{
"Source": "CVE FEED",
"Title": "CVE-2025-71246 - SPIP < 4.4.8 Cross-Site Scripting in Public Area",
"Content": "CVE ID : CVE-2025-71246
Published : Feb. 19, 2026, 4:27 p.m. | 11 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "19 Feb 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-71246 - SPIP < 4.4.8 Cross-Site Scripting in Public Area",
"Content": "CVE ID : CVE-2025-71246
Published : Feb. 19, 2026, 4:27 p.m. | 11 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "19 Feb 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-71247 - SPIP < 4.4.9 Blind Server-Side Request Forgery via Syndicated Sites",
"Content": "CVE ID : CVE-2025-71247
Published : Feb. 19, 2026, 4:27 p.m. | 11 minutes ago
Description : SPIP before 4.4.9 allows Blind Server-Side Request Forgery (SSRF) via syndicated sites in the private area. When editing a syndicated site, the application does not verify that the syndication URL is a valid remote URL, allowing an authenticated attacker to make the server issue requests to arbitrary internal or external destinations. This vulnerability is not mitigated by the SPIP security screen.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "19 Feb 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-71247 - SPIP < 4.4.9 Blind Server-Side Request Forgery via Syndicated Sites",
"Content": "CVE ID : CVE-2025-71247
Published : Feb. 19, 2026, 4:27 p.m. | 11 minutes ago
Description : SPIP before 4.4.9 allows Blind Server-Side Request Forgery (SSRF) via syndicated sites in the private area. When editing a syndicated site, the application does not verify that the syndication URL is a valid remote URL, allowing an authenticated attacker to make the server issue requests to arbitrary internal or external destinations. This vulnerability is not mitigated by the SPIP security screen.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "19 Feb 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-71242 - SPIP < 4.3.6 Authorization Bypass Leading to Content Disclosure",
"Content": "CVE ID : CVE-2025-71242
Published : Feb. 19, 2026, 4:27 p.m. | 11 minutes ago
Description : SPIP before 4.3.6, 4.2.17, and 4.1.20 allows unauthorized content disclosure in the private area. The application does not properly check authorization when displaying content of articles and sections (rubriques) in AJAX-loaded fragments, allowing an authenticated attacker to access restricted content. This vulnerability is not mitigated by the SPIP security screen.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "19 Feb 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-71242 - SPIP < 4.3.6 Authorization Bypass Leading to Content Disclosure",
"Content": "CVE ID : CVE-2025-71242
Published : Feb. 19, 2026, 4:27 p.m. | 11 minutes ago
Description : SPIP before 4.3.6, 4.2.17, and 4.1.20 allows unauthorized content disclosure in the private area. The application does not properly check authorization when displaying content of articles and sections (rubriques) in AJAX-loaded fragments, allowing an authenticated attacker to access restricted content. This vulnerability is not mitigated by the SPIP security screen.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "19 Feb 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-71245 - SPIP < 4.4.8 Cross-Site Scripting via Iframe Tags in Private Area",
"Content": "CVE ID : CVE-2025-71245
Published : Feb. 19, 2026, 4:27 p.m. | 11 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "19 Feb 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-71245 - SPIP < 4.4.8 Cross-Site Scripting via Iframe Tags in Private Area",
"Content": "CVE ID : CVE-2025-71245
Published : Feb. 19, 2026, 4:27 p.m. | 11 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "19 Feb 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-71240 - SPIP < 4.2.15 Cross-Site Scripting via Code Tags",
"Content": "CVE ID : CVE-2025-71240
Published : Feb. 19, 2026, 4:27 p.m. | 11 minutes ago
Description : SPIP before 4.2.15 allows Cross-Site Scripting (XSS) via crafted content in HTML code tags. The application does not properly verify JavaScript within code tags, allowing an attacker to inject malicious scripts that execute in a victim's browser.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "19 Feb 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-71240 - SPIP < 4.2.15 Cross-Site Scripting via Code Tags",
"Content": "CVE ID : CVE-2025-71240
Published : Feb. 19, 2026, 4:27 p.m. | 11 minutes ago
Description : SPIP before 4.2.15 allows Cross-Site Scripting (XSS) via crafted content in HTML code tags. The application does not properly verify JavaScript within code tags, allowing an attacker to inject malicious scripts that execute in a victim's browser.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "19 Feb 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-71241 - SPIP < 4.3.6 Cross-Site Scripting in Private Area",
