Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2031 matches found

Tenable Nessus
Tenable Nessusadded 2025/08/27 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2023-47272

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header used for attachment preview or download...

6.1CVSS5.8AI score0.00641EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2025/08/27 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2018-9846

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it's possible to exploit the unsanitized, user-controlled uid paramet...

8.8CVSS7.7AI score0.02289EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2025/08/27 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2021-46144

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML e-mail message with crafted Cascading Style Sheets CSS token sequences. CVE-2021-46144 Not...

6.1CVSS6.1AI score0.01045EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2025/08/25 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2018-19205

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which makes it easier for attackers to obtain sensitive information, a related issue ...

7.5CVSS6.2AI score0.05572EPSS
Exploits2References2
Tenable Nessus
Tenable Nessusadded 2025/08/25 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2017-6820

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rcubeutils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted Cascading Style Sheets CSS...

6.1CVSS6.5AI score0.01293EPSS
Exploits1References2
Tenable Nessus
Tenable Nessusadded 2025/08/25 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2016-4069

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site request forgery CSRF vulnerability in Roundcube Webmail before 1.1.5 allows remote attackers to hijack the authentication of users for requests that...

8.8CVSS7.8AI score0.02713EPSS
Exploits0References2
GithubExploit
GithubExploitadded 2025/08/24 8:37 a.m.439 views

Exploit for CVE-2025-49113

CVE-2025-49113 – Roundcube Remote Code Execution RCE PoC Th...

9.9CVSS10AI score0.89163EPSS
Exploits29
Tenable Nessus
Tenable Nessusadded 2025/08/24 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2016-9920

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not proper...

7.5CVSS7.7AI score0.05621EPSS
Exploits2References2
Tenable Nessus
Tenable Nessusadded 2025/08/24 12:0 a.m.1 views

Linux Distros Unpatched Vulnerability : CVE-2017-8114

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Roundcube Webmail allows arbitrary password resets by authenticated users. This affects versions before 1.0.11, 1.1.x before 1.1.9, and 1.2.x before 1.2.5. The...

8.8CVSS7.9AI score0.03471EPSS
Exploits1References2
Tenable Nessus
Tenable Nessusadded 2025/08/24 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2018-19206

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of , as demonstrated by an onload attribute in a BODY element, within an HTML attachment...

6.1CVSS6AI score0.60162EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2025/08/24 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2016-4068

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site scripting XSS vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML v...

6.1CVSS6.8AI score0.0267EPSS
Exploits0References2
GithubExploit
GithubExploitadded 2025/08/19 2:35 a.m.349 views

Exploit for CVE-2025-49113

CVE-2025-49113-Roundcube-RCE-PHP...

9.9CVSS7.2AI score0.89163EPSS
Exploits29
GithubExploit
GithubExploitadded 2025/08/18 5:6 p.m.287 views

Exploit for CVE-2025-49113

CVE-2025-49113 – Roundcube 1.6.10 Authenticated Remote Code Ex...

9.9CVSS10AI score0.89163EPSS
Exploits29
Tenable Nessus
Tenable Nessusadded 2025/08/18 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2024-42010

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - modcssstyles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 insufficiently filters Cascading Style Sheets CSS token sequences in rendered e-mail messages,...

7.5CVSS5.9AI score0.52529EPSS
Exploits1References2
Tenable Nessus
Tenable Nessusadded 2025/08/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2018-1000071

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - roundcube version 1.3.4 and earlier contains an Insecure Permissions vulnerability in enigma plugin that can result in exfiltration of gpg private key. This...

7.5CVSS7.2AI score0.0171EPSS
Exploits1References2
Tenable Nessus
Tenable Nessusadded 2025/08/18 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2019-10740

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The...

4.3CVSS6.4AI score0.00771EPSS
Exploits1References2
Tenable Nessus
Tenable Nessusadded 2025/08/18 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2023-5631

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of...

6.1CVSS6AI score0.70879EPSS
Exploits2References2
Tenable Nessus
Tenable Nessusadded 2025/08/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2024-37383

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes. CVE-2024-37383 Note that Nessus relies on the presence of the packa...

6.1CVSS6.3AI score0.73296EPSS
Exploits5References2
Tenable Nessus
Tenable Nessusadded 2025/08/06 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-49113

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the from parameter in a URL is not validated...

9.9CVSS9.9AI score0.89163EPSS
Exploits29References2
Gentoo Linux
Gentoo Linuxadded 2025/07/22 12:0 a.m.17 views

Roundcube: Multiple Vulnerabilities

Background Free and open source webmail software for the masses, written in PHP. Description Multiple vulnerabilities have been discovered in Roundcube. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround Ther...

9.8CVSS7.6AI score0.42908EPSS
Exploits1
Rows per page
Query Builder