24h | 7d | 30d

Overview

  • Prosody
  • Prosody

01 May 2026
Published
01 May 2026
Updated

CVSS v3.1
MEDIUM (5.3)
EPSS
0.06%

KEV

Description

An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5. A Denial of Service can occur via memory exhaustion caused by memory leaks from unauthenticated connections.

Statistics

  • 1 Post
  • 6 Interactions

Last activity: 4 hours ago

Fediverse

Profile picture fallback

Upgrade time!

Package: #prosody
#CVE ID: CVE-2026-43504 CVE-2026-43505 CVE-2026-43506 CVE-2026-43507

Multiple security issues were found in Prosody, a lightweight #Jabber/#XMPP server, which could result in denial of service or insufficient access control when using the SOCKS5 proxy module.

lists.debian.org/debian-securi

#Debian #security #DSA #DoS

  • 3
  • 3
  • 0
  • 4h ago

Overview

  • Prosody
  • Prosody

01 May 2026
Published
01 May 2026
Updated

CVSS v3.1
MEDIUM (5.3)
EPSS
0.07%

KEV

Description

An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5. A Denial of Service can occur via memory exhaustion caused by XML parsing resource amplification from unauthenticated connections.

Statistics

  • 1 Post
  • 6 Interactions

Last activity: 4 hours ago

Fediverse

Profile picture fallback

Upgrade time!

Package: #prosody
#CVE ID: CVE-2026-43504 CVE-2026-43505 CVE-2026-43506 CVE-2026-43507

Multiple security issues were found in Prosody, a lightweight #Jabber/#XMPP server, which could result in denial of service or insufficient access control when using the SOCKS5 proxy module.

lists.debian.org/debian-securi

#Debian #security #DSA #DoS

  • 3
  • 3
  • 0
  • 4h ago

Overview

  • SEPPmail AG
  • Secure Email Gateway

08 May 2026
Published
08 May 2026
Updated

CVSS v4.0
HIGH (8.8)
EPSS
0.15%

KEV

Description

SEPPmail Secure Email Gateway before version 15.0.4 contains an unauthenticated path traversal vulnerability in the identifier parameter of /api.app/attachment/preview that allows remote attackers to read arbitrary local files and trigger deletion of files in the targeted directory with the privileges of the api.app process.

Statistics

  • 1 Post

Last activity: 22 hours ago

Overview

  • SEPPmail AG
  • Secure Email Gateway

08 May 2026
Published
08 May 2026
Updated

CVSS v4.0
CRITICAL (9.2)
EPSS
0.35%

KEV

Description

SEPPmail Secure Email Gateway before version 15.0.4 insecurely deserializes untrusted data, which can be reached from the new GINA UI and may allow unauthenticated remote attackers to execute code via a crafted serialized object.

Statistics

  • 1 Post

Last activity: 22 hours ago

Overview

  • SEPPmail AG
  • Secure Email Gateway

08 May 2026
Published
08 May 2026
Updated

CVSS v4.0
HIGH (8.3)
EPSS
0.33%

KEV

Description

SEPPmail Secure Email Gateway before version 15.0.4 contains a server-side template injection vulnerability in the new GINA UI because an endpoint accepts attacker-controlled template, allowing remote attackers to execute arbitrary template expressions and potentially achieve remote code execution depending on the enabled template plugins.

Statistics

  • 1 Post

Last activity: 22 hours ago

Overview

  • SEPPmail AG
  • Secure Email Gateway

08 May 2026
Published
08 May 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.33%

KEV

Description

SEPPmail Secure Email Gateway before version 15.0.2.1 allows unauthenticated remote code execution in the new GINA UI because an endpoint passes attacker-controlled input from a parameter to Perl's eval.

Statistics

  • 1 Post

Last activity: 22 hours ago

Overview

  • SEPPmail AG
  • Secure Email Gateway

08 May 2026
Published
08 May 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.10%

KEV

Description

SEPPmail Secure Email Gateway before version 15.0.4 fails to enforce authorization checks for multiple endpoints in the new GINA UI, allowing unauthenticated remote attackers to access functionality that should require a valid session.

Statistics

  • 1 Post

Last activity: 22 hours ago
Showing 51 to 57 of 57 CVEs