"Content": "CVE ID : CVE-2025-71241
Published : Feb. 19, 2026, 4:27 p.m. | 11 minutes ago
Description : SPIP before 4.3.6, 4.2.17, and 4.1.20 allows Cross-Site Scripting (XSS) in the private area. The content of the error message displayed by the 'transmettre' API is not properly sanitized, allowing an attacker to inject malicious scripts. This vulnerability is mitigated by the SPIP security screen.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "19 Feb 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-71241 - SPIP < 4.3.6 Cross-Site Scripting in Private Area",
"Content": "CVE ID : CVE-2025-71241
Published : Feb. 19, 2026, 4:27 p.m. | 11 minutes ago
Description : SPIP before 4.3.6, 4.2.17, and 4.1.20 allows Cross-Site Scripting (XSS) in the private area. The content of the error message displayed by the 'transmettre' API is not properly sanitized, allowing an attacker to inject malicious scripts. This vulnerability is mitigated by the SPIP security screen.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "19 Feb 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-26030 - Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable to remote code execution",
"Content": "CVE ID : CVE-2026-26030
Published : Feb. 19, 2026, 4 p.m. | 37 minutes ago
Description : Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability in versions prior to 1.39.4, specifically within the `InMemoryVectorStore` filter functionality. The problem has been fixed in version `python-1.39.4`. Users should upgrade this version or higher. As a workaround, avoid using `InMemoryVectorStore` for production scenarios.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "19 Feb 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-26030 - Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable to remote code execution",
"Content": "CVE ID : CVE-2026-26030
Published : Feb. 19, 2026, 4 p.m. | 37 minutes ago
Description : Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability in versions prior to 1.39.4, specifically within the `InMemoryVectorStore` filter functionality. The problem has been fixed in version `python-1.39.4`. Users should upgrade this version or higher. As a workaround, avoid using `InMemoryVectorStore` for production scenarios.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "19 Feb 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-24834 - Kata Container to Guest micro VM privilege escalation",
"Content": "CVE ID : CVE-2026-24834
Published : Feb. 19, 2026, 3:57 p.m. | 40 minutes ago
Description : Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In versions prior to 3.27.0, an issue in Kata with Cloud Hypervisor allows a user of the container to modify the file system used by the Guest micro VM ultimately achieving arbitrary code execution as root in said VM. The current understanding is this doesnโt impact the security of the Host or of other containers / VMs running on that Host (note that arm64 QEMU lacks NVDIMM read-only support: It is believed that until the upstream QEMU gains this capability, a guest write could reach the image file). Version 3.27.0 patches the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "19 Feb 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-24834 - Kata Container to Guest micro VM privilege escalation",
"Content": "CVE ID : CVE-2026-24834
Published : Feb. 19, 2026, 3:57 p.m. | 40 minutes ago
Description : Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In versions prior to 3.27.0, an issue in Kata with Cloud Hypervisor allows a user of the container to modify the file system used by the Guest micro VM ultimately achieving arbitrary code execution as root in said VM. The current understanding is this doesnโt impact the security of the Host or of other containers / VMs running on that Host (note that arm64 QEMU lacks NVDIMM read-only support: It is believed that until the upstream QEMU gains this capability, a guest write could reach the image file). Version 3.27.0 patches the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "19 Feb 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-26339 - Hyland Alfresco Transformation Service Argument Injection RCE",
"Content": "CVE ID : CVE-2026-26339
Published : Feb. 19, 2026, 6:25 p.m. | 14 minutes ago
Description : Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve remote code execution through the argument injection vulnerability, which exists in the document processing functionality.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "19 Feb 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-26339 - Hyland Alfresco Transformation Service Argument Injection RCE",
"Content": "CVE ID : CVE-2026-26339
Published : Feb. 19, 2026, 6:25 p.m. | 14 minutes ago
