Lucene search
K

10 matches found

EUVD
EUVD
added 2026/05/25 7:21 p.m.11 views

EUVD-2026-31725

In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, the remote image blocking feature can be bypassed via a crafted CSS var value in an e-mail message, which may lead to information disclosure or access-control bypass...

6.5CVSS5.8AI score0.00339EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/25 7:21 p.m.23 views

CVE-2026-48846

In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, the remote image blocking feature can be bypassed via a crafted CSS var value in an e-mail message, which may lead to information disclosure or access-control bypass...

6.5CVSS0.00339EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/25 7:18 p.m.9 views

CVE-2026-48845

In Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16 and 1.7.x before 1.7.1, remote image blocking was not honored for URLs pointing to local/private destinations, which may lead to information disclosure or privilege escalation via a text/html email message...

6.5CVSS5.8AI score0.00315EPSS
Exploits0References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/05 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-35542

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via a crafted background attribute of a...

5.3CVSS5.8AI score0.00402EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/03 3:6 p.m.5 views

CVE-2026-35543

A flaw was found in Roundcube Webmail. A remote attacker could bypass the remote image blocking feature by sending a specially crafted email that includes Scalable Vector Graphics SVG content with animation attributes. This vulnerability may lead to unauthorized information disclosure or an...

5.3CVSS5.9AI score0.00402EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/03 3:5 p.m.3 views

CVE-2026-35542

A flaw was found in Roundcube Webmail. A remote attacker could bypass the remote image blocking feature by sending a specially crafted email containing a malicious background attribute within a BODY element. This vulnerability may lead to unauthorized information disclosure or an access-control...

5.3CVSS5.9AI score0.00402EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/03 6:31 a.m.5 views

Roundcube: Bypass of remote image blocking via crafted BODY background attribute

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via a crafted background attribute of a BODY element in an e-mail message. This may lead to information disclosure or access-control bypass...

5.3CVSS5.9AI score0.00402EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2026/03/24 5:53 p.m.6 views

MGASA-2026-0065 Updated roundcubemail packages fix security vulnerabilities

Fix pre-auth arbitrary file write via unsafe deserialization in redis/memcache session handler, reported by y0us. Fix bug where a password could get changed without providing the old password, reported by flydragon777. Fix IMAP Injection + CSRF bypass in mail search, reported by Martila Security...

4.7CVSS6AI score0.00629EPSS
Exploits2References3
Mageia
Mageia
added 2026/03/24 5:53 p.m.15 views

Updated roundcubemail packages fix security vulnerabilities

Fix pre-auth arbitrary file write via unsafe deserialization in redis/memcache session handler, reported by y0us. Fix bug where a password could get changed without providing the old password, reported by flydragon777. Fix IMAP Injection + CSRF bypass in mail search, reported by Martila Security...

4.7CVSS6AI score0.00629EPSS
Exploits2References2
FreeBSD
FreeBSD
added 2026/03/18 12:0 a.m.18 views

Roundcube -- Multiple vulnerabilities

The Roundcube project reports: pre-auth arbitrary file write via unsafe deserialization in redis/memcache session handler password could get changed without providing the old password IMAP Injection + CSRF bypass in mail search remote image blocking bypass via various SVG animate attributes remot...

5.9AI score
Exploits0References1
Rows per page
Query Builder