Lucene search
K

4244 matches found

Nuclei
Nuclei
added yesterday59 views

IceWarp WebMail Server <=11.4.4.1 - Cross-Site Scripting

IceWarp Webmail Server through 11.4.4.1 contains a cross-site scripting vulnerability in the /webmail/ color parameter. id: CVE-2020-8512 info: name: IceWarp WebMail Server =11.4.4.2 or apply the vendor-provided patch to mitigate the vulnerability. reference: -...

6.1CVSS6.4AI score0.14834EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday44 views

Axigen WebMail - Cross-Site Scripting

Axigen WebMail versions 10.5.0-4370c946 and older are vulnerable to reflected XSS via the m parameter in the /index.hsp endpoint. id: CVE-2022-31470 info: name: Axigen WebMail - Cross-Site Scripting author: AmirZargham severity: medium description: | Axigen WebMail versions 10.5.0-4370c946 and...

6.1CVSS6.4AI score0.52088EPSS
Exploits4References3
Nuclei
Nuclei
added yesterday27 views

IceWarp Webmail Server v10.2.1 - Cross Site Scripting

Icewarp Icearp v10.2.1 was discovered to contain a cross-site scripting XSS vulnerability via the color parameter. id: CVE-2023-37728 info: name: IceWarp Webmail Server v10.2.1 - Cross Site Scripting author: technicaljunkie,r3Y3r53 severity: medium description: | Icewarp Icearp v10.2.1 was...

6.1CVSS6.4AI score0.01116EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday53 views

Lotus Domino R5 and R6 WebMail - Information Disclosure

Lotus Domino R5 and R6 WebMail with 'Generate HTML for all fields' enabled which is by default allows remote attackers to read the HTML source to obtain sensitive information including the password hash in the HTTPPassword field, the password change date in the HTTPPasswordChangeDate field, and t...

5CVSS6.1AI score0.73635EPSS
Exploits11References5
Nuclei
Nuclei
added yesterday19 views

Roundcube Webmail - Cross-Site Scripting

A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in messagebody in program/actions/mail/show.php. id: CVE-2024-42009 info: name:...

9.3CVSS7.1AI score0.84446EPSS
Exploits6References3
Nuclei
Nuclei
added yesterday99 views

Axigen WebMail - Cross-Site Scripting

Cross Site Scripting XSS vulnerability in Axigen versions 10.3.3.0 before 10.3.3.59, 10.4.0 before 10.4.19, and 10.5.0 before 10.5.5, allows authenticated attackers to execute arbitrary code and obtain sensitive information via the logic for switching between the Standard and Ajax versions. id:...

5.4CVSS6.4AI score0.0109EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2 days ago3 views

CVE-2026-54433

A flaw was found in Roundcube Webmail. A remote attacker could exploit a Stored Cross-Site Scripting XSS vulnerability by sending a specially crafted plain-text email message. When the victim opens or previews this message, attacker-controlled JavaScript executes within their authenticated sessio...

7.2CVSS6.2AI score0.00276EPSS
Exploits0References2
NVD
NVD
added 2 days ago3 views

CVE-2026-54433

In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, there is Stored Cross-Site Scripting XSS via a crafted plain-text email message. The attacker-controlled JavaScript executes within the victim's authenticated session simply by opening or previewing the message zero-click...

7.2CVSS0.00276EPSS
Exploits0References1
NVD
NVD
added 2 days ago4 views

CVE-2026-54432

Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2 allows Stored Cross-Site Scripting XSS. The issue occurs because the attachment MIME type is not properly escaped on the attachment-validation warning page...

4.7CVSS0.00206EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago25 views

CVE-2026-54432

Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2 allows Stored Cross-Site Scripting XSS. The issue occurs because the attachment MIME type is not properly escaped on the attachment-validation warning page...

