Lucene search
K

4209 matches found

Cvelist
Cvelist
added 2026/05/25 7:23 p.m.22 views

CVE-2026-48847

Roundcube Webmail 1.6.x before 1.6.16, and 1.7.x before 1.7.1 allows pre-authentication arbitrary file deletion via redis/memcache session poisoning bypass...

3.7CVSS0.00433EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/25 7:23 p.m.11 views

CVE-2026-48847

Roundcube Webmail 1.6.x before 1.6.16, and 1.7.x before 1.7.1 allows pre-authentication arbitrary file deletion via redis/memcache session poisoning bypass...

3.7CVSS5.9AI score0.00433EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/05/25 7:23 p.m.10 views

CVE-2026-48847

Roundcube Webmail 1.6.x before 1.6.16, and 1.7.x before 1.7.1 allows pre-authentication arbitrary file deletion via redis/memcache session poisoning bypass...

3.7CVSS5.9AI score0.00433EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/25 7:21 p.m.22 views

CVE-2026-48846

In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, the remote image blocking feature can be bypassed via a crafted CSS var value in an e-mail message, which may lead to information disclosure or access-control bypass...

6.5CVSS0.00339EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/25 7:21 p.m.11 views

EUVD-2026-31725

In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, the remote image blocking feature can be bypassed via a crafted CSS var value in an e-mail message, which may lead to information disclosure or access-control bypass...

6.5CVSS5.8AI score0.00339EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/25 7:21 p.m.8 views

CVE-2026-48846

In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, the remote image blocking feature can be bypassed via a crafted CSS var value in an e-mail message, which may lead to information disclosure or access-control bypass...

6.5CVSS5.8AI score0.00339EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/25 7:21 p.m.9 views

CVE-2026-48846

In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, the remote image blocking feature can be bypassed via a crafted CSS var value in an e-mail message, which may lead to information disclosure or access-control bypass...

6.5CVSS5.8AI score0.00339EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/05/25 7:21 p.m.11 views

CVE-2026-48846

In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, the remote image blocking feature can be bypassed via a crafted CSS var value in an e-mail message, which may lead to information disclosure or access-control bypass...

6.5CVSS5.8AI score0.00339EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/25 7:18 p.m.21 views

CVE-2026-48845

In Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16 and 1.7.x before 1.7.1, remote image blocking was not honored for URLs pointing to local/private destinations, which may lead to information disclosure or privilege escalation via a text/html email message...

6.5CVSS0.00315EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/25 7:18 p.m.8 views

CVE-2026-48845

In Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16 and 1.7.x before 1.7.1, remote image blocking was not honored for URLs pointing to local/private destinations, which may lead to information disclosure or privilege escalation via a text/html email message...

6.5CVSS5.8AI score0.00315EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/05/25 7:18 p.m.15 views

EUVD-2026-31720

In Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16 and 1.7.x before 1.7.1, remote image blocking was not honored for URLs pointing to local/private destinations, which may lead to information disclosure or privilege escalation via a text/html email message...

6.5CVSS5.8AI score0.00315EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/25 7:18 p.m.9 views

CVE-2026-48845

In Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16 and 1.7.x before 1.7.1, remote image blocking was not honored for URLs pointing to local/private destinations, which may lead to information disclosure or privilege escalation via a text/html email message...

6.5CVSS5.8AI score0.00315EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/05/25 7:18 p.m.8 views

CVE-2026-48845

In Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16 and 1.7.x before 1.7.1, remote image blocking was not honored for URLs pointing to local/private destinations, which may lead to information disclosure or privilege escalation via a text/html email message...

6.5CVSS5.8AI score0.00315EPSS
Exploits0
CVE
CVE
added 2026/05/25 7:18 p.m.112 views

CVE-2026-48845

CVE-2026-48845 affects Roundcube Webmail 1.6.x (1.6.14–1.6.16) and 1.7.x before 1.7.1. The issue: remote image blocking is not honored for URLs to local/private destinations in text/html emails, enabling potential information disclosure or privilege escalation. Impact is described as information ...

6.5CVSS5.8AI score0.00315EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/25 7:14 p.m.7 views

CVE-2026-48844

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has insecure code evaluation logic in LDAP the autovalues option that could lead to code injection. Support for code evaluation has been removed in 1.6.16 and 1.7.1...

7.5CVSS5.8AI score0.00414EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/25 7:14 p.m.10 views

CVE-2026-48844

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has insecure code evaluation logic in LDAP the autovalues option that could lead to code injection. Support for code evaluation has been removed in 1.6.16 and 1.7.1...

7.5CVSS5.8AI score0.00414EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/25 7:14 p.m.11 views

EUVD-2026-31717

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has insecure code evaluation logic in LDAP the autovalues option that could lead to code injection. Support for code evaluation has been removed in 1.6.16 and 1.7.1...

7.5CVSS5.8AI score0.00414EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/25 7:14 p.m.24 views

CVE-2026-48844

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has insecure code evaluation logic in LDAP the autovalues option that could lead to code injection. Support for code evaluation has been removed in 1.6.16 and 1.7.1...

7.5CVSS0.00414EPSS
Exploits0References5
CVE
CVE
added 2026/05/25 7:14 p.m.125 views

CVE-2026-48844

Roundcube Webmail is affected: versions 1.6.x prior to 1.6.16 and 1.7.x prior to 1.7.1 expose insecure code evaluation logic in LDAP autovalues, enabling potential code injection. Root cause: the LDAP autovalues handling allows code evaluation where it should not. Impact is high (C, I, A all high...

7.5CVSS5.8AI score0.00414EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/05/25 7:14 p.m.7 views

CVE-2026-48844

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has insecure code evaluation logic in LDAP the autovalues option that could lead to code injection. Support for code evaluation has been removed in 1.6.16 and 1.7.1...

7.5CVSS5.8AI score0.00414EPSS
Exploits0
Rows per page
Query Builder