Description : Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve remote code execution through the argument injection vulnerability, which exists in the document processing functionality.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "19 Feb 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-2409 - Delinea Cloud Suite SQL Injection",
"Content": "CVE ID : CVE-2026-2409
Published : Feb. 19, 2026, 6:25 p.m. | 14 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Delinea Cloud Suite allows Argument Injection.This issue affects Cloud Suite: before 25.2 HF1.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "19 Feb 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-2409 - Delinea Cloud Suite SQL Injection",
"Content": "CVE ID : CVE-2026-2409
Published : Feb. 19, 2026, 6:25 p.m. | 14 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Delinea Cloud Suite allows Argument Injection.This issue affects Cloud Suite: before 25.2 HF1.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "19 Feb 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-2243 - Qemu-kvm: heap buffer out-of-bounds read in vmdk compressed grain parsing",
"Content": "CVE ID : CVE-2026-2243
Published : Feb. 19, 2026, 6:25 p.m. | 14 minutes ago
Description : A flaw was found in QEMU. A specially crafted VMDK image could trigger an out-of-bounds read vulnerability, potentially leading to a 12-byte leak of sensitive information or a denial of service condition (DoS).
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "19 Feb 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-2243 - Qemu-kvm: heap buffer out-of-bounds read in vmdk compressed grain parsing",
"Content": "CVE ID : CVE-2026-2243
Published : Feb. 19, 2026, 6:25 p.m. | 14 minutes ago
Description : A flaw was found in QEMU. A specially crafted VMDK image could trigger an out-of-bounds read vulnerability, potentially leading to a 12-byte leak of sensitive information or a denial of service condition (DoS).
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "19 Feb 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-2817 - Spring Data Geode Insecure Temporary Directory Usage",
"Content": "CVE ID : CVE-2026-2817
Published : Feb. 19, 2026, 6:25 p.m. | 14 minutes ago
Description : Use of insecure directory in Spring Data Geode snapshot import extracts archives into predictable, permissive directories under the system temp location. On shared hosts, a local user with basic privileges can access another userโs extracted snapshot contents, leading to unintended exposure of cache data.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "19 Feb 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-2817 - Spring Data Geode Insecure Temporary Directory Usage",
"Content": "CVE ID : CVE-2026-2817
Published : Feb. 19, 2026, 6:25 p.m. | 14 minutes ago
Description : Use of insecure directory in Spring Data Geode snapshot import extracts archives into predictable, permissive directories under the system temp location. On shared hosts, a local user with basic privileges can access another userโs extracted snapshot contents, leading to unintended exposure of cache data.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "19 Feb 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-26337 - Hyland Alfresco Transformation Service Absolute Path Traversal Arbitrary File Read and SSRF",
"Content": "CVE ID : CVE-2026-26337
Published : Feb. 19, 2026, 6:24 p.m. | 14 minutes ago
Description : Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve both arbitrary file read and server-side request forgery through the absolute path traversal.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "19 Feb 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-26337 - Hyland Alfresco Transformation Service Absolute Path Traversal Arbitrary File Read and SSRF",
"Content": "CVE ID : CVE-2026-26337
Published : Feb. 19, 2026, 6:24 p.m. | 14 minutes ago
Description : Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve both arbitrary file read and server-side request forgery through the absolute path traversal.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "19 Feb 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-26338 - Hyland Alfresco Transformation Service SSRF",
"Content": "CVE ID : CVE-2026-26338
Published : Feb. 19, 2026, 6:24 p.m. | 14 minutes ago
Description : Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve server-side request forgery (SSRF) through the document processing functionality.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "19 Feb 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-26338 - Hyland Alfresco Transformation Service SSRF",
"Content": "CVE ID : CVE-2026-26338
Published : Feb. 19, 2026, 6:24 p.m. | 14 minutes ago
Description : Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve server-side request forgery (SSRF) through the document processing functionality.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "19 Feb 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-23616 - GFI MailEssentials AI < 22.4 Anti-Spam Anti-Spoofing Description Stored XSS",
