9.3
CVE-2026-27442 - zip_attachments Path Traversal
The GINA web interface in SEPPmail Secure Email Gateway before version 15.0.1 does not properly check attachment filenames in GINA-encrypted emails, allowing an attacker to access files on the gateway.
6.9
CVE-2026-27445 - PGP Signature Reflection
SEPPmail Secure Email Gateway before version 15.0.1 does not properly verify that a PGP signature was generated by the expected key, allowing signature spoofing.
7.8
CVE-2026-27444 - Header Email Address Parsing
SEPPmail Secure Email Gateway before version 15.0.1 incorrectly interprets email addresses in the email headers, causing an interpretation conflict with other mail infrastructure that allows an attacker to fake the source of the email or decrypt it.
6.9
CVE-2026-2747 - PGP Mixed Plaintext and Encrypted Content
SEPPmail Secure Email Gateway before version 15.0.1 decrypts inline PGP messages without isolating them from surrounding unencrypted content, allowing exposure of sensitive information to an unauthorized actor.
8.2
CVE-2026-27443 - S/MIME Decryption Tag Sanitization Bypass
SEPPmail Secure Email Gateway before version 15.0.1 does not properly sanitize the headers from S/MIME protected MIME entities, allowing an attacker to control trusted headers.
5.4
CVE-2025-66168 - Apache ActiveMQ, Apache ActiveMQ All Module, Apache ActiveMQ MQTT Module: MQTT control packet remaiβ¦
Apache ActiveMQ does not properly validate the remaining length field which may lead to an overflow during the decoding of malformed packets.Β When this integer overflow occurs, ActiveMQ may incorrectly compute the total Remaining Length and subsequently misinterpret the payload as multiple MQTT conβ¦
6.9
CVE-2026-2746 - Missing PGP Signature Tag
SEPPmail Secure Email Gateway before version 15.0.1 does not properly communicate PGP signature verification results, leaving users unable to detect forged emails.
7.8
CVE-2026-3094 - File Parsing Out-Of-Bounds Write in CNCSoft-G2
Delta Electronics CNCSoft-G2Β lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.
6.4
CVE-2026-1236 - Envira Gallery for WordPress <= 1.12.3 - Authenticated (Author+) Stored Cross-Site Scripting via 'jβ¦
The Envira Gallery for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'justified_gallery_theme' parameter in all versions up to, and including, 1.12.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,β¦
9.2
CVE-2026-29120 - Insecure, Hardcoded Root Password Stored in Anaconda Configuration File On IDC SFX2100 Satellite Reβ¦
The /root/anaconda-ks.cfg installation configuration file in International Datacasting Corporation (IDC) SFX Series(SFX2100) SuperFlex Satellite Receiver insecurely stores the hardcoded root password hash. The password itself is highly insecure and susceptible to offline dictionary attacks using thβ¦