CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

92 matches found

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в exim4

Before version 4.97.1, Exim allowed SMTP smuggling in certain pipeline/chunking configurations. Remote attackers could use a known exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, thereby bypassing an SPF protection mechanism. This issue arises because Exim...

5.3CVSS6.8AI score0.01642EPSS

Exploits1References2

RedhatCVE•added 2026/02/20 7:40 p.m.•4 views

CVE-2026-23614

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Sender Policy Framework IP Exceptions interface. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv2$txtIPDescription parameter to...

5.4CVSS5.4AI score0.00045EPSS

Exploits0References1

RedhatCVE•added 2026/02/20 7:40 p.m.•5 views

CVE-2026-23615

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Sender Policy Framework Email Exceptions interface. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv4$txtEmailDescription parameter to...

5.4CVSS5.4AI score0.00045EPSS

Exploits0References1

NVD•added 2026/02/19 6:24 p.m.•4 views

CVE-2026-23614

5.4CVSS0.00045EPSS

Exploits0References2

OSV•added 2026/02/19 6:24 p.m.•1 views

CVE-2026-23614

5.4CVSS5.8AI score0.00045EPSS

Exploits0References2

NVD•added 2026/02/19 6:24 p.m.•5 views

CVE-2026-23615

5.4CVSS0.00045EPSS

Exploits0References2

OSV•added 2026/02/19 6:24 p.m.•2 views

CVE-2026-23615

5.4CVSS5.8AI score

Exploits0References2

Cvelist•added 2026/02/19 5:58 p.m.•25 views

CVE-2026-23615 GFI MailEssentials AI < 22.4 Anti-Spam Sender Policy Framework Email Exceptions Description Stored XSS

5.4CVSS0.00045EPSS

Exploits0References2

Vulnrichment•added 2026/02/19 5:58 p.m.•2 views

CVE-2026-23615 GFI MailEssentials AI < 22.4 Anti-Spam Sender Policy Framework Email Exceptions Description Stored XSS

5.4CVSS5.4AI score0.00045EPSS

Exploits0References2

CVE•added 2026/02/19 5:58 p.m.•11 views

CVE-2026-23615

CVE-2026-23615 concerns GFI MailEssentials AI prior to version 22.4, where a stored cross-site scripting vulnerability exists in the Sender Policy Framework Email Exceptions interface. An authenticated user can inject HTML/JavaScript via the parameter ctl00$ContentPlaceHolder1$pv4$txtEmailDescrip...

5.4CVSS5.4AI score0.00045EPSS

Exploits0References2Affected Software1

CVE•added 2026/02/19 5:58 p.m.•14 views

CVE-2026-23614

GFI MailEssentials AI (versions prior to 22.4) contains a stored XSS in the Sender Policy Framework IP Exceptions interface. An authenticated user can submit HTML/JavaScript via ctl00$ContentPlaceHolder1$pv2$txtIPDescription to /MailEssentials/pages/MailSecurity/SenderPolicyFramework.aspx; the in...

5.4CVSS5.4AI score0.00045EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/02/19 5:58 p.m.•20 views

CVE-2026-23614 GFI MailEssentials AI < 22.4 Anti-Spam Sender Policy Framework IP Exceptions Description Stored XSS

5.4CVSS0.00045EPSS

Exploits0References2

Positive Technologies•added 2026/02/19 12:0 a.m.•4 views

PT-2026-20894

Name of the Vulnerable Software and Affected Versions GFI MailEssentials AI versions prior to 22.4 Description The software contains a stored cross-site scripting issue in the Sender Policy Framework IP Exceptions interface. A logged-in user can inject HTML or JavaScript code into the...

5.4CVSS5.1AI score0.00045EPSS

Exploits0References6

CNNVD•added 2026/02/19 12:0 a.m.•4 views

GFI MailEssentials AI 安全漏洞

GFI MailEssentials AI is an open-source anti-spam and data breach protection software developed by GFI in the United States. Versions of GFI MailEssentials AI prior to version 22.4 contained a security vulnerability. This vulnerability stemmed from a storage cross-site scripting vulnerability in...

5.4CVSS5.6AI score0.00045EPSS

Exploits0References2

Positive Technologies•added 2026/02/19 12:0 a.m.•6 views

PT-2026-20895

Name of the Vulnerable Software and Affected Versions GFI MailEssentials AI versions prior to 22.4 Description GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting issue in the Sender Policy Framework Email Exceptions interface. An authenticated user can inject HTML ...

5.4CVSS5.1AI score0.00045EPSS

Exploits0References5

CNNVD•added 2026/02/19 12:0 a.m.•5 views

GFI MailEssentials AI 安全漏洞

5.4CVSS5.6AI score0.00045EPSS

Exploits0References2

RedhatCVE•added 2025/11/06 12:10 a.m.•6 views

CVE-2025-61084

MDaemon Mail Server 23.5.2 validates SPF, DKIM, and DMARC using the email enclosed in angle brackets in the From: header of SMTP DATA. An attacker can craft a From: header with multiple invisible Unicode thin spaces to display a spoofed sender while passing validation, allowing email spoofing eve...

7.1CVSS6.8AI score0.0006EPSS

Exploits0References1

CVE•added 2025/11/05 12:0 a.m.•8 views

CVE-2025-61084

MDaemon Mail Server 23.5.2 is described as validating SPF, DKIM, and DMARC using the From header content enclosed in angle brackets () during SMTP DATA. An attacker can craft a From header using multiple invisible Unicode thin spaces to display a spoofed sender while still passing validation, ena...

7.1CVSS6.5AI score0.0006EPSS

Exploits0References1

Vulnrichment•added 2025/11/05 12:0 a.m.•2 views

CVE-2025-61084

6.5AI score0.0006EPSS

Exploits0References1

CNNVD•added 2025/11/05 12:0 a.m.•2 views

MDaemon Mail Server 安全漏洞

MDaemon Mail Server is an e-mail server software from MDaemon Inc. in the United States. A security vulnerability exists in MDaemon Mail Server version 23.5.2, which originates from a flaw in the use of email validation SPF, DKIM, and DMARC using the pointed brackets in the From header of the SMT...

7.1CVSS6.6AI score0.0006EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by