"Content": "CVE ID : CVE-2026-23616
Published : Feb. 19, 2026, 6:24 p.m. | 14 minutes ago
Description : GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Anti-Spoofing configuration page. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$AntiSpoofingGeneral1$TxtSmtpDesc parameter to /MailEssentials/pages/MailSecurity/AntiSpoofing.aspx, which is stored and later rendered in the management interface, allowing script execution in the context of a logged-in user.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "19 Feb 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-23616 - GFI MailEssentials AI < 22.4 Anti-Spam Anti-Spoofing Description Stored XSS",
"Content": "CVE ID : CVE-2026-23616
Published : Feb. 19, 2026, 6:24 p.m. | 14 minutes ago
Description : GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Anti-Spoofing configuration page. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$AntiSpoofingGeneral1$TxtSmtpDesc parameter to /MailEssentials/pages/MailSecurity/AntiSpoofing.aspx, which is stored and later rendered in the management interface, allowing script execution in the context of a logged-in user.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "19 Feb 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-23617 - GFI MailEssentials AI < 22.4 Anti-Spam Spam Keyword Checking Body Condition Stored XSS",
"Content": "CVE ID : CVE-2026-23617
Published : Feb. 19, 2026, 6:24 p.m. | 14 minutes ago
Description : GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Spam Keyword Checking (Body) conditions interface. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pvGeneral$TXB_Condition parameter to /MailEssentials/pages/MailSecurity/ASKeywordChecking.aspx, which is stored and later rendered in the management interface, allowing script execution in the context of a logged-in user.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "19 Feb 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-23617 - GFI MailEssentials AI < 22.4 Anti-Spam Spam Keyword Checking Body Condition Stored XSS",
"Content": "CVE ID : CVE-2026-23617
Published : Feb. 19, 2026, 6:24 p.m. | 14 minutes ago
Description : GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Spam Keyword Checking (Body) conditions interface. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pvGeneral$TXB_Condition parameter to /MailEssentials/pages/MailSecurity/ASKeywordChecking.aspx, which is stored and later rendered in the management interface, allowing script execution in the context of a logged-in user.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "19 Feb 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-23618 - GFI MailEssentials AI < 22.4 Anti-Spam Spam Keyword Checking Subject Condition Stored XSS",
"Content": "CVE ID : CVE-2026-23618
Published : Feb. 19, 2026, 6:24 p.m. | 14 minutes ago
Description : GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Spam Keyword Checking (Subject) conditions interface. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pvSubject$TXB_SubjectCondition parameter to /MailEssentials/pages/MailSecurity/ASKeywordChecking.aspx, which is stored and later rendered in the management interface, allowing script execution in the context of a logged-in user.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "19 Feb 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-23618 - GFI MailEssentials AI < 22.4 Anti-Spam Spam Keyword Checking Subject Condition Stored XSS",
"Content": "CVE ID : CVE-2026-23618
Published : Feb. 19, 2026, 6:24 p.m. | 14 minutes ago
Description : GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Spam Keyword Checking (Subject) conditions interface. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pvSubject$TXB_SubjectCondition parameter to /MailEssentials/pages/MailSecurity/ASKeywordChecking.aspx, which is stored and later rendered in the management interface, allowing script execution in the context of a logged-in user.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "19 Feb 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-23619 - GFI MailEssentials AI < 22.4 General Settings Local Domains Domain Description Stored XSS",
"Content": "CVE ID : CVE-2026-23619
Published : Feb. 19, 2026, 6:24 p.m. | 14 minutes ago
Description : GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Local Domains settings page. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$Pv3$txtDescription parameter to /MailEssentials/pages/MailSecurity/general.aspx, which is stored and later rendered in the management interface, allowing script execution in the context of a logged-in user.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "19 Feb 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-23619 - GFI MailEssentials AI < 22.4 General Settings Local Domains Domain Description Stored XSS",
