Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
226015.5%CRITICAL

Related CVEs

26
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2026-29144SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge security tags using Unicode lookalike characters.HIGH7.811.5%Apr 2, 2026
CVE-2026-29143SEPPmail Secure Email Gateway before version 15.0.3 does not properly authenticate the inner message of S/MIME-encrypted MIME entities, allowing an attacker to control trusted headers.HIGH7.816.2%Apr 2, 2026
CVE-2026-29142SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to forge a GINA-encrypted email.MEDIUM6.32.6%Apr 2, 2026
CVE-2026-29141SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge tags such as [signed OK].HIGH7.711.5%Apr 2, 2026
CVE-2026-29140SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to cause attacker-controlled certificates to be used for future encryption to a victim by adding the certificates to S/MIME signatures.HIGH7.72.2%Apr 2, 2026
CVE-2026-29139SEPPmail Secure Email Gateway before version 15.0.3 allows account takeover by abusing GINA account initialization to reset a victim account password.HIGH7.819.1%Apr 2, 2026
CVE-2026-29138SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to claim another user's PGP signature as their own.MEDIUM6.312.1%Apr 2, 2026
CVE-2026-29137SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to hide security tags from users by crafting a long subject.MEDIUM5.38.8%Apr 2, 2026
CVE-2026-29136SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to inject HTML into notification emails about new CA certificates.MEDIUM5.31.1%Apr 2, 2026
CVE-2026-29135SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to craft a password-tag that bypasses subject sanitization.MEDIUM5.316.4%Apr 2, 2026
CVE-2026-29134SEPPmail Secure Email Gateway before version 15.0.3 allows an external user to modify GINA webdomain metadata and bypass per-domain restrictions.MEDIUM5.313.1%Apr 2, 2026
CVE-2026-29133SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to upload PGP keys with UIDs that do not match their email address.MEDIUM5.313.9%Apr 2, 2026
CVE-2026-29132SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker with access to a victim's GINA account to bypass a second-password check and read protected emails.MEDIUM6.316.4%Apr 2, 2026
CVE-2026-29131SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to read the contents of emails encrypted for other users.MEDIUM4.913.1%Apr 2, 2026
CVE-2026-2743Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web Interface. The affected feature is the large file transfer (LFT). This issue affects SeppMail: 15.0.2.1 and beforeCRITICAL10.053.3%Mar 5, 2026
CVE-2026-2748SEPPmail Secure Email Gateway before version 15.0.1 improperly validates S/MIME certificates issued for email addresses containing whitespaces, allowing signature spoofing.HIGH7.82.2%Mar 4, 2026
CVE-2026-2747SEPPmail Secure Email Gateway before version 15.0.1 decrypts inline PGP messages without isolating them from surrounding unencrypted content, allowing exposure of sensitive information to an unauthorized actor.MEDIUM6.916.2%Mar 4, 2026
CVE-2026-2746SEPPmail Secure Email Gateway before version 15.0.1 does not properly communicate PGP signature verification results, leaving users unable to detect forged emails.MEDIUM6.95.2%Mar 4, 2026
CVE-2026-27445SEPPmail Secure Email Gateway before version 15.0.1 does not properly verify that a PGP signature was generated by the expected key, allowing signature spoofing.MEDIUM6.92.5%Mar 4, 2026
CVE-2026-27444SEPPmail Secure Email Gateway before version 15.0.1 incorrectly interprets email addresses in the email headers, causing an interpretation conflict with other mail infrastructure that allows an attacker to fake the source of the email or decrypt it.HIGH7.811.6%Mar 4, 2026