EUVD-2026-18591

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to a fixed-position mitigation bypass via the use of !important...

EUVD-2026-18587

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via a crafted background attribute of a BODY element in an e-mail message. This may lead to information disclosure or access-control bypass...

Roundcube Webmail: Insufficient HTML attachment sanitization in preview mode

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. XSS exists because of insufficient HTML attachment sanitization in preview mode. A victim must preview a text/html attachment...

CVE-2026-35542

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via a crafted background attribute of a BODY element in an e-mail message. This may lead to information disclosure or access-control bypass...

CVE-2026-35539

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. XSS exists because of insufficient HTML attachment sanitization in preview mode. A victim must preview a text/html attachment...

PT-2026-29978

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. XSS exists because of insufficient HTML attachment sanitization in preview mode. A victim must preview a text/html attachment...

Roundcube Webmail 安全漏洞

Roundcube Webmail is an open-source browser-based IMAP client developed by Roundcube. It supports address book management, information search, spelling checking, and more. Versions of Roundcube Webmail prior to 1.5.14 and 1.6.14 contained security vulnerabilities. These vulnerabilities stemmed fr...

Roundcube Webmail 安全漏洞

Roundcube Webmail is an open-source browser-based IMAP client developed by Roundcube. It supports address book management, information search, spelling checking, and more. Versions of Roundcube Webmail prior to 1.5.14 and 1.6.14 contained security vulnerabilities. These vulnerabilities stemmed fr...

CVE-2025-62941

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in dFactory Events Maker by dFactory events-maker allows Stored XSS.This issue affects Events Maker by dFactory: from n/a through = 1.6.14...

PT-2023-22382 · Solive · Solive

Name of the Vulnerable Software and Affected Versions: SoLive versions 1.6.14 through 1.6.20 Description: The issue allows an attacker to inject a large amount of data into any SharedPreference file, which will be loaded into memory when the application is opened. This can cause the application t...

Loka Digital Media SoLive 安全漏洞

Loka Digital Media SoLive is a social platform from Loka Digital Media, Inc. A security vulnerability exists in Loka Digital Media SoLive versions 1.6.14 through 1.6.20, which originates from an attacker being able to inject a large amount of dirty data into any SharedPreference file, which will ...