Lucene search
K

2035 matches found

Cvelist
Cvelist
added 2026/05/28 12:16 p.m.31 views

CVE-2026-9818

...

Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/28 12:16 p.m.17 views

CVE-2026-9818

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

4.7CVSS5.7AI score
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/28 12:16 p.m.10 views

CVE-2026-9818

...

5.8AI score
Exploits0
EUVD
EUVD
added 2026/05/28 12:16 p.m.17 views

EUVD-2026-32893

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

4.7CVSS5.7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.19 views

PT-2026-44369

Roundcube's HTML sanitization path for message rendering allows loopback, localhost, RFC1918, link-local, and ULA URLs even when remote content loading is disabled. A remote attacker can send an HTML email that causes the victim's browser to issue requests to local or private-network services...

4.7CVSS5.8AI score
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/05/28 12:0 a.m.13 views

Debian dla-4604 : roundcube - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4604 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4604-1 [email protected]...

8.1CVSS6AI score0.00764EPSS
Exploits1References20
Tenable Nessus
Tenable Nessus
added 2026/05/28 12:0 a.m.11 views

Debian dsa-6301 : roundcube - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6301 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6301-1 [email protected]...

8.1CVSS5.7AI score0.00764EPSS
Exploits1References19
Debian
Debian
added 2026/05/27 9:1 p.m.42 views

[SECURITY] [DSA 6301-1] roundcube security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6301-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 27, 2026 https://www.debian.org/security/faq -...

8.1CVSS5.9AI score0.00764EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2026/05/27 10:57 a.m.19 views

SUSE CVE-2026-35540

An issue was discovered in Roundcube Webmail 1.6.0 before 1.6.14. Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts...

6.5CVSS5.8AI score0.0031EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/27 10:56 a.m.32 views

SUSE CVE-2026-48842

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuserquery plugin via a pregreplace backslash escape bypass...

8.1CVSS5.8AI score0.00764EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/27 10:56 a.m.15 views

SUSE CVE-2026-48843

Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16,and 1.7.x before 1.7.1 has Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts. The issue stems from an insufficient fix fo...

7.2CVSS5.8AI score0.00301EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/27 10:56 a.m.14 views

SUSE CVE-2026-48844

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has insecure code evaluation logic in LDAP the autovalues option that could lead to code injection. Support for code evaluation has been removed in 1.6.16 and 1.7.1...

7.5CVSS5.8AI score0.00414EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/27 10:56 a.m.13 views

SUSE CVE-2026-48845

In Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16 and 1.7.x before 1.7.1, remote image blocking was not honored for URLs pointing to local/private destinations, which may lead to information disclosure or privilege escalation via a text/html email message...

6.5CVSS5.8AI score0.00315EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/27 10:56 a.m.16 views

SUSE CVE-2026-48846

In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, the remote image blocking feature can be bypassed via a crafted CSS var value in an e-mail message, which may lead to information disclosure or access-control bypass...

6.5CVSS5.8AI score0.00339EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/27 10:56 a.m.16 views

SUSE CVE-2026-48847

Roundcube Webmail 1.6.x before 1.6.16, and 1.7.x before 1.7.1 allows pre-authentication arbitrary file deletion via redis/memcache session poisoning bypass...

3.7CVSS5.9AI score0.00433EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/27 10:56 a.m.13 views

SUSE CVE-2026-48848

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7 has insufficient HTML sanitization that could lead to Cascading Style Sheets CSS injection via an SVG document that has an animate element with the attributeName attribute...

7.2CVSS5.8AI score0.00388EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/27 10:56 a.m.17 views

SUSE CVE-2026-48849

In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, an unsanitized subject field in the draft restored value could lead to stored XSS/HTML/CSS injection on shared mailboxes...

4.4CVSS5.8AI score0.00239EPSS
Exploits1References3
OSV
OSV
added 2026/05/27 12:0 a.m.8 views

OPENSUSE-SU-2026:10869-1 roundcubemail-1.6.16-2.1 on GA media

These are all security issues fixed in the roundcubemail-1.6.16-2.1 package on the GA media of openSUSE Tumbleweed...

8.1CVSS5.8AI score0.00764EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.73 views

Linux Distros Unpatched Vulnerability : CVE-2026-48848

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7 has insufficient HTML sanitization that could lead to Cascading Style Sheets CSS injection via an SVG...

7.2CVSS5.8AI score0.00388EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.82 views

Linux Distros Unpatched Vulnerability : CVE-2026-48843

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16,and 1.7.x before 1.7.1 has Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may le...

7.2CVSS5.8AI score0.0031EPSS
Exploits0References2
Rows per page
Query Builder