CVE-2026-44125

SEPPmail Secure Email Gateway before version 15.0.4 fails to enforce authorization checks for multiple endpoints in the new GINA UI, allowing unauthenticated remote attackers to access functionality that should require a valid session...

CVE-2026-44127

SEPPmail Secure Email Gateway before version 15.0.4 contains an unauthenticated path traversal vulnerability in the identifier parameter of /api.app/attachment/preview that allows remote attackers to read arbitrary local files and trigger deletion of files in the targeted directory with the...

CVE-2026-44126

CVE-2026-44126 affects SEPPmail Secure Email Gateway (pre-15.0.4). The issue is insecure deserialization of untrusted data reachable from the new GINA UI, enabling unauthenticated remote code execution via a crafted serialized object. Exploit details, affected versions, and exact remediation are ...

CVE-2026-44129 Server-side template injection

SEPPmail Secure Email Gateway before version 15.0.4 contains a server-side template injection vulnerability in the new GINA UI because an endpoint accepts attacker-controlled template, allowing remote attackers to execute arbitrary template expressions and potentially achieve remote code executio...

SEPPmail Secure Email Gateway 代码问题漏洞

SEPPmail Secure Email Gateway is an email security gateway developed by the German company SEPPmail. Versions of SEPPmail Secure Email Gateway prior to version 15.0.4 contained a code vulnerability caused by insecure deserialization of untrusted data. This vulnerability could allow unauthenticate...

PT-2026-38958

Name of the Vulnerable Software and Affected Versions SEPPmail Secure Email Gateway versions prior to 15.0.4 Description The new GINA UI fails to enforce authorization checks for multiple endpoints. This allows unauthenticated remote attackers to access functionality that should require a valid...

PT-2026-2790

Substance3D - Designer versions 15.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

EUVD-2022-34509

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-2498

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in pipeline subscriptions in GitLab EE affecting all versions from 12.8 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 triggered new...

Next.js 安全漏洞

Next.js is a React framework open-sourced by Vercel. A security vulnerability exists in versions of Next.js prior to 15.0.4-canary.51 through 15.1.8, which stems from a cache contamination vulnerability that could lead to a denial of service...

CVE-2023-25449

Cross-Site Request Forgery CSRF vulnerability in Oliver Seidel, Bastian Germann cformsII plugin = 15.0.4 versions...

CVE-2024-41667

OpenAM is an open access management solution. In versions 15.0.3 and prior, the getCustomLoginUrlTemplate method in RealmOAuth2ProviderSettings.java is vulnerable to template injection due to its usage of user input. Although the developer intended to implement a custom URL for handling login to...

OpenAM FreeMarker template injection

OpenAM is an open access management solution. In versions 15.0.3 and prior, the getCustomLoginUrlTemplate method in RealmOAuth2ProviderSettings.java is vulnerable to template injection due to its usage of user input. Although the developer intended to implement a custom URL for handling login to...

GHSA-7726-43HG-M23V OpenAM FreeMarker template injection

OpenAM is an open access management solution. In versions 15.0.3 and prior, the getCustomLoginUrlTemplate method in RealmOAuth2ProviderSettings.java is vulnerable to template injection due to its usage of user input. Although the developer intended to implement a custom URL for handling login to...

CVE-2024-41667 OpenAM FreeMarker template injection

OpenAM is an open access management solution. In versions 15.0.3 and prior, the getCustomLoginUrlTemplate method in RealmOAuth2ProviderSettings.java is vulnerable to template injection due to its usage of user input. Although the developer intended to implement a custom URL for handling login to...

PT-2024-5297 · Openiam · Openam

Name of the Vulnerable Software and Affected Versions: OpenAM versions 15.0.3 and prior Description: The issue is related to the getCustomLoginUrlTemplate method in RealmOAuth2ProviderSettings.java, which is vulnerable to template injection due to its usage of user input. This vulnerability allow...

CVE-2023-25449

Cross-Site Request Forgery CSRF vulnerability in Oliver Seidel, Bastian Germann cformsII plugin = 15.0.4 versions...

CVE-2023-25449

Cross-Site Request Forgery CSRF vulnerability in Oliver Seidel, Bastian Germann cformsII plugin = 15.0.4 versions...

WordPress Plugin Oliver Seidel, Bastian Germann cformsII 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin Oliver Seidel, Bastia...

PT-2023-22003 · Nextcloud · Nextcloud Talk

Name of the Vulnerable Software and Affected Versions: Nextcloud Talk versions prior to 14.0.9 Nextcloud Talk versions prior to 15.0.4 Description: The issue arises from the talk app not properly filtering access to a conversation's member list. This allows an attacker to gain information about t...