CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2031 matches found

OpenVAS•added 2025/12/17 12:0 a.m.•2 views

Roundcube Webmail Multiple Vulnerabilities (Dec 2025) - Windows

Roundcube Webmail is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:roundcube:webmail";...

7.5CVSS7.5AI score0.19769EPSS

Exploits1References3

OpenVAS•added 2025/12/17 12:0 a.m.•4 views

Roundcube Webmail Multiple Vulnerabilities (Dec 2025) - Linux

7.5CVSS7.5AI score0.19769EPSS

Exploits1References3

Tenable Nessus•added 2025/12/14 12:0 a.m.•4 views

FreeBSD : Roundcube -- Multiple vulnerabilities (3a59024c-d8cf-11f0-af8c-8447094a420f)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 3a59024c-d8cf-11f0-af8c-8447094a420f advisory. The Roundcube project reports: Cross-Site-Scripting vulnerability via SVGs animate tag Information...

5.6AI score

Exploits0References2

FreeBSD•added 2025/12/14 12:0 a.m.•7 views

Roundcube -- Multiple vulnerabilities

The Roundcube project reports: Cross-Site-Scripting vulnerability via SVG’s animate tag Information Disclosure vulnerability in the HTML style sanitizer...

6.9AI score

Exploits0References1

Positive Technologies•added 2025/12/13 12:0 a.m.•3 views

PT-2025-51991

Name of the Vulnerable Software and Affected Versions Roundcube versions prior to 1.5.12 Roundcube versions prior to 1.6.12 Description Roundcube Webmail contains a Cross-Site Scripting XSS issue stemming from the use of the animate tag within SVG documents. This allows attackers to execute...

7.5CVSS5.7AI score0.19769EPSS

Exploits3References86

Positive Technologies•added 2025/12/13 12:0 a.m.•3 views

PT-2025-51990

Name of the Vulnerable Software and Affected Versions Roundcube versions prior to 1.5.12 Roundcube versions prior to 1.6.12 Description An information disclosure issue exists in the HTML style sanitizer component of Roundcube Webmail. The issue could allow for the disclosure of information...

7.5CVSS5.9AI score0.00244EPSS

Exploits0References27

Hacker One•added 2025/11/27 8:51 p.m.•10 views

Nextcloud: Roundcube Webmail Style Sanitizer can be bypassed using CSS Character Escapes

A vulnerability was discovered in the style sanitizer of Roundcube Webmail that allowed bypassing the sanitizer using CSS character escapes. This enabled the use of arbitrary inline CSS, such as the url function, which could be used to retrieve the IP address and user agent of the person reading...

6.9AI score

Exploits0

Tenable Nessus•added 2025/11/20 12:0 a.m.•7 views

TencentOS Server 4: roundcubemail (TSSA-2025:0466)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0466 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

9.9CVSS7.8AI score0.89163EPSS

Exploits38References4