VYPR

Secure Email Gateway

by Seppmail

CVEs (40)

  • CVE-2026-29137MedApr 2, 2026
    risk 0.34cvss 5.3epss 0.00

    SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to hide security tags from users by crafting a long subject.

  • CVE-2025-20207MedFeb 5, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability in Simple Network Management Protocol (SNMP) polling for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance could allow an authenticated, remote attacker to obtain confidential information about the underlying operating…

  • CVE-2025-20393KEVDec 17, 2025
    risk 0.13cvss epss 0.29

    A vulnerability in the Spam Quarantine feature of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to execute arbitrary system commands on an affected device with root privileges. This…

  • CVE-2026-27441Mar 4, 2026
    risk 0.00cvss epss 0.00

    SEPPmail Secure Email Gateway before version 15.0.1 insufficiently neutralizes the PDF encryption password, allowing OS command execution.

  • CVE-2026-2748Mar 4, 2026
    risk 0.00cvss epss 0.00

    SEPPmail Secure Email Gateway before version 15.0.1 improperly validates S/MIME certificates issued for email addresses containing whitespaces, allowing signature spoofing.

  • CVE-2026-27442Mar 4, 2026
    risk 0.00cvss epss 0.00

    The GINA web interface in SEPPmail Secure Email Gateway before version 15.0.1 does not properly check attachment filenames in GINA-encrypted emails, allowing an attacker to access files on the gateway.

  • CVE-2026-27445Mar 4, 2026
    risk 0.00cvss epss 0.00

    SEPPmail Secure Email Gateway before version 15.0.1 does not properly verify that a PGP signature was generated by the expected key, allowing signature spoofing.

  • CVE-2026-27444Mar 4, 2026
    risk 0.00cvss epss 0.00

    SEPPmail Secure Email Gateway before version 15.0.1 incorrectly interprets email addresses in the email headers, causing an interpretation conflict with other mail infrastructure that allows an attacker to fake the source of the email or decrypt it.

  • CVE-2026-2747Mar 4, 2026
    risk 0.00cvss epss 0.00

    SEPPmail Secure Email Gateway before version 15.0.1 decrypts inline PGP messages without isolating them from surrounding unencrypted content, allowing exposure of sensitive information to an unauthorized actor.

  • CVE-2026-27443Mar 4, 2026
    risk 0.00cvss epss 0.00

    SEPPmail Secure Email Gateway before version 15.0.1 does not properly sanitize the headers from S/MIME protected MIME entities, allowing an attacker to control trusted headers.

  • CVE-2026-2746Mar 4, 2026
    risk 0.00cvss epss 0.00

    SEPPmail Secure Email Gateway before version 15.0.1 does not properly communicate PGP signature verification results, leaving users unable to detect forged emails.

  • CVE-2025-20153Feb 19, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the email filtering mechanism of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to bypass the configured rules and allow emails that should have been denied to flow through an affected device. This vulnerability is due to…

  • CVE-2025-20184Feb 5, 2025
    risk 0.00cvss epss 0.01

    A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Web Appliance could allow an authenticated, remote attacker to perform command injection attacks against an affected device. The attacker must…

  • CVE-2024-9043Sep 20, 2024
    risk 0.00cvss epss 0.01

    Secure Email Gateway from Cellopoint has Buffer Overflow Vulnerability in authentication process. Remote unauthenticated attackers can send crafted packets to crash the process, thereby bypassing authentication and obtaining system administrator privileges.

  • CVE-2024-6744Jul 15, 2024
    risk 0.00cvss epss 0.01

    The SMTP Listener of Secure Email Gateway from Cellopoint does not properly validate user input, leading to a Buffer Overflow vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands on the remote server.

  • CVE-2024-20257May 15, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email Gateway could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface.r This vulnerability is due to insufficient validation of user…

  • CVE-2023-20028Jun 28, 2023
    risk 0.00cvss epss 0.00

    Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance (ESA); and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance…

  • CVE-2023-20120Jun 28, 2023
    risk 0.00cvss epss 0.00

    Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance (ESA); and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance…

  • CVE-2023-20075Feb 16, 2023
    risk 0.00cvss epss 0.00

    Vulnerability in the CLI of Cisco Secure Email Gateway could allow an authenticated, remote attacker to execute arbitrary commands. These vulnerability is due to improper input validation in the CLI. An attacker could exploit this vulnerability by injecting operating system…

  • CVE-2023-20009Feb 16, 2023
    risk 0.00cvss epss 0.01

    A vulnerability in the Web UI and administrative CLI of the Cisco Secure Email Gateway (ESA) and Cisco Secure Email and Web Manager (SMA) could allow an authenticated remote attacker and or authenticated local attacker to escalate their privilege level and gain root access. The…

Page 2 of 2