214 matches found
Improper Access Control
@astrojs/netlify is vulnerable to Improper Access Control. The vulnerability is due to overly permissive conversion of Astro image.remotePatterns into Netlify Image CDN regular expressions, which allows an attacker to bypass intended hostname and pathname restrictions and access unintended remote...
Security update for roundcubemail (important)
openSUSE Security Update: Security update for roundcubemail Announcement ID: openSUSE-SU-2026:0183-1 Rating: important References: 1266329 1266331 1266332 1266333 1266334 1266335 1266336 1266337 Cross-References: CVE-2026-48842 CVE-2026-48843 CVE-2026-48844 CVE-2026-48845 CVE-2026-48846...
WWBN AVideo 安全漏洞
WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to version 29 contain security vulnerabilities. These vulnerabilities allow unauthorized remote attackers to read arbitrary image files on a disk that can be accessed by PHP...
[SECURITY] [DLA 4604-1] roundcube security update
Debian LTS Advisory DLA-4604-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin May 28, 2026 https://wiki.debian.org/LTS Package : roundcube Version : 1.4.15+dfsg.1-1+deb11u9 CVE ID : CVE-2026-48842 CVE-2026-48843 CVE-2026-48844 CVE-2026-48845 CVE-2026-48846...
CVE-2026-43936
Summary: CVE-2026-43936 affects the e107 content management system (CMS). Before version 2.3.4, an SSRF flaw in the remote file fetcher can be triggered via the Image/File URL field in Media Manager’s From a remote location, allowing access to local environment resources. The issue is fixed in 2....
CVE-2026-43936
e107 is a content management system CMS. Prior to 2.3.4, you can access the local environment by specifying the URL of the local environment from "Image/File URL:" of "From a remote location" in "Media Manager" on the administrator screen. This vulnerability is fixed in 2.3.4...
DEBIAN-CVE-2026-48846
In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, the remote image blocking feature can be bypassed via a crafted CSS var value in an e-mail message, which may lead to information disclosure or access-control bypass...
CVE-2026-48846
In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, the remote image blocking feature can be bypassed via a crafted CSS var value in an e-mail message, which may lead to information disclosure or access-control bypass...
CVE-2026-48845
In Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16 and 1.7.x before 1.7.1, remote image blocking was not honored for URLs pointing to local/private destinations, which may lead to information disclosure or privilege escalation via a text/html email message...
CVE-2026-48846
In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, the remote image blocking feature can be bypassed via a crafted CSS var value in an e-mail message, which may lead to information disclosure or access-control bypass...
UBUNTU-CVE-2026-48846
In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, the remote image blocking feature can be bypassed via a crafted CSS var value in an e-mail message, which may lead to information disclosure or access-control bypass...
CVE-2026-48846
In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, the remote image blocking feature can be bypassed via a crafted CSS var value in an e-mail message, which may lead to information disclosure or access-control bypass...
CVE-2026-48846
In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, the remote image blocking feature can be bypassed via a crafted CSS var value in an e-mail message, which may lead to information disclosure or access-control bypass...
CVE-2026-48846
In Roundcube Webmail, versions 1.6.x before 1.6.16 and 1.7.x before 1.7.1 have a vulnerability where the remote image blocking feature can be bypassed by a crafted CSS var() value in an e-mail message. This may lead to information disclosure or an access-control bypass. Affected software: Roundcu...
CVE-2026-48846
In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, the remote image blocking feature can be bypassed via a crafted CSS var value in an e-mail message, which may lead to information disclosure or access-control bypass...
CVE-2026-48845
In Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16 and 1.7.x before 1.7.1, remote image blocking was not honored for URLs pointing to local/private destinations, which may lead to information disclosure or privilege escalation via a text/html email message...
CVE-2026-48845
In Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16 and 1.7.x before 1.7.1, remote image blocking was not honored for URLs pointing to local/private destinations, which may lead to information disclosure or privilege escalation via a text/html email message...
EUVD-2026-31720
In Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16 and 1.7.x before 1.7.1, remote image blocking was not honored for URLs pointing to local/private destinations, which may lead to information disclosure or privilege escalation via a text/html email message...
CVE-2026-48845
CVE-2026-48845 affects Roundcube Webmail 1.6.x (1.6.14–1.6.16) and 1.7.x before 1.7.1. The issue: remote image blocking is not honored for URLs to local/private destinations in text/html emails, enabling potential information disclosure or privilege escalation. Impact is described as information ...
PT-2026-43109
Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions 1.6.0 through 1.6.15 Roundcube Webmail versions 1.7.0 through 1.7.0 Description The remote image blocking feature can be bypassed using a crafted CSS var value within an e-mail message. This bypass may result in...