Exposición de RoundCube

Webmail

120

score de exposición

1483

sitios usan

3

en explotación

1

críticos

CVEs

23 resultados

CVE-2025-49113CRITICALRoundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in aEPSS 89.5%KEV CVE-2023-5631MEDIUMStored XSS vulnerability in RoundcubeEPSS 70.9%KEV CVE-2025-68461HIGHRoundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting (XSS) vulnerability via the animate tag in an SVG dEPSS 19.8%KEV CVE-2026-48842HIGHRoundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuser_query plugin via a preg_reEPSS 0.8%CVE-2026-25916MEDIUMRoundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when "Block remote images" is used, does not block SVG feImage.EPSS 0.6%CVE-2026-35537LOWAn issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsafe deserialization in the redis/memcache session handler may leadEPSS 0.5%CVE-2026-48847LOWRoundcube Webmail 1.6.x before 1.6.16, and 1.7.x before 1.7.1 allows pre-authentication arbitrary file deletion via redis/memcache session pEPSS 0.4%CVE-2026-48844HIGHRoundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has insecure code evaluation logic in LDAP the autovalues option that could leaEPSS 0.4%CVE-2026-35542MEDIUMAn issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via a crafted backgEPSS 0.4%CVE-2026-35543MEDIUMAn issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via SVG content (wiEPSS 0.4%CVE-2026-48848HIGHRoundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7 has insufficient HTML sanitization that could lead to Cascading Style Sheets (CSSEPSS 0.4%CVE-2026-35544MEDIUMAn issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mailEPSS 0.4%CVE-2026-48846MEDIUMIn Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, the remote image blocking feature can be bypassed via a crafted CSS var() vEPSS 0.3%CVE-2026-35545MEDIUMAn issue was discovered in Roundcube Webmail before 1.5.15 and 1.6.15. The remote image blocking feature can be bypassed via SVG content in EPSS 0.3%CVE-2026-48845MEDIUMIn Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16 and 1.7.x before 1.7.1, remote image blocking was not honored for URLs pointing to locaEPSS 0.3%CVE-2026-35540MEDIUMAn issue was discovered in Roundcube Webmail 1.6.0 before 1.6.14. Insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messEPSS 0.3%CVE-2026-48843HIGHRoundcube Webmail 1.6.x between 1.6.14 and 1.6.16,and 1.7.x before 1.7.1 has Insufficient Cascading Style Sheets (CSS) sanitization in HTML EPSS 0.3%CVE-2026-26079MEDIUMRoundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets (CSS) injection, e.g., because comments are mishandled.EPSS 0.3%CVE-2026-35538LOWAn issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsanitized IMAP SEARCH command arguments could lead to IMAP injectioEPSS 0.3%CVE-2026-35539MEDIUMAn issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. XSS exists because of insufficient HTML attachment sanitization in prEPSS 0.3%

← anteriorpágina 1 / 2siguiente →

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →