Aleksander Machniak

80 exploits Active since Aug 2012
CVE-2026-48842 WRITEUP HIGH WRITEUP
Roundcube Webmail - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuser_query plugin via a preg_replace() backslash escape bypass.
CVSS 8.1
CVE-2026-48843 WRITEUP HIGH WRITEUP
Roundcube Webmail - Server-Side Request Forgery (SSRF)
Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16,and 1.7.x before 1.7.1 has Insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts. The issue stems from an insufficient fix for CVE-2026-35540.
CVSS 7.2
CVE-2026-48844 WRITEUP HIGH WRITEUP
Roundcube Webmail - Always-Incorrect Control Flow Implementation
Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has insecure code evaluation logic in LDAP the autovalues option that could lead to code injection. (Support for code evaluation has been removed in 1.6.16 and 1.7.1.)
CVSS 7.5
CVE-2026-48845 WRITEUP MEDIUM WRITEUP
Roundcube Webmail - Incorrect Resource Transfer Between Spheres
In Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16 and 1.7.x before 1.7.1, remote image blocking was not honored for URLs pointing to local/private destinations, which may lead to information disclosure or privilege escalation via a text/html email message.
CVSS 6.5
CVE-2026-48846 WRITEUP MEDIUM WRITEUP
Roundcube Webmail - Incorrect Resource Transfer Between Spheres
In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, the remote image blocking feature can be bypassed via a crafted CSS var() value in an e-mail message, which may lead to information disclosure or access-control bypass.
CVSS 6.5
CVE-2026-48847 WRITEUP LOW WRITEUP
Roundcube Webmail - Incorrect Resource Transfer Between Spheres
Roundcube Webmail 1.6.x before 1.6.16, and 1.7.x before 1.7.1 allows pre-authentication arbitrary file deletion via redis/memcache session poisoning bypass.
CVSS 3.7
CVE-2026-48848 WRITEUP HIGH WRITEUP
Roundcube Webmail - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7 has insufficient HTML sanitization that could lead to Cascading Style Sheets (CSS) injection via an SVG document that has an animate element with the attributeName attribute.
CVSS 7.2
CVE-2026-48849 WRITEUP MEDIUM WRITEUP
Roundcube Webmail - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, an unsanitized subject field in the draft restored value could lead to stored XSS/HTML/CSS injection on shared mailboxes.
CVSS 4.4
CVE-2026-48842 WRITEUP HIGH WRITEUP
Roundcube Webmail - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuser_query plugin via a preg_replace() backslash escape bypass.
CVSS 8.1
CVE-2026-48843 WRITEUP HIGH WRITEUP
Roundcube Webmail - Server-Side Request Forgery (SSRF)
Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16,and 1.7.x before 1.7.1 has Insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts. The issue stems from an insufficient fix for CVE-2026-35540.
CVSS 7.2
CVE-2026-48844 WRITEUP HIGH WRITEUP
Roundcube Webmail - Always-Incorrect Control Flow Implementation
Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has insecure code evaluation logic in LDAP the autovalues option that could lead to code injection. (Support for code evaluation has been removed in 1.6.16 and 1.7.1.)
CVSS 7.5
CVE-2026-48845 WRITEUP MEDIUM WRITEUP
Roundcube Webmail - Incorrect Resource Transfer Between Spheres
In Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16 and 1.7.x before 1.7.1, remote image blocking was not honored for URLs pointing to local/private destinations, which may lead to information disclosure or privilege escalation via a text/html email message.
CVSS 6.5
CVE-2026-48846 WRITEUP MEDIUM WRITEUP
Roundcube Webmail - Incorrect Resource Transfer Between Spheres
In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, the remote image blocking feature can be bypassed via a crafted CSS var() value in an e-mail message, which may lead to information disclosure or access-control bypass.
CVSS 6.5
CVE-2026-48847 WRITEUP LOW WRITEUP
Roundcube Webmail - Incorrect Resource Transfer Between Spheres
Roundcube Webmail 1.6.x before 1.6.16, and 1.7.x before 1.7.1 allows pre-authentication arbitrary file deletion via redis/memcache session poisoning bypass.
CVSS 3.7
CVE-2026-48848 WRITEUP HIGH WRITEUP
Roundcube Webmail - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7 has insufficient HTML sanitization that could lead to Cascading Style Sheets (CSS) injection via an SVG document that has an animate element with the attributeName attribute.
CVSS 7.2
CVE-2026-48849 WRITEUP MEDIUM WRITEUP
Roundcube Webmail - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, an unsanitized subject field in the draft restored value could lead to stored XSS/HTML/CSS injection on shared mailboxes.
CVSS 4.4
CVE-2012-4668 WRITEUP WRITEUP
Roundcube Webmail < 0.8.1 - Cross-Site Scripting via Email Signature
Cross-site scripting (XSS) vulnerability in Roundcube Webmail 0.8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the signature in an email.
CVE-2015-5382 WRITEUP MEDIUM WRITEUP
Roundcube Webmail <1.0.6, <1.1.2 - Info Disclosure
program/steps/addressbook/photo.inc in Roundcube Webmail before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via the _alt parameter when uploading a vCard.
CVSS 6.5
CVE-2017-6820 WRITEUP MEDIUM WRITEUP
Roundcube Webmail < 1.1.8 and 1.2.x < 1.2.4 - Cross-Site Scripting via SVG CSS Token Sequence
rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted Cascading Style Sheets (CSS) token sequence within an SVG element.
CVSS 6.1
CVE-2020-12625 WRITEUP MEDIUM WRITEUP
Roundcube Webmail < 1.4.4 - Stored Cross-Site Scripting via HTML Message CDATA
An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message.
CVSS 6.1
CVE-2020-12640 WRITEUP CRITICAL WRITEUP
Roundcube Webmail <1.4.4 - Path Traversal
Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to rcube_plugin_api.php.
CVSS 9.8
CVE-2020-12641 WRITEUP CRITICAL WRITEUP
Roundcube Webmail < 1.4.4 - Remote Code Execution via Shell Metacharacters in Image Configuration
rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path.
CVSS 9.8
CVE-2020-13965 WRITEUP MEDIUM WRITEUP
Roundcube Webmail < 1.3.12 and 1.4.x < 1.4.5 - Stored Cross-Site Scripting via XML Attachment Preview
An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. There is XSS via a malicious XML attachment because text/xml is among the allowed types for a preview.
CVSS 6.1
CVE-2020-16145 WRITEUP MEDIUM WRITEUP
Roundcube Webmail < 1.3.15 and 1.4.8 - Stored Cross-Site Scripting via SVG in HTML Messages
Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue has been fixed in 1.4.8 and 1.3.15.
CVSS 6.1
CVE-2021-44026 WRITEUP CRITICAL WRITEUP
Roundcube < 1.3.17 and 1.4.x < 1.4.12 - SQL Injection via Search Parameters
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params.
CVSS 9.8