CVE-2026-23621

< 22.4

GFI MailEssentials AI versions prior to 22.4 contain an arbitrary directory existence enumeration vulnerability in the ListServer

4.3MEDIUM

CVE-2026-23620

< 22.4

GFI MailEssentials AI versions prior to 22.4 contain an arbitrary file existence enumeration vulnerability in the ListServer.IsDB

4.3MEDIUM

CVE-2026-23619

< 22.4

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Local Domains settings pa

5.4MEDIUM

CVE-2026-23618

< 22.4

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Spam Keyword Checking (Su

5.4MEDIUM

CVE-2026-23617

< 22.4

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Spam Keyword Checking (Bo

5.4MEDIUM

CVE-2026-23616

< 22.4

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Anti-Spoofing configurati

5.4MEDIUM

CVE-2026-23615

< 22.4

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Sender Policy Framework E

5.4MEDIUM

CVE-2026-23614

< 22.4

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Sender Policy Framework I

5.4MEDIUM

CVE-2026-23613

< 22.4

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the URI DNS Blocklist configu

5.4MEDIUM

CVE-2026-23612

< 22.4

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the IP DNS Blocklist configur

5.4MEDIUM

CVE-2026-23611

< 22.4

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the IP Blocklist management p

5.4MEDIUM

CVE-2026-23610

< 22.4

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the POP2Exchange configuratio

5.4MEDIUM

CVE-2026-23609

< 22.4

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Perimeter SMTP Servers co

5.4MEDIUM

CVE-2026-23608

< 22.4

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Mail Monitoring rule crea

5.4MEDIUM

CVE-2026-23607

< 22.4

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Anti-Spam Whitelist manag

5.4MEDIUM

CVE-2026-23606

< 22.4

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Advanced Content Filterin

5.4MEDIUM

CVE-2026-23605

< 22.4

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Attachment Filtering rule

5.4MEDIUM

CVE-2026-23604

< 22.4

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Keyword Filtering rule cr

5.4MEDIUM

CVE-2025-34491

< 21.8

GFI MailEssentials prior to version 21.8 is vulnerable to a .NET deserialization issue. A remote and authenticated attacker can ex

8.8HIGH

CVE-2025-34490

< 21.8

GFI MailEssentials prior to version 21.8 is vulnerable to an XML External Entity (XXE) issue. An authenticated and remote attacker

6.5MEDIUM

CVE-2025-34489

< 21.8

GFI MailEssentials prior to version 21.8 is vulnerable to a local privilege escalation issue. A local attacker can escalate to NT

7.8HIGH

CVE-2004-1312

all versions

A bug in the HTML parser in a certain Microsoft HTML library, as used in various third party products, may allow remote attackers