Lucene search
K

2034 matches found

Tenable Nessus
Tenable Nessus
added 2026/02/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-25916

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when Block remote images is used, does not block SVG feImage. CVE-2026-25916 Note that Nessus relies on t...

4.3CVSS5.9AI score0.00629EPSS
Exploits2References2
GithubExploit
GithubExploit
added 2026/02/09 10:17 a.m.227 views

Exploit for CVE-2026-25916

CVE-2026-25916: Roundcube Webmail DOM XSS Exploit 📋 Exploi...

4.3CVSS5.8AI score0.00629EPSS
Exploits2
OSV
OSV
added 2026/02/09 9:16 a.m.4 views

CVE-2026-25916

Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when "Block remote images" is used, does not block SVG feImage...

4.3CVSS5.5AI score
Exploits0References3
NVD
NVD
added 2026/02/09 9:16 a.m.9 views

CVE-2026-25916

Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when "Block remote images" is used, does not block SVG feImage...

4.3CVSS0.00629EPSS
Exploits2References3
UbuntuCve
UbuntuCve
added 2026/02/09 9:16 a.m.2 views

CVE-2026-25916

Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when "Block remote images" is used, does not block SVG feImage...

4.3CVSS5.8AI score0.00629EPSS
Exploits2References6
OSV
OSV
added 2026/02/09 9:16 a.m.4 views

UBUNTU-CVE-2026-25916

Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when "Block remote images" is used, does not block SVG feImage...

4.3CVSS5.8AI score0.00629EPSS
Exploits2References7
Cvelist
Cvelist
added 2026/02/09 8:14 a.m.30 views

CVE-2026-25916

Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when "Block remote images" is used, does not block SVG feImage...

4.3CVSS0.00629EPSS
Exploits2References3
CVE
CVE
added 2026/02/09 8:14 a.m.47 views

CVE-2026-25916

CVE-2026-25916 affects Roundcube Webmail: versions prior to 1.5.13 and prior to 1.6.13 fail to block SVG feImage usage when “Block remote images” is enabled, enabling a DOM-based attack via SVG href/feImage that can bypass remote-image blocking. The exploit path described involves SVG handling wh...

4.3CVSS5.5AI score0.00629EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2026/02/09 8:14 a.m.5 views

CVE-2026-25916

Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when "Block remote images" is used, does not block SVG feImage...

4.3CVSS5.5AI score0.00629EPSS
Exploits2References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/09 8:14 a.m.3 views

CVE-2026-25916

Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when "Block remote images" is used, does not block SVG feImage...

4.3CVSS5.5AI score0.00629EPSS
Exploits2References3
CNNVD
CNNVD
added 2026/02/09 12:0 a.m.6 views

Roundcube Webmail 安全漏洞

Roundcube Webmail is an open-source browser-based IMAP client developed by Roundcube. It supports address book management, information search, spelling checking, and more. Versions of Roundcube Webmail prior to 1.5.13, as well as versions 1.6 through 1.6.13, had security vulnerabilities. These...

4.3CVSS5.8AI score0.00629EPSS
Exploits2References5
Packet Storm
Packet Storm
added 2026/02/09 12:0 a.m.179 views

📄 Roundcube Webmail SVG Tracking

Roundcube's HTML sanitizer doesn't treat SVG feImage href as an image source. Attackers can bypass remote image blocking to track email opens. Roundcube Webmail , , and , but not on . Its href went through the wrong code path and got allowed through. Attackers could track email opens even when...

4.3CVSS5.6AI score0.00629EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2026/02/09 12:0 a.m.4 views

FreeBSD : Roundcube -- Multiple vulnerabilities (f301a241-04d3-11f1-a38c-8447094a420f)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the f301a241-04d3-11f1-a38c-8447094a420f advisory. The Roundcube project reports: Unspecified CSS injection vulnerability. Remote image blocking bypass vi...

5.6AI score
Exploits0References2
FreeBSD
FreeBSD
added 2026/02/08 12:0 a.m.7 views

Roundcube -- Multiple vulnerabilities

The Roundcube project reports: Unspecified CSS injection vulnerability. Remote image blocking bypass via SVG content...

5.3AI score
Exploits0References1
GithubExploit
GithubExploit
added 2026/02/04 6:1 p.m.154 views

Exploit for Deserialization of Untrusted Data in Roundcube Webmail

CVE-2025-49113 Roundcube RCE PoC 🚀 Как запустить проект...

9.9CVSS5.3AI score0.89462EPSS
Exploits29
RedhatCVE
RedhatCVE
added 2026/01/09 11:58 a.m.10 views

CVE-2018-19205

Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which makes it easier for attackers to obtain sensitive information, a related issue to CVE-2017-17688. This is associated with plugins/enigma/lib/enigmadrivergnupg.php...

7.5CVSS6.5AI score0.05572EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:10 a.m.8 views

CVE-2016-10846

cPanel before 11.54.0.4 allows arbitrary file-chown and file-chmod operations during Roundcube database conversions SEC-79...

8.5CVSS7.1AI score0.01325EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:33 a.m.7 views

CVE-2017-18416

cPanel before 67.9999.103 allows arbitrary file-overwrite operations during a Roundcube SQLite schema update SEC-303...

5.5CVSS7.1AI score0.00297EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:32 a.m.6 views

CVE-2017-18450

cPanel before 64.0.21 allows certain file-chmod operations via /scripts/convertroundcubemysql2sqlite SEC-255...

4.5CVSS7AI score0.00276EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:29 a.m.8 views

CVE-2019-12938

The Roundcube component of Analogic Poste.io 2.1.6 uses .htaccess to protect the logs/ folder, which is effective with the Apache HTTP Server but is ineffective with nginx. Attackers can read logs via the webmail/logs/sendmail URI...

4.3CVSS6.8AI score0.01006EPSS
Exploits1References1
Rows per page
Query Builder