Lucene search
RoundcubeWebmail*
2 matches found
CVE-2019-10740
In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the at...
4.3CVSS5.3AI score0.00079EPSS
CVE-2019-15237
Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks.
7.4CVSS7.2AI score0.00209EPSS