3 matches found
CVE-2026-26079
Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets CSS injection, e.g., because comments are mishandled...
Cube Core is vulnerable to Denial of Service (DoS) via crafted request
Impact It is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. Affected Versions: = 1.1.17 Mitigation: Upgrade to a patched version: - 1.5.13 and later regular release - 1.4.2 active LTS release References The issue was reported by...
CVE-2026-25957
CVE-2026-25957 affects Cube versions from 1.1.17 up to (but not including) 1.5.13 and 1.4.2, where a specially crafted request can make the entire Cube API unavailable. The issue is fixed in 1.5.13 and 1.4.2. Impact is availability disruption; no confidentiality or integrity impact is indicated. ...