CVE-2026-9818

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike

The Belarus-aligned threat group known as Ghostwriter has been attributed to a fresh set of attacks targeting governmental organizations in Ukraine. Active since at least 2016, Ghostwriter has been linked to both cyber espionage and influence operations targeting neighboring countries, particular...

ROS-20260507-73-0005

Vulnerability in roundcubemail related to lack of validation of received requests. Exploitation of the vulnerability could allow a remote attacker to disclose protected information...

CVE-2018-19205

Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which makes it easier for attackers to obtain sensitive information, a related issue to CVE-2017-17688. This is associated with plugins/enigma/lib/enigmadrivergnupg.php...

EUVD-2015-8666

Malware in sbrugna...

EUVD-2017-15874

Malware in sbrugna...

EUVD-2018-10914

Malware in sbrugna...

EUVD-2015-2288

Malware in sbrugna...

EUVD-2015-2287

Malware in sbrugna...

EUVD-2023-51402

Malicious code in bioql PyPI...

EUVD-2021-30884

Malicious code in bioql PyPI...

EUVD-2021-32844

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2017-6820

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rcubeutils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted Cascading Style Sheets CSS...

Exploit for CVE-2025-49113

CVE-2025-49113 – Roundcube Remote Code Execution RCE PoC Th...

Linux Distros Unpatched Vulnerability : CVE-2016-9920

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not proper...

Linux Distros Unpatched Vulnerability : CVE-2023-5631

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of...

July “In the Trend of VM” (#17): vulnerabilities in Microsoft Windows and Roundcube

July "In the Trend of VM" 17: vulnerabilities in Microsoft Windows and Roundcube. A traditional monthly roundup. This time, it's a very short one. Post on Habr rus Digest on the PT website rus Only three trending vulnerabilities: Remote Code Execution - Internet Shortcut Files CVE-2025-33053...

About Remote Code Execution – Roundcube (CVE-2025-49113) vulnerability

About Remote Code Execution - Roundcube CVE-2025-49113 vulnerability. Roundcube is a popular open-source webmail client IMAP. An authenticated attacker can exploit this vulnerability to execute arbitrary code on the Roundcube Webmail server. The issue is caused by the Deserialization of Untrusted...

Exploit for Cross-site Scripting in Roundcube Webmail

CVE-2024-42008 RoundCube XSS Exploit Overview This reposi...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 / 25.04 : Roundcube vulnerability (USN-7584-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 / 25.04 host has packages installed that are affected by a vulnerability as referenced in the USN-7584-1 advisory. It was discovered that Roundcube Webmail did not properly sanitize the from parameter in a URL,...