Export limit exceeded: 342067 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (342067 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-29133 | 1 Seppmail | 1 Seppmail Secure Email Gateway | 2026-04-02 | N/A |
| SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to upload PGP keys with UIDs that do not match their email address. | ||||
| CVE-2026-29140 | 1 Seppmail | 1 Seppmail Secure Email Gateway | 2026-04-02 | N/A |
| SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to cause attacker-controlled certificates to be used for future encryption to a victim by adding the certificates to S/MIME signatures. | ||||
| CVE-2026-29134 | 1 Seppmail | 1 Seppmail Secure Email Gateway | 2026-04-02 | N/A |
| SEPPmail Secure Email Gateway before version 15.0.3 allows an external user to modify GINA webdomain metadata and bypass per-domain restrictions. | ||||
| CVE-2026-29135 | 1 Seppmail | 1 Seppmail Secure Email Gateway | 2026-04-02 | N/A |
| SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to craft a password-tag that bypasses subject sanitization. | ||||
| CVE-2026-29141 | 1 Seppmail | 1 Seppmail Secure Email Gateway | 2026-04-02 | N/A |
| SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge tags such as [signed OK]. | ||||
| CVE-2026-29137 | 1 Seppmail | 1 Seppmail Secure Email Gateway | 2026-04-02 | N/A |
| SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to hide security tags from users by crafting a long subject. | ||||
| CVE-2026-29142 | 1 Seppmail | 1 Seppmail Secure Email Gateway | 2026-04-02 | N/A |
| SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to forge a GINA-encrypted email. | ||||
| CVE-2026-29131 | 1 Seppmail | 1 Seppmail Secure Email Gateway | 2026-04-02 | N/A |
| SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to read the contents of emails encrypted for other users. | ||||
| CVE-2026-29138 | 1 Seppmail | 1 Seppmail Secure Email Gateway | 2026-04-02 | N/A |
| SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to claim another user's PGP signature as their own. | ||||
| CVE-2026-0634 | 1 Tecno Mobile | 1 Tecno Pova7 Pro 5g | 2026-04-02 | 7.8 High |
| Code execution in AssistFeedbackService of TECNO Pova7 Pro 5G on Android allows local apps to execute arbitrary code as system via command injection. | ||||
| CVE-2026-29143 | 1 Seppmail | 1 Seppmail Secure Email Gateway | 2026-04-02 | N/A |
| SEPPmail Secure Email Gateway before version 15.0.3 does not properly authenticate the inner message of S/MIME-encrypted MIME entities, allowing an attacker to control trusted headers. | ||||
| CVE-2026-29144 | 1 Seppmail | 1 Seppmail Secure Email Gateway | 2026-04-02 | N/A |
| SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge security tags using Unicode lookalike characters. | ||||
| CVE-2026-29139 | 1 Seppmail | 1 Seppmail Secure Email Gateway | 2026-04-02 | N/A |
| SEPPmail Secure Email Gateway before version 15.0.3 allows account takeover by abusing GINA account initialization to reset a victim account password. | ||||
| CVE-2026-29136 | 1 Seppmail | 1 Seppmail Secure Email Gateway | 2026-04-02 | N/A |
| SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to inject HTML into notification emails about new CA certificates. | ||||
| CVE-2026-33613 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2026-04-02 | 7.2 High |
| Due to the improper neutralisation of special elements used in an OS command, a remote attacker can exploit an RCE vulnerability in the generateSrpArray function, resulting in full system compromise. This vulnerability can only be attacked if the attacker has some other way to write arbitrary data to the user table. | ||||
| CVE-2026-33614 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2026-04-02 | 7.5 High |
| An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | ||||
| CVE-2026-33615 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2026-04-02 | 9.1 Critical |
| An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the setinfo endpoint due to improper neutralization of special elements in a SQL UPDATE command. This can result in a total loss of integrity and availability. | ||||
| CVE-2026-33616 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2026-04-02 | 7.5 High |
| An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | ||||
| CVE-2026-33617 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2026-04-02 | 5.3 Medium |
| An unauthenticated remote attacker can access a configuration file containing database credentials. This can result in a some loss of confidentiality, but there is no endpoint exposed to use these credentials. | ||||
| CVE-2026-5245 | 1 Cesanta | 1 Mongoose | 2026-04-02 | 5.6 Medium |
| A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function handle_mdns_record of the file mongoose.c of the component mDNS Record Handler. Performing a manipulation of the argument buf results in stack-based buffer overflow. Remote exploitation of the attack is possible. A high degree of complexity is needed for the attack. The exploitability is said to be difficult. The exploit has been made public and could be used. Upgrading to version 7.21 will fix this issue. The patch is named 0d882f1b43ff2308b7486a56a9d60cd6dba8a3f1. You should upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product. | ||||