Search CVE reports


Toggle filters

11 – 20 of 103 results


CVE-2026-48845

Medium priority
Needs evaluation

In Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16 and 1.7.x before 1.7.1, remote image blocking was not honored for URLs pointing to local/private destinations, which may lead to information disclosure or privilege escalation...

1 affected package

roundcube

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
roundcube Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-48844

Medium priority
Needs evaluation

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has insecure code evaluation logic in LDAP the autovalues option that could lead to code injection. (Support for code evaluation has been removed in 1.6.16 and 1.7.1.)

1 affected package

roundcube

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
roundcube Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-48843

Medium priority
Needs evaluation

Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16,and 1.7.x before 1.7.1 has Insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links...

1 affected package

roundcube

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
roundcube Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-48842

Medium priority
Needs evaluation

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuser_query plugin via a preg_replace() backslash escape bypass.

1 affected package

roundcube

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
roundcube Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-35545

Medium priority
Needs evaluation

An issue was discovered in Roundcube Webmail before 1.5.15 and 1.6.15. The remote image blocking feature can be bypassed via SVG content in an e-mail message. This may lead to information disclosure or access-control bypass. This...

1 affected package

roundcube

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
roundcube Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-35544

Medium priority
Needs evaluation

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to a fixed-position mitigation bypass via the use of !important.

1 affected package

roundcube

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
roundcube Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-35543

Medium priority
Needs evaluation

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via SVG content (with animate attributes) in an e-mail message. This may lead to information disclosure or...

1 affected package

roundcube

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
roundcube Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-35542

Medium priority
Needs evaluation

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via a crafted background attribute of a BODY element in an e-mail message. This may lead to information...

1 affected package

roundcube

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
roundcube Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-35541

Medium priority
Needs evaluation

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Incorrect password comparison in the password plugin could lead to type confusion that allows a password change without knowing the old password.

1 affected package

roundcube

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
roundcube Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-35540

Medium priority
Needs evaluation

An issue was discovered in Roundcube Webmail 1.6.0 before 1.6.14. Insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local...

1 affected package

roundcube

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
roundcube Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages