105 matches found
EUVD-2025-14683
Malicious code in bioql PyPI...
CVE-2025-34491
GFI MailEssentials prior to version 21.8 is vulnerable to a .NET deserialization issue. A remote and authenticated attacker can execute arbitrary code by sending crafted serialized .NET when joining to a Multi-Server setup...
CVE-2025-34490
GFI MailEssentials prior to version 21.8 is vulnerable to an XML External Entity XXE issue. An authenticated and remote attacker can send crafted HTTP requests to read arbitrary system files...
CVE-2025-34489
GFI MailEssentials prior to version 21.8 is vulnerable to a local privilege escalation issue. A local attacker can escalate to NT Authority/SYSTEM by sending a crafted serialized payload to a .NET Remoting Service...
CVE-2025-34491
GFI MailEssentials prior to version 21.8 is vulnerable to a .NET deserialization issue. A remote and authenticated attacker can execute arbitrary code by sending crafted serialized .NET when joining to a Multi-Server setup...
CVE-2025-34491 GFI MailEssentials < 21.8 MultiNode Insecure Deserialization
GFI MailEssentials prior to version 21.8 is vulnerable to a .NET deserialization issue. A remote and authenticated attacker can execute arbitrary code by sending crafted serialized .NET when joining to a Multi-Server setup...
CVE-2025-34491
CVE-2025-34491 affects GFI MailEssentials prior to v21.8. The issue is a .NET deserialization flaw in the Multi-Server setup that allows a remote, authenticated attacker to execute arbitrary code by sending crafted serialized .NET data. Root cause: improper deserialization in the Multi-Server com...
CVE-2025-34491 GFI MailEssentials < 21.8 MultiNode Insecure Deserialization
GFI MailEssentials prior to version 21.8 is vulnerable to a .NET deserialization issue. A remote and authenticated attacker can execute arbitrary code by sending crafted serialized .NET when joining to a Multi-Server setup...
CVE-2025-34490
GFI MailEssentials prior to version 21.8 is vulnerable to an XML External Entity XXE issue. An authenticated and remote attacker can send crafted HTTP requests to read arbitrary system files...
CVE-2025-34490
GFI MailEssentials prior to version 21.8 is vulnerable to an XML External Entity XXE issue. An authenticated and remote attacker can send crafted HTTP requests to read arbitrary system files...
CVE-2025-34489
GFI MailEssentials prior to version 21.8 is vulnerable to a local privilege escalation issue. A local attacker can escalate to NT Authority/SYSTEM by sending a crafted serialized payload to a .NET Remoting Service...
CVE-2025-34489
GFI MailEssentials prior to version 21.8 is vulnerable to a local privilege escalation issue. A local attacker can escalate to NT Authority/SYSTEM by sending a crafted serialized payload to a .NET Remoting Service...
CVE-2025-34490 GFI MailEssentials < 21.8 XXE Arbitrary File Read
GFI MailEssentials prior to version 21.8 is vulnerable to an XML External Entity XXE issue. An authenticated and remote attacker can send crafted HTTP requests to read arbitrary system files...
CVE-2025-34490 GFI MailEssentials < 21.8 XXE Arbitrary File Read
GFI MailEssentials prior to version 21.8 is vulnerable to an XML External Entity XXE issue. An authenticated and remote attacker can send crafted HTTP requests to read arbitrary system files...
CVE-2025-34490
GFI MailEssentials
CVE-2025-34489 GFI MailEssentials < 21.8 Local Privilege Escalation
GFI MailEssentials prior to version 21.8 is vulnerable to a local privilege escalation issue. A local attacker can escalate to NT Authority/SYSTEM by sending a crafted serialized payload to a .NET Remoting Service...
CVE-2025-34489 GFI MailEssentials < 21.8 Local Privilege Escalation
GFI MailEssentials prior to version 21.8 is vulnerable to a local privilege escalation issue. A local attacker can escalate to NT Authority/SYSTEM by sending a crafted serialized payload to a .NET Remoting Service...
CVE-2025-34489
CVE-2025-34489 affects GFI MailEssentials prior to version 21.8. A local privilege escalation is possible when a crafted serialized payload is sent to the .NET Remoting Service, allowing an attacker to elevate to NT Authority/SYSTEM. Public-advisory sources confirm impact on affected versions and...
PT-2025-18106 · Gfi · Gfi Mailessentials
Name of the Vulnerable Software and Affected Versions: GFI MailEssentials versions prior to 21.8 Description: The issue is related to an XML External Entity XXE problem. An authenticated and remote attacker can send crafted HTTP requests to read arbitrary system files. Recommendations: For versio...
PT-2025-18105 · Gfi · Gfi Mailessentials
Name of the Vulnerable Software and Affected Versions: GFI MailEssentials versions prior to 21.8 Description: A local privilege escalation issue exists, allowing a local attacker to escalate to NT Authority/SYSTEM by sending a crafted serialized payload to a .NET Remoting Service. Recommendations...