7.8

CVSS4.0

CVE-2026-2748 - S/MIME Certificate Subject Whitespace

SEPPmail Secure Email Gateway before version 15.0.1 improperly validates S/MIME certificates issued for email addresses containing whitespaces, allowing signature spoofing.

πŸ“… Published: March 4, 2026, 8:48 a.m. πŸ”„ Last Modified: April 16, 2026, 1:45 p.m.

9.3

CVSS4.0

CVE-2026-27442 - zip_attachments Path Traversal

The GINA web interface in SEPPmail Secure Email Gateway before version 15.0.1 does not properly check attachment filenames in GINA-encrypted emails, allowing an attacker to access files on the gateway.

πŸ“… Published: March 4, 2026, 8:48 a.m. πŸ”„ Last Modified: April 16, 2026, 1:45 p.m.

6.9

CVSS4.0

CVE-2026-27445 - PGP Signature Reflection

SEPPmail Secure Email Gateway before version 15.0.1 does not properly verify that a PGP signature was generated by the expected key, allowing signature spoofing.

πŸ“… Published: March 4, 2026, 8:47 a.m. πŸ”„ Last Modified: April 17, 2026, 1:15 p.m.

7.8

CVSS4.0

CVE-2026-27444 - Header Email Address Parsing

SEPPmail Secure Email Gateway before version 15.0.1 incorrectly interprets email addresses in the email headers, causing an interpretation conflict with other mail infrastructure that allows an attacker to fake the source of the email or decrypt it.

πŸ“… Published: March 4, 2026, 8:47 a.m. πŸ”„ Last Modified: April 17, 2026, 1:15 p.m.

6.9

CVSS4.0

CVE-2026-2747 - PGP Mixed Plaintext and Encrypted Content

SEPPmail Secure Email Gateway before version 15.0.1 decrypts inline PGP messages without isolating them from surrounding unencrypted content, allowing exposure of sensitive information to an unauthorized actor.

πŸ“… Published: March 4, 2026, 8:46 a.m. πŸ”„ Last Modified: April 16, 2026, 1:45 p.m.

8.2

CVSS4.0

CVE-2026-27443 - S/MIME Decryption Tag Sanitization Bypass

SEPPmail Secure Email Gateway before version 15.0.1 does not properly sanitize the headers from S/MIME protected MIME entities, allowing an attacker to control trusted headers.

πŸ“… Published: March 4, 2026, 8:45 a.m. πŸ”„ Last Modified: April 16, 2026, 1:45 p.m.

5.4

CVSS3.1

CVE-2025-66168 - Apache ActiveMQ, Apache ActiveMQ All Module, Apache ActiveMQ MQTT Module: MQTT control packet remai…

WARNING: Users of 6.x should upgrade to 6.2.4 or later as the fix was missed in previous 6.x releases. See theΒ  following for more details: https://activemq.apache.org/security-advisories.data/CVE-2026-40046-announcement.txt https://www.cve.org/CVERecord?id=CVE-2026-40046 Original Report: …

πŸ“… Published: March 4, 2026, 8:45 a.m. πŸ”„ Last Modified: April 20, 2026, 5:30 p.m.

6.9

CVSS4.0

CVE-2026-2746 - Missing PGP Signature Tag

SEPPmail Secure Email Gateway before version 15.0.1 does not properly communicate PGP signature verification results, leaving users unable to detect forged emails.

πŸ“… Published: March 4, 2026, 8:44 a.m. πŸ”„ Last Modified: April 17, 2026, 1:15 p.m.

7.8

CVSS3.1

CVE-2026-3094 - File Parsing Out-Of-Bounds Write in CNCSoft-G2

Delta Electronics CNCSoft-G2Β lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.

πŸ“… Published: March 4, 2026, 8:36 a.m. πŸ”„ Last Modified: April 16, 2026, 1:45 p.m.

6.4

CVSS3.1

CVE-2026-1236 - Envira Gallery for WordPress <= 1.12.3 - Authenticated (Author+) Stored Cross-Site Scripting via 'j…

The Envira Gallery for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'justified_gallery_theme' parameter in all versions up to, and including, 1.12.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,…

πŸ“… Published: March 4, 2026, 8:23 a.m. πŸ”„ Last Modified: April 22, 2026, 9:26 p.m.
Total resulsts: 349182
Page 1350 of 34,919
Β« previous page Β» next page
Filters