7.8
CVE-2026-29139 - GINA State Confusion Account Takeover
SEPPmail Secure Email Gateway before version 15.0.3 allows account takeover by abusing GINA account initialization to reset a victim account password.
7.8
CVE-2026-29144 - Unicode Subject Tags
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge security tags using Unicode lookalike characters.
7.8
CVE-2026-29143 - S/MIME Decryption Impersonation
SEPPmail Secure Email Gateway before version 15.0.3 does not properly authenticate the inner message of S/MIME-encrypted MIME entities, allowing an attacker to control trusted headers.
7.8
CVE-2026-0634 - Code Execution in AssistFeedbackService on TECNO Pova7 Pro 5G
Code execution in AssistFeedbackService of TECNO Pova7 Pro 5G on Android allows local apps to execute arbitrary code as system via command injection.
6.3
CVE-2026-29138 - PGP Decryption Sender LDAP Injection
SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to claim another user's PGP signature as their own.
4.9
CVE-2026-29131 - PGP Decryption Recipient LDAP Injection
SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to read the contents of emails encrypted for other users.
6.3
CVE-2026-29142 - Plaintext secure-mail.html
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to forge a GINA-encrypted email.
5.3
CVE-2026-29137 - Long Subject Untagging
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to hide security tags from users by crafting a long subject.
7.7
CVE-2026-29141 - Bounded Subject Tag Sanitization
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge tags such as [signed OK].
5.3
CVE-2026-29135 - Webmail Password Tag Sanitization Bypass
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to craft a password-tag that bypasses subject sanitization.