Security update for roundcubemail (important)

openSUSE security update: security update for roundcubemail ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20323-1 Rating: important References: bsc1255306 bsc1255308 bsc1257909 bsc1258052 Cross-References: CVE-2025-68460 CVE-2025-68461...

CVE-2026-26079

Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets CSS injection, e.g., because comments are mishandled...

CVE-2026-26079

Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets CSS injection, e.g., because comments are mishandled...

Roundcube Webmail 安全漏洞

Roundcube Webmail is an open-source browser-based IMAP client developed by Roundcube. It supports address book management, information search, spelling checking, and more. Versions of Roundcube Webmail prior to 1.5.13 and 1.6.13 had security vulnerabilities, which were caused by improper handling...

CVE-2026-26079

Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets CSS injection, e.g., because comments are mishandled...

CVE-2025-68475 Fedify has ReDoS Vulnerability in HTML Parsing Regex

Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.6.13, 1.7.14, 1.8.15, and 1.9.2, a Regular Expression Denial of Service ReDoS vulnerability exists in Fedify's document loader. The HTML parsing regex at...

CVE-2025-68475 Fedify has ReDoS Vulnerability in HTML Parsing Regex

Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.6.13, 1.7.14, 1.8.15, and 1.9.2, a Regular Expression Denial of Service ReDoS vulnerability exists in Fedify's document loader. The HTML parsing regex at...

CVE-2023-2833

The ReviewX plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.13 due to insufficient restriction on the 'rxsetscreenoptions' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their...

CVE-2025-31126 Element X iOS allows the entity in control of the well-known file to break the confidentiality of embedded Element Call

Element X iOS is a Matrix iOS Client provided by Element. In Element X iOS version between 1.6.13 and 25.03.7, the entity in control of the element.json well-known file is able, under certain conditions, to get access to the media encryption keys used for an Element Call call. This vulnerability ...

CVE-2025-22318

Missing Authorization vulnerability in enituretechnology Standard Box Sizes – for WooCommerce standard-box-sizes.This issue affects Standard Box Sizes – for WooCommerce: from n/a through = 1.6.13...

WordPress plugin Standard Box Sizes – for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress Standard Box Sizes plugin <= 1.6.13 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Standard Box Sizes – for WooCommerce versions = 1.6.13...

WordPress BoldGrid Easy SEO plugin <= 1.6.13 - Authenticated(Contributor+) Stored Cross-Site Scripting via Meta Description vulnerability

AuthenticatedContributor+ Stored Cross-Site Scripting via Meta Description vulnerability discovered by Webbernaut in WordPress Plugin BoldGrid Easy SEO versions = 1.6.13...

WordPress Plugin BoldGrid Easy SEO 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2024-18228 · Boldgrid · Boldgrid Easy Seo

Name of the Vulnerable Software and Affected Versions: BoldGrid Easy SEO plugin for WordPress versions up to, and including, 1.6.13 Description: The issue is related to Stored Cross-Site Scripting via the meta description field due to insufficient input sanitization and output escaping on...

CVE-2023-46853

In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \n is used instead of \r\n...

CVE-2023-2833

The ReviewX plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.13 due to insufficient restriction on the 'rxsetscreenoptions' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their...

PT-2023-21652 · WordPress · Reviewx

Name of the Vulnerable Software and Affected Versions: ReviewX plugin for WordPress versions up to, and including, 1.6.13 Description: The issue is related to privilege escalation due to insufficient restriction on the rx set screen options function. This allows authenticated attackers with minim...

WordPress plugin ReviewX 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress ReviewX Plugin <= 1.6.12 is vulnerable to SQL Injection

Software ReviewX Type Plugin Vulnerable versions = 1.6.12 Fixed in 1.6.13 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-26325 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 2483e29b3913 Credits Joshua Martinelle Required privilege Subscriber...