Email security

This hub aggregates every CVE we track for Email security, a product in the networking infrastructure space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Email security.

• CVE-2026-3470A vulnerability exists in the SonicWall Email Security appliance due to improper input sanitization that may lead to data corruption, allowing a remote authenticated attacker as admin user could ex...3.8Mar 31, 2026
• CVE-2026-3469A denial-of-service (DoS) vulnerability exists due to improper input validation in the SonicWall Email Security appliance, allowing a remote authenticated attacker as admin user to cause the applic...2.7Mar 31, 2026
• CVE-2026-3468A stored Cross-Site Scripting (XSS) vulnerability has been identified in the SonicWall Email Security appliance due to improper neutralization of user-supplied input during web page generation, all...4.8Mar 31, 2026
• CVE-2025-40605A Path Traversal vulnerability has been identified in the Email Security appliance allows an attacker to manipulate file system paths by injecting crafted directory-traversal sequences (such as ../...5.3Nov 20, 2025
• CVE-2025-40604Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore...9.8Nov 20, 2025
• CVE-2024-9103Persistent XSS in blocked messages6.1Mar 24, 2025
• CVE-2024-2166Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Email Security (Real Time Monitor modules) allows Reflected XSS.This issue affects E...8.8Sep 4, 2024
• CVE-2024-22398An improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability in SonicWall Email Security Appliance could allow a remote attacker with administrative privileges to c...4.9Mar 14, 2024
• CVE-2023-2080Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cl...8.5Jun 15, 2023
• CVE-2023-0655SonicWall Email Security contains a vulnerability that could permit a remote unauthenticated attacker access to an error page that includes sensitive information about users email addresses.5.3Feb 14, 2023
• CVE-2022-1700Improper Restriction of XML External Entity Reference ('XXE') vulnerability in the Policy Engine of Forcepoint Data Loss Prevention (DLP), which is also leveraged by Forcepoint One Endpoint (F1E), ...7.5Sep 12, 2022
• CVE-2020-36519Mimecast Email Security before 2020-01-10 allows any admin to spoof any domain, and pass DMARC alignment via SPF. This occurs through misuse of the address rewrite feature. (The domain being spoofe...4.9Mar 15, 2022
• CVE-2021-45105Apache Log4j2 does not always protect from infinite recursion in lookup evaluation5.9Dec 18, 2021
• CVE-2021-45046Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attackKEV9.0Dec 14, 2021
• CVE-2021-44228Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpointsKEV10.0Dec 10, 2021