38 matches found
CVE-2026-48843
Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16,and 1.7.x before 1.7.1 has Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts. The issue stems from an insufficient fix fo...
UBUNTU-CVE-2026-48843
Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16,and 1.7.x before 1.7.1 has Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts. The issue stems from an insufficient fix fo...
CVE-2026-48849
CVE-2026-48849 affects Roundcube Webmail 1.6.x (before 1.6.16) and 1.7.x (before 1.7.1). Affected component: draft restoration path where the draft’s subject field is unsanitized, enabling stored XSS/HTML/CSS injection on shared mailboxes. The issue arises from improper sanitization in the draft ...
CVE-2026-48849
In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, an unsanitized subject field in the draft restored value could lead to stored XSS/HTML/CSS injection on shared mailboxes...
EUVD-2026-31724
Roundcube Webmail 1.6.x before 1.6.16, and 1.7.x before 1.7.1 allows pre-authentication arbitrary file deletion via redis/memcache session poisoning bypass...
CVE-2026-48843
Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16,and 1.7.x before 1.7.1 has Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts. The issue stems from an insufficient fix fo...
EUVD-2026-31718
Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16,and 1.7.x before 1.7.1 has Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts. The issue stems from an insufficient fix fo...
PT-2026-43115
Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions 1.6.0 through 1.6.15 Roundcube Webmail versions 1.7.0 through 1.7.0 Description An unsanitized subject field in the draft restored value allows for stored Cross-Site Scripting XSS, HTML, and CSS injection on shared...
Apache Subversion Client SEoL (1.7.x)
According to its version, Apache Subversion Client is 1.7.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities. %NASLMINLEVEL...
Wings 后置链接漏洞
Wings is the server control interface for Pterodactyl Panel. A backlink vulnerability exists in Wings v1.7.x prior to v1.7.4, and v1.11.x prior to v1.11.4, which stems from the ability to recursively delete files and directories on the host system, which could be exploited by an attacker to...
PrestaShop 路径遍历漏洞
PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution offers multiple payment methods, short message alerts and product image scaling. A security vulnerability exists in Correos Prestashop version 1.7.x, which stems from the descargaetiqueta.php...
PT-2023-10228 · Overdrive Eletrônica · Course-Builder
Name of the Vulnerable Software and Affected Versions: Overdrive Eletrônica course-builder versions up to 1.7.x Description: A vulnerability was found in the course-builder, classified as problematic, affecting some unknown functionality of the file coursebuilder/modules/oeditor/oeditor.html. The...
CVE-2022-4637
A vulnerability classified as problematic has been found in ep3-bs up to 1.7.x. This affects an unknown part. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.8.0 is able to address this issue. The name of the patch is...
CVE-2022-4637 ep3-bs cross site scripting
A vulnerability classified as problematic has been found in ep3-bs up to 1.7.x. This affects an unknown part. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.8.0 is able to address this issue. The name of the patch is...
Kubernetes arbitrary file overwrite
In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files...
GHSA-2JQ6-FFPH-P4H8 Kubernetes arbitrary file overwrite
In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files...
GHSA-JJ23-FJ2V-M872 MoinMoin Improper Access Control vulnerability
MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603...
PT-2021-15388 · Argo Cd · Argo Cd
Name of the Vulnerable Software and Affected Versions: Argo CD versions 1.8.0 through 1.8.6 Argo CD versions 1.7.0 through 1.7.13 Description: The issue allows an attacker to cause leaked secret data into web UI error messages and logs due to exposure of system data to an unauthorized control...
VMware Harbor 1.7.x, 1.8.x < 1.8.6 / 1.9.x < 1.9.3
The version of VMware Harbor installed on the remote host is 1.7.x or 1.8.x prior to 1.8.6 or 1.9.x prior to 1.9.3. It is, therefore, affected multiple vulnerabilities, including the following: - A privilege escalation vulnerability that allows an authenticated, normal user to gain administrative...
Red Hat CoreOS Tectonic Cross-Site Scripting Vulnerability
Red Hat CoreOS Tectonic is an open source, automated enterprise Kubernetes platform from Red Hat. The platform is mainly used to automate the execution of operational tasks to achieve platform portability and multi-cluster management. A cross-site scripting vulnerability exists in Red Hat CoreOS...