openSUSE 16 Security Update : roundcubemail (openSUSE-SU-2026:20323-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20323-1 advisory. Changes to roundcubemail: Update to 1.6.13: This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to...

OPENSUSE-SU-2026:20323-1 Security update for roundcubemail

This update for roundcubemail fixes the following issues: Changes to roundcubemail: Update to 1.6.13: This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to recently reported security vulnerabilities: + Fix CSS injection vulnerability reported by CERT Polsk...

Security update for roundcubemail (important)

openSUSE Security Update: Security update for roundcubemail Announcement ID: openSUSE-SU-2026:0070-1 Rating: important References: 1255306 1255308 1257909 1258052 Cross-References: CVE-2025-68460 CVE-2025-68461 CVE-2026-25916 CVE-2026-26079 CVSS scores: CVE-2026-26079 SUSE: 5.3...

Security update for roundcubemail (important)

openSUSE Security Update: Security update for roundcubemail Announcement ID: openSUSE-SU-2026:0071-1 Rating: important References: 1255306 1255308 1257909 1258052 Cross-References: CVE-2025-68460 CVE-2025-68461 CVE-2026-25916 CVE-2026-26079 CVSS scores: CVE-2026-26079 SUSE: 5.3...

CISA Adds Two Actively Exploited Roundcube Flaws to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Friday added two security flaws impacting Roundcube webmail software to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerabilities in question are listed below - CVE-2025-49113 CVSS...

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-49113link is external RoundCube Webmail Deserialization of Untrusted Data Vulnerability CVE-2025-68461link is external RoundCube Webmail Cross-site Scripti...

[SECURITY] Fedora 42 Update: roundcubemail-1.6.13-1.fc42

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

[SECURITY] Fedora 43 Update: roundcubemail-1.6.13-1.fc43

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

VulnCheck KEV: CVE-2025-68461

Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting XSS vulnerability via the animate tag in an SVG document...

RoundCube Webmail Cross-site Scripting Vulnerability

RoundCube Webmail contains a cross-site scripting vulnerability via the animate tag in an SVG document...

Fedora: Security Advisory (FEDORA-2026-d684b372f1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RoundCube Webmail Deserialization of Untrusted Data Vulnerability

RoundCube Webmail contains a deserialization of untrusted data vulnerability that allows remote code execution by authenticated users because the from parameter in a URL is not validated in program/actions/settings/upload.php...

Fedora 42 : roundcubemail (2026-d684b372f1)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-d684b372f1 advisory. Release 1.6.13 - Managesieve: Fix handling of string-list format values for date tests in Out of Office 10075 - Fix remote image blocking bypass via SVG...

Fedora 43 : roundcubemail (2026-547e298156)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-547e298156 advisory. Release 1.6.13 - Managesieve: Fix handling of string-list format values for date tests in Out of Office 10075 - Fix remote image blocking bypass via SVG...

[SECURITY] [DLA 4480-1] roundcube security update

Debian LTS Advisory DLA-4480-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin February 17, 2026 https://wiki.debian.org/LTS Package : roundcube Version : 1.4.15+dfsg.1-1+deb11u7 CVE ID : CVE-2026-25916 CVE-2026-26079 Debian Bug : 1127447 Vulnerabilities were...

[SECURITY] [DSA 6137-1] roundcube security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6137-1 [email protected] https://www.debian.org/security/ Sebastien Delafond February 17, 2026 https://www.debian.org/security/faq -...

DLA-4480-1 roundcube - security update

Bulletin has no description...

Debian: Security Advisory (DLA-4480-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian dla-4480 : roundcube - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4480 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4480-1 [email protected]...

Debian dsa-6137 : roundcube - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6137 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6137-1 [email protected]...