154 matches found
CVE-2026-44127
SEPPmail Secure Email Gateway before version 15.0.4 contains an unauthenticated path traversal vulnerability in the identifier parameter of /api.app/attachment/preview that allows remote attackers to read arbitrary local files and trigger deletion of files in the targeted directory with the...
EUVD-2026-28590
SEPPmail Secure Email Gateway before version 15.0.4 exposes server environment variables through an unauthenticated endpoint in the new GINA UI, allowing remote attackers to obtain sensitive system information...
EUVD-2026-28589
SEPPmail Secure Email Gateway before version 15.0.4 contains a server-side template injection vulnerability in the new GINA UI because an endpoint accepts attacker-controlled template, allowing remote attackers to execute arbitrary template expressions and potentially achieve remote code executio...
EUVD-2026-28635
SEPPmail Secure Email Gateway before version 15.0.4 insecurely deserializes untrusted data, which can be reached from the new GINA UI and may allow unauthenticated remote attackers to execute code via a crafted serialized object...
CVE-2026-44126 Insecure deserialization
SEPPmail Secure Email Gateway before version 15.0.4 insecurely deserializes untrusted data, which can be reached from the new GINA UI and may allow unauthenticated remote attackers to execute code via a crafted serialized object...
CVE-2026-7864
SEPPmail Secure Email Gateway is affected by CVE-2026-7864: versions prior to 15.0.4 expose server environment variables via an unauthenticated endpoint in the new GINA UI, enabling remote attackers to obtain sensitive system information. Affected component is the GINA UI backend exposing environ...
SEPPmail Secure Email Gateway 安全漏洞
SEPPmail Secure Email Gateway is an email security gateway developed by the German company SEPPmail. Versions of SEPPmail Secure Email Gateway prior to version 15.0.4 contained security vulnerabilities. These vulnerabilities stemmed from the lack of authorization checks for multiple endpoints in...
PT-2026-38961
Name of the Vulnerable Software and Affected Versions SEPPmail Secure Email Gateway versions prior to 15.0.4 Description The new GINA UI contains a server-side template injection SSTI—a flaw where an application embeds user input into a server-side template without proper validation—because an...
PT-2026-38962
Name of the Vulnerable Software and Affected Versions SEPPmail Secure Email Gateway versions prior to 15.0.4 Description An unauthenticated endpoint in the new GINA UI exposes server environment variables, which allows remote attackers to obtain sensitive system information. Recommendations Updat...
CVE-2026-29132
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker with access to a victim's GINA account to bypass a second-password check and read protected emails...
CVE-2026-29133
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to upload PGP keys with UIDs that do not match their email address...
CVE-2026-29142
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to forge a GINA-encrypted email...
EUVD-2026-18152
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to inject HTML into notification emails about new CA certificates...
EUVD-2026-18142
SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to read the contents of emails encrypted for other users...
EUVD-2026-18166
SEPPmail Secure Email Gateway before version 15.0.3 does not properly authenticate the inner message of S/MIME-encrypted MIME entities, allowing an attacker to control trusted headers...
EUVD-2026-18146
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to upload PGP keys with UIDs that do not match their email address...
CVE-2026-29134
SEPPmail Secure Email Gateway before version 15.0.3 allows an external user to modify GINA webdomain metadata and bypass per-domain restrictions...
CVE-2026-29139
CVE-2026-29139 affects SEPPmail Secure Email Gateway prior to version 15.0.3. The root cause is misuse of GINA account initialization, which can be leveraged to reset a victim’s password and lead to account takeover. Documents indicate a network-exposed vulnerability with high/severe impact (an a...
CVE-2026-29144
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge security tags using Unicode lookalike characters...
CVE-2026-29143
SEPPmail Secure Email Gateway before version 15.0.3 does not properly authenticate the inner message of S/MIME-encrypted MIME entities, allowing an attacker to control trusted headers...