Lucene search
K

2033 matches found

Debian CVE
Debian CVE
added 2026/05/25 7:11 p.m.9 views

CVE-2026-48843

Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16,and 1.7.x before 1.7.1 has Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts. The issue stems from an insufficient fix fo...

7.2CVSS5.8AI score0.00301EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/25 7:11 p.m.15 views

CVE-2026-48843

Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16,and 1.7.x before 1.7.1 has Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts. The issue stems from an insufficient fix fo...

7.2CVSS5.8AI score0.0031EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/25 7:6 p.m.12 views

CVE-2026-48842

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuserquery plugin via a pregreplace backslash escape bypass...

8.1CVSS5.8AI score0.00764EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/05/25 7:6 p.m.26 views

CVE-2026-48842

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuserquery plugin via a pregreplace backslash escape bypass...

8.1CVSS0.00764EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/05/25 7:6 p.m.9 views

CVE-2026-48842

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuserquery plugin via a pregreplace backslash escape bypass...

8.1CVSS5.8AI score0.00764EPSS
Exploits0
EUVD
EUVD
added 2026/05/25 7:6 p.m.14 views

EUVD-2026-31719

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuserquery plugin via a pregreplace backslash escape bypass...

8.1CVSS5.8AI score0.00764EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/25 7:6 p.m.9 views

CVE-2026-48842

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuserquery plugin via a pregreplace backslash escape bypass...

8.1CVSS5.8AI score0.00764EPSS
Exploits0References5
CVE
CVE
added 2026/05/25 7:6 p.m.215 views

CVE-2026-48842

The CVE affects Roundcube Webmail 1.6.x ≤1.6.15 and 1.7.x ≤1.7.0, via the virtuser_query plugin, where a pre-authentication SQL injection is triggered by a backslash-escaped preg_replace() bypass. Root cause: input crafted to bypass escapes leads to SQL injection before authentication. Impact is ...

8.1CVSS5.8AI score0.00764EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.11 views

Roundcube Webmail 跨站脚本漏洞

Roundcube Webmail is a browser-based open source IMAP client from Roundcube Open Source that supports address book management, message searching, spell checking, and more. A cross-site scripting vulnerability exists in Roundcube Webmail versions prior to 1.6.16 and prior to 1.7.1, which stems fro...

4.4CVSS5.7AI score0.00239EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.22 views

Roundcube Webmail SQL注入漏洞

Roundcube Webmail is Roundcube open source a browser-based open source IMAP client, which supports address book management, message search, spell checking and so on. Roundcube Webmail 1.6.x versions prior to 1.6.16 and 1.7.x versions prior to 1.7.1 SQL injection vulnerability , the vulnerability...

8.1CVSS5.9AI score0.00764EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.12 views

Roundcube Webmail 安全漏洞

Roundcube Webmail is an open source browser-based open source IMAP client from Roundcube that supports address book management, message searching, spell checking and more. A security vulnerability exists in Roundcube Webmail versions prior to 1.6.x 1.6.16 and 1.7.x 1.7.1 that stems from insecure...

7.5CVSS5.9AI score0.00414EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.13 views

PT-2026-43110

Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions 1.6.x through 1.6.15 Roundcube Webmail versions 1.7.x through 1.7.0 Description An issue allows pre-authentication arbitrary file deletion through a session poisoning bypass when using redis or memcache. Session...

3.7CVSS5.9AI score0.00433EPSS
Exploits0References16
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.13 views

Roundcube Webmail 代码问题漏洞

Roundcube Webmail is a browser-based open source IMAP client from Roundcube Open Source that supports address book management, message searching, spell checking and more. A code issue vulnerability exists in Roundcube Webmail versions 1.6.x 1.6.14 through 1.6.16 and versions prior to 1.7.x 1.7.1,...

7.2CVSS5.8AI score0.00301EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.15 views

PT-2026-43111

Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions 1.6.x through 1.6.15 Roundcube Webmail versions 1.7.x prior to 1.7 Description Insufficient HTML sanitization allows for Cascading Style Sheets CSS injection. This occurs when an SVG document contains an animate...

7.2CVSS5.8AI score0.00388EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.10 views

PT-2026-43108

Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions 1.6.14 through 1.6.16 Roundcube Webmail versions prior to 1.7.1 Description Remote image blocking is not honored for URLs pointing to local or private destinations. This issue can be triggered via a text/html email...

6.5CVSS5.8AI score0.00315EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.9 views

PT-2026-43106

Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions 1.6.14 through 1.6.16 Roundcube Webmail versions prior to 1.7.1 Description Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to Server-Side Request Forgery SSRF, where an attacker...

7.2CVSS5.8AI score0.00301EPSS
Exploits0References16
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.11 views

Roundcube Webmail 安全漏洞

Roundcube Webmail is a browser-based open source IMAP client from Roundcube that supports address book management, message searching, spell checking, and more. A security vulnerability exists in Roundcube Webmail versions 1.6.14 through 1.6.16 and prior to 1.7.1, which stems from the remote image...

6.5CVSS5.8AI score0.00315EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.8 views

Roundcube Webmail 安全漏洞

Roundcube Webmail is a browser-based open source IMAP client from Roundcube Open Source, which supports address book management, message searching, spell checking and more. A security vulnerability exists in Roundcube Webmail versions prior to 1.6.16 and 1.7.1, which stems from a remote image...

6.5CVSS5.8AI score0.00339EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.10 views

PT-2026-43109

Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions 1.6.0 through 1.6.15 Roundcube Webmail versions 1.7.0 through 1.7.0 Description The remote image blocking feature can be bypassed using a crafted CSS var value within an e-mail message. This bypass may result in...

6.5CVSS5.8AI score0.00339EPSS
Exploits0References16
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.10 views

Roundcube Webmail 安全漏洞

Roundcube Webmail is a browser-based open source IMAP client from Roundcube open source, which supports address book management, message searching, spell checking and more. A security vulnerability exists in Roundcube Webmail versions prior to 1.6.16 and 1.7.1, which originates from a poison bypa...

3.7CVSS5.9AI score0.00433EPSS
Exploits0References5
Rows per page
Query Builder