Search CVE reports


Toggle filters

21 – 30 of 103 results


CVE-2026-35539

Medium priority
Needs evaluation

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. XSS exists because of insufficient HTML attachment sanitization in preview mode. A victim must preview a text/html attachment.

1 affected package

roundcube

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
roundcube Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-35538

Medium priority
Needs evaluation

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsanitized IMAP SEARCH command arguments could lead to IMAP injection or CSRF bypass during mail search.

1 affected package

roundcube

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
roundcube Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-35537

Medium priority
Needs evaluation

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsafe deserialization in the redis/memcache session handler may lead to arbitrary file write operations by unauthenticated attackers via crafted session data.

1 affected package

roundcube

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
roundcube Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-26079

Medium priority

Some fixes available 5 of 7

Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets (CSS) injection, e.g., because comments are mishandled.

1 affected package

roundcube

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
roundcube Vulnerable Fixed Fixed Fixed Fixed
Show less packages

CVE-2026-25916

Medium priority

Some fixes available 4 of 6

Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when "Block remote images" is used, does not block SVG feImage.

1 affected package

roundcube

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
roundcube Vulnerable Fixed Fixed Fixed Fixed
Show less packages

CVE-2025-68461

High priority

Some fixes available 5 of 7

Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting (XSS) vulnerability via the animate tag in an SVG document.

1 affected package

roundcube

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
roundcube Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2025-68460

Medium priority
Vulnerable

Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a information disclosure vulnerability in the HTML style sanitizer.

1 affected package

roundcube

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
roundcube Vulnerable Not affected Not affected Not affected Not affected
Show less packages

CVE-2025-49113

High priority
Fixed

Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP...

1 affected package

roundcube

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
roundcube Not affected Fixed Fixed Fixed Fixed
Show less packages

CVE-2024-57004

Medium priority
Needs evaluation

Cross-Site Scripting (XSS) vulnerability in Roundcube Webmail 1.6.9 allows remote authenticated users to upload a malicious file as an email attachment, leading to the triggering of the XSS by visiting the SENT session.

1 affected package

roundcube

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
roundcube Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-42010

Medium priority
Fixed

mod_css_styles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 insufficiently filters Cascading Style Sheets (CSS) token sequences in rendered e-mail messages, allowing a remote attacker to obtain sensitive information.

1 affected package

roundcube

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
roundcube Not affected Fixed Fixed Fixed Fixed
Show less packages