Lucene search
K

2034 matches found

Nuclei
Nuclei
added 16 hours ago16 views

Roundcube Webmail - Cross-Site Scripting

A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in messagebody in program/actions/mail/show.php. id: CVE-2024-42009 info: name:...

9.3CVSS7.4AI score0.82853EPSS
Exploits6References3
Nuclei
Nuclei
added yesterday55 views

Roundcube Webmail - Command Injection

Roundcube Webmail before 1.4.4 contains a command injection caused by shell metacharacters in configuration settings for imconvertpath or imidentifypath, letting attackers execute arbitrary code, exploit requires attacker to control configuration settings. id: CVE-2020-12641 info: name: Roundcube...

9.8CVSS7.5AI score0.84456EPSS
Exploits1References5
Nuclei
Nuclei
added 2 days ago1260 views

Roundcube Webmail - Remote Code Execution

Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization. id: CVE-2025-49113 info: name: Roundcube Webmail - Remote...

9.9CVSS8AI score0.89462EPSS
Exploits29References8
NVD
NVD
added 3 days ago9 views

CVE-2026-57517

Control Web Panel before 0.9.8.1225 contains a blind SQL injection vulnerability that allows unauthenticated remote attackers to execute arbitrary SQL queries by submitting unsanitized input through the userRes POST parameter at the user endpoint. Attackers can exploit MySQL root privileges...

9.8CVSS0.00587EPSS
Exploits2References4
CVE
CVE
added 3 days ago19 views

CVE-2026-57517

Control Web Panel prior to version 0.9.8.1225 is affected by CVE-2026-57517, a blind SQL injection via the userRes POST parameter at the user endpoint. The vulnerability allows unauthenticated remote attackers to execute arbitrary SQL queries, potentially leveraging MySQL root privileges obtained...

9.8CVSS6.7AI score0.00587EPSS
Exploits2References4
ATTACKERKB
ATTACKERKB
added 3 days ago7 views

CVE-2026-57517

Control Web Panel before 0.9.8.1225 contains a blind SQL injection vulnerability that allows unauthenticated remote attackers to execute arbitrary SQL queries by submitting unsanitized input through the userRes POST parameter at the user endpoint. Attackers can exploit MySQL root privileges...

9.8CVSS6.7AI score0.00587EPSS
Exploits2References4
GithubExploit
GithubExploit
added 2026/06/15 6:43 a.m.109 views

Exploit for CVE-2026-48849

CVE-2026-48849 - Stored XSS, HTML Injection & CSS Injection in...

4.4CVSS5.6AI score0.00239EPSS
Exploits1
OPENSUSE Linux
OPENSUSE Linux
added 2026/06/12 12:0 a.m.5 views

Security update for roundcubemail (important)

openSUSE Security Update: Security update for roundcubemail Announcement ID: openSUSE-SU-2026:0183-1 Rating: important References: 1266329 1266331 1266332 1266333 1266334 1266335 1266336 1266337 Cross-References: CVE-2026-48842 CVE-2026-48843 CVE-2026-48844 CVE-2026-48845 CVE-2026-48846...

8.1CVSS5.9AI score0.00764EPSS
Exploits1References8
Mageia
Mageia
added 2026/06/11 1:40 a.m.13 views

Updated roundcubemail packages fix security vulnerabilities

Multiple security vulnerabilities were discovered in RoundCube Webmail, which could result in cross-site scripting, SQL injection, SSRF bypass, information disclosure, denial of service or code injection...

8.1CVSS5.6AI score0.00764EPSS
Exploits1References5
OSV
OSV
added 2026/06/11 1:40 a.m.7 views

MGASA-2026-0194 Updated roundcubemail packages fix security vulnerabilities

Multiple security vulnerabilities were discovered in RoundCube Webmail, which could result in cross-site scripting, SQL injection, SSRF bypass, information disclosure, denial of service or code injection...

8.1CVSS5.5AI score0.00764EPSS
Exploits1References6
Fedora
Fedora
added 2026/06/04 1:36 a.m.13 views

[SECURITY] Fedora 43 Update: roundcubemail-1.6.16-1.fc43

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

8.1CVSS5.8AI score0.00764EPSS
Exploits1
Fedora
Fedora
added 2026/06/03 12:52 a.m.12 views

[SECURITY] Fedora 44 Update: roundcubemail-1.7.1-1.fc44

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

8.1CVSS5.8AI score0.00764EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.40 views

Fedora 44 : roundcubemail (2026-2b956d89d3)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-2b956d89d3 advisory. Release 1.7.1 - Enigma: Support automatic public key lookup import using HKP v1 protocol 5314 - Managesieve: Fix error when a mail message contains...

8.1CVSS6AI score0.00764EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2026/06/02 12:0 a.m.11 views

openSUSE 16 Security Update : roundcubemail (openSUSE-SU-2026:20852-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20852-1 advisory. Changes in roundcubemail: - update to 1.6.16 - Fix potential too long value in IMAP ID command 10136 - Security: Fix stored XSS/HTML/CSS injecti...

8.1CVSS6AI score0.00764EPSS
Exploits1References24
OPENSUSE Linux
OPENSUSE Linux
added 2026/06/01 12:0 a.m.10 views

Security update for roundcubemail (important)

openSUSE security update: security update for roundcubemail ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20852-1 Rating: important References: bsc1266329 bsc1266331 bsc1266332 bsc1266333 bsc1266334 bsc1266335 bsc1266336 bsc1266337 Cross-Reference...

8.1CVSS6.9AI score0.00764EPSS
Exploits1References8
OSV
OSV
added 2026/05/31 10:25 a.m.3 views

OPENSUSE-SU-2026:20852-1 Security update for roundcubemail

This update for roundcubemail fixes the following issues: Changes in roundcubemail: - update to 1.6.16 + Fix potential too long value in IMAP ID command 10136 + Security: Fix stored XSS/HTML/CSS injection in subject field of the draft restore dialog CVE-2026-48849 bsc1266337 + Security: Fix CSS...

8.1CVSS6.1AI score0.00764EPSS
Exploits1References16
Debian
Debian
added 2026/05/28 1:18 p.m.17 views

[SECURITY] [DLA 4604-1] roundcube security update

Debian LTS Advisory DLA-4604-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin May 28, 2026 https://wiki.debian.org/LTS Package : roundcube Version : 1.4.15+dfsg.1-1+deb11u9 CVE ID : CVE-2026-48842 CVE-2026-48843 CVE-2026-48844 CVE-2026-48845 CVE-2026-48846...

8.1CVSS6.1AI score0.00764EPSS
Exploits1
NVD
NVD
added 2026/05/28 1:16 p.m.16 views

CVE-2026-9818

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/28 12:16 p.m.17 views

CVE-2026-9818

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

4.7CVSS5.7AI score
Exploits0References6
Cvelist
Cvelist
added 2026/05/28 12:16 p.m.30 views

CVE-2026-9818

...

Exploits0
Rows per page
Query Builder