CVE-2026-48849

CVE-2026-48849 affects Roundcube Webmail 1.6.x (before 1.6.16) and 1.7.x (before 1.7.1). Affected component: draft restoration path where the draft’s subject field is unsanitized, enabling stored XSS/HTML/CSS injection on shared mailboxes. The issue arises from improper sanitization in the draft ...

CVE-2026-48849

In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, an unsanitized subject field in the draft restored value could lead to stored XSS/HTML/CSS injection on shared mailboxes...

EUVD-2026-31724

Roundcube Webmail 1.6.x before 1.6.16, and 1.7.x before 1.7.1 allows pre-authentication arbitrary file deletion via redis/memcache session poisoning bypass...

PT-2026-43115

Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions 1.6.0 through 1.6.15 Roundcube Webmail versions 1.7.0 through 1.7.0 Description An unsanitized subject field in the draft restored value allows for stored Cross-Site Scripting XSS, HTML, and CSS injection on shared...

EUVD-2022-1966

Malicious code in bioql PyPI...

Roundcube Webmail 安全漏洞

Roundcube Webmail is an open source browser-based open source IMAP client from Roundcube that supports address book management, message searching, spell checking, and more. A security vulnerability exists in Roundcube Webmail version 1.5.7 and earlier and version 1.6.x prior to 1.6.8, which stems...

SUSE CVE-2024-37383

Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes...

Roundcube Webmail Security Vulnerability

Roundcube Webmail is an open source browser-based IMAP client that supports address book management, message searching, spell checking and more. A security vulnerability exists in Roundcube Webmail versions prior to 1.5.7, 1.6.x through 1.6.7, which originates from allowing cross-site scripting...

PT-2024-41052 · Unknown · Roundcube Webmail

Name of the Vulnerable Software and Affected Versions: Roundcube Webmail versions 1.6.x Description: The issue concerns several security problems, including cross-site scripting XSS vulnerabilities in handling SVG animate attributes and list columns from user preferences, as well as a command...

Security Advisory 0091

Security Advisory 0091 . CSAF PDF Date: February 20, 2024 Revision | Date | Changes ---|---|--- 1.0 | February 20, 2024 | Initial release The CVE-ID tracking this issue: CVE-2023-6068 CVSSv3.1 Base Score: 3.1 AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N Common Weakness Enumeration: CWE-283 Improper Access...

Joomla! 1.6.x < 4.4.1 Information Disclosure

According to its self-reported version, the instance of Joomla! running on the remote web server is 1.6.x prior to 4.4.1 or 5.x prior to 5.0.1. It is, therefore, affected by an information disclosure vulnerability. The language file parsing process could be manipulated to expose environment...

PT-2023-32588 · Totvs · Totvs Fluig Platform

Name of the Vulnerable Software and Affected Versions: TOTVS Fluig Platform versions 1.6.x through 1.8.1 Description: A problematic issue was found in the TOTVS Fluig Platform, affecting some unknown functionality of the file /mobileredir/openApp.jsp of the component mobileredir. The manipulation...

SUSE CVE-2012-1594

epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.6.x before 1.6.6 allows remote attackers to cause a denial of service infinite loop via a crafted packet...

SUSE CVE-2016-5360

HAproxy 1.6.x before 1.6.6, when a deny comes from a reqdeny rule, allows remote attackers to cause a denial of service uninitialized memory access and crash or possibly have unspecified other impact via unknown vectors...

Kubernetes arbitrary file overwrite

In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files...

GHSA-2JQ6-FFPH-P4H8 Kubernetes arbitrary file overwrite

In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files...

CVE-2020-36247

Open OnDemand before 1.5.7 and 1.6.x before 1.6.22 allows CSRF...

Osc Open OnDemand Cross-Site Request Forgery Vulnerability

Osc Open OnDemand is an application from the US-based Osc Open Source organization. It provides a service for accessing HPC services. A cross-site request forgery vulnerability exists in Open OnDemand. The vulnerability arises from a WEB application that does not adequately validate that a reques...

PT-2023-6427

Name of the Vulnerable Software and Affected Versions Roundcube versions 1.4.15 and earlier, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 Description The issue allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube washtml.php behavior. This...

PYSEC-2019-224

Google TensorFlow 1.6.x and earlier is affected by: Null Pointer Dereference. The type of exploitation is: context-dependent...