Security update for roundcubemail (important)

openSUSE Security Update: Security update for roundcubemail Announcement ID: openSUSE-SU-2026:0144-1 Rating: important References: 1261157 1261488 Cross-References: CVE-2026-35537 Affected Products: openSUSE Backports SLE-15-SP6 An update that solves one vulnerability and has one errata is now...

Roundcube Webmail 安全漏洞

Roundcube Webmail is an open-source browser-based IMAP client developed by Roundcube. It supports address book management, information search, spelling checking, and more. Versions of Roundcube Webmail prior to 1.5.14 and 1.6.14 contained security vulnerabilities. These vulnerabilities stemmed fr...

CVE-2026-33172 Statamic has Stored XSS via SVG Sanitization Bypass

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.14 and 6.7.0, a stored XSS vulnerability in SVG asset reuploads allows authenticated users with asset upload permissions to bypass SVG sanitization and inject malicious JavaScript that executes when the...

CVE-2026-31807 SiYuan has a SVG Sanitizer Bypass via `<animate>` Element — Unauthenticated XSS

SiYuan is a personal knowledge management system. Prior to 3.5.10, SiYuan's SVG sanitizer SanitizeSVG blocks dangerous elements , , and removes on event handlers and javascript: in href attributes. However, it does NOT block SVG animation elements , which can dynamically set attributes to dangero...