2034 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-25916
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when Block remote images is used, does not block SVG feImage. CVE-2026-25916 Note that Nessus relies on t...
Exploit for CVE-2026-25916
CVE-2026-25916: Roundcube Webmail DOM XSS Exploit 📋 Exploi...
CVE-2026-25916
Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when "Block remote images" is used, does not block SVG feImage...
CVE-2026-25916
Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when "Block remote images" is used, does not block SVG feImage...
CVE-2026-25916
Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when "Block remote images" is used, does not block SVG feImage...
UBUNTU-CVE-2026-25916
Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when "Block remote images" is used, does not block SVG feImage...
CVE-2026-25916
Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when "Block remote images" is used, does not block SVG feImage...
CVE-2026-25916
CVE-2026-25916 affects Roundcube Webmail: versions prior to 1.5.13 and prior to 1.6.13 fail to block SVG feImage usage when “Block remote images” is enabled, enabling a DOM-based attack via SVG href/feImage that can bypass remote-image blocking. The exploit path described involves SVG handling wh...
CVE-2026-25916
Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when "Block remote images" is used, does not block SVG feImage...
CVE-2026-25916
Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when "Block remote images" is used, does not block SVG feImage...
Roundcube Webmail 安全漏洞
Roundcube Webmail is an open-source browser-based IMAP client developed by Roundcube. It supports address book management, information search, spelling checking, and more. Versions of Roundcube Webmail prior to 1.5.13, as well as versions 1.6 through 1.6.13, had security vulnerabilities. These...
📄 Roundcube Webmail SVG Tracking
Roundcube's HTML sanitizer doesn't treat SVG feImage href as an image source. Attackers can bypass remote image blocking to track email opens. Roundcube Webmail , , and , but not on . Its href went through the wrong code path and got allowed through. Attackers could track email opens even when...
FreeBSD : Roundcube -- Multiple vulnerabilities (f301a241-04d3-11f1-a38c-8447094a420f)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the f301a241-04d3-11f1-a38c-8447094a420f advisory. The Roundcube project reports: Unspecified CSS injection vulnerability. Remote image blocking bypass vi...
Roundcube -- Multiple vulnerabilities
The Roundcube project reports: Unspecified CSS injection vulnerability. Remote image blocking bypass via SVG content...
Exploit for Deserialization of Untrusted Data in Roundcube Webmail
CVE-2025-49113 Roundcube RCE PoC 🚀 Как запустить проект...
CVE-2018-19205
Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which makes it easier for attackers to obtain sensitive information, a related issue to CVE-2017-17688. This is associated with plugins/enigma/lib/enigmadrivergnupg.php...
CVE-2016-10846
cPanel before 11.54.0.4 allows arbitrary file-chown and file-chmod operations during Roundcube database conversions SEC-79...
CVE-2017-18416
cPanel before 67.9999.103 allows arbitrary file-overwrite operations during a Roundcube SQLite schema update SEC-303...
CVE-2017-18450
cPanel before 64.0.21 allows certain file-chmod operations via /scripts/convertroundcubemysql2sqlite SEC-255...
CVE-2019-12938
The Roundcube component of Analogic Poste.io 2.1.6 uses .htaccess to protect the logs/ folder, which is effective with the Apache HTTP Server but is ineffective with nginx. Attackers can read logs via the webmail/logs/sendmail URI...