45 matches found
CVE-2026-35541
A flaw was found in Roundcube Webmail. Incorrect password comparison within the password plugin can lead to a type confusion vulnerability. This allows an attacker to change a user's password without needing to know the old password, potentially leading to unauthorized access to the user's webmai...
GHSA-46PV-MJ2G-93GH Roundcube Webmail: Incorrect password comparison in the password plugin
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Incorrect password comparison in the password plugin could lead to type confusion that allows a password change without knowing the old password...
EUVD-2026-18585
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Incorrect password comparison in the password plugin could lead to type confusion that allows a password change without knowing the old password...
Roundcube Webmail: Incorrect password comparison in the password plugin
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Incorrect password comparison in the password plugin could lead to type confusion that allows a password change without knowing the old password...
CVE-2026-35541
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Incorrect password comparison in the password plugin could lead to type confusion that allows a password change without knowing the old password...
UBUNTU-CVE-2026-35541
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Incorrect password comparison in the password plugin could lead to type confusion that allows a password change without knowing the old password...
CVE-2026-35541
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Incorrect password comparison in the password plugin could lead to type confusion that allows a password change without knowing the old password...
CVE-2026-35541
Roundcube Webmail is affected in versions prior to 1.5.14 and 1.6.14 due to an incorrect password comparison in the password plugin, which can cause a type confusion and allow changing a password without the old one. Mitigation: upgrade to the patched releases (1.5.14 or 1.6.14); refer to the ass...
CVE-2026-35541
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Incorrect password comparison in the password plugin could lead to type confusion that allows a password change without knowing the old password...
CVE-2026-35541
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Incorrect password comparison in the password plugin could lead to type confusion that allows a password change without knowing the old password...
PT-2026-29980
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Incorrect password comparison in the password plugin could lead to type confusion that allows a password change without knowing the old password...
Roundcube Webmail 安全漏洞
Roundcube Webmail is an open-source browser-based IMAP client developed by Roundcube. It supports address book management, information search, spelling checking, etc. Versions prior to 1.5.14 and 1.6.14 of Roundcube Webmail had security vulnerabilities. These vulnerabilities were caused by improp...
EUVD-2017-17076
Malware in sbrugna...
EUVD-2015-2287
Malware in sbrugna...
WordPress Access Category Password Plugin <= 1.5.1 is vulnerable to Cross Site Scripting (XSS)
Software Access Category Password Type Plugin Vulnerable versions = 1.5.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32535 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c844ee6de29c Credits Dimas Maulana Required...
CVE-2023-47665
Unauth. Reflected Cross-Site Scripting XSS vulnerability in edwardplainview Plainview Protect Passwords plugin = 1.4 versions...
SUSE CVE-2015-2181
Multiple buffer overflows in the DBMail driver in the Password plugin in Roundcube before 1.1.0 allow remote attackers to have unspecified impact via the 1 password or 2 username...
SUSE CVE-2015-2180
The DBMail driver in the Password plugin in Roundcube before 1.1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the password...
SUSE CVE-2017-8114
Roundcube Webmail allows arbitrary password resets by authenticated users. This affects versions before 1.0.11, 1.1.x before 1.1.9, and 1.2.x before 1.2.5. The problem is caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin...
PT-2022-19383 · Jenkins · Jenkins +1
Name of the Vulnerable Software and Affected Versions: Jenkins Mask Passwords Plugin versions 3.0 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability, which is exploitable by attackers with Item/Configure permission. This occurs because the plugin does no...