Roundcube Webmail - Cross-Site Scripting

A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in messagebody in program/actions/mail/show.php. id: CVE-2024-42009 info: name:...

RHEL 8 : gnutls (RHSA-2026:20611)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:20611 advisory. Please update the gnutls packages to provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and...

Debian dla-4595 : gnutls-bin - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4595 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4595-1 [email protected]...

OESA-2026-2403 gnutls security update

GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface API to access the secure communications protocols as well as APIs to parse and write X.509, PKCS 12, and other...

CVE-2026-42009

creationtimestamp| type| source ---|---|--- 2026-05-18 16:51:43+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mm5dkd55752e 2026-05-18 17:34:39+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mm5fx45bls2v 2026-05-19 20:10:47+00:00| seen|...

DEBIAN-CVE-2026-42009

A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security DTLS packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This...

BELL-CVE-2026-42009

Bulletin has no description...

SUSE CVE-2026-42009

A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security DTLS packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This...

Exploit for Cross-site Scripting in Roundcube Webmail

CVE-2024-42009 – Roundcube Stored XSS Docker PoC 📌 Overv...

CVE-2022-42009

SpringEL injection in the server agent in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7...

TencentOS Server 4: roundcubemail (TSSA-2025:0466)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0466 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Ubuntu: Security Advisory (USN-7636-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Exploit for Cross-site Scripting in Roundcube Webmail

CVE-2024-42009 PoC: Email Capture Listener & XSS Exploit in Ro...

Exploit for Cross-site Scripting in Roundcube Webmail

CVE-2024-42009 PoC: Email Capture Listener & XSS Exploit O...

openSUSE 15 Security Update : roundcubemail (openSUSE-SU-2024:0328-1)

The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2024:0328-1 advisory. Update to 1.6.8 This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to recently reported security...

openSUSE Security Advisory (openSUSE-SU-2024:0328-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2024-0279)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 5743-2] roundcube security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5743-2 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 13, 2024 https://www.debian.org/security/faq -...

Debian dsa-5743 : roundcube - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5743 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5743-1 [email protected] https://www.debian.org/securit...

CVE-2024-42009

creationtimestamp| type| source ---|---|--- 2024-08-05 22:16:34+00:00| seen| https://t.me/cvedetector/2482 2024-08-07 15:40:04+00:00| published-proof-of-concept| https://t.me/truesecator/6067 2025-01-20 10:07:01+00:00| seen| MISP/63c40b67-7b13-49ce-96a8-4ee5a150fb7d 2025-02-12 04:00:07+00:00|...