GO-2026-4896 MinIO is Vulnerable to SSE Metadata Injection via Replication Headers in github.com/minio/minio

MinIO is Vulnerable to SSE Metadata Injection via Replication Headers in github.com/minio/minio...

Storm Infostealer Sold as Service, Targets Browsers, Wallets and Accounts

New research from Varonis Threat Labs reveals Storm infostealer, a malicious subscription service that bypasses Google Chrome encryption.…...

EUVD-2026-18160

SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to cause attacker-controlled certificates to be used for future encryption to a victim by adding the certificates to S/MIME signatures...

EUVD-2026-18142

SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to read the contents of emails encrypted for other users...

EUVD-2026-18165

SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to forge a GINA-encrypted email...

CVE-2026-29140

SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to cause attacker-controlled certificates to be used for future encryption to a victim by adding the certificates to S/MIME signatures...

CVE-2026-29133

SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to upload PGP keys with UIDs that do not match their email address...

CVE-2026-29143

CVE-2026-29143 affects SEPPmail Secure Email Gateway prior to version 15.0.3. The issue is that the inner S/MIME-encrypted MIME entity is not properly authenticated, enabling an attacker to manipulate trusted headers. The root cause is insufficient verification of the inner message, with potentia...

CVE-2026-29131 PGP Decryption Recipient LDAP Injection

SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to read the contents of emails encrypted for other users...

CVE-2026-29142

The CVE affects SEPPmail Secure Email Gateway prior to version 15.0.3, where an attacker can forge a GINA-encrypted email. Affected product: SEPPmail Secure Email Gateway; root cause: improper handling of GINA encryption outside the intended trust boundary (as described in vulnerability notes). I...

CVE-2026-29140 S/MIME Signature Additional Certificate

SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to cause attacker-controlled certificates to be used for future encryption to a victim by adding the certificates to S/MIME signatures...

CVE-2026-29140

CVE-2026-29140 affects SEPPmail Secure Email Gateway prior to version 15.0.3. The issue allows an attacker to cause attacker-controlled certificates to be used for future encryption on a victim by inserting those certificates into S/MIME signatures. The root cause is not explicitly broken out bey...

CVE-2026-29140 S/MIME Signature Additional Certificate

SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to cause attacker-controlled certificates to be used for future encryption to a victim by adding the certificates to S/MIME signatures...

CVE-2026-29133

SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to upload PGP keys with UIDs that do not match their email address...

CVE-2026-3774

The application allows PDF JavaScript and document/print actions such as WillPrint/DidPrint to update form fields, annotations, or optional content groups OCGs immediately before or after redaction, encryption, or printing. These script‑driven updates are not fully covered by the existing...

PT-2026-29916

The restoreTenant admin mutation is missing from the authorization middleware config admin.go:499-522, making it completely unauthenticated. Unlike the similar restore mutation which requires Guardian-of-Galaxy authentication, restoreTenant executes with zero middleware. This mutation accepts...

PT-2026-29697

SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to cause attacker-controlled certificates to be used for future encryption to a victim by adding the certificates to S/MIME signatures...

HCL BigFix Platform 安全漏洞

The HCL BigFix Platform is a developed by the Indian company HCL. This platform supports automatic discovery, management, and remediation of endpoint security issues. There are security vulnerabilities in the HCL BigFix Platform, which stem from insecure private encryption key permissions. This m...

PT-2026-29699

SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to read the contents of emails encrypted for other users...

PT-2026-29898

Name of the Vulnerable Software and Affected Versions versions prior to 2026 Description The stored API keys in a temporary browser client are not adequately protected, potentially allowing extraction of encryption credentials through JavaScript console errors or similar mechanisms. This could...