2035 matches found
CVE-2026-48843
creationtimestamp| type| source ---|---|--- 2026-05-26 06:30:12+00:00| seen| https://www.acn.gov.it/portale/w/vulnerabilita-in-roundcube-webmail-3...
CVE-2026-48844
creationtimestamp| type| source ---|---|--- 2026-05-26 06:30:12+00:00| seen| https://www.acn.gov.it/portale/w/vulnerabilita-in-roundcube-webmail-3...
CVE-2026-48842
creationtimestamp| type| source ---|---|--- 2026-05-26 06:30:12+00:00| seen| https://www.acn.gov.it/portale/w/vulnerabilita-in-roundcube-webmail-3...
CVE-2026-48848
creationtimestamp| type| source ---|---|--- 2026-05-26 06:30:12+00:00| seen| https://www.acn.gov.it/portale/w/vulnerabilita-in-roundcube-webmail-3...
Linux Distros Unpatched Vulnerability : CVE-2026-48842
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuserquery plugin via a pregreplace backslash escape...
Linux Distros Unpatched Vulnerability : CVE-2026-48845
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16 and 1.7.x before 1.7.1, remote image blocking was not honored for URLs pointing to local/private...
Linux Distros Unpatched Vulnerability : CVE-2026-48846
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, the remote image blocking feature can be bypassed via a crafted CSS var value in an e-mail...
FreeBSD : Roundcube Webmail -- Multiple vulnerabilities (b8777bc2-5758-11f1-8607-8447094a420f)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the b8777bc2-5758-11f1-8607-8447094a420f advisory. The Roundcube Webmail project reports: See link for details. No CVE numbers available at the moment...
Linux Distros Unpatched Vulnerability : CVE-2026-48849
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, an unsanitized subject field in the draft restored value could lead to stored XSS/HTML/CSS...
Linux Distros Unpatched Vulnerability : CVE-2026-48847
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Roundcube Webmail 1.6.x before 1.6.16, and 1.7.x before 1.7.1 allows pre-authentication arbitrary file deletion via redis/memcache session poisoning bypass...
Linux Distros Unpatched Vulnerability : CVE-2026-48844
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has insecure code evaluation logic in LDAP the autovalues option that could lead to code injection...
CVE-2026-48847
Roundcube Webmail 1.6.x before 1.6.16, and 1.7.x before 1.7.1 allows pre-authentication arbitrary file deletion via redis/memcache session poisoning bypass...
CVE-2026-48848
Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7 has insufficient HTML sanitization that could lead to Cascading Style Sheets CSS injection via an SVG document that has an animate element with the attributeName attribute...
CVE-2026-48846
In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, the remote image blocking feature can be bypassed via a crafted CSS var value in an e-mail message, which may lead to information disclosure or access-control bypass...
CVE-2026-48845
In Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16 and 1.7.x before 1.7.1, remote image blocking was not honored for URLs pointing to local/private destinations, which may lead to information disclosure or privilege escalation via a text/html email message...
CVE-2026-48849
In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, an unsanitized subject field in the draft restored value could lead to stored XSS/HTML/CSS injection on shared mailboxes...
DEBIAN-CVE-2026-48848
Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7 has insufficient HTML sanitization that could lead to Cascading Style Sheets CSS injection via an SVG document that has an animate element with the attributeName attribute...
DEBIAN-CVE-2026-48846
In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, the remote image blocking feature can be bypassed via a crafted CSS var value in an e-mail message, which may lead to information disclosure or access-control bypass...
DEBIAN-CVE-2026-48847
Roundcube Webmail 1.6.x before 1.6.16, and 1.7.x before 1.7.1 allows pre-authentication arbitrary file deletion via redis/memcache session poisoning bypass...
DEBIAN-CVE-2026-48845
In Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16 and 1.7.x before 1.7.1, remote image blocking was not honored for URLs pointing to local/private destinations, which may lead to information disclosure or privilege escalation via a text/html email message...