologies Corp.’s SPAM SQR has a vulnerability of Code Injection within its specific function. An authenticated remote attacker with administrator privilege can exploit this vulnerability to execute arbitrary system command to perform arbitrary system operation or disrupt service.

CVE-2022-40742 softnext vulnerability CVSS: 0 31 Oct 2022, 07:15 UTC

Mail SQR Expert system has a Local File Inclusion vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system information but does not affect service availability.

CVE-2022-40741 softnext vulnerability CVSS: 0 31 Oct 2022, 07:15 UTC

Mail SQR Expert’s specific function has insufficient filtering for special characters. An unauthenticated remote attacker can exploit this vulnerability to perform arbitrary system command and disrupt service.