CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14946 matches found

Vulnrichment•added 2026/02/19 5:59 p.m.•3 views

CVE-2026-23618 GFI MailEssentials AI < 22.4 Anti-Spam Spam Keyword Checking Subject Condition Stored XSS

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Spam Keyword Checking Subject conditions interface. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pvSubject$TXBSubjectCondition parameter to...

5.4CVSS5.4AI score0.00045EPSS

Exploits0References2

CVE•added 2026/02/19 5:59 p.m.•8 views

CVE-2026-23618

GFI MailEssentials AI versions before 22.4 are affected by a stored XSS in the Spam Keyword Checking (Subject) UI. An authenticated user can inject HTML/JS into the ctl00$ContentPlaceHolder1$pvSubject$TXB_SubjectCondition parameter of /MailEssentials/pages/MailSecurity/ASKeywordChecking.aspx; the...

5.4CVSS5.4AI score0.00045EPSS

Exploits0References2Affected Software1

CVE•added 2026/02/19 5:59 p.m.•9 views

CVE-2026-23617

GFI MailEssentials AI prior to 22.4 is affected by a stored XSS in the Spam Keyword Checking (Body) interface. An authenticated user can supply HTML/JavaScript to ctl00$ContentPlaceHolder1$pvGeneral$TXB_Condition in /MailEssentials/pages/MailSecurity/ASKeywordChecking.aspx; the payload is stored ...

5.4CVSS5.4AI score0.00045EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/02/19 5:58 p.m.•2 views

CVE-2026-23615 GFI MailEssentials AI < 22.4 Anti-Spam Sender Policy Framework Email Exceptions Description Stored XSS

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Sender Policy Framework Email Exceptions interface. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv4$txtEmailDescription parameter to...

5.4CVSS5.4AI score0.00045EPSS

Exploits0References2

CVE•added 2026/02/19 5:58 p.m.•12 views

CVE-2026-23614

GFI MailEssentials AI (versions prior to 22.4) contains a stored XSS in the Sender Policy Framework IP Exceptions interface. An authenticated user can submit HTML/JavaScript via ctl00$ContentPlaceHolder1$pv2$txtIPDescription to /MailEssentials/pages/MailSecurity/SenderPolicyFramework.aspx; the in...

5.4CVSS5.4AI score0.00045EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/02/19 5:58 p.m.•20 views

CVE-2026-23614 GFI MailEssentials AI < 22.4 Anti-Spam Sender Policy Framework IP Exceptions Description Stored XSS

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Sender Policy Framework IP Exceptions interface. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv2$txtIPDescription parameter to...

5.4CVSS0.00045EPSS

Exploits0References2

Vulnrichment•added 2026/02/19 5:58 p.m.•4 views

CVE-2026-23614 GFI MailEssentials AI < 22.4 Anti-Spam Sender Policy Framework IP Exceptions Description Stored XSS

5.4CVSS5.4AI score0.00045EPSS

Exploits0References2

CVE•added 2026/02/19 5:57 p.m.•16 views

CVE-2026-23611

GFI MailEssentials AI (versions prior to 22.4) contains a stored cross-site scripting vulnerability in the IP Blocklist management page. An authenticated user can submit HTML/JavaScript via ctl00$ContentPlaceHolder1$pv1$txtIPDescription on /MailEssentials/pages/MailSecurity/ipblocklist.aspx, whic...

5.4CVSS5.4AI score0.00045EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/02/19 5:56 p.m.•2 views

CVE-2026-23610 GFI MailEssentials AI < 22.4 POP2Exchange POP3 Server Login Stored XSS

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the POP2Exchange configuration endpoint. An authenticated user can supply HTML/JavaScript in the POP3 server login field within the JSON "popServers" payload to...

