|
4121
|
- |
|
-
|
-
|
SEPPmail Secure Email Gateway before version 15.0.4 fails to enforce authorization checks for multiple endpoints in the new GINA UI, allowing unauthenticated remote attackers to access functionality …
|
CWE-862
Missing Authorization
|
CVE-2026-44125
|
2026-05-9 00:51 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4122
|
- |
|
-
|
-
|
SEPPmail Secure Email Gateway before version 15.0.4 insecurely deserializes untrusted data, which can be reached from the new GINA UI and may allow unauthenticated remote attackers to execute code vi…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-44126
|
2026-05-9 00:51 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4123
|
- |
|
-
|
-
|
SEPPmail Secure Email Gateway before version 15.0.4 contains an unauthenticated path traversal vulnerability in the identifier parameter of /api.app/attachment/preview that allows remote attackers to…
|
CWE-73
External Control of File Name or Path
|
CVE-2026-44127
|
2026-05-9 00:51 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4124
|
- |
|
-
|
-
|
SEPPmail Secure Email Gateway before version 15.0.2.1 allows unauthenticated remote code execution in the new GINA UI because an endpoint passes attacker-controlled input from a parameter to Perl's e…
|
CWE-95
Eval Injection
|
CVE-2026-44128
|
2026-05-9 00:51 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4125
|
- |
|
-
|
-
|
SEPPmail Secure Email Gateway before version 15.0.4 contains a server-side template injection vulnerability in the new GINA UI because an endpoint accepts attacker-controlled template, allowing remot…
|
CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine
|
CVE-2026-44129
|
2026-05-9 00:51 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4126
|
- |
|
-
|
-
|
SEPPmail Secure Email Gateway before version 15.0.4 exposes server environment variables through an unauthenticated endpoint in the new GINA UI, allowing remote attackers to obtain sensitive system i…
|
CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
|
CVE-2026-7864
|
2026-05-9 00:51 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4127
|
8.1 |
HIGH
Network
|
-
|
-
|
DrayTek Vigor 2960 firmware versions prior to 1.5.1.4 contain an OS command injection vulnerability in the CGI login handler that allows unauthenticated remote attackers to execute arbitrary commands…
|
CWE-78
OS Command
|
CVE-2022-50994
|
2026-05-9 00:48 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4128
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Vvveb before 1.0.8.2 contains an information disclosure vulnerability in the cron controller that allows unauthenticated attackers to retrieve the application's secret cron key. Attackers can access …
|
CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
|
CVE-2026-41928
|
2026-05-9 00:47 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4129
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Vvveb before 1.0.8.2 contains an unauthenticated reflected cross-site scripting vulnerability in the visual editor preview renderer that allows attackers to execute arbitrary JavaScript by manipulati…
|
CWE-79
Cross-site Scripting
|
CVE-2026-41929
|
2026-05-9 00:47 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4130
|
8.6 |
HIGH
Network
|
-
|
-
|
The OttoKit: All-in-One Automation Platform WordPress plugin before 1.1.23 does not properly sanitize user input before using it in a SQL statement, which could allow unauthenticated attackers to per…
|
CWE-89
SQL Injection
|
CVE-2026-4935
|
2026-05-9 00:47 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