"Content": "CVE ID : CVE-2026-23619
Published : Feb. 19, 2026, 6:24 p.m. | 14 minutes ago
Description : GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Local Domains settings page. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$Pv3$txtDescription parameter to /MailEssentials/pages/MailSecurity/general.aspx, which is stored and later rendered in the management interface, allowing script execution in the context of a logged-in user.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "19 Feb 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-23620 - GFI MailEssentials AI < 22.4 ListServer.IsDbExist() Absolute Directory Traversal to File Enumeration",
"Content": "CVE ID : CVE-2026-23620
Published : Feb. 19, 2026, 6:24 p.m. | 14 minutes ago
Description : GFI MailEssentials AI versions prior to 22.4 contain an arbitrary file existence enumeration vulnerability in the ListServer.IsDBExist() web method exposed at /MailEssentials/pages/MailSecurity/ListServer.aspx/IsDBExist. An authenticated user can supply an unrestricted filesystem path via the JSON key "path", which is URL-decoded and passed to File.Exists(), allowing the attacker to determine whether arbitrary files exist on the server.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "19 Feb 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-23620 - GFI MailEssentials AI < 22.4 ListServer.IsDbExist() Absolute Directory Traversal to File Enumeration",
"Content": "CVE ID : CVE-2026-23620
Published : Feb. 19, 2026, 6:24 p.m. | 14 minutes ago
Description : GFI MailEssentials AI versions prior to 22.4 contain an arbitrary file existence enumeration vulnerability in the ListServer.IsDBExist() web method exposed at /MailEssentials/pages/MailSecurity/ListServer.aspx/IsDBExist. An authenticated user can supply an unrestricted filesystem path via the JSON key "path", which is URL-decoded and passed to File.Exists(), allowing the attacker to determine whether arbitrary files exist on the server.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "19 Feb 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-23615 - GFI MailEssentials AI < 22.4 Anti-Spam Sender Policy Framework Email Exceptions Description Stored XSS",
"Content": "CVE ID : CVE-2026-23615
Published : Feb. 19, 2026, 6:24 p.m. | 14 minutes ago
Description : GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Sender Policy Framework Email Exceptions interface. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv4$txtEmailDescription parameter to /MailEssentials/pages/MailSecurity/SenderPolicyFramework.aspx, which is stored and later rendered in the management interface, allowing script execution in the context of a logged-in user.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "19 Feb 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-23615 - GFI MailEssentials AI < 22.4 Anti-Spam Sender Policy Framework Email Exceptions Description Stored XSS",
"Content": "CVE ID : CVE-2026-23615
Published : Feb. 19, 2026, 6:24 p.m. | 14 minutes ago
Description : GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Sender Policy Framework Email Exceptions interface. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv4$txtEmailDescription parameter to /MailEssentials/pages/MailSecurity/SenderPolicyFramework.aspx, which is stored and later rendered in the management interface, allowing script execution in the context of a logged-in user.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "19 Feb 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-23613 - GFI MailEssentials AI < 22.4 Anti-Spam URI DNS Blocklist Domain Stored XSS",
"Content": "CVE ID : CVE-2026-23613
Published : Feb. 19, 2026, 6:24 p.m. | 14 minutes ago
Description : GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the URI DNS Blocklist configuration page. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$TXB_URIs parameter to /MailEssentials/pages/MailSecurity/uridnsblocklist.aspx, which is stored and later rendered in the management interface, allowing script execution in the context of a logged-in user.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "19 Feb 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-23613 - GFI MailEssentials AI < 22.4 Anti-Spam URI DNS Blocklist Domain Stored XSS",
"Content": "CVE ID : CVE-2026-23613
Published : Feb. 19, 2026, 6:24 p.m. | 14 minutes ago
Description : GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the URI DNS Blocklist configuration page. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$TXB_URIs parameter to /MailEssentials/pages/MailSecurity/uridnsblocklist.aspx, which is stored and later rendered in the management interface, allowing script execution in the context of a logged-in user.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "19 Feb 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น