Every CVE whose affected-product data names Gfi Mailessentials, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (22)
CVE-2004-1312 — CVSS 10.0 (critical): A bug in the HTML parser in a certain Microsoft HTML library, as used in various third party products, may allow remote attackers to cause…
CVE-2025-34491 — CVSS 8.8 (high): GFI MailEssentials prior to version 21.8 is vulnerable to a .NET deserialization issue. A remote and authenticated attacker can execute…
CVE-2025-34489 — CVSS 7.8 (high): GFI MailEssentials prior to version 21.8 is vulnerable to a local privilege escalation issue. A local attacker can escalate to NT…
CVE-2025-34490 — CVSS 6.5 (medium): GFI MailEssentials prior to version 21.8 is vulnerable to an XML External Entity (XXE) issue. An authenticated and remote attacker can send…
CVE-2026-23607 — CVSS 5.4 (medium): GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Anti-Spam Whitelist management…
CVE-2026-23608 — CVSS 5.4 (medium): GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Mail Monitoring rule creation…
CVE-2026-23609 — CVSS 5.4 (medium): GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Perimeter SMTP Servers…
CVE-2026-23610 — CVSS 5.4 (medium): GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the POP2Exchange configuration…
CVE-2026-23612 — CVSS 5.4 (medium): GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the IP DNS Blocklist configuration…
CVE-2026-23613 — CVSS 5.4 (medium): GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the URI DNS Blocklist configuration…
CVE-2026-23614 — CVSS 5.4 (medium): GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Sender Policy Framework IP…
CVE-2026-23615 — CVSS 5.4 (medium): GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Sender Policy Framework Email…
CVE-2026-23616 — CVSS 5.4 (medium): GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Anti-Spoofing configuration page…
CVE-2026-23617 — CVSS 5.4 (medium): GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Spam Keyword Checking (Body)…
CVE-2026-23618 — CVSS 5.4 (medium): GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Spam Keyword Checking (Subject)…
CVE-2026-23619 — CVSS 5.4 (medium): GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Local Domains settings page. An…
CVE-2026-23611 — CVSS 5.4 (medium): GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the IP Blocklist management page. An…
CVE-2026-23604 — CVSS 5.4 (medium): GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Keyword Filtering rule creation…
CVE-2026-23605 — CVSS 5.4 (medium): GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Attachment Filtering rule creation…
CVE-2026-23606 — CVSS 5.4 (medium): GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Advanced Content Filtering rule…
CVE-2026-23620 — CVSS 4.3 (medium): GFI MailEssentials AI versions prior to 22.4 contain an arbitrary file existence enumeration vulnerability in the ListServer.IsDBExist()…
CVE-2026-23621 — CVSS 4.3 (medium): GFI MailEssentials AI versions prior to 22.4 contain an arbitrary directory existence enumeration vulnerability in the…