Total CVEs

126,116

Critical Severity

2,290

High Severity

7,924

Last 7 Days

1,178
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 21 - 23 of 23 CVEs
CVE-2026-25916 MEDIUM - 4.3

Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when "Block remote images" is used, does not block SVG feImage.

Vendor: Roundcube
Product: Webmail
Published: Feb 09, 2026
Source: NVD
CVE-2025-68723 CRITICAL - 9.0

Axigen Mail Server before 10.5.57 contains multiple stored Cross-Site Scripting (XSS) vulnerabilities in the WebAdmin interface. Three instances exist: (1) the log file name parameter in the Local Services Log page, (2) certificate file content in the SSL Certificates View Usage feature, and (3) the...

Vendor: axigen
Product: axigen_mail_server
Published: Feb 05, 2026
Source: NVD
CVE-2025-68643 MEDIUM - 6.1

Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting (XSS) in the handling of the timeFormat account preference parameter. Attackers can exploit this by deploying a multi-stage attack. In the first stage, a malicious JavaScript payload is injected into the timeFormat preference by ex...

Vendor: axigen
Product: axigen_mail_server
Published: Feb 05, 2026
Source: NVD