Filtered by vendor Seppmail
Subscribe
Total
26 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-29131 | 1 Seppmail | 1 Secure Email Gateway | 2026-04-16 | N/A | 7.5 HIGH |
| SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to read the contents of emails encrypted for other users. | |||||
| CVE-2026-29132 | 1 Seppmail | 1 Secure Email Gateway | 2026-04-16 | N/A | 7.5 HIGH |
| SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker with access to a victim's GINA account to bypass a second-password check and read protected emails. | |||||
| CVE-2026-29133 | 1 Seppmail | 1 Secure Email Gateway | 2026-04-16 | N/A | 9.1 CRITICAL |
| SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to upload PGP keys with UIDs that do not match their email address. | |||||
| CVE-2026-29134 | 1 Seppmail | 1 Secure Email Gateway | 2026-04-16 | N/A | 7.5 HIGH |
| SEPPmail Secure Email Gateway before version 15.0.3 allows an external user to modify GINA webdomain metadata and bypass per-domain restrictions. | |||||
| CVE-2026-29135 | 1 Seppmail | 1 Secure Email Gateway | 2026-04-16 | N/A | 7.5 HIGH |
| SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to craft a password-tag that bypasses subject sanitization. | |||||
| CVE-2026-29136 | 1 Seppmail | 1 Secure Email Gateway | 2026-04-16 | N/A | 6.1 MEDIUM |
| SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to inject HTML into notification emails about new CA certificates. | |||||
| CVE-2026-29137 | 1 Seppmail | 1 Secure Email Gateway | 2026-04-16 | N/A | 5.3 MEDIUM |
| SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to hide security tags from users by crafting a long subject. | |||||
| CVE-2026-29138 | 1 Seppmail | 1 Secure Email Gateway | 2026-04-16 | N/A | 7.5 HIGH |
| SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to claim another user's PGP signature as their own. | |||||
| CVE-2026-29139 | 1 Seppmail | 1 Secure Email Gateway | 2026-04-16 | N/A | 9.8 CRITICAL |
| SEPPmail Secure Email Gateway before version 15.0.3 allows account takeover by abusing GINA account initialization to reset a victim account password. | |||||
| CVE-2026-29144 | 1 Seppmail | 1 Secure Email Gateway | 2026-04-16 | N/A | 5.3 MEDIUM |
| SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge security tags using Unicode lookalike characters. | |||||
| CVE-2026-29142 | 1 Seppmail | 1 Secure Email Gateway | 2026-04-16 | N/A | 5.3 MEDIUM |
| SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to forge a GINA-encrypted email. | |||||
| CVE-2026-29140 | 1 Seppmail | 1 Secure Email Gateway | 2026-04-16 | N/A | 5.3 MEDIUM |
| SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to cause attacker-controlled certificates to be used for future encryption to a victim by adding the certificates to S/MIME signatures. | |||||
| CVE-2026-29141 | 1 Seppmail | 1 Secure Email Gateway | 2026-04-16 | N/A | 5.3 MEDIUM |
| SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge tags such as [signed OK]. | |||||
| CVE-2026-29143 | 1 Seppmail | 1 Secure Email Gateway | 2026-04-16 | N/A | 9.1 CRITICAL |
| SEPPmail Secure Email Gateway before version 15.0.3 does not properly authenticate the inner message of S/MIME-encrypted MIME entities, allowing an attacker to control trusted headers. | |||||
| CVE-2026-2743 | 1 Seppmail | 1 Seppmail | 2026-03-09 | N/A | 9.8 CRITICAL |
| Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web Interface. The affected feature is the large file transfer (LFT). This issue affects SeppMail: 15.0.2.1 and before | |||||
| CVE-2026-27441 | 1 Seppmail | 1 Seppmail | 2026-03-05 | N/A | 9.8 CRITICAL |
| SEPPmail Secure Email Gateway before version 15.0.1 insufficiently neutralizes the PDF encryption password, allowing OS command execution. | |||||
| CVE-2026-27442 | 1 Seppmail | 1 Seppmail | 2026-03-05 | N/A | 7.5 HIGH |
| The GINA web interface in SEPPmail Secure Email Gateway before version 15.0.1 does not properly check attachment filenames in GINA-encrypted emails, allowing an attacker to access files on the gateway. | |||||
| CVE-2026-27443 | 1 Seppmail | 1 Seppmail | 2026-03-05 | N/A | 7.5 HIGH |
| SEPPmail Secure Email Gateway before version 15.0.1 does not properly sanitize the headers from S/MIME protected MIME entities, allowing an attacker to control trusted headers. | |||||
| CVE-2026-27444 | 1 Seppmail | 1 Seppmail | 2026-03-05 | N/A | 7.5 HIGH |
| SEPPmail Secure Email Gateway before version 15.0.1 incorrectly interprets email addresses in the email headers, causing an interpretation conflict with other mail infrastructure that allows an attacker to fake the source of the email or decrypt it. | |||||
| CVE-2026-27445 | 1 Seppmail | 1 Seppmail | 2026-03-05 | N/A | 5.3 MEDIUM |
| SEPPmail Secure Email Gateway before version 15.0.1 does not properly verify that a PGP signature was generated by the expected key, allowing signature spoofing. | |||||