VYPR
Vendor

Gfi

Products
12
CVEs
48
Across products
54
Status
Private

Products

12

Recent CVEs

48
View all 48 CVEs →
  • CVE-2010-5181HigAug 25, 2012
    risk 0.46cvss 7.0epss 0.00

    Race condition in VIPRE Antivirus Premium 4.0.3272 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory…

  • CVE-2017-7440MedMay 2, 2017
    risk 0.42cvss 6.5epss 0.01

    Kerio Connect 8.0.0 through 9.2.2, and Kerio Connect Client desktop application for Windows and Mac 9.2.0 through 9.2.2, when e-mail preview is enabled, allows remote attackers to conduct clickjacking attacks via a crafted e-mail message.

  • CVE-2026-23758MedApr 20, 2026
    risk 0.35cvss 5.4epss 0.00

    GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the ticket subject field that allows authenticated staff members to inject malicious JavaScript by manipulating the editsubject POST parameter. Attackers can inject XSS payloads through…

  • CVE-2026-23757MedApr 20, 2026
    risk 0.35cvss 5.4epss 0.00

    GFI HelpDesk before 4.99.10 contains a stored cross-site scripting vulnerability in the Reports module where the title parameter is passed directly to SWIFT_Report::Create() without HTML sanitization. Attackers can inject arbitrary JavaScript into the report title field when…

  • CVE-2026-23756MedApr 20, 2026
    risk 0.35cvss 5.4epss 0.00

    GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the Troubleshooter module where the subject POST parameter is not sanitized in Controller_Step.InsertSubmit() and EditSubmit() before being rendered by View_Step.RenderViewSteps(). An…

  • CVE-2026-23753MedApr 20, 2026
    risk 0.31cvss 4.8epss 0.00

    GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the language management functionality where the charset POST parameter is passed directly to SWIFT_Language::Create() without HTML sanitization and subsequently rendered unsanitized by…

  • CVE-2026-23752MedApr 20, 2026
    risk 0.31cvss 4.8epss 0.00

    GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the template group creation and editing functionality that allows authenticated administrators to inject arbitrary JavaScript by manipulating the companyname POST parameter without HTML…

  • CVE-2020-2506KEVFeb 3, 2021
    risk 0.13cvss epss 0.02

    The vulnerability have been reported to affect earlier versions of QTS. If exploited, this improper access control vulnerability could allow attackers to compromise the security of the software by gaining privileges, or reading sensitive information. This issue affects: QNAP…

  • CVE-2006-6158Nov 28, 2006
    risk 0.03cvss epss 0.03

    Multiple cross-site scripting (XSS) vulnerabilities in (a) PMOS Help Desk 2.4, formerly (b) InverseFlow Help Desk 2.31 and also sold as (c) Ace Helpdesk 2.31, allow remote attackers to inject arbitrary web script or HTML via the (1) id or email parameter to ticketview.php, or…

  • CVE-2024-11949Dec 11, 2024
    risk 0.01cvss epss 0.01

    GFI Archiver Store Service Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is required to exploit this vulnerability. The…

  • CVE-2024-11947Dec 11, 2024
    risk 0.01cvss epss 0.01

    GFI Archiver Core Service Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is required to exploit this vulnerability. The…

  • CVE-2002-1121Sep 24, 2002
    risk 0.01cvss epss 0.07

    SMTP content filter engines, including (1) GFI MailSecurity for Exchange/SMTP before 7.2, (2) InterScan VirusWall before 3.52 build 1494, (3) the default configuration of MIMEDefang before 2.21, and possibly other products, do not detect fragmented emails as defined in RFC2046…

  • CVE-2026-2039Feb 20, 2026
    risk 0.00cvss epss 0.01

    GFI Archiver MArc.Store Missing Authorization Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of GFI Archiver. Authentication is not required to exploit this vulnerability. The specific flaw…

  • CVE-2026-2036Feb 20, 2026
    risk 0.00cvss epss 0.01

    GFI Archiver MArc.Store Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Although authentication is required to exploit this vulnerability, the…

  • CVE-2026-2038Feb 20, 2026
    risk 0.00cvss epss 0.01

    GFI Archiver MArc.Core Missing Authorization Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of GFI Archiver. Authentication is not required to exploit this vulnerability. The specific flaw…

  • CVE-2026-2037Feb 20, 2026
    risk 0.00cvss epss 0.01

    GFI Archiver MArc.Core Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Although authentication is required to exploit this vulnerability, the…

  • CVE-2026-23621Feb 19, 2026
    risk 0.00cvss epss 0.00

    GFI MailEssentials AI versions prior to 22.4 contain an arbitrary directory existence enumeration vulnerability in the ListServer.IsPathExist() web method exposed at /MailEssentials/pages/MailSecurity/ListServer.aspx/IsPathExist. An authenticated user can supply an unrestricted…

  • CVE-2026-23620Feb 19, 2026
    risk 0.00cvss epss 0.00

    GFI MailEssentials AI versions prior to 22.4 contain an arbitrary file existence enumeration vulnerability in the ListServer.IsDBExist() web method exposed at /MailEssentials/pages/MailSecurity/ListServer.aspx/IsDBExist. An authenticated user can supply an unrestricted…

  • CVE-2026-23619Feb 19, 2026
    risk 0.00cvss epss 0.00

    GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Local Domains settings page. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$Pv3$txtDescription parameter to…

  • CVE-2026-23618Feb 19, 2026
    risk 0.00cvss epss 0.00

    GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Spam Keyword Checking (Subject) conditions interface. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pvSubject$TXB_SubjectCondition…