5.4CVSS5.4AI score0.00045EPSS

Exploits0References2

Cvelist•added 2026/02/19 5:56 p.m.•19 views

CVE-2026-23609 GFI MailEssentials AI < 22.4 General Settings Perimeter SMTP Servers Description Stored XSS

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Perimeter SMTP Servers configuration page. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv3$txtDescription parameter to...

5.4CVSS0.00045EPSS

Exploits0References2

CVE•added 2026/02/19 5:55 p.m.•10 views

CVE-2026-23608

GFI MailEssentials AI versions prior to 22.4 are affected by a stored cross-site scripting vulnerability in the Mail Monitoring rule creation endpoint. An authenticated user can submit HTML/JavaScript in the JSON field named "name" to /MailEssentials/pages/MailSecurity/MailMonitoring.aspx/Save; t...

5.4CVSS5.4AI score0.00045EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/02/19 5:55 p.m.•19 views

CVE-2026-23608 GFI MailEssentials AI < 22.4 Email Management Mail Monitoring Rule Stored XSS

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Mail Monitoring rule creation endpoint. An authenticated user can supply HTML/JavaScript in the JSON "name" field to /MailEssentials/pages/MailSecurity/MailMonitoring.aspx/Save, which is stored...

5.4CVSS0.00045EPSS

Exploits0References2

Vulnrichment•added 2026/02/19 5:55 p.m.•4 views

CVE-2026-23608 GFI MailEssentials AI < 22.4 Email Management Mail Monitoring Rule Stored XSS

5.4CVSS5.4AI score0.00045EPSS

Exploits0References2

Cvelist•added 2026/02/19 5:55 p.m.•19 views

CVE-2026-23607 GFI MailEssentials AI < 22.4 Anti-Spam Whitelist Description Stored XSS

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Anti-Spam Whitelist management interface. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$txtDescription parameter to...

5.4CVSS0.00045EPSS

Exploits0References2

CVE•added 2026/02/19 5:54 p.m.•14 views

CVE-2026-23604

GFI MailEssentials AI versions prior to 22.4 are affected by a stored cross-site scripting (XSS) vulnerability in the Keyword Filtering rule creation workflow. An authenticated user can inject HTML/JavaScript into the ctl00$ContentPlaceHolder1$pv1$TXB_RuleName parameter of the /MailEssentials/pag...

5.4CVSS5.4AI score0.00045EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/02/19 5:54 p.m.•2 views

CVE-2026-23604 GFI MailEssentials AI < 22.4 Keyword Filtering Rule Stored XSS

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Keyword Filtering rule creation workflow. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$TXBRuleName parameter to...

5.4CVSS5.4AI score0.00045EPSS

Exploits0References2

NVD•added 2026/02/19 9:16 a.m.•4 views

CVE-2026-23541

Missing Authorization vulnerability in WPFunnels Mail Mint mail-mint allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Mail Mint: from n/a through = 1.19.4...

7.5CVSS0.00047EPSS

Exploits0References1

CVE•added 2026/02/19 8:26 a.m.•8 views

CVE-2026-23541

CVE-2026-23541 is a Missing Authorization vulnerability in the WordPress plugin Mail Mint (Mail Mint: 1.19.4 and earlier). The issue arises from functionality being accessible without proper ACL constraints, enabling access to previously restricted features. Documented impact indicates a broken a...

7.5CVSS5.5AI score0.00047EPSS

In wildExploits0References1

Cvelist•added 2026/02/19 8:26 a.m.•26 views

CVE-2026-23541 WordPress Mail Mint plugin <= 1.19.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPFunnels Mail Mint mail-mint allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Mail Mint: from n/a through = 1.19.4...

7.5CVSS0.00047EPSS

Exploits0References1

Vulnrichment•added 2026/02/19 8:26 a.m.•2 views

CVE-2026-23541 WordPress Mail Mint plugin <= 1.19.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPFunnels Mail Mint mail-mint allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Mail Mint: from n/a through = 1.19.4...

7.5CVSS5.9AI score0.00047EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by