CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/02/24 2:52 p.m.•4 views

CVE-2026-0399

Multiple post-authentication stack-based buffer overflow vulnerabilities in the SonicOS management interface due to improper bounds checking in a API endpoint...

5.8AI score0.00322EPSS

Cvelist•added 2026/02/24 2:52 p.m.•16 views

CVE-2026-0399

Multiple post-authentication stack-based buffer overflow vulnerabilities in the SonicOS management interface due to improper bounds checking in a API endpoint...

0.00322EPSS

CVE•added 2026/02/24 2:52 p.m.•18 views

CVE-2026-0399

Multiple post-authentication stack-based buffer overflow vulnerabilities in the SonicOS management interface caused by improper bounds checking in an API endpoint. Affected: SonicOS management interface. Root cause: bounds checking flaw leading to stack overflow after authentication. Impact: pote...

4.9CVSS5.8AI score0.00322EPSS

Exploits0References1Affected Software1

OSV•added 2026/02/24 3:16 a.m.•4 views

UBUNTU-CVE-2026-26284

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick lacks proper boundary checking when processing Huffman-coded data from PCD Photo CD files. The decoder contains an function that has an incorrect...

9.1CVSS5.8AI score0.00404EPSS

Exploits0References4

OSV•added 2026/02/24 12:44 a.m.•5 views

CLEANSTART-2026-IO04548 Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate

Multiple security vulnerabilities affect the argo-cd package. Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. See references for individual vulnerability details...

9.8CVSS5.8AI score0.04518EPSS

Exploits3References39

Positive Technologies•added 2026/02/24 12:0 a.m.•5 views

PT-2026-21745

Name of the Vulnerable Software and Affected Versions SonicOS affected versions not specified Description The software contains post-authentication stack-based buffer overflow vulnerabilities within its management interface. These issues stem from insufficient bounds checking in an ''API...

4.9CVSS5.7AI score0.00322EPSS

Exploits0References3

RedhatCVE•added 2026/02/20 7:40 p.m.•5 views

CVE-2026-23618

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Spam Keyword Checking Subject conditions interface. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pvSubject$TXBSubjectCondition parameter to...

RedhatCVE•added 2026/02/20 7:40 p.m.•4 views

CVE-2026-23617

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Spam Keyword Checking Body conditions interface. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pvGeneral$TXBCondition parameter to...

OSV•added 2026/02/20 3:32 p.m.•6 views

CLSA-2026-1771601553 Fix CVE(s): CVE-2026-21925, CVE-2026-21932, CVE-2026-21933, CVE-2026-21945

OpenJDK 8u482 release + CVE-2026-21945: enhance Certificate Checking + CVE-2026-21932: enhance Handling of URIs + CVE-2026-21933: improve HttpServer Request handling + CVE-2026-21925: improve JMX connections - Release notes: https://mail.openjdk.org/pipermail/jdk8u-dev/2026-January/020959.html...

7.5CVSS6.4AI score0.00547EPSS

Exploits1References1

Fedora•added 2026/02/20 12:53 a.m.•7 views

[SECURITY] Fedora 43 Update: roundcubemail-1.6.13-1.fc43

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

4.7CVSS5.9AI score0.00292EPSS

Exploits0

OSV•added 2026/02/19 6:24 p.m.•2 views

CVE-2026-23617

5.4CVSS5.8AI score0.00173EPSS

NVD•added 2026/02/19 6:24 p.m.•6 views

CVE-2026-23617

5.4CVSS0.00173EPSS

Cvelist•added 2026/02/19 5:59 p.m.•21 views

CVE-2026-23618 GFI MailEssentials AI < 22.4 Anti-Spam Spam Keyword Checking Subject Condition Stored XSS

5.4CVSS0.00173EPSS

Vulnrichment•added 2026/02/19 5:59 p.m.•4 views

CVE-2026-23618 GFI MailEssentials AI < 22.4 Anti-Spam Spam Keyword Checking Subject Condition Stored XSS

CVE•added 2026/02/19 5:59 p.m.•10 views

CVE-2026-23618

GFI MailEssentials AI versions before 22.4 are affected by a stored XSS in the Spam Keyword Checking (Subject) UI. An authenticated user can inject HTML/JS into the ctl00$ContentPlaceHolder1$pvSubject$TXB_SubjectCondition parameter of /MailEssentials/pages/MailSecurity/ASKeywordChecking.aspx; the...

Exploits0References2Affected Software1

Cvelist•added 2026/02/19 5:59 p.m.•22 views

CVE-2026-23617 GFI MailEssentials AI < 22.4 Anti-Spam Spam Keyword Checking Body Condition Stored XSS

5.4CVSS0.00173EPSS

Vulnrichment•added 2026/02/19 5:59 p.m.•4 views

CVE-2026-23617 GFI MailEssentials AI < 22.4 Anti-Spam Spam Keyword Checking Body Condition Stored XSS

CVE•added 2026/02/19 5:59 p.m.•15 views

CVE-2026-23617

GFI MailEssentials AI prior to 22.4 is affected by a stored XSS in the Spam Keyword Checking (Body) interface. An authenticated user can supply HTML/JavaScript to ctl00$ContentPlaceHolder1$pvGeneral$TXB_Condition in /MailEssentials/pages/MailSecurity/ASKeywordChecking.aspx; the payload is stored ...

Exploits0References2Affected Software1

CNNVD•added 2026/02/19 12:0 a.m.•5 views

GFI MailEssentials AI 安全漏洞

GFI MailEssentials AI is an open-source anti-spam and data breach protection software developed by GFI in the United States. Versions of GFI MailEssentials AI prior to version 22.4 contained a security vulnerability. This vulnerability stemmed from a storage-oriented cross-site scripting...

5.4CVSS5.6AI score0.00173EPSS