This page lists publicly disclosed CVE vulnerabilities affecting seppmail secure_email_gateway (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-29144 | SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge security tags using Unicode lookalike characters. | [email protected] | 7.8 | 0.08% | 2026-04-02 | 2026-04-16 |
| CVE-2026-29143 | SEPPmail Secure Email Gateway before version 15.0.3 does not properly authenticate the inner message of S/MIME-encrypted MIME entities, allowing an attacker to control trusted headers. | [email protected] | 7.8 | 0.08% | 2026-04-02 | 2026-04-16 |
| CVE-2026-29142 | SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to forge a GINA-encrypted email. | [email protected] | 6.3 | 0.03% | 2026-04-02 | 2026-04-16 |
| CVE-2026-29141 | SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge tags such as [signed OK]. | [email protected] | 7.7 | 0.08% | 2026-04-02 | 2026-04-16 |
| CVE-2026-29140 | SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to cause attacker-controlled certificates to be used for future encryption to a victim by adding the certificates to S/MIME signatures. | [email protected] | 7.7 | 0.02% | 2026-04-02 | 2026-04-16 |
| CVE-2026-29139 | SEPPmail Secure Email Gateway before version 15.0.3 allows account takeover by abusing GINA account initialization to reset a victim account password. | [email protected] | 7.8 | 0.05% | 2026-04-02 | 2026-04-16 |
| CVE-2026-29138 | SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to claim another user's PGP signature as their own. | [email protected] | 6.3 | 0.04% | 2026-04-02 | 2026-04-16 |
| CVE-2026-29137 | SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to hide security tags from users by crafting a long subject. | [email protected] | 5.3 | 0.08% | 2026-04-02 | 2026-04-16 |
| CVE-2026-29136 | SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to inject HTML into notification emails about new CA certificates. | [email protected] | 5.3 | 0.03% | 2026-04-02 | 2026-04-16 |
| CVE-2026-29135 | SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to craft a password-tag that bypasses subject sanitization. | [email protected] | 5.3 | 0.08% | 2026-04-02 | 2026-04-16 |
| CVE-2026-29134 | SEPPmail Secure Email Gateway before version 15.0.3 allows an external user to modify GINA webdomain metadata and bypass per-domain restrictions. | [email protected] | 5.3 | 0.07% | 2026-04-02 | 2026-04-16 |
| CVE-2026-29133 | SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to upload PGP keys with UIDs that do not match their email address. | [email protected] | 5.3 | 0.08% | 2026-04-02 | 2026-04-16 |
| CVE-2026-29132 | SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker with access to a victim's GINA account to bypass a second-password check and read protected emails. | [email protected] | 6.3 | 0.04% | 2026-04-02 | 2026-04-16 |
| CVE-2026-29131 | SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to read the contents of emails encrypted for other users. | [email protected] | 4.9 | 0.04% | 2026-04-02 | 2026-04-16 |