Exploited CVEs / By vendor / Synacor
Synacor vulnerabilities actively exploited
18 Synacor CVEs on the CISA Known Exploited Vulnerabilities catalog, newest first. Refreshed daily.
Every CVE below is confirmed exploited in the wild, not just theoretically severe. The newest addition is CVE-2025-48700 (Zimbra Collaboration Suite (ZCS), added 2026-04-20). 5 of the 18 are used in ransomware campaigns. New CISA KEV entries appear here the day they are cataloged; the freshest across all vendors are on exploited this week.
Ask your own AI about Synacor exploited CVEs
Copy this prompt into Claude, ChatGPT, or Copilot. The facts are included, sourced from this page.
Zimbra Collaboration Suite (ZCS): 16 exploited CVEs
| CVE | Product | Added to KEV | Signals |
|---|---|---|---|
| CVE-2025-48700 | Zimbra Collaboration Suite (ZCS) | 2026-04-20 | CVSS 6.1, EPSS 2% |
| CVE-2025-66376 | Zimbra Collaboration Suite (ZCS) | 2026-03-18 | CVSS 6.1, EPSS 12% |
| CVE-2025-68645 | Zimbra Collaboration Suite (ZCS) | 2026-01-22 | CVSS 8.8, EPSS 32% |
| CVE-2025-27915 | Zimbra Collaboration Suite (ZCS) | 2025-10-07 | CVSS 5.4, EPSS 4% |
| CVE-2019-9621 | Zimbra Collaboration Suite (ZCS) | 2025-07-07 | CVSS 7.5, EPSS 81% |
| CVE-2024-27443 | Zimbra Collaboration Suite (ZCS) | 2025-05-19 | CVSS 6.1, EPSS 20% |
| CVE-2023-34192 | Zimbra Collaboration Suite (ZCS) | 2025-02-25 | CVSS 9.0, EPSS 77% |
| CVE-2024-45519 | Zimbra Collaboration Suite (ZCS) | 2024-10-03 | CVSS 9.8, EPSS 100% |
| CVE-2023-37580 | Zimbra Collaboration Suite (ZCS) | 2023-07-27 | CVSS 6.1, EPSS 59% |
| CVE-2022-27926 | Zimbra Collaboration Suite (ZCS) | 2023-04-03 | CVSS 6.1, EPSS 17% |
| CVE-2022-41352 | Zimbra Collaboration Suite (ZCS) | 2022-10-20 | CVSS 9.8, EPSS 95% |
| CVE-2022-27925 | Zimbra Collaboration Suite (ZCS) | 2022-08-11 | ransomware, CVSS 7.2, EPSS 98% |
| CVE-2022-37042 | Zimbra Collaboration Suite (ZCS) | 2022-08-11 | ransomware, CVSS 9.8, EPSS 88% |
| CVE-2022-27924 | Zimbra Collaboration Suite (ZCS) | 2022-08-04 | ransomware, CVSS 7.5, EPSS 85% |
| CVE-2018-6882 | Zimbra Collaboration Suite (ZCS) | 2022-04-19 | ransomware, CVSS 6.1, EPSS 24% |
| CVE-2019-9670 | Zimbra Collaboration Suite (ZCS) | 2022-01-10 | CVSS 9.8, EPSS 100% |
Other Synacor products
| CVE | Product | Added to KEV | Signals |
|---|---|---|---|
| CVE-2020-7796 | Zimbra Collaboration Suite | 2026-02-17 | CVSS 9.8, EPSS 85% |
| CVE-2022-24682 | Zimbra Collaborate Suite (ZCS) | 2022-02-25 | ransomware, CVSS 6.1, EPSS 31% |
Common questions about exploited Synacor CVEs
Which Synacor vulnerabilities are actively exploited?
As of July 2026, 18 Synacor CVEs are on the CISA Known Exploited Vulnerabilities catalog, meaning exploitation in the wild is confirmed. The most-listed products are Zimbra Collaboration Suite (ZCS) (16). 5 are linked to ransomware campaigns.
What is the newest exploited Synacor CVE?
CVE-2025-48700, affecting Zimbra Collaboration Suite (ZCS), added to the CISA KEV catalog on 2026-04-20. This page refreshes daily, so the newest entry is always first in the table.
How urgent are these Synacor CVEs?
KEV listing is the strongest fix-first signal there is: it means confirmed exploitation, not a prediction. Patch these ahead of higher-CVSS issues that nobody is exploiting. Check the vendor advisory (linked below) for fixed versions and workarounds.
Can I ask my own AI about exploited Synacor CVEs?
Yes. This page includes a free copy-paste AI prompt carrying the newest Synacor KEV entries, with CVSS, EPSS, and ransomware context, into Claude, ChatGPT, or Copilot. The data is refreshed daily.
Authoritative references
All vendors, searchable with due dates and CSV export: the exploited-CVE tracker. Every vendor with a page: exploited by vendor.