Security update for roundcubemail (important)

openSUSE security update: security update for roundcubemail ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20586-1 Rating: important References: bsc1261157 bsc1261488 Cross-References: CVE-2026-35537 Affected Products: openSUSE Leap 16.0...

Roundcube Webmail: Insufficient CSS sanitization in HTML e-mail messages

An issue was discovered in Roundcube Webmail 1.6.0 before 1.6.14. Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts...

CVE-2016-10816

cPanel before 57.9999.54 allows Webmail accounts to execute arbitrary code through forwarders SEC-121...

CVE-2017-18473

cPanel before 62.0.4 allows self XSS on the webmail Password and Security page SEC-199...

EUVD-2006-0196

Malware in sbrugna...

EUVD-2021-13949

Malware in sbrugna...

EUVD-2008-3050

Malware in sbrugna...

EUVD-2020-28947

Malware in sbrugna...

EUVD-2004-2528

Malware in sbrugna...

EUVD-2013-6189

Malware in sbrugna...

EUVD-2018-9538

Malware in sbrugna...

EUVD-2018-8175

Malware in sbrugna...

EUVD-2002-1510

Malware in sbrugna...

EUVD-2001-1025

Malware in sbrugna...

EUVD-2010-0494

Malware in sbrugna...

EUVD-2024-54837

Malicious code in bioql PyPI...

CVE-2024-45510

An issue was discovered in Zimbra Collaboration ZCS through 10.0. Zimbra Webmail Modern UI is vulnerable to a stored Cross-Site Scripting XSS attack due to improper sanitization of user input. This allows an attacker to inject malicious code into specific fields of an e-mail message. When the...

PT-2024-31672 · Zimbra · Zimbra Collaboration

Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration ZCS versions prior to 10.1.1 Description: A stored Cross-Site Scripting XSS issue exists in the "/modern/contacts/print" endpoint of Zimbra webmail. This allows an attacker to inject and execute arbitrary JavaScript code ...

The vulnerability of the rcmail_action_mail_get->run() function in the RoundCube Webmail client allows a hacker to execute XSS attacks.

The vulnerability of the rcmailactionmailget-run function in the RoundCube Webmail client exists because measures to protect the web page structure are not taken. Exploiting this vulnerability allows a malicious actor to perform XSS attacks by sending specially crafted malicious attachments...

CVE-2023-45206

An issue was discovered in Zimbra Collaboration ZCS 8.8.15, 9.0, and 10.0. Through the help document endpoint in webmail, an attacker can inject JavaScript or HTML code that leads to cross-site scripting XSS. Adding an adequate message to avoid malicious code will mitigate this issue...