Lucene search
K

2040 matches found

Nuclei
Nuclei
added yesterday1485 views

Roundcube Webmail - Remote Code Execution

Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization. id: CVE-2025-49113 info: name: Roundcube Webmail - Remote...

9.9CVSS7.5AI score0.94741EPSS
Exploits29References8
Nuclei
Nuclei
added 3 days ago19 views

Roundcube Webmail - Cross-Site Scripting

A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in messagebody in program/actions/mail/show.php. id: CVE-2024-42009 info: name:...

9.3CVSS7.1AI score0.83387EPSS
Exploits6References3
Nuclei
Nuclei
added 3 days ago68 views

Roundcube Webmail - Command Injection

Roundcube Webmail before 1.4.4 contains a command injection caused by shell metacharacters in configuration settings for imconvertpath or imidentifypath, letting attackers execute arbitrary code, exploit requires attacker to control configuration settings. id: CVE-2020-12641 info: name: Roundcube...

9.8CVSS7.3AI score0.84456EPSS
Exploits1References5
Circl
Circl
added 4 days ago8 views

CVE-2025-42009

creationtimestamp| type| source ---|---|--- 2026-07-10 20:15:07+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/vulnerability-impacting-roundcube-webmail-cve-2025-49113...

6.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 5 days ago8 views

PT-2026-57342

Name of the Vulnerable Software and Affected Versions RoundCube versions prior to 1.7 Description A stored cross-site scripting XSS flaw exists where an unescaped attachment MIME type is displayed on the attachment-validation warning page. An attacker can craft a malicious MIME type string that,...

4.7CVSS6.1AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 5 days ago10 views

PT-2026-56922

Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions prior to 1.6.17 Roundcube Webmail versions prior to 1.7.2 Description Stored Cross-Site Scripting XSS occurs via a crafted plain-text email message. This allows attacker-controlled JavaScript to execute within the...

7.2CVSS6.2AI score
Exploits0References4
The Hacker News
The Hacker News
added 2026/07/07 9:10 a.m.11 views

Suspected China-Aligned Hackers Exploit Roundcube Flaws Against Universities

A suspected China-aligned threat activity cluster has been observed exploiting Roundcube webmail software belonging to physics and engineering departments of U.S. and Canadian universities as part of a new campaign. The activity involves the exploitation of now-patched, critical security flaws in...

9.3CVSS8.2AI score0.83387EPSS
Exploits6
Tenable Nessus
Tenable Nessus
added 2026/07/06 12:0 a.m.5 views

FreeBSD : Roundcube -- Multiple vulnerabilities (d5578ba4-7889-11f1-b72c-8447094a420f)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the d5578ba4-7889-11f1-b72c-8447094a420f advisory. The Rouncube project reports: See links for more detail Tenable has extracted the preceding...

7.2CVSS6AI score
Exploits0References4
FreeBSD
FreeBSD
added 2026/07/05 12:0 a.m.7 views

Roundcube -- Multiple vulnerabilities

The Rouncube project reports: See links for more detail...

7.2CVSS5.9AI score
Exploits0References1
NVD
NVD
added 2026/07/01 4:16 p.m.17 views

CVE-2026-57517

Control Web Panel before 0.9.8.1225 contains a blind SQL injection vulnerability that allows unauthenticated remote attackers to execute arbitrary SQL queries by submitting unsanitized input through the userRes POST parameter at the user endpoint. Attackers can exploit MySQL root privileges...

9.8CVSS0.00587EPSS
Exploits2References4
CVE
CVE
added 2026/07/01 3:11 p.m.59 views

CVE-2026-57517

Control Web Panel prior to version 0.9.8.1225 is affected by CVE-2026-57517, a blind SQL injection via the userRes POST parameter at the user endpoint. The vulnerability allows unauthenticated remote attackers to execute arbitrary SQL queries, potentially leveraging MySQL root privileges obtained...

9.8CVSS6.7AI score0.00587EPSS
Exploits2References4
ATTACKERKB
ATTACKERKB
added 2026/07/01 3:11 p.m.13 views

CVE-2026-57517

Control Web Panel before 0.9.8.1225 contains a blind SQL injection vulnerability that allows unauthenticated remote attackers to execute arbitrary SQL queries by submitting unsanitized input through the userRes POST parameter at the user endpoint. Attackers can exploit MySQL root privileges...

9.8CVSS6.7AI score0.00587EPSS
Exploits2References4
GithubExploit
GithubExploit
added 2026/06/15 6:43 a.m.131 views

Exploit for CVE-2026-48849

CVE-2026-48849 - Stored XSS, HTML Injection & CSS Injection in...

4.4CVSS5.6AI score0.00239EPSS
Exploits1
OPENSUSE Linux
OPENSUSE Linux
added 2026/06/12 12:0 a.m.6 views

Security update for roundcubemail (important)

openSUSE Security Update: Security update for roundcubemail Announcement ID: openSUSE-SU-2026:0183-1 Rating: important References: 1266329 1266331 1266332 1266333 1266334 1266335 1266336 1266337 Cross-References: CVE-2026-48842 CVE-2026-48843 CVE-2026-48844 CVE-2026-48845 CVE-2026-48846...

8.1CVSS5.9AI score0.00764EPSS
Exploits1References8
OSV
OSV
added 2026/06/11 1:40 a.m.12 views

MGASA-2026-0194 Updated roundcubemail packages fix security vulnerabilities

Multiple security vulnerabilities were discovered in RoundCube Webmail, which could result in cross-site scripting, SQL injection, SSRF bypass, information disclosure, denial of service or code injection...

8.1CVSS5.5AI score0.00764EPSS
Exploits1References6
Mageia
Mageia
added 2026/06/11 1:40 a.m.15 views

Updated roundcubemail packages fix security vulnerabilities

Multiple security vulnerabilities were discovered in RoundCube Webmail, which could result in cross-site scripting, SQL injection, SSRF bypass, information disclosure, denial of service or code injection...

8.1CVSS5.6AI score0.00764EPSS
Exploits1References5
Fedora
Fedora
added 2026/06/04 1:36 a.m.14 views

[SECURITY] Fedora 43 Update: roundcubemail-1.6.16-1.fc43

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

8.1CVSS5.8AI score0.00764EPSS
Exploits1
Fedora
Fedora
added 2026/06/03 12:52 a.m.14 views

[SECURITY] Fedora 44 Update: roundcubemail-1.7.1-1.fc44

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

8.1CVSS5.8AI score0.00764EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.54 views

Fedora 44 : roundcubemail (2026-2b956d89d3)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-2b956d89d3 advisory. Release 1.7.1 - Enigma: Support automatic public key lookup import using HKP v1 protocol 5314 - Managesieve: Fix error when a mail message contains...

8.1CVSS6AI score0.00764EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2026/06/02 12:0 a.m.12 views

openSUSE 16 Security Update : roundcubemail (openSUSE-SU-2026:20852-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20852-1 advisory. Changes in roundcubemail: - update to 1.6.16 - Fix potential too long value in IMAP ID command 10136 - Security: Fix stored XSS/HTML/CSS injecti...

8.1CVSS6AI score0.00764EPSS
Exploits1References24
Rows per page
Query Builder