threat
engine
.sh
Back
·
··:··
Home
/
Product
/
seppmail secure email gateway
Product
seppmail secure email gateway
26 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-29144
< 15.0.3
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge security tags usin
5.3
MEDIUM
CVE-2026-29143
< 15.0.3
SEPPmail Secure Email Gateway before version 15.0.3 does not properly authenticate the inner message of S/MIME-encrypted MIME enti
9.1
CRITICAL
CVE-2026-29142
< 15.0.3
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to forge a GINA-encrypted email.
5.3
MEDIUM
CVE-2026-29141
< 15.0.3
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge tags such as [sign
5.3
MEDIUM
CVE-2026-29140
< 15.0.3
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to cause attacker-controlled certificates to be used for fu
5.3
MEDIUM
CVE-2026-29139
< 15.0.3
SEPPmail Secure Email Gateway before version 15.0.3 allows account takeover by abusing GINA account initialization to reset a vict
9.8
CRITICAL
CVE-2026-29138
< 15.0.3
SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to claim another user'
7.5
HIGH
CVE-2026-29137
< 15.0.3
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to hide security tags from users by crafting a long subject
5.3
MEDIUM
CVE-2026-29136
< 15.0.3
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to inject HTML into notification emails about new CA certif
6.1
MEDIUM
CVE-2026-29135
< 15.0.3
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to craft a password-tag that bypasses subject sanitization.
7.5
HIGH
CVE-2026-29134
< 15.0.3
SEPPmail Secure Email Gateway before version 15.0.3 allows an external user to modify GINA webdomain metadata and bypass per-domai
7.5
HIGH
CVE-2026-29133
< 15.0.3
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to upload PGP keys with UIDs that do not match their email
9.1
CRITICAL
CVE-2026-29132
< 15.0.3
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker with access to a victim's GINA account to bypass a second-p
7.5
HIGH
CVE-2026-29131
< 15.0.3
SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to read the contents o
7.5
HIGH
CVE-2026-2743
<= 15.0.2.1
Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web Interface. The affected feature is th
9.8
CRITICAL
CVE-2026-2748
< 15.0.1
SEPPmail Secure Email Gateway before version 15.0.1 improperly validates S/MIME certificates issued for email addresses containing
5.3
MEDIUM
CVE-2026-2747
< 15.0.1
SEPPmail Secure Email Gateway before version 15.0.1 decrypts inline PGP messages without isolating them from surrounding unencrypt
7.5
HIGH
CVE-2026-2746
< 15.0.1
SEPPmail Secure Email Gateway before version 15.0.1 does not properly communicate PGP signature verification results, leaving user
5.3
MEDIUM
CVE-2026-27445
< 15.0.1
SEPPmail Secure Email Gateway before version 15.0.1 does not properly verify that a PGP signature was generated by the expected ke
5.3
MEDIUM
CVE-2026-27444
< 15.0.1
SEPPmail Secure Email Gateway before version 15.0.1 incorrectly interprets email addresses in the email headers, causing an interp
7.5
HIGH
CVE-2026-27443
< 15.0.1
SEPPmail Secure Email Gateway before version 15.0.1 does not properly sanitize the headers from S/MIME protected MIME entities, al
7.5
HIGH
CVE-2026-27442
< 15.0.1
The GINA web interface in SEPPmail Secure Email Gateway before version 15.0.1 does not properly check attachment filenames in GINA
7.5
HIGH
CVE-2026-27441
< 15.0.1
SEPPmail Secure Email Gateway before version 15.0.1 insufficiently neutralizes the PDF encryption password, allowing OS command ex
9.8
CRITICAL
CVE-2022-41871
<= 12.1.17
SEPPmail through 12.1.17 allows command injection within the Admin Portal. An authenticated attacker is able to execute arbitrary
6.0
MEDIUM
CVE-2021-31740
all versions
SEPPMail's web frontend, user input is not embedded correctly in the web page and therefore leads to cross-site scripting vulnerab
6.1
MEDIUM
CVE-2021-31739
all versions
The SEPPmail solution is vulnerable to a Cross-Site Scripting vulnerability (XSS), because user input is not correctly encoded in
6.1
MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin