CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

16 matches found

RedhatCVE•added 2026/02/20 7:40 p.m.•4 views

CVE-2026-23618

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Spam Keyword Checking Subject conditions interface. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pvSubject$TXBSubjectCondition parameter to...

5.4CVSS5.4AI score0.00045EPSS

Exploits0References1

RedhatCVE•added 2026/02/20 7:40 p.m.•3 views

CVE-2026-23617

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Spam Keyword Checking Body conditions interface. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pvGeneral$TXBCondition parameter to...

5.4CVSS5.4AI score0.00045EPSS

Exploits0References1

RedhatCVE•added 2026/02/20 7:40 p.m.•5 views

CVE-2026-23615

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Sender Policy Framework Email Exceptions interface. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv4$txtEmailDescription parameter to...

5.4CVSS5.4AI score0.00045EPSS

Exploits0References1

OSV•added 2026/02/19 7:22 p.m.•1 views

CVE-2026-23621

GFI MailEssentials AI versions prior to 22.4 contain an arbitrary directory existence enumeration vulnerability in the ListServer.IsPathExist web method exposed at /MailEssentials/pages/MailSecurity/ListServer.aspx/IsPathExist. An authenticated user can supply an unrestricted filesystem path via...

4.3CVSS5.9AI score

Exploits0References2

OSV•added 2026/02/19 6:24 p.m.•2 views

CVE-2026-23618

5.4CVSS5.8AI score0.00045EPSS

Exploits0References2

OSV•added 2026/02/19 6:24 p.m.•2 views

CVE-2026-23620

GFI MailEssentials AI versions prior to 22.4 contain an arbitrary file existence enumeration vulnerability in the ListServer.IsDBExist web method exposed at /MailEssentials/pages/MailSecurity/ListServer.aspx/IsDBExist. An authenticated user can supply an unrestricted filesystem path via the JSON...

4.3CVSS5.9AI score

Exploits0References2

OSV•added 2026/02/19 6:24 p.m.•2 views

CVE-2026-23616

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Anti-Spoofing configuration page. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$AntiSpoofingGeneral1$TxtSmtpDesc parameter to...

5.4CVSS5.8AI score0.00045EPSS

Exploits0References2

NVD•added 2026/02/19 6:24 p.m.•3 views

CVE-2026-23613

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the URI DNS Blocklist configuration page. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$TXBURIs parameter to...

5.4CVSS0.00045EPSS

Exploits0References2

OSV•added 2026/02/19 6:24 p.m.•4 views

CVE-2026-23609

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Perimeter SMTP Servers configuration page. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv3$txtDescription parameter to...

5.4CVSS5.8AI score

Exploits0References2

NVD•added 2026/02/19 6:24 p.m.•3 views

CVE-2026-23605

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Attachment Filtering rule creation workflow. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$TXBRuleName parameter to...

5.4CVSS0.00045EPSS

Exploits0References2

OSV•added 2026/02/19 6:24 p.m.•2 views

CVE-2026-23605

5.4CVSS5.8AI score0.00045EPSS

Exploits0References2

NVD•added 2026/02/19 6:24 p.m.•2 views

CVE-2026-23604

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Keyword Filtering rule creation workflow. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$TXBRuleName parameter to...

5.4CVSS0.00045EPSS

Exploits0References2

Cvelist•added 2026/02/19 5:55 p.m.•19 views

CVE-2026-23607 GFI MailEssentials AI < 22.4 Anti-Spam Whitelist Description Stored XSS

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Anti-Spam Whitelist management interface. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$txtDescription parameter to...

5.4CVSS0.00045EPSS

Exploits0References2

CVE•added 2026/02/19 5:54 p.m.•15 views

CVE-2026-23604

GFI MailEssentials AI versions prior to 22.4 are affected by a stored cross-site scripting (XSS) vulnerability in the Keyword Filtering rule creation workflow. An authenticated user can inject HTML/JavaScript into the ctl00$ContentPlaceHolder1$pv1$TXB_RuleName parameter of the /MailEssentials/pag...

5.4CVSS5.4AI score0.00045EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2026/02/19 12:0 a.m.•4 views

PT-2026-20894

Name of the Vulnerable Software and Affected Versions GFI MailEssentials AI versions prior to 22.4 Description The software contains a stored cross-site scripting issue in the Sender Policy Framework IP Exceptions interface. A logged-in user can inject HTML or JavaScript code into the...

5.4CVSS5.1AI score0.00045EPSS

Exploits0References6

CNNVD•added 2025/04/28 12:0 a.m.•3 views

GFI MailEssentials 安全漏洞

GFI MailEssentials is an email security suite from GFI that includes 14 anti-spam filters, 3 anti-virus engines, and malware scanning capabilities. A security vulnerability exists in GFI MailEssentials versions prior to 21.8, which stems from the .NET Remoting Service improperly handling speciall...

7.8CVSS6.2AI score0.00087EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by