Latest CVE Feed
Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Anti-Spoofing configuration page. An authenticated user can supply HTML/JavaScript in the ctl00…
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Sender Policy Framework Email Exceptions interface. An authenticated user can supply HTML/JavaS…
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Sender Policy Framework IP Exceptions interface. An authenticated user can supply HTML/JavaScri…
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the URI DNS Blocklist configuration page. An authenticated user can supply HTML/JavaScript in the c…
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the IP DNS Blocklist configuration page. An authenticated user can supply HTML/JavaScript in the ct…
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the IP Blocklist management page. An authenticated user can supply HTML/JavaScript in the ctl00$Con…
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the POP2Exchange configuration endpoint. An authenticated user can supply HTML/JavaScript in the PO…
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Perimeter SMTP Servers configuration page. An authenticated user can supply HTML/JavaScript in …
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Mail Monitoring rule creation endpoint. An authenticated user can supply HTML/JavaScript in the…
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Anti-Spam Whitelist management interface. An authenticated user can supply HTML/JavaScript in t…
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Advanced Content Filtering rule creation workflow. An authenticated user can supply HTML/JavaSc…
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Attachment Filtering rule creation workflow. An authenticated user can supply HTML/JavaScript i…
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Keyword Filtering rule creation workflow. An authenticated user can supply HTML/JavaScript in t…
The Product Table and List Builder for WooCommerce Lite plugin for WordPress is vulnerable to time-based SQL Injection via the 'search' parameter in all versions up to, and including, 4.6.2 due to in…
Hyland Alfresco allows unauthenticated attackers to read arbitrary files from protected directories (like WEB-INF) via the "/share/page/resource/" endpoint, thus leading to the disclosure of sensitiv…
Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability in versions prior to 1.39.4, specifically within the `InMemoryVectorStore` filter functionality. The…
Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Prior to version 1.12.1, a missing authorization check in multiple controllers allows any user wit…
strongMan is a management interface for strongSwan, an OpenSource IPsec-based VPN. When storing credentials in the database (private keys, EAP secrets), strongMan encrypts the corresponding database …
Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In versions prior to 3.27.0, an issue in Kata with …
The wpForo Forum plugin for WordPress is vulnerable to time-based SQL Injection via the 'wpfob' parameter in all versions up to, and including, 2.4.14 due to insufficient escaping on the user supplie…