Lucene search
K

1340 matches found

Vulnrichment
Vulnrichment
added 2026/03/04 8:47 a.m.2 views

CVE-2026-27445 PGP Signature Reflection

SEPPmail Secure Email Gateway before version 15.0.1 does not properly verify that a PGP signature was generated by the expected key, allowing signature spoofing...

6.9CVSS5.9AI score0.00123EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/04 8:47 a.m.3 views

CVE-2026-27445

SEPPmail Secure Email Gateway before version 15.0.1 does not properly verify that a PGP signature was generated by the expected key, allowing signature spoofing...

6.9CVSS5.9AI score0.00123EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/04 8:46 a.m.27 views

CVE-2026-2747 PGP Mixed Plaintext and Encrypted Content

SEPPmail Secure Email Gateway before version 15.0.1 decrypts inline PGP messages without isolating them from surrounding unencrypted content, allowing exposure of sensitive information to an unauthorized actor...

6.9CVSS0.0025EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/04 8:46 a.m.2 views

CVE-2026-2747 PGP Mixed Plaintext and Encrypted Content

SEPPmail Secure Email Gateway before version 15.0.1 decrypts inline PGP messages without isolating them from surrounding unencrypted content, allowing exposure of sensitive information to an unauthorized actor...

6.9CVSS5.9AI score0.0025EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/04 8:46 a.m.5 views

CVE-2026-2747

SEPPmail Secure Email Gateway before version 15.0.1 decrypts inline PGP messages without isolating them from surrounding unencrypted content, allowing exposure of sensitive information to an unauthorized actor...

6.9CVSS5.9AI score0.0025EPSS
Exploits0References2
CVE
CVE
added 2026/03/04 8:46 a.m.14 views

CVE-2026-2747

Summary: CVE-2026-2747 affects SEPPmail Secure Email Gateway. The vulnerability arises because versions prior to 15.0.1 decrypt inline PGP messages without isolating them from surrounding unencrypted content, potentially exposing sensitive information to an unauthorized actor. This is described a...

7.5CVSS5.9AI score0.0025EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/04 8:44 a.m.3 views

CVE-2026-2746

SEPPmail Secure Email Gateway before version 15.0.1 does not properly communicate PGP signature verification results, leaving users unable to detect forged emails...

6.9CVSS5.9AI score0.00157EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/04 8:44 a.m.3 views

CVE-2026-2746 Missing PGP Signature Tag

SEPPmail Secure Email Gateway before version 15.0.1 does not properly communicate PGP signature verification results, leaving users unable to detect forged emails...

6.9CVSS5.9AI score0.00157EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.5 views

PT-2026-22894

SEPPmail Secure Email Gateway before version 15.0.1 decrypts inline PGP messages without isolating them from surrounding unencrypted content, allowing exposure of sensitive information to an unauthorized actor...

6.9CVSS5.9AI score0.0025EPSS
Exploits0References2
OSV
OSV
added 2026/03/03 1:10 p.m.2 views

SUSE-SU-2026:0768-1 Security update for postgresql14

This update for postgresql14 fixes the following issues: Update to version 14.22 bsc1258754. Security issues fixed: - CVE-2026-2003: improper validation of type 'oidvector' may allow disclose a few bytes of server memory bsc1258008. - CVE-2026-2004: intarray missing validation of type of input to...

8.8CVSS6.4AI score0.01208EPSS
Exploits3References10
OSV
OSV
added 2026/02/24 3:15 p.m.1 views

SUSE-SU-2026:0615-1 Security update for postgresql15

This update for postgresql15 fixes the following issues: Update to version 15.16. Security issues fixed: - CVE-2026-2003: improper validation of type 'oidvector' may allow disclose a few bytes of server memory bsc1258008. - CVE-2026-2004: intarray missing validation of type of input to selectivit...

8.8CVSS6.4AI score0.01208EPSS
Exploits3References9
Packet Storm News
Packet Storm News
added 2026/02/24 12:0 a.m.6 views

GNU Privacy Guard 2.5.18

GnuPG the GNU Privacy Guard or GPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As suc...

5.9AI score
Exploits0
Fedora
Fedora
added 2026/02/17 1:16 a.m.8 views

[SECURITY] Fedora 42 Update: gnupg2-2.4.9-2.fc42

GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440 and the S/MIME standard as described...

8.4CVSS5.5AI score0.00421EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/02/16 12:0 a.m.5 views

RHEL 10 : gnupg2 (RHSA-2026:2719)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:2719 advisory. The GNU Privacy Guard GnuPG or GPG is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards...

8.4CVSS6.8AI score0.00421EPSS
Exploits1References4
Snyk
Snyk
added 2026/02/12 1:55 p.m.3 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the pgppubdecryptbytea, which missing a safeguard for the session key length read from the message data, that can be given in input of pgppubdecryptbytea. An attacker can execute arbitrary code as the...

8.8CVSS6.2AI score0.01208EPSS
Exploits3References2
Fedora
Fedora
added 2026/02/04 2:5 a.m.7 views

[SECURITY] Fedora 42 Update: rust-sequoia-sqv-1.3.0-5.fc42

A simple OpenPGP signature verification program...

5.3CVSS5.2AI score0.00297EPSS
Exploits0
OSV
OSV
added 2026/01/28 8:16 a.m.6 views

CVE-2026-0818

When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email that was formatted and styled with HTML and CSS, then the decrypted contents were rendered in a context in which the CSS styles from the outer messages were active. If...

4.3CVSS5.8AI score0.00159EPSS
Exploits0References4
EUVD
EUVD
added 2026/01/27 6:40 p.m.5 views

EUVD-2026-4769

In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys...

8.4CVSS6.2AI score0.00421EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.9 views

MiracleLinux 8 : thunderbird-78.11.0-1.el8.ML.1 (AXSA:2021-2302:13)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-2302:13 advisory. Mozilla: Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11 CVE-2021-29967 Mozilla: Thunderbird stored OpenPGP secret keys without master...

8.8CVSS8.4AI score0.01368EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 8 : thunderbird-78.9.1-1.0.1.el8 (AXSA:2021-1686:06)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-1686:06 advisory. Mozilla: An attacker may use Thunderbird's OpenPGP key refresh mechanism to poison an existing key CVE-2021-23991 Mozilla: A crafted OpenPGP key wit...

6.8CVSS8.4AI score0.01035EPSS
Exploits1References4
Rows per page
Query Builder