Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,724
Quick preset (or use dates below)
Clear Filters
Showing 11,281 - 11,300 of 14,604 CVEs
CVE-2026-23616 MEDIUM - 5.4

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Anti-Spoofing configuration page. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$AntiSpoofingGeneral1$TxtSmtpDesc parameter to /MailEssentials/pages/MailSecurity...

Vendor: GFI Software
Product: MailEssentials AI
Published: Feb 19, 2026
Source: NVD
CVE-2026-23615 MEDIUM - 5.4

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Sender Policy Framework Email Exceptions interface. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv4$txtEmailDescription parameter to /MailEssentials/pages/Mai...

Vendor: GFI Software
Product: MailEssentials AI
Published: Feb 19, 2026
Source: NVD
CVE-2026-23614 MEDIUM - 5.4

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Sender Policy Framework IP Exceptions interface. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv2$txtIPDescription parameter to /MailEssentials/pages/MailSecur...

Vendor: GFI Software
Product: MailEssentials AI
Published: Feb 19, 2026
Source: NVD
CVE-2026-23613 MEDIUM - 5.4

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the URI DNS Blocklist configuration page. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$TXB_URIs parameter to /MailEssentials/pages/MailSecurity/uridnsblocklist...

Vendor: GFI Software
Product: MailEssentials AI
Published: Feb 19, 2026
Source: NVD
CVE-2026-23612 MEDIUM - 5.4

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the IP DNS Blocklist configuration page. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$TXB_IPs parameter to /MailEssentials/pages/MailSecurity/ipdnsblocklist.as...

Vendor: GFI Software
Product: MailEssentials AI
Published: Feb 19, 2026
Source: NVD
CVE-2026-23611 MEDIUM - 5.4

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the IP Blocklist management page. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$txtIPDescription parameter to /MailEssentials/pages/MailSecurity/ipblocklist.asp...

Vendor: GFI Software
Product: MailEssentials AI
Published: Feb 19, 2026
Source: NVD
CVE-2026-23610 MEDIUM - 5.4

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the POP2Exchange configuration endpoint. An authenticated user can supply HTML/JavaScript in the POP3 server login field within the JSON \"popServers\" payload to /MailEssentials/pages/MailS...

Vendor: GFI Software
Product: MailEssentials AI
Published: Feb 19, 2026
Source: NVD
CVE-2026-23609 MEDIUM - 5.4

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Perimeter SMTP Servers configuration page. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv3$txtDescription parameter to /MailEssentials/pages/MailSecurity/Peri...

Vendor: GFI Software
Product: MailEssentials AI
Published: Feb 19, 2026
Source: NVD
CVE-2026-23608 MEDIUM - 5.4

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Mail Monitoring rule creation endpoint. An authenticated user can supply HTML/JavaScript in the JSON \"name\" field to /MailEssentials/pages/MailSecurity/MailMonitoring.aspx/Save, which ...

Vendor: GFI Software
Product: MailEssentials AI
Published: Feb 19, 2026
Source: NVD
CVE-2026-23607 MEDIUM - 5.4

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Anti-Spam Whitelist management interface. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$txtDescription parameter to /MailEssentials/pages/MailSecurity/White...

Vendor: GFI Software
Product: MailEssentials AI
Published: Feb 19, 2026
Source: NVD
CVE-2026-23606 MEDIUM - 5.4

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Advanced Content Filtering rule creation workflow. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$txtRuleName parameter to /MailEssentials/pages/MailSecurity...

Vendor: GFI Software
Product: MailEssentials AI
Published: Feb 19, 2026
Source: NVD
CVE-2026-23605 MEDIUM - 5.4

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Attachment Filtering rule creation workflow. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$TXB_RuleName parameter to /MailEssentials/pages/MailSecurity/atta...

Vendor: GFI Software
Product: MailEssentials AI
Published: Feb 19, 2026
Source: NVD
CVE-2026-23604 MEDIUM - 5.4

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Keyword Filtering rule creation workflow. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$TXB_RuleName parameter to /MailEssentials/pages/MailSecurity/content...

Vendor: GFI Software
Product: MailEssentials AI
Published: Feb 19, 2026
Source: NVD
CVE-2025-69725 MEDIUM - 4.7

An Open Redirect vulnerability in the go-chi/chi >=5.2.2 RedirectSlashes function allows remote attackers to redirect victim users to malicious websites using the legitimate website domain.

Published: Feb 19, 2026
Source: NVD
CVE-2026-26345 MEDIUM - 4.7

SPIP before 4.4.8 contains a stored cross-site scripting (XSS) vulnerability in the public area triggered in certain edge-case usage patterns. The echapper_html_suspect() function does not adequately sanitize user-controlled content, allowing authenticated users with content-editing privileges (e.g....

Vendor: SPIP
Product: SPIP
Published: Feb 19, 2026
Source: NVD
CVE-2026-26223 MEDIUM - 5.4

SPIP before 4.4.8 allows Cross-Site Scripting (XSS) in the private area via malicious iframe tags. The application does not properly sandbox or escape iframe content in the back-office, allowing an attacker to inject and execute malicious scripts. The fix adds a sandbox attribute to iframe tags in t...

Vendor: SPIP
Product: SPIP
Published: Feb 19, 2026
Source: NVD
CVE-2025-71244 MEDIUM - 6.1

SPIP before 4.4.5 and 4.3.9 allows an Open Redirect via the login form when used in AJAX mode. An attacker can craft a malicious URL that, when visited by a victim, redirects them to an arbitrary external site after login. This vulnerability only affects sites where the login page has been overridde...

Vendor: SPIP
Product: SPIP
Published: Feb 19, 2026
Source: NVD
CVE-2025-71242 MEDIUM - 4.3

SPIP before 4.3.6, 4.2.17, and 4.1.20 allows unauthorized content disclosure in the private area. The application does not properly check authorization when displaying content of articles and sections (rubriques) in AJAX-loaded fragments, allowing an authenticated attacker to access restricted conte...

Vendor: SPIP
Product: SPIP
Published: Feb 19, 2026
Source: NVD
CVE-2025-71241 MEDIUM - 5.4

SPIP before 4.3.6, 4.2.17, and 4.1.20 allows Cross-Site Scripting (XSS) in the private area. The content of the error message displayed by the 'transmettre' API is not properly sanitized, allowing an attacker to inject malicious scripts. This vulnerability is mitigated by the SPIP security...

Vendor: SPIP
Product: SPIP
Published: Feb 19, 2026
Source: NVD
CVE-2025-71240 MEDIUM - 5.4

SPIP before 4.2.15 allows Cross-Site Scripting (XSS) via crafted content in HTML code tags. The application does not properly verify JavaScript within code tags, allowing an attacker to inject malicious scripts that execute in a victim's browser.

Vendor: SPIP
Product: SPIP
Published: Feb 19, 2026
Source: NVD