| CVE-2025-49113 |
critical |
— |
10.0 |
|
|
|
1y ago |
RoundCube Webmail contains a deserialization of untrusted data vulnerability that allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/… |
| CVE-2026-35537 |
unknown |
— |
— |
|
|
|
2mo ago |
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsafe deserialization in the redis/memcache session handler may lead to arbitrary file write operations by unauthenticated atta… |
| CVE-2026-35538 |
unknown |
— |
— |
|
|
|
2mo ago |
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsanitized IMAP SEARCH command arguments could lead to IMAP injection or CSRF bypass during mail search. |
| CVE-2026-35539 |
unknown |
— |
— |
|
|
|
2mo ago |
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. XSS exists because of insufficient HTML attachment sanitization in preview mode. A victim must preview a text/html attachment. |
| CVE-2026-35540 |
unknown |
— |
— |
|
|
|
2mo ago |
An issue was discovered in Roundcube Webmail 1.6.0 before 1.6.14. Insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if s… |
| CVE-2026-35541 |
unknown |
— |
— |
|
|
|
2mo ago |
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Incorrect password comparison in the password plugin could lead to type confusion that allows a password change without knowing … |
| CVE-2026-35542 |
unknown |
— |
— |
|
|
|
2mo ago |
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via a crafted background attribute of a BODY element in an e-mail message. Thi… |
| CVE-2026-35543 |
unknown |
— |
— |
|
|
|
2mo ago |
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via SVG content (with animate attributes) in an e-mail message. This may lead … |
| CVE-2026-35544 |
unknown |
— |
— |
|
|
|
2mo ago |
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to a fixed-position mitigation bypass vi… |
| CVE-2026-35545 |
unknown |
— |
— |
|
|
|
2mo ago |
An issue was discovered in Roundcube Webmail before 1.5.15 and 1.6.15. The remote image blocking feature can be bypassed via SVG content in an e-mail message. This may lead to information disclosure … |
