22 matches found
CVE-2026-23611
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the IP Blocklist management page. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$txtIPDescription parameter to...
CVE-2026-23621 GFI MailEssentials AI < 22.4 ListServer.IsPathExist() Absolute Directory Traversal to File Enumeration
GFI MailEssentials AI versions prior to 22.4 contain an arbitrary directory existence enumeration vulnerability in the ListServer.IsPathExist web method exposed at /MailEssentials/pages/MailSecurity/ListServer.aspx/IsPathExist. An authenticated user can supply an unrestricted filesystem path via...
CVE-2026-23616 GFI MailEssentials AI < 22.4 Anti-Spam Anti-Spoofing Description Stored XSS
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Anti-Spoofing configuration page. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$AntiSpoofingGeneral1$TxtSmtpDesc parameter to...
GFI MailEssentials AI 安全漏洞
GFI MailEssentials AI is an open-source anti-spam and data breach protection software developed by GFI in the United States. Versions of GFI MailEssentials AI prior to version 22.4 contained a security vulnerability. This vulnerability stemmed from a storage-oriented cross-site scripting...
PT-2026-20891
Name of the Vulnerable Software and Affected Versions GFI MailEssentials AI versions prior to 22.4 Description The software contains a stored cross-site scripting issue in the IP Blocklist management page. A logged-in user can inject HTML or JavaScript code into the...
GFI MailEssentials AI 安全漏洞
GFI MailEssentials AI is an open-source anti-spam and data breach protection software developed by GFI in the United States. Versions of GFI MailEssentials AI prior to version 22.4 contained a security vulnerability. This vulnerability stemmed from a storage-type cross-site scripting issue in the...
GFI MailEssentials AI 安全漏洞
GFI MailEssentials AI is an open-source anti-spam and data breach protection software developed by GFI in the United States. Versions of GFI MailEssentials AI prior to version 22.4 contained a security vulnerability. This vulnerability stemmed from a storage cross-site scripting vulnerability...
GFI MailEssentials AI 安全漏洞
GFI MailEssentials AI is an open-source anti-spam and data breach protection software developed by GFI in the United States. Versions of GFI MailEssentials AI prior to version 22.4 contained a security vulnerability. This vulnerability stemmed from the process of creating advanced content filteri...
PT-2026-20889
Name of the Vulnerable Software and Affected Versions GFI MailEssentials AI versions prior to 22.4 Description GFI MailEssentials AI contains a stored cross-site scripting issue in the Perimeter SMTP Servers configuration page. A logged-in user can inject HTML or JavaScript code into the...
EUVD-2024-19253
Malicious code in bioql PyPI...
CVE-2024-55401
An issue in 4C Strategies Exonaut before v22.4 allows attackers to execute a directory traversal...
CVE-2024-55398
4C Strategies Exonaut before v22.4 was discovered to contain insecure permissions...
CVE-2024-55402
4C Strategies Exonaut before v22.4 was discovered to contain an access control issue...
CVE-2024-55398
4C Strategies Exonaut before v22.4 was discovered to contain insecure permissions...
CVE-2023-7260
Path Traversal vulnerability discovered in OpenText™ CX-E Voice, affecting all version through 22.4. The vulnerability could allow arbitrarily access files on the system...
CVE-2023-7260 A path traversal vulnerability has been discovered in OpenText™ CX-E Voice.
Path Traversal vulnerability discovered in OpenText™ CX-E Voice, affecting all version through 22.4. The vulnerability could allow arbitrarily access files on the system...
Design/Logic Flaw
An Incomplete Cleanup vulnerability in Nonstop active routing NSR component of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause memory leak leading to Denial of Service DoS. On all Junos OS platforms, when NSR is enabled, a BGP flap will cause memory leak. A manual...
PT-2023-30258 · WordPress · Wordpress Online Booking/Scheduling Plugin
Name of the Vulnerable Software and Affected Versions: The WordPress Online Booking and Scheduling Plugin versions prior to 22.4 Description: The issue arises from the plugin's failure to properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection. This...
BeyondTrust Privileged Remote Access Authorization Issues Vulnerability
BeyondTrust Privileged Remote Access BeyondTrust PRA is a privileged remote access software from BeyondTrust Corporation. A security vulnerability exists in BeyondTrust Privileged Remote Access PRA versions 22.2.x , 22.3.x , and 22.4.x series, which stems from the presence of a local authenticati...
CVE-2023-23632
BeyondTrust Privileged Remote Access PRA versions 22.2.x to 22.4.x are vulnerable to a local authentication bypass. Attackers can exploit a flawed secret verification process in the BYOT shell jump sessions, allowing unauthorized access to jump items by guessing only the first character of the...