CVE-2026-3470

< 10.0.35.8405

A vulnerability exists in the SonicWall Email Security appliance due to improper input sanitization that may lead to data corrupti

3.8LOW

CVE-2026-3469

< 10.0.35.8405

A denial-of-service (DoS) vulnerability exists due to improper input validation in the SonicWall Email Security appliance, allowin

2.7LOW

CVE-2026-3468

< 10.0.35.8405

A stored Cross-Site Scripting (XSS) vulnerability has been identified in the SonicWall Email Security appliance due to improper ne

4.8MEDIUM

CVE-2024-2166

< 8.5.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Email Security (R

8.8HIGH

CVE-2023-2080

all versions

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Forcepoint Cloud Security Ga

8.5HIGH

CVE-2023-0655

<= 10.0.19.7431

SonicWall Email Security contains a vulnerability that could permit a remote unauthenticated attacker access to an error page that

5.3MEDIUM

CVE-2022-1700

< 8.5.5

Improper Restriction of XML External Entity Reference ('XXE') vulnerability in the Policy Engine of Forcepoint Data Loss Preventio

7.5HIGH

CVE-2020-36519

< 2020-01-10

Mimecast Email Security before 2020-01-10 allows any admin to spoof any domain, and pass DMARC alignment via SPF. This occurs thro

4.9MEDIUM

CVE-2021-45105

<= 10.0.12

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from sel

5.9MEDIUM

CVE-2021-45046

< 10.0.12

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. T

9.0CRITICAL

CVE-2021-44228

< 10.0.13

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration

10.0CRITICAL

CVE-2021-20023

< 10.0.9.6173

SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary

4.9MEDIUM

CVE-2021-20022

< 10.0.9.6103

SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrar

7.2HIGH

CVE-2021-20021

< 10.0.9.6103

A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending

9.8CRITICAL

CVE-2020-6590

< 8.5.4

Forcepoint Web Security Content Gateway versions prior to 8.5.4 improperly process XML input, leading to information disclosure.

7.5HIGH

CVE-2021-3450

< 10.0.11

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not

7.4HIGH

CVE-2019-6142

all versions

It has been reported that XSS is possible in Forcepoint Email Security, versions 8.5 and 8.5.3. It is strongly recommended that yo

6.1MEDIUM

CVE-2019-6140

>= 8.5 and <= 8.5.3

A configuration issue has been discovered in Forcepoint Email Security 8.4.x and 8.5.x: the product is left in a vulnerable state

9.8CRITICAL

CVE-2018-16530

all versions

A stack-based buffer overflow in Forcepoint Email Security version 8.5 allows an attacker to craft malicious input and potentially

9.8CRITICAL

CVE-2018-16529

>= 8.5.0 and <= 8.5.3

A password reset vulnerability has been discovered in Forcepoint Email Security 8.5.x. The password reset URL can be used after th

9.8CRITICAL

CVE-2018-3639

all versions

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all

5.5MEDIUM

CVE-2009-3749

all versions

The Web Administrator service (STEMWADM.EXE) in Websense Personal Email Manager 7.1 before Hotfix 4 and Email Security 7.1 before

CVE-2008-2162

all versions

Cross-site scripting (XSS) vulnerability in SonicWall Email Security 6.1.1 allows remote attackers to inject arbitrary web script