Fedora 42 : roundcubemail (2025-70701de9de)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-70701de9de advisory. This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to recently reported security vulnerabilities: Fix Post-Auth RCE...

Roundcube Post-Auth RCE via PHP Object Deserialization

Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization. An attacker can execute arbitrary system commands as the...

MGASA-2025-0185 Updated roundcubemail packages fix security vulnerability

A Post-Auth RCE was announced and fixed in the latest release...

[SECURITY] Fedora 41 Update: roundcubemail-1.6.11-1.fc41

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

[SECURITY] Fedora 42 Update: roundcubemail-1.6.11-1.fc42

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

📄 Roundcube 1.6.10 Remote Code Execution

Roundcube Webmail versions prior to 1.5.10 and versions 1.6.x prior to 1.6.11 allow remote code execution by authenticated users because the from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP object deserialization. An attacker can execute arbitrary...

Fedora 41 : roundcubemail (2025-a5f56fe8ff)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-a5f56fe8ff advisory. This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to recently reported security vulnerabilities: Fix Post-Auth RCE...

Fedora: Security Advisory (FEDORA-2025-a5f56fe8ff)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2025-70701de9de)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Exploit for CVE-2025-49113

Roundcube RCE Exploit CVE-2025-49113 A fully functional pro...

CISA Adds Erlang SSH and Roundcube Flaws to Known Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added two critical security flaws impacting Erlang/Open Telecom Platform OTP SSH and Roundcube to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The vulnerabilities in question are...

PT-2025-24633 · Undefined · Undefined

CISA has just added three new vulnerabilities to its Known Exploited Vulnerabilities KEV catalog: Erlang OTP CVE-2024-39992 OpenSSH CVE-2024-39993 Roundcube Webmail CVE-2024-39994 These vulnerabilities are actively being exploited in the wild and must be patched by June 25, 2025, as per Binding...

PT-2025-24632 · Undefined · Undefined

CISA has just added three new vulnerabilities to its Known Exploited Vulnerabilities KEV catalog: Erlang OTP CVE-2024-39992 OpenSSH CVE-2024-39993 Roundcube Webmail CVE-2024-39994 These vulnerabilities are actively being exploited in the wild and must be patched by June 25, 2025, as per Binding...

[SECURITY] [DLA 4211-1] roundcube security update

Debian LTS Advisory DLA-4211-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin June 09, 2025 https://wiki.debian.org/LTS Package : roundcube Version : 1.4.15+dfsg.1-1+deb11u5 CVE ID : CVE-2025-49113 Debian Bug : 1107073 Kirill Firsov discovered that Roundcube, a...

Debian dla-4211 : roundcube - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4211 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4211-1 [email protected] https://www.debian.org/lts/security/...

DLA-4211-1 roundcube - security update

Bulletin has no description...

RoundCube Webmail Cross-Site Scripting Vulnerability

RoundCube Webmail contains a cross-site scripting vulnerability. This vulnerability could allow a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in messagebody in program/actions/mail/show.php...

Debian: Security Advisory (DLA-4211-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Exploit for CVE-2025-49113

CVE-2025-49113 - Roundcube Remote Code Execution A proof-of-c...

Roundcube Webmail Deserialization Vulnerability

RoundCube Webmail is a browser-based open source multi-language IMAP client , using PHP + Ajax development , to provide a desktop application-like interface and complete mail management features . Roundcube Webmail has a deserialization vulnerability , the vulnerability stems from the...