EUVD-2025-14683

Malicious code in bioql PyPI...

CVE-2025-34490

GFI MailEssentials prior to version 21.8 is vulnerable to an XML External Entity XXE issue. An authenticated and remote attacker can send crafted HTTP requests to read arbitrary system files...

CVE-2025-34491 GFI MailEssentials < 21.8 MultiNode Insecure Deserialization

GFI MailEssentials prior to version 21.8 is vulnerable to a .NET deserialization issue. A remote and authenticated attacker can execute arbitrary code by sending crafted serialized .NET when joining to a Multi-Server setup...

CVE-2025-34491

CVE-2025-34491 affects GFI MailEssentials prior to v21.8. The issue is a .NET deserialization flaw in the Multi-Server setup that allows a remote, authenticated attacker to execute arbitrary code by sending crafted serialized .NET data. Root cause: improper deserialization in the Multi-Server com...

CVE-2025-34491 GFI MailEssentials < 21.8 MultiNode Insecure Deserialization

GFI MailEssentials prior to version 21.8 is vulnerable to a .NET deserialization issue. A remote and authenticated attacker can execute arbitrary code by sending crafted serialized .NET when joining to a Multi-Server setup...

CVE-2025-34490

GFI MailEssentials prior to version 21.8 is vulnerable to an XML External Entity XXE issue. An authenticated and remote attacker can send crafted HTTP requests to read arbitrary system files...

CVE-2025-34490 GFI MailEssentials < 21.8 XXE Arbitrary File Read

GFI MailEssentials prior to version 21.8 is vulnerable to an XML External Entity XXE issue. An authenticated and remote attacker can send crafted HTTP requests to read arbitrary system files...

CVE-2025-34490 GFI MailEssentials < 21.8 XXE Arbitrary File Read

GFI MailEssentials prior to version 21.8 is vulnerable to an XML External Entity XXE issue. An authenticated and remote attacker can send crafted HTTP requests to read arbitrary system files...

CVE-2025-34489 GFI MailEssentials < 21.8 Local Privilege Escalation

GFI MailEssentials prior to version 21.8 is vulnerable to a local privilege escalation issue. A local attacker can escalate to NT Authority/SYSTEM by sending a crafted serialized payload to a .NET Remoting Service...

CVE-2025-34489

CVE-2025-34489 affects GFI MailEssentials prior to version 21.8. A local privilege escalation is possible when a crafted serialized payload is sent to the .NET Remoting Service, allowing an attacker to elevate to NT Authority/SYSTEM. Public-advisory sources confirm impact on affected versions and...

PT-2025-18107 · Gfi · Gfi Mailessentials

Name of the Vulnerable Software and Affected Versions: GFI MailEssentials versions prior to 21.8 Description: The issue is related to a .NET deserialization problem. A remote and authenticated attacker can execute arbitrary code by sending crafted serialized .NET data when joining a Multi-Server...

[SECURITY] [DSA 622-1] New htmlheadline package fixes insecure temporary files

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 622-1 [email protected] http://www.debian.org/security/ Martin Schulze January 3rd, 2005 http://www.debian.org/security/faq -...