Seppmail

seppmail

Vendor: Seppmail • 12 CVEs

CVEs (12)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-2743 1Seppmail 1Seppmail May 19, 2026 Mar 5, 2026 10.0 CRITICAL· v4 9.8 CRITICAL· v3 N/A· v2 Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web Interface. The affected feature is the large file transfer (LFT). This issue affects SeppMail: 15.0.2.1 and before
CVE-2026-2748 1Seppmail 1Seppmail Mar 5, 2026 Mar 4, 2026 7.8 HIGH· v4 5.3 MEDIUM· v3 N/A· v2 SEPPmail Secure Email Gateway before version 15.0.1 improperly validates S/MIME certificates issued for email addresses containing whitespaces, allowing signature spoofing.
CVE-2026-2747 1Seppmail 1Seppmail Mar 5, 2026 Mar 4, 2026 6.9 MEDIUM· v4 7.5 HIGH· v3 N/A· v2 SEPPmail Secure Email Gateway before version 15.0.1 decrypts inline PGP messages without isolating them from surrounding unencrypted content, allowing exposure of sensitive information to an unauthorized actor.
CVE-2026-2746 1Seppmail 1Seppmail Mar 5, 2026 Mar 4, 2026 6.9 MEDIUM· v4 5.3 MEDIUM· v3 N/A· v2 SEPPmail Secure Email Gateway before version 15.0.1 does not properly communicate PGP signature verification results, leaving users unable to detect forged emails.
CVE-2026-27445 1Seppmail 1Seppmail Mar 5, 2026 Mar 4, 2026 6.9 MEDIUM· v4 5.3 MEDIUM· v3 N/A· v2 SEPPmail Secure Email Gateway before version 15.0.1 does not properly verify that a PGP signature was generated by the expected key, allowing signature spoofing.
CVE-2026-27444 1Seppmail 1Seppmail Mar 5, 2026 Mar 4, 2026 7.8 HIGH· v4 7.5 HIGH· v3 N/A· v2 SEPPmail Secure Email Gateway before version 15.0.1 incorrectly interprets email addresses in the email headers, causing an interpretation conflict with other mail infrastructure that allows an attacker to fake the sourc...Show more SEPPmail Secure Email Gateway before version 15.0.1 incorrectly interprets email addresses in the email headers, causing an interpretation conflict with other mail infrastructure that allows an attacker to fake the source of the email or decrypt it.Show less
CVE-2026-27443 1Seppmail 1Seppmail Mar 5, 2026 Mar 4, 2026 8.2 HIGH· v4 7.5 HIGH· v3 N/A· v2 SEPPmail Secure Email Gateway before version 15.0.1 does not properly sanitize the headers from S/MIME protected MIME entities, allowing an attacker to control trusted headers.
CVE-2026-27442 1Seppmail 1Seppmail Mar 5, 2026 Mar 4, 2026 9.3 CRITICAL· v4 7.5 HIGH· v3 N/A· v2 The GINA web interface in SEPPmail Secure Email Gateway before version 15.0.1 does not properly check attachment filenames in GINA-encrypted emails, allowing an attacker to access files on the gateway.
CVE-2026-27441 1Seppmail 1Seppmail Mar 5, 2026 Mar 4, 2026 9.5 CRITICAL· v4 9.8 CRITICAL· v3 N/A· v2 SEPPmail Secure Email Gateway before version 15.0.1 insufficiently neutralizes the PDF encryption password, allowing OS command execution.
CVE-2022-41871 1Seppmail 1Seppmail May 14, 2025 Apr 28, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 SEPPmail through 12.1.17 allows command injection within the Admin Portal. An authenticated attacker is able to execute arbitrary code in the context of the user root.
CVE-2021-31740 1Seppmail 1Seppmail Apr 25, 2025 Nov 30, 2022 N/A· v4 6.1 MEDIUM· v3 N/A· v2 SEPPMail's web frontend, user input is not embedded correctly in the web page and therefore leads to cross-site scripting vulnerabilities (XSS).
CVE-2021-31739 1Seppmail 1Seppmail Apr 29, 2025 Nov 18, 2022 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The SEPPmail solution is vulnerable to a Cross-Site Scripting vulnerability (XSS), because user input is not correctly encoded in HTML attributes when returned by the server.SEPPmail 11.1.10 allows XSS via a recipient ad...Show more The SEPPmail solution is vulnerable to a Cross-Site Scripting vulnerability (XSS), because user input is not correctly encoded in HTML attributes when returned by the server.SEPPmail 11.1.10 allows XSS via a recipient address.Show less