14 matches found
CVE-2026-29137
Affected product: SEPPmail Secure Email GatewayVulnerability: An attacker can hide security tags from users by crafting a long subject, affecting versions prior to 15.0.3.Root cause/impact: The long subject enables evasion of displayed security tags; CVSS metrics indicate medium severity with net...
CVE-2026-29141
The CVE affects SEPPmail Secure Email Gateway prior to version 15.0.3 . The issue is an insufficient subject sanitization that allows an attacker to forge tags such as [signed OK] . Documented impact shows no confidentiality impact, but potential integrity impact (subsequent) is HIGH ; attack vec...
CVE-2026-29142
The CVE affects SEPPmail Secure Email Gateway prior to version 15.0.3, where an attacker can forge a GINA-encrypted email. Affected product: SEPPmail Secure Email Gateway; root cause: improper handling of GINA encryption outside the intended trust boundary (as described in vulnerability notes). I...
CVE-2026-29143
CVE-2026-29143 affects SEPPmail Secure Email Gateway prior to version 15.0.3. The issue is that the inner S/MIME-encrypted MIME entity is not properly authenticated, enabling an attacker to manipulate trusted headers. The root cause is insufficient verification of the inner message, with potentia...
CVE-2026-29132
CVE-2026-29132 affects SEPPmail Secure Email Gateway prior to 15.0.3. An attacker who has access to a victim’s GINA account can bypass a second-password check and read protected emails. The vulnerability is documented across multiple feeds (NVD/Red Hat/EUVD/CIRCL, etc.), consistently stating the ...
CVE-2026-29139
CVE-2026-29139 affects SEPPmail Secure Email Gateway prior to version 15.0.3. The root cause is misuse of GINA account initialization, which can be leveraged to reset a victim’s password and lead to account takeover. Documents indicate a network-exposed vulnerability with high/severe impact (an a...
CVE-2026-29133
SEPPmail Secure Email Gateway is affected (versions before 15.0.3) by a vulnerability where an attacker can upload PGP keys with UIDs that do not match the associated email address. The root cause is inadequate UID validation for uploaded keys, enabling UID/address discrepancy. Documented impact ...
CVE-2026-29134
SEPPmail Secure Email Gateway is affected prior to version 15.0.3. The issue allows an external user to modify GINA webdomain metadata and bypass per‑domain restrictions, arising from the ability to change GINA metadata rather than a broader exploit chain. Documents consistently describe the vuln...
CVE-2026-29135
SEPPmail Secure Email Gateway is affected by CVE-2026-29135: versions prior to 15.0.3 allow an attacker to craft a password-tag that bypasses subject sanitization. The issue concerns the password-tag handling in the webmail/processing flow (no explicit exploit details provided in the documents). ...
CVE-2026-29140
CVE-2026-29140 affects SEPPmail Secure Email Gateway prior to version 15.0.3. The issue allows an attacker to cause attacker-controlled certificates to be used for future encryption on a victim by inserting those certificates into S/MIME signatures. The root cause is not explicitly broken out bey...
CVE-2026-29136
Affected software: SEPPmail Secure Email Gateway (pre-15.0.3). The issue is HTML injection in notification emails about new CA certificates, caused by and/or enabling injection into these messages. Impact is limited to the ability to inject HTML into CA-cert notification emails; no additional det...
CVE-2026-29138
SEPPmail Secure Email Gateway is affected by CVE-2026-29138 in versions prior to 15.0.3. The issue allows an attacker who sends a specially crafted email address to claim another user’s PGP signature as their own. Affected product/component: SEPPmail Secure Email Gateway; vulnerability type: misu...
CVE-2026-29144
SEPPmail Secure Email Gateway vulnerability CVE-2026-29144 affects versions prior to 15.0.3. An attacker can bypass subject sanitization and forge security tags using Unicode lookalike characters. The documents do not provide exploitation details, affected product scope beyond the stated version ...
CVE-2026-29131
SEPPmail Secure Email Gateway is affected up to version 15.0.3. A vulnerability in the PGP decryption recipient handling allows attackers who can craft a recipient email address to read emails encrypted for other users. The issue is identified as CVE-2026-29131. Connected sources corroborate the ...