2031 matches found
PT-2026-43115
Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions 1.6.0 through 1.6.15 Roundcube Webmail versions 1.7.0 through 1.7.0 Description An unsanitized subject field in the draft restored value allows for stored Cross-Site Scripting XSS, HTML, and CSS injection on shared...
Roundcube Webmail -- Multiple vulnerabilities
The Roundcube Webmail project reports: See link for details. No CVE numbers available at the moment...
Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike
The Belarus-aligned threat group known as Ghostwriter has been attributed to a fresh set of attacks targeting governmental organizations in Ukraine. Active since at least 2016, Ghostwriter has been linked to both cyber espionage and influence operations targeting neighboring countries, particular...
ROS-20260508-73-0007
Vulnerability in roundcubemail related to the use of an insecure alternate channel. Exploitation of the vulnerability could allow an attacker acting remotely to modify user projects and/or device configuration via cip commands...
ROS-20260508-73-0008
Vulnerability in roundcubemail related to the inclusion of features from an invalid controlled scope. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...
ROS-20260507-73-0003
Vulnerability in roundcubemail related to lack of validation of received requests. Exploitation of the vulnerability could allow a remote attacker to disclose protected information...
ROS-20260507-73-0004
Vulnerability in roundcubemail related to data type confusion errors. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...
ROS-20260507-73-0007
Vulnerability in roundcubemail related to argument injection or modification. Exploitation of the vulnerability could allow an attacker to execute arbitrary commands...
ROS-20260507-73-0008
Vulnerability in roundcubemail related to a flaw in the deserialization mechanism. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...
ROS-20260507-73-0005
Vulnerability in roundcubemail related to lack of validation of received requests. Exploitation of the vulnerability could allow a remote attacker to disclose protected information...
ROS-20260507-73-0006
Vulnerability in roundcubemail related to failure to take measures to protect web page structure. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...
ROS-20260507-73-0002
Vulnerability in roundcubemail related to lack of validation of received requests. Exploitation of the vulnerability could allow a remote attacker to disclose protected information...
ROS-20260507-73-0001
Vulnerability in roundcubemail related to lack of validation of received requests. Exploitation of the vulnerability could allow a remote attacker to disclose protected information...
ROS-20260506-73-0004
Vulnerability in roundcubemail related to lack of validation of received requests. Exploitation of the vulnerability could allow a remote attacker to disclose protected information...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : Roundcube Webmail vulnerabilities (USN-8223-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8223-1 advisory. It was discovered that Roundcube Webmail mishandled Punycode xn-- domain names. An attacker could possibl...
Fedora 44 : roundcubemail (2026-6d293b6889)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-6d293b6889 advisory. Version 1.7-rc6 This is hopefully the last release candidate for the next major version 1.7 of Roundcube Webmail. It provides a fix to recently...
[SECURITY] Fedora 44 Update: roundcubemail-1.7~rc6-1.fc44
RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...
openSUSE 16 Security Update : roundcubemail (openSUSE-SU-2026:20586-1)
The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20586-1 advisory. Changes in roundcubemail: - update to 1.6.15 This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to some...
Security update for roundcubemail (important)
openSUSE security update: security update for roundcubemail ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20586-1 Rating: important References: bsc1261157 bsc1261488 Cross-References: CVE-2026-35537 Affected Products: openSUSE Leap 16.0...
Security update for roundcubemail (important)
openSUSE Security Update: Security update for roundcubemail Announcement ID: openSUSE-SU-2026:0144-1 Rating: important References: 1261157 1261488 Cross-References: CVE-2026-35537 Affected Products: openSUSE Backports SLE-15-SP6 An update that solves one vulnerability and has one errata is now...