Roundcube Webmail - Command Injection

Roundcube Webmail before 1.4.4 contains a command injection caused by shell metacharacters in configuration settings for imconvertpath or imidentifypath, letting attackers execute arbitrary code, exploit requires attacker to control configuration settings. id: CVE-2020-12641 info: name: Roundcube...

CVE-2025-12641

The Awesome Support - WordPress HelpDesk & Support Plugin for WordPress is vulnerable to authorization bypass due to missing capability checks in all versions up to, and including, 6.3.6. This is due to the 'wpasdomractivateuser' function not verifying that a user has permission to modify other...

CVE-2025-12641

creationtimestamp| type| source ---|---|--- 2026-01-16 08:28:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mcjojlh7o72e 2026-01-16 10:22:28+00:00| seen| https://gist.github.com/Darkcrai86/dbad22e000d0735ff73a6e94d7d06384...

EUVD-2024-36627

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2017-12641

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadOneJNGImage in coders\png.c. CVE-2017-12641 Note that Nessus relies on the presence of the package as...

Linux Distros Unpatched Vulnerability : CVE-2018-12641

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in armpt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions...

CVE-2024-12641 Chunghwa Telecom TenderDocTransfer - Reflected Cross-site Scripting to RCE

TenderDocTransfer from Chunghwa Telecom has a Reflected Cross-site scripting vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection for the APIs, unauthenticated remote attackers could use...

CVE-2024-37385

Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 on Windows allows command injection via imconvertpath and imidentifypath. NOTE: this issue exists because of an incomplete fix for CVE-2020-12641...

CVE-2024-37385

Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 on Windows allows command injection via imconvertpath and imidentifypath. NOTE: this issue exists because of an incomplete fix for CVE-2020-12641...

CVE-2024-37385

Affected software: Roundcube Webmail on Windows. Vulnerability: command injection in im_convert_path and im_identify_path present in Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7, due to an incomplete fix for CVE-2020-12641. Impact (per CVSS): high confidentiality, integrity, and availabi...

BIT-ROUNDCUBE-2020-12641

rcubeimage.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for imconvertpath or imidentifypath...

Oracle Linux 7 : binutils (ELSA-2019-2075)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-2075 advisory. 2.27-41.base.0.1 - Complete the backport of upstream commit a5def14f1ca70e14d9433cb229c9369fa3051598 Add a test for R386GOT32/R386GOT32X IFUNC reloc...

CVE-2020-12641

creationtimestamp| type| source ---|---|--- 2023-06-22 18:10:03+00:00| seen| MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123 2023-06-28 19:04:46+00:00| seen| https://t.me/itsecnews/2805 2023-12-04 09:23:00+00:00| seen| https://t.me/arpsyndicate/1166 2024-12-24 20:34:37+00:00| seen|...

SUSE CVE-2017-12641

ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadOneJNGImage in coders\png.c...

SUSE CVE-2018-12641

An issue was discovered in armpt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demanglearmhptemplate, demangleclassname, demanglefundtype, dotype, doarg,...

SUSE CVE-2020-12641

rcubeimage.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for imconvertpath or imidentifypath...

Reolink Rlc-410W Denial of Service Vulnerability (CNVD-2022-12641)

Reolink Rlc-410W is a Wifi security camera from Reolink China.A security vulnerability exists in Reolink RLC-410W, which can be exploited by attackers to cause a reboot via a crafted HTTP request...

Fix of 14 CVEs

CVE-2018-9138: Fix stack exhaustion - CVE-2018-12641: Fix stack exhaustion - CVE-2018-12697: Fix NULL pointer dereference - CVE-2018-12698: Fix memory consumption - CVE-2018-12699: Fix heap-based buffer overflow - CVE-2018-12700: Fix infinite recursion - CVE-2018-17794: Fix NULL pointer...

openSUSE: Security Advisory for roundcubemail (openSUSE-SU-2020:1516-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Roundcube Webmail Command Injection (CVE-2020-12641)

A command injection vulnerability exists in Roundcube Webmail . Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...