Linux Distros Unpatched Vulnerability : CVE-2026-35537

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsafe deserialization in the redis/memcache session handler may lead to arbitrary file...

Linux Distros Unpatched Vulnerability : CVE-2026-35543

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via SVG content with animate attributes...

Debian dsa-6196 : roundcube - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6196 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6196-1 [email protected] https://www.debian.org/securit...

[SECURITY] [DSA 6196-1] roundcube security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6196-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 04, 2026 https://www.debian.org/security/faq -...

SUSE CVE-2026-35537

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsafe deserialization in the redis/memcache session handler may lead to arbitrary file write operations by unauthenticated attackers via crafted session data...

CVE-2026-35543

A flaw was found in Roundcube Webmail. A remote attacker could bypass the remote image blocking feature by sending a specially crafted email that includes Scalable Vector Graphics SVG content with animation attributes. This vulnerability may lead to unauthorized information disclosure or an...

CVE-2026-35544

A flaw was found in Roundcube Webmail. Insufficient sanitization of Cascading Style Sheets CSS in HTML email messages allows a remote attacker to bypass fixed-position mitigations. This can lead to a bypass of security controls designed to prevent certain types of attacks...

CVE-2026-35545

A flaw was found in Roundcube Webmail. A remote attacker could bypass the remote image blocking feature by sending a specially crafted e-mail message containing SVG Scalable Vector Graphics content. This bypass may lead to information disclosure or an access-control bypass, allowing the attacker ...

CVE-2026-35542

A flaw was found in Roundcube Webmail. A remote attacker could bypass the remote image blocking feature by sending a specially crafted email containing a malicious background attribute within a BODY element. This vulnerability may lead to unauthorized information disclosure or an access-control...

CVE-2026-35539

A flaw was found in Roundcube Webmail. This cross-site scripting XSS vulnerability arises from insufficient sanitization of HTML attachments when viewed in preview mode. A remote attacker could send a specially crafted HTML attachment, which, if previewed by a victim, could lead to the execution ...

CVE-2026-35540

A flaw was found in Roundcube Webmail. Insufficient sanitization of Cascading Style Sheets CSS in HTML e-mail messages may allow a remote attacker to perform Server-Side Request Forgery SSRF or disclose sensitive information. This can occur if malicious stylesheet links within an e-mail point to...

CVE-2026-35538

A flaw was found in Roundcube Webmail. Unsanitized IMAP SEARCH command arguments can be exploited by an attacker during mail search. This vulnerability could lead to IMAP injection, allowing an attacker to execute arbitrary IMAP commands, or a Cross-Site Request Forgery CSRF bypass, enabling...

CVE-2026-35541

A flaw was found in Roundcube Webmail. Incorrect password comparison within the password plugin can lead to a type confusion vulnerability. This allows an attacker to change a user's password without needing to know the old password, potentially leading to unauthorized access to the user's webmai...

CVE-2026-35537

A flaw was found in Roundcube Webmail. Unauthenticated attackers can exploit an unsafe deserialization vulnerability in the redis/memcache session handler. This allows for arbitrary file write operations by crafting malicious session data. The primary impact is the ability to write files to the...

EUVD-2026-18575

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsafe deserialization in the redis/memcache session handler may lead to arbitrary file write operations by unauthenticated attackers via crafted session data...

EUVD-2026-18587

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via a crafted background attribute of a BODY element in an e-mail message. This may lead to information disclosure or access-control bypass...

EUVD-2026-18589

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via SVG content with animate attributes in an e-mail message. This may lead to information disclosure or access-control bypass...

EUVD-2026-18585

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Incorrect password comparison in the password plugin could lead to type confusion that allows a password change without knowing the old password...

EUVD-2026-18581

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. XSS exists because of insufficient HTML attachment sanitization in preview mode. A victim must preview a text/html attachment...

EUVD-2026-18579

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsanitized IMAP SEARCH command arguments could lead to IMAP injection or CSRF bypass during mail search...