4.7CVSS0.00206EPSS
Exploits0References1
CVE
CVE
added 2 days ago32 views

CVE-2026-54432

Roundcube Webmail affected: versions before 1.6.17 and 1.7.x before 1.7.2 are vulnerable to a Stored XSS flaw. Root cause: the attachment MIME type is not properly escaped on the attachment-validation warning page, enabling script execution within a victim’s session when an email is viewed. Affec...

4.7CVSS6.1AI score0.00206EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago26 views

CVE-2026-54433

In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, there is Stored Cross-Site Scripting XSS via a crafted plain-text email message. The attacker-controlled JavaScript executes within the victim's authenticated session simply by opening or previewing the message zero-click...

7.2CVSS0.00276EPSS
Exploits0References1
CVE
CVE
added 2 days ago10 views

CVE-2026-62644

This CVE (CVE-2026-62644) affects Roundcube Webmail prior to 1.6.17 and 1.7.x prior to 1.7.2. The vulnerability lies in the password plugin, where session data usability allowed username spoofing, potentially enabling account takeover. The bases of impact are high for confidentiality and integrit...

6.4CVSS6.1AI score0.00239EPSS
Exploits0References7
CVE
CVE
added 2 days ago10 views

CVE-2026-62643

Roundcube Webmail is affected prior to 1.6.17 and 1.7.x prior to 1.7.2 by CSS sanitization weaknesses in HTML email rendering. The insufficient CSS sanitization can enable SSRF or Information Disclosure, e.g., when stylesheet links reference local network hosts. Root cause notes indicate this ste...

7.2CVSS6.1AI score0.00224EPSS
Exploits0References5
CVE
CVE
added 2 days ago7 views

CVE-2026-62642

The data identifies Roundcube Webmail as affected. Vulnerable component: the TNEF decoder, with an infinite loop leading to denial of service when opening emails containing TNEF attachments. Affected versions are Roundcube Webmail before 1.6.17 and before 1.7.2 (1.7.x). Remediation: upgrade to Ro...

4.3CVSS6.1AI score0.0026EPSS
Exploits0References7
CVE
CVE
added 2 days ago8 views

CVE-2026-62641

CVE-2026-62641 affects Roundcube Webmail, where the TNEF decoder is vulnerable to denial of service when handling a crafted compressed-RTF size. The issue exists in Roundcube Webmail before 1.6.17 and in 1.7.x before 1.7.2. According to the sources, upgrading to Roundcube Webmail 1.6.17 or 1.7.2 ...

4.3CVSS6.1AI score0.00234EPSS
Exploits0References5
Nuclei
Nuclei
added 2 days ago17 views

Zimbra Collaboration - Cross-Site Scripting (XSS)

An issue was discovered in Zimbra Collaboration ZCS 9.0 and 10.0. A Cross-Site Scripting XSS vulnerability exists in the CalendarInvite feature of the Zimbra webmail classic user interface, because of improper input validation in the handling of the calendar header. An attacker can exploit this v...

6.1CVSS6.8AI score0.19543EPSS
Exploits1References3
Nuclei
Nuclei
added 3 days ago1502 views

Roundcube Webmail - Remote Code Execution

Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization. id: CVE-2025-49113 info: name: Roundcube Webmail - Remote...

9.9CVSS7.5AI score0.94741EPSS
Exploits29References8
Nuclei
Nuclei
added 5 days ago68 views

Roundcube Webmail - Command Injection

Roundcube Webmail before 1.4.4 contains a command injection caused by shell metacharacters in configuration settings for imconvertpath or imidentifypath, letting attackers execute arbitrary code, exploit requires attacker to control configuration settings. id: CVE-2020-12641 info: name: Roundcube...

9.8CVSS7.3AI score0.84456EPSS
Exploits1References5
Circl
Circl
added 6 days ago8 views

CVE-2025-42009

creationtimestamp| type| source ---|---|--- 2026-07-10 20:15:07+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/vulnerability-impacting-roundcube-webmail-cve-2025-49113...

6.1AI score
Exploits0References1
Rows per page
Query Builder