Lucene search
K

4209 matches found

CNNVD
CNNVD
added 2026/05/25 12:0 a.m.13 views

Roundcube Webmail 跨站脚本漏洞

Roundcube Webmail is a browser-based open source IMAP client from Roundcube Open Source that supports address book management, message searching, spell checking, and more. A cross-site scripting vulnerability exists in Roundcube Webmail versions prior to 1.6.16 and prior to 1.7.1, which stems fro...

4.4CVSS5.7AI score0.00239EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.13 views

Roundcube Webmail 代码问题漏洞

Roundcube Webmail is a browser-based open source IMAP client from Roundcube Open Source that supports address book management, message searching, spell checking and more. A code issue vulnerability exists in Roundcube Webmail versions 1.6.x 1.6.14 through 1.6.16 and versions prior to 1.7.x 1.7.1,...

7.2CVSS5.8AI score0.00301EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.16 views

PT-2026-43110

Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions 1.6.x through 1.6.15 Roundcube Webmail versions 1.7.x through 1.7.0 Description An issue allows pre-authentication arbitrary file deletion through a session poisoning bypass when using redis or memcache. Session...

3.7CVSS5.9AI score0.00433EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.10 views

PT-2026-43108

Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions 1.6.14 through 1.6.16 Roundcube Webmail versions prior to 1.7.1 Description Remote image blocking is not honored for URLs pointing to local or private destinations. This issue can be triggered via a text/html email...

6.5CVSS5.8AI score0.00315EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2026/05/24 12:0 a.m.21 views

PT-2026-43107

Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions 1.6.x through 1.6.15 Roundcube Webmail versions 1.7.x through 1.7.0 Description Insecure code evaluation logic exists within the LDAP autovalues option, which could lead to code injection. Recommendations Update to...

7.5CVSS5.9AI score0.00414EPSS
Exploits0References20
Positive Technologies
Positive Technologies
added 2026/05/24 12:0 a.m.9 views

PT-2026-43105

Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions 1.6.x prior to 1.6.16 Roundcube Webmail versions 1.7.x prior to 1.7.1 Description A pre-authentication SQL injection exists in the virtuser query plugin. The issue stems from a backslash escape bypass within the preg...

8.1CVSS5.9AI score0.00764EPSS
Exploits0References36
FreeBSD
FreeBSD
added 2026/05/24 12:0 a.m.21 views

Roundcube Webmail -- Multiple vulnerabilities

The Roundcube Webmail project reports: See link for details. No CVE numbers available at the moment...

5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/24 12:0 a.m.21 views

PT-2026-43115

Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions 1.6.0 through 1.6.15 Roundcube Webmail versions 1.7.0 through 1.7.0 Description An unsanitized subject field in the draft restored value allows for stored Cross-Site Scripting XSS, HTML, and CSS injection on shared...

4.4CVSS5.8AI score0.00239EPSS
Exploits1References30
Wordfence Blog
Wordfence Blog
added 2026/05/20 10:4 p.m.9 views

How a Webmail Log File Became a Root-Level Backdoor

THREAT ANALYSIS May 2026 · Forensic Case Study A forensic breakdown of how an attacker turned CyberPanel's SnappyMail logging into a persistent webshell that survived every WordPress cleanup attempt. A WordPress site owner reported redirect malware on their site. They found that clicking anywhere...

6.2AI score
Exploits0
OSV
OSV
added 2026/05/13 7:17 p.m.4 views

DEBIAN-CVE-2026-8496

A cross-site scripting XSS vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript execution within the authenticated SOGo webmail session. The issue occurs because SVG content embedded in the description field of an ICS...

6.1CVSS6AI score0.00283EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/05/13 6:2 p.m.9 views

CVE-2026-8496

A cross-site scripting XSS vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript execution within the authenticated SOGo webmail session. The issue occurs because SVG content embedded in the description field of an ICS...

6.1CVSS6AI score0.00283EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.17 views

PT-2026-40764

Name of the Vulnerable Software and Affected Versions Alinto SOGo version 5.12.7 Description A cross-site scripting XSS issue exists where maliciously crafted ICS calendar invitation files allow arbitrary JavaScript execution within an authenticated webmail session. The problem arises because SVG...

6.1CVSS6.2AI score0.00283EPSS
Exploits0References23
RedhatCVE
RedhatCVE
added 2026/05/11 8:26 p.m.7 views

CVE-2026-44400

MailEnable Enterprise Premium 10.55 and earlier contains an improper authorization vulnerability in the WebAdmin mobile portal that allows attackers to bypass authentication checks by reusing AuthenticationToken cookies generated for low-privileged users. Attackers can obtain a token from the...

9.8CVSS5.8AI score0.0035EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/08 9:31 p.m.10 views

EUVD-2026-28827

MailEnable Enterprise Premium 10.55 and earlier contains an improper authorization vulnerability in the WebAdmin mobile portal that allows attackers to bypass authentication checks by reusing AuthenticationToken cookies generated for low-privileged users. Attackers can obtain a token from the...

8.7CVSS5.8AI score0.0035EPSS
Exploits0References3
NVD
NVD
added 2026/05/08 9:16 p.m.16 views

CVE-2026-44400

MailEnable Enterprise Premium 10.55 and earlier contains an improper authorization vulnerability in the WebAdmin mobile portal that allows attackers to bypass authentication checks by reusing AuthenticationToken cookies generated for low-privileged users. Attackers can obtain a token from the...

9.8CVSS0.0035EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/08 8:22 p.m.8 views

CVE-2026-44400 MailEnable Enterprise Premium < 10.55 Authorization Bypass via WebAdmin

MailEnable Enterprise Premium 10.55 and earlier contains an improper authorization vulnerability in the WebAdmin mobile portal that allows attackers to bypass authentication checks by reusing AuthenticationToken cookies generated for low-privileged users. Attackers can obtain a token from the...

8.7CVSS5.8AI score0.0035EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/08 8:22 p.m.11 views

CVE-2026-44400

MailEnable Enterprise Premium 10.55 and earlier contains an improper authorization vulnerability in the WebAdmin mobile portal that allows attackers to bypass authentication checks by reusing AuthenticationToken cookies generated for low-privileged users. Attackers can obtain a token from the...

8.7CVSS5.8AI score0.0035EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/08 8:22 p.m.46 views

CVE-2026-44400 MailEnable Enterprise Premium < 10.55 Authorization Bypass via WebAdmin

MailEnable Enterprise Premium 10.55 and earlier contains an improper authorization vulnerability in the WebAdmin mobile portal that allows attackers to bypass authentication checks by reusing AuthenticationToken cookies generated for low-privileged users. Attackers can obtain a token from the...

8.7CVSS0.0035EPSS
Exploits0References2
CVE
CVE
added 2026/05/08 8:22 p.m.33 views

CVE-2026-44400

Summary: CVE-2026-44400 affects MailEnable Enterprise Premium versions prior to 10.56 (notably 10.55 and earlier). The vulnerability is an improper authorization flaw in the WebAdmin mobile portal that lets an attacker bypass authentication by reusing AuthenticationToken cookies issued for low-pr...

9.8CVSS5.8AI score0.0035EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.13 views

PT-2026-39194

Name of the Vulnerable Software and Affected Versions MailEnable Enterprise Premium versions prior to 10.56 Description Improper authorization in the WebAdmin mobile portal allows attackers to bypass authentication checks by reusing AuthenticationToken cookies generated for low-privileged users. ...

9.8CVSS5.8AI score0.0035EPSS
Exploits0References5
Rows per page
Query Builder