SEPPmail
by Seppmail
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-2743 | Cri | 0.64 | 9.8 | 0.01 | Mar 5, 2026 | Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web Interface. The affected feature is the large file transfer (LFT). This issue affects SeppMail: 15.0.2.1 and before | ||
| CVE-2026-8811 | 0.00 | — | — | Jun 18, 2026 | SEPPmail versions before 15.0.5 allow improper handling of attachment filenames during encrypted PDF generation. An attacker can exploit this to create new files outside the intended directory, potentially placing files in web-accessible locations. | |||
| CVE-2022-41871 | 0.00 | — | 0.01 | Apr 28, 2025 | SEPPmail through 12.1.17 allows command injection within the Admin Portal. An authenticated attacker is able to execute arbitrary code in the context of the user root. | |||
| CVE-2021-31740 | 0.00 | — | 0.00 | Nov 30, 2022 | SEPPMail's web frontend, user input is not embedded correctly in the web page and therefore leads to cross-site scripting vulnerabilities (XSS). | |||
| CVE-2021-31739 | 0.00 | — | 0.00 | Nov 18, 2022 | The SEPPmail solution is vulnerable to a Cross-Site Scripting vulnerability (XSS), because user input is not correctly encoded in HTML attributes when returned by the server.SEPPmail 11.1.10 allows XSS via a recipient address. |
- risk 0.64cvss 9.8epss 0.01
Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web Interface. The affected feature is the large file transfer (LFT). This issue affects SeppMail: 15.0.2.1 and before
- CVE-2026-8811Jun 18, 2026risk 0.00cvss —epss —
SEPPmail versions before 15.0.5 allow improper handling of attachment filenames during encrypted PDF generation. An attacker can exploit this to create new files outside the intended directory, potentially placing files in web-accessible locations.
- CVE-2022-41871Apr 28, 2025risk 0.00cvss —epss 0.01
SEPPmail through 12.1.17 allows command injection within the Admin Portal. An authenticated attacker is able to execute arbitrary code in the context of the user root.
- CVE-2021-31740Nov 30, 2022risk 0.00cvss —epss 0.00
SEPPMail's web frontend, user input is not embedded correctly in the web page and therefore leads to cross-site scripting vulnerabilities (XSS).
- CVE-2021-31739Nov 18, 2022risk 0.00cvss —epss 0.00
The SEPPmail solution is vulnerable to a Cross-Site Scripting vulnerability (XSS), because user input is not correctly encoded in HTML attributes when returned by the server.SEPPmail 11.1.10 allows XSS via a recipient address.