Lucene search
K

6 matches found

OSV
OSV
added 2026/05/25 8:16 p.m.10 views

UBUNTU-CVE-2026-48848

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7 has insufficient HTML sanitization that could lead to Cascading Style Sheets CSS injection via an SVG document that has an animate element with the attributeName attribute...

7.2CVSS5.8AI score0.00388EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/05/25 7:27 p.m.8 views

CVE-2026-48848

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7 has insufficient HTML sanitization that could lead to Cascading Style Sheets CSS injection via an SVG document that has an animate element with the attributeName attribute...

7.2CVSS5.8AI score0.00388EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/04/03 5:16 a.m.5 views

CVE-2026-35545

An issue was discovered in Roundcube Webmail before 1.5.15 and 1.6.15. The remote image blocking feature can be bypassed via SVG content in an e-mail message. This may lead to information disclosure or access-control bypass. This involves the animate element with attributeName=fill/filter/stroke...

8.2CVSS5.8AI score0.00329EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/04/03 4:2 a.m.2 views

CVE-2026-35545

An issue was discovered in Roundcube Webmail before 1.5.15 and 1.6.15. The remote image blocking feature can be bypassed via SVG content in an e-mail message. This may lead to information disclosure or access-control bypass. This involves the animate element with attributeName=fill/filter/stroke...

5.3CVSS5.9AI score0.00329EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/04/03 4:2 a.m.5 views

CVE-2026-35545

An issue was discovered in Roundcube Webmail before 1.5.15 and 1.6.15. The remote image blocking feature can be bypassed via SVG content in an e-mail message. This may lead to information disclosure or access-control bypass. This involves the animate element with attributeName=fill/filter/stroke...

5.3CVSS5.9AI score0.00329EPSS
Exploits0References8Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 5:33 a.m.5 views

SUSE CVE-2013-6654

The SVGAnimateElement::calculateAnimatedValue function in core/svg/SVGAnimateElement.cpp in Blink, as used in Google Chrome before 33.0.1750.117, does not properly handle unexpected data types, which allows remote attackers to cause a denial of service incorrect cast or possibly have unspecified...

7.5CVSS9.5AI score0.0131EPSS
Exploits1References3
Rows per page
Query Builder