48 matches found
SEPPMail Secure E-Mail Gateway Vulnerabilities Enable RCE and Mail Traffic Access
Critical security vulnerabilities have been disclosed in SEPPMail Secure E-Mail Gateway, an enterprise-grade email security solution, that could be exploited to achieve remote code execution and enable an attacker to read arbitrary mails from the virtual appliance. "These vulnerabilities could ha...
CVE-2026-44127
SEPPmail Secure Email Gateway before version 15.0.4 contains an unauthenticated path traversal vulnerability in the identifier parameter of /api.app/attachment/preview that allows remote attackers to read arbitrary local files and trigger deletion of files in the targeted directory with the...
EUVD-2026-28587
SEPPmail Secure Email Gateway before version 15.0.4 contains an unauthenticated path traversal vulnerability in the identifier parameter of /api.app/attachment/preview that allows remote attackers to read arbitrary local files and trigger deletion of files in the targeted directory with the...
CVE-2026-44127
SEPPmail Secure Email Gateway before version 15.0.4 contains an unauthenticated path traversal vulnerability in the identifier parameter of /api.app/attachment/preview that allows remote attackers to read arbitrary local files and trigger deletion of files in the targeted directory with the...
CVE-2026-44127 Local File Inclusion (LFI) and Arbitrary File Deletion
SEPPmail Secure Email Gateway before version 15.0.4 contains an unauthenticated path traversal vulnerability in the identifier parameter of /api.app/attachment/preview that allows remote attackers to read arbitrary local files and trigger deletion of files in the targeted directory with the...
CVE-2026-44127 Local File Inclusion (LFI) and Arbitrary File Deletion
SEPPmail Secure Email Gateway before version 15.0.4 contains an unauthenticated path traversal vulnerability in the identifier parameter of /api.app/attachment/preview that allows remote attackers to read arbitrary local files and trigger deletion of files in the targeted directory with the...
SEPPmail Secure Email Gateway 安全漏洞
SEPPmail Secure Email Gateway is an email security gateway developed by the German company SEPPmail. Versions of SEPPmail Secure Email Gateway prior to version 15.0.4 contained a security vulnerability. This vulnerability stemmed from the identifier parameter in/api/app/attachment/preview, where...
PT-2026-38959
Name of the Vulnerable Software and Affected Versions SEPPmail Secure Email Gateway versions prior to 15.0.4 Description An unauthenticated path traversal issue exists in the '/api.app/attachment/preview' endpoint. This allows remote attackers to read arbitrary local files and trigger the deletio...
CVE-2026-35539
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. XSS exists because of insufficient HTML attachment sanitization in preview mode. A victim must preview a text/html attachment...
Pleasanter 跨站脚本漏洞
Pleasanter is a free OSS no-code/low-code development tool from Pleasanter, Inc. A cross-site scripting vulnerability exists in Pleasanter that stems from a stored cross-site scripting vulnerability in the Attachment Preview feature, which could lead to the execution of arbitrary script in a...
CVE-2024-34462
Alinto SOGo through 5.10.0 allows XSS during attachment preview...
CVE-2024-56358 Cross-site Scripting vulnerability through svg attachment previews in grist-core
grist-core is a spreadsheet hosting server. A user visiting a malicious document and previewing an attachment could have their account compromised, because JavaScript in an SVG file would be evaluated in the context of their current page. This issue has been patched in version 1.3.2. Users are...
PT-2024-36800 · Unknown · Grist-Core
Name of the Vulnerable Software and Affected Versions: grist-core versions prior to 1.3.2 Description: The issue concerns a spreadsheet hosting server where a user's account could be compromised by visiting a malicious document and previewing an attachment. This happens because JavaScript in an S...
Cross-Site Scripting
libSOGo.so is vulnerable to Cross-Site Scripting. The vulnerability is due to inadequate sanitization during attachment preview. This allows an attacker to execute arbitrary JavaScript code within the context of the user's browser session...
DEBIAN-CVE-2024-34462
Alinto SOGo through 5.10.0 allows XSS during attachment preview...
UBUNTU-CVE-2024-34462
Alinto SOGo through 5.10.0 allows XSS during attachment preview...
CVE-2024-34462
Alinto SOGo through 5.10.0 allows XSS during attachment preview...
CVE-2024-34462
Alinto SOGo through 5.10.0 allows XSS during attachment preview...
SOGo 安全漏洞
SOGo is a very fast and extensible modern collaboration suite. It provides calendaring, address book management and a full-featured Webmail client as well as resource sharing and permission handling. A security vulnerability exists in Alinto SOGo 5.10.0 and prior versions that originates from...
CVE-2024-34462
CVE-2024-34462 affects Alinto SOGo up to version 5.10.0, enabling Cross-Site Scripting during attachment previews. The incident is documented across multiple feeds (NVD, OSV, Debian LTS DLA-4434) with Debian noting a patch in 5.0.1-4+deb11u3 for the Bullseye release. In practice, affected deploym...