50 matches found
CVE-2026-45171 Idira Privileged Session Manager (PSM): Potential Code Execution due to an Incomplete Input Validation
Incomplete input validation and improperly configured folder permissions within Idira Privileged Session Manager PSM versions prior to 15.0.3, 14.6.3, 14.2.5, and 14.0.5, an authenticated, low-privileged user could potentially execute arbitrary code. CyberArk Security Bulletin: CA26-17 and CA26-1...
CVE-2026-29135
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to craft a password-tag that bypasses subject sanitization...
CVE-2026-29134
SEPPmail Secure Email Gateway before version 15.0.3 allows an external user to modify GINA webdomain metadata and bypass per-domain restrictions...
CVE-2026-29142
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to forge a GINA-encrypted email...
CVE-2026-29137
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to hide security tags from users by crafting a long subject...
EUVD-2026-18168
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge security tags using Unicode lookalike characters...
EUVD-2026-18156
SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to claim another user's PGP signature as their own...
EUVD-2026-18150
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to craft a password-tag that bypasses subject sanitization...
EUVD-2026-18144
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker with access to a victim's GINA account to bypass a second-password check and read protected emails...
CVE-2026-29140
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to cause attacker-controlled certificates to be used for future encryption to a victim by adding the certificates to S/MIME signatures...
CVE-2026-29136
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to inject HTML into notification emails about new CA certificates...
CVE-2026-29139 GINA State Confusion Account Takeover
SEPPmail Secure Email Gateway before version 15.0.3 allows account takeover by abusing GINA account initialization to reset a victim account password...
CVE-2026-29143
CVE-2026-29143 affects SEPPmail Secure Email Gateway prior to version 15.0.3. The issue is that the inner S/MIME-encrypted MIME entity is not properly authenticated, enabling an attacker to manipulate trusted headers. The root cause is insufficient verification of the inner message, with potentia...
CVE-2026-29138
SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to claim another user's PGP signature as their own...
CVE-2026-29142 Plaintext secure-mail.html
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to forge a GINA-encrypted email...
CVE-2026-29142
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to forge a GINA-encrypted email...
CVE-2026-29137 Long Subject Untagging
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to hide security tags from users by crafting a long subject...
CVE-2026-29141 Bounded Subject Tag Sanitization
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge tags such as signed OK...
CVE-2026-29133
SEPPmail Secure Email Gateway (before v15.0.3) allows an attacker to upload PGP keys whose UIDs do not match the recipient email address, enabling potential impersonation or confusion in key-management workflows. The CVE-2026-29133 entry confirms the affected product and condition; CVSS 4.0 vecto...
SEPPmail Secure Email Gateway 安全漏洞
SEPPmail Secure Email Gateway is an email security gateway developed by the German company SEPPmail. Versions of SEPPmail Secure Email Gateway prior to version 15.0.3 contained security vulnerabilities. These vulnerabilities stemmed from allowing attackers to add certificates into S/MIME...