Lucene search
K

2035 matches found

Circl
Circl
added 2026/05/26 6:30 a.m.10 views

CVE-2026-48843

creationtimestamp| type| source ---|---|--- 2026-05-26 06:30:12+00:00| seen| https://www.acn.gov.it/portale/w/vulnerabilita-in-roundcube-webmail-3...

7.2CVSS5.7AI score0.00301EPSS
Exploits0References1
Circl
Circl
added 2026/05/26 6:30 a.m.10 views

CVE-2026-48844

creationtimestamp| type| source ---|---|--- 2026-05-26 06:30:12+00:00| seen| https://www.acn.gov.it/portale/w/vulnerabilita-in-roundcube-webmail-3...

7.5CVSS5.7AI score0.00414EPSS
Exploits0References1
Circl
Circl
added 2026/05/26 6:30 a.m.12 views

CVE-2026-48842

creationtimestamp| type| source ---|---|--- 2026-05-26 06:30:12+00:00| seen| https://www.acn.gov.it/portale/w/vulnerabilita-in-roundcube-webmail-3...

8.1CVSS5.7AI score0.00764EPSS
Exploits0References1
Circl
Circl
added 2026/05/26 6:30 a.m.11 views

CVE-2026-48848

creationtimestamp| type| source ---|---|--- 2026-05-26 06:30:12+00:00| seen| https://www.acn.gov.it/portale/w/vulnerabilita-in-roundcube-webmail-3...

7.2CVSS5.7AI score0.00388EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/26 12:0 a.m.31 views

Linux Distros Unpatched Vulnerability : CVE-2026-48842

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuserquery plugin via a pregreplace backslash escape...

8.1CVSS5.9AI score0.00764EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/26 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-48845

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16 and 1.7.x before 1.7.1, remote image blocking was not honored for URLs pointing to local/private...

6.5CVSS5.8AI score0.00315EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/26 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-48846

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, the remote image blocking feature can be bypassed via a crafted CSS var value in an e-mail...

6.5CVSS5.8AI score0.00339EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/26 12:0 a.m.9 views

FreeBSD : Roundcube Webmail -- Multiple vulnerabilities (b8777bc2-5758-11f1-8607-8447094a420f)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the b8777bc2-5758-11f1-8607-8447094a420f advisory. The Roundcube Webmail project reports: See link for details. No CVE numbers available at the moment...

5.8AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/26 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-48849

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, an unsanitized subject field in the draft restored value could lead to stored XSS/HTML/CSS...

4.4CVSS5.4AI score0.00239EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/05/26 12:0 a.m.18 views

Linux Distros Unpatched Vulnerability : CVE-2026-48847

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Roundcube Webmail 1.6.x before 1.6.16, and 1.7.x before 1.7.1 allows pre-authentication arbitrary file deletion via redis/memcache session poisoning bypass...

3.7CVSS6AI score0.00433EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/26 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2026-48844

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has insecure code evaluation logic in LDAP the autovalues option that could lead to code injection...

7.5CVSS5.9AI score0.00414EPSS
Exploits0References2
NVD
NVD
added 2026/05/25 8:16 p.m.11 views

CVE-2026-48847

Roundcube Webmail 1.6.x before 1.6.16, and 1.7.x before 1.7.1 allows pre-authentication arbitrary file deletion via redis/memcache session poisoning bypass...

3.7CVSS0.00433EPSS
Exploits0References5
NVD
NVD
added 2026/05/25 8:16 p.m.12 views

CVE-2026-48848

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7 has insufficient HTML sanitization that could lead to Cascading Style Sheets CSS injection via an SVG document that has an animate element with the attributeName attribute...

7.2CVSS0.00388EPSS
Exploits0References5
NVD
NVD
added 2026/05/25 8:16 p.m.12 views

CVE-2026-48846

In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, the remote image blocking feature can be bypassed via a crafted CSS var value in an e-mail message, which may lead to information disclosure or access-control bypass...

6.5CVSS0.00339EPSS
Exploits0References5
NVD
NVD
added 2026/05/25 8:16 p.m.12 views

CVE-2026-48845

In Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16 and 1.7.x before 1.7.1, remote image blocking was not honored for URLs pointing to local/private destinations, which may lead to information disclosure or privilege escalation via a text/html email message...

6.5CVSS0.00315EPSS
Exploits0References5
NVD
NVD
added 2026/05/25 8:16 p.m.12 views

CVE-2026-48849

In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, an unsanitized subject field in the draft restored value could lead to stored XSS/HTML/CSS injection on shared mailboxes...

4.4CVSS0.00239EPSS
Exploits1References5
OSV
OSV
added 2026/05/25 8:16 p.m.11 views

DEBIAN-CVE-2026-48848

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7 has insufficient HTML sanitization that could lead to Cascading Style Sheets CSS injection via an SVG document that has an animate element with the attributeName attribute...

7.2CVSS5.8AI score0.00388EPSS
Exploits0References1
OSV
OSV
added 2026/05/25 8:16 p.m.8 views

DEBIAN-CVE-2026-48846

In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, the remote image blocking feature can be bypassed via a crafted CSS var value in an e-mail message, which may lead to information disclosure or access-control bypass...

6.5CVSS5.8AI score0.00339EPSS
Exploits0References1
OSV
OSV
added 2026/05/25 8:16 p.m.6 views

DEBIAN-CVE-2026-48847

Roundcube Webmail 1.6.x before 1.6.16, and 1.7.x before 1.7.1 allows pre-authentication arbitrary file deletion via redis/memcache session poisoning bypass...

3.7CVSS5.9AI score0.00433EPSS
Exploits0References1
OSV
OSV
added 2026/05/25 8:16 p.m.8 views

DEBIAN-CVE-2026-48845

In Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16 and 1.7.x before 1.7.1, remote image blocking was not honored for URLs pointing to local/private destinations, which may lead to information disclosure or privilege escalation via a text/html email message...

6.5CVSS5.8AI score0.00315EPSS
Exploits0References1
Rows per page
Query Builder