Export limit exceeded: 326079 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (326079 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-3727 | 1 Redhat | 18 Acm, Advanced Cluster Security, Ansible Automation Platform and 15 more | 2026-03-02 | 8.3 High |
| A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks. | ||||
| CVE-2025-3572 | 1 Intumit | 1 Smartrobot | 2026-03-02 | 7.5 High |
| SmartRobot from INTUMIT has a Server-Side Request Forgery vulnerability, allowing unauthenticated remote attackers to probe internal network and even access arbitrary local files on the server. | ||||
| CVE-2026-2679 | 2 A3factura, Wolterskluwer | 2 A3factura, A3factura | 2026-03-02 | 6.1 Medium |
| Reflected Cross-Site Scripting (XSS) on the A3factura web platform, in parameter 'customerName', in 'a3factura-app.wolterskluwer.es/#/incomes/salesInvoices' endpoint, which could allow an attacker to execute arbitrary code in the victim's browser. | ||||
| CVE-2026-23621 | 1 Gfi | 2 Mailessentials, Mailessentials Ai | 2026-03-02 | 4.3 Medium |
| GFI MailEssentials AI versions prior to 22.4 contain an arbitrary directory existence enumeration vulnerability in the ListServer.IsPathExist() web method exposed at /MailEssentials/pages/MailSecurity/ListServer.aspx/IsPathExist. An authenticated user can supply an unrestricted filesystem path via the JSON key \"path\", which is URL-decoded and passed to Directory.Exists(), allowing the attacker to determine whether arbitrary directories exist on the server. | ||||
| CVE-2026-23620 | 1 Gfi | 2 Mailessentials, Mailessentials Ai | 2026-03-02 | 4.3 Medium |
| GFI MailEssentials AI versions prior to 22.4 contain an arbitrary file existence enumeration vulnerability in the ListServer.IsDBExist() web method exposed at /MailEssentials/pages/MailSecurity/ListServer.aspx/IsDBExist. An authenticated user can supply an unrestricted filesystem path via the JSON key \"path\", which is URL-decoded and passed to File.Exists(), allowing the attacker to determine whether arbitrary files exist on the server. | ||||
| CVE-2026-23619 | 1 Gfi | 2 Mailessentials, Mailessentials Ai | 2026-03-02 | 5.4 Medium |
| GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Local Domains settings page. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$Pv3$txtDescription parameter to /MailEssentials/pages/MailSecurity/general.aspx, which is stored and later rendered in the management interface, allowing script execution in the context of a logged-in user. | ||||
| CVE-2026-23618 | 1 Gfi | 2 Mailessentials, Mailessentials Ai | 2026-03-02 | 5.4 Medium |
| GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Spam Keyword Checking (Subject) conditions interface. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pvSubject$TXB_SubjectCondition parameter to /MailEssentials/pages/MailSecurity/ASKeywordChecking.aspx, which is stored and later rendered in the management interface, allowing script execution in the context of a logged-in user. | ||||
| CVE-2026-23617 | 1 Gfi | 2 Mailessentials, Mailessentials Ai | 2026-03-02 | 5.4 Medium |
| GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Spam Keyword Checking (Body) conditions interface. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pvGeneral$TXB_Condition parameter to /MailEssentials/pages/MailSecurity/ASKeywordChecking.aspx, which is stored and later rendered in the management interface, allowing script execution in the context of a logged-in user. | ||||
| CVE-2026-23616 | 1 Gfi | 2 Mailessentials, Mailessentials Ai | 2026-03-02 | 5.4 Medium |
| GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Anti-Spoofing configuration page. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$AntiSpoofingGeneral1$TxtSmtpDesc parameter to /MailEssentials/pages/MailSecurity/AntiSpoofing.aspx, which is stored and later rendered in the management interface, allowing script execution in the context of a logged-in user. | ||||
| CVE-2026-23615 | 1 Gfi | 2 Mailessentials, Mailessentials Ai | 2026-03-02 | 5.4 Medium |
| GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Sender Policy Framework Email Exceptions interface. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv4$txtEmailDescription parameter to /MailEssentials/pages/MailSecurity/SenderPolicyFramework.aspx, which is stored and later rendered in the management interface, allowing script execution in the context of a logged-in user. | ||||
| CVE-2026-23614 | 1 Gfi | 2 Mailessentials, Mailessentials Ai | 2026-03-02 | 5.4 Medium |
| GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Sender Policy Framework IP Exceptions interface. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv2$txtIPDescription parameter to /MailEssentials/pages/MailSecurity/SenderPolicyFramework.aspx, which is stored and later rendered in the management interface, allowing script execution in the context of a logged-in user. | ||||
| CVE-2026-23613 | 1 Gfi | 2 Mailessentials, Mailessentials Ai | 2026-03-02 | 5.4 Medium |
| GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the URI DNS Blocklist configuration page. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$TXB_URIs parameter to /MailEssentials/pages/MailSecurity/uridnsblocklist.aspx, which is stored and later rendered in the management interface, allowing script execution in the context of a logged-in user. | ||||
| CVE-2026-23612 | 1 Gfi | 2 Mailessentials, Mailessentials Ai | 2026-03-02 | 5.4 Medium |
| GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the IP DNS Blocklist configuration page. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$TXB_IPs parameter to /MailEssentials/pages/MailSecurity/ipdnsblocklist.aspx, which is stored and later rendered in the management interface, allowing script execution in the context of a logged-in user. | ||||
| CVE-2026-23611 | 1 Gfi | 2 Mailessentials, Mailessentials Ai | 2026-03-02 | 5.4 Medium |
| GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the IP Blocklist management page. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$txtIPDescription parameter to /MailEssentials/pages/MailSecurity/ipblocklist.aspx, which is stored and later rendered in the management interface, allowing script execution in the context of a logged-in user. | ||||
| CVE-2026-23610 | 1 Gfi | 2 Mailessentials, Mailessentials Ai | 2026-03-02 | 5.4 Medium |
| GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the POP2Exchange configuration endpoint. An authenticated user can supply HTML/JavaScript in the POP3 server login field within the JSON \"popServers\" payload to /MailEssentials/pages/MailSecurity/POP2Exchange.aspx/Save, which is stored and later rendered in the management interface, allowing script execution in the context of a logged-in user. | ||||
| CVE-2026-23609 | 1 Gfi | 2 Mailessentials, Mailessentials Ai | 2026-03-02 | 5.4 Medium |
| GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Perimeter SMTP Servers configuration page. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv3$txtDescription parameter to /MailEssentials/pages/MailSecurity/PerimeterSMTPServers.aspx, which is stored and later rendered in the management interface, allowing script execution in the context of a logged-in user. | ||||
| CVE-2026-23608 | 1 Gfi | 2 Mailessentials, Mailessentials Ai | 2026-03-02 | 5.4 Medium |
| GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Mail Monitoring rule creation endpoint. An authenticated user can supply HTML/JavaScript in the JSON \"name\" field to /MailEssentials/pages/MailSecurity/MailMonitoring.aspx/Save, which is stored and later rendered in the management interface, allowing script execution in the context of a logged-in user. | ||||
| CVE-2026-23607 | 1 Gfi | 2 Mailessentials, Mailessentials Ai | 2026-03-02 | 5.4 Medium |
| GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Anti-Spam Whitelist management interface. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$txtDescription parameter to /MailEssentials/pages/MailSecurity/Whitelist.aspx, which is stored and later rendered in the management interface, allowing script execution in the context of a logged-in user. | ||||
| CVE-2026-23606 | 1 Gfi | 2 Mailessentials, Mailessentials Ai | 2026-03-02 | 5.4 Medium |
| GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Advanced Content Filtering rule creation workflow. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$txtRuleName parameter to /MailEssentials/pages/MailSecurity/advancedfiltering.aspx, which is stored and later rendered in the management interface, allowing script execution in the context of a logged-in user. | ||||
| CVE-2026-23605 | 1 Gfi | 2 Mailessentials, Mailessentials Ai | 2026-03-02 | 5.4 Medium |
| GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Attachment Filtering rule creation workflow. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$TXB_RuleName parameter to /MailEssentials/pages/MailSecurity/attachmentchecking.aspx, which is stored and later rendered in the management interface, allowing script execution in the context of a logged-in user. | ||||