← Back to News Iceland Security Dashboard Browse all tags
roundcube

Roundcube

webmail 19roundcube-webmail 4roundcube webmail 4

CVEs tagged with this vendor (16)

CVE-2017-16651 🚨 Roundcube Webmail
CVE-2017-16651 is a path traversal vulnerability in Roundcube Webmail affecting versions before 1.1.10, 1.2.7, and 1.3.3, allowing unauthorized access to arbitr…
CVE-2020-12641 🚨 Roundcube Webmail
CVE-2020-12641 is a critical remote code execution vulnerability in Roundcube Webmail versions prior to 1.4.4, classified under CWE-78. Attackers can execute ar…
CVE-2020-13965 🚨 Webmail
CVE-2020-13965 is a medium severity cross-site scripting vulnerability affecting Roundcube Webmail versions before 1.3.12 and 1.4.x before 1.4.5. The flaw allow…
CVE-2020-35730 🚨 Roundcube Webmail
CVE-2020-35730 is a vulnerability in Roundcube Webmail that has been added to CISA's Known Exploited Vulnerabilities catalog as of June 22, 2023, with a federal…
CVE-2021-44026 🚨 Roundcube Webmail
CVE-2021-44026 is a critical SQL injection vulnerability (CWE-89) affecting Roundcube Webmail versions prior to 1.3.17 and 1.4.x prior to 1.4.12, allowing attac…
CVE-2023-43770 🚨 Webmail
CVE-2023-43770 is a medium severity cross-site scripting (XSS) vulnerability affecting Roundcube Webmail versions before 1.4.14, 1.5.4, and 1.6.3. The flaw allo…
CVE-2023-5631 🚨 Webmail
CVE-2023-5631 is a stored cross-site scripting (XSS) vulnerability in Roundcube Webmail versions before 1.4.15, 1.5.5, and 1.6.4, caused by improper handling of…
CVE-2024-37383 🚨 Webmail
CVE-2024-37383 is an actively exploited vulnerability in Roundcube Webmail, listed on CISA's Known Exploited Vulnerabilities catalog as of October 24, 2024. Fed…
CVE-2024-42009 🚨 Webmail
CVE-2024-42009 is a critical Cross-Site Scripting vulnerability (CWE-79) in Roundcube Webmail versions through 1.5.7 and 1.6.x through 1.6.7, allowing remote at…
CVE-2025-49113 🚨 Webmail
CVE-2025-49113 is a critical remote code execution vulnerability in Roundcube Webmail versions before 1.5.10 and 1.6.x before 1.6.11, classified as CWE-502 (Des…
CVE-2025-68461 🚨 Webmail
CVE-2025-68461 is a high-severity Cross-Site Scripting (XSS) vulnerability affecting Roundcube Webmail versions before 1.5.12 and 1.6 before 1.6.12, caused by i…
CVE-2026-35539 CVSS 6.1
CVE-2026-35539 is a medium severity cross-site scripting vulnerability (CWE-79) affecting Roundcube Webmail versions prior to 1.5.14 and 1.6.14. The flaw stems …
CVE-2026-35540 CVSS 5.4
CVE-2026-35540 affects Roundcube Webmail versions 1.6.0 through 1.6.13 due to insufficient CSS sanitization in HTML email messages. This vulnerability allows at…
CVE-2026-35541 CVSS 4.2
CVE-2026-35541 is a MEDIUM severity vulnerability (CVSS 4.2) in Roundcube Webmail affecting versions before 1.5.14 and 1.6.14. The flaw involves incorrect passw…
CVE-2026-35537 CVSS 3.7
CVE-2026-35537 is a low severity vulnerability (CVSS 3.7) affecting Roundcube Webmail versions prior to 1.5.14 and 1.6.14. The issue stems from unsafe deseriali…
CVE-2026-35538 CVSS 3.1
CVE-2026-35538 is a low severity vulnerability (CVSS 3.1) affecting Roundcube Webmail versions prior to 1.5.14 and 1.6.14. The flaw involves unsanitized IMAP SE…

Articles tagged with Roundcube (24)

MEDIUM
DSA-6301-1 roundcube - security update
Debian Security · 2026-05-27
MEDIUM
Vulnérabilité dans Roundcube (30 mars 2026)
CERT-FR (ANSSI) · 2026-03-30
CRITICAL
CISA: Recently patched RoundCube flaws now exploited in attacks
BleepingComputer · 2026-02-23
CRITICAL
Recent RoundCube Webmail Vulnerability Exploited in Attacks
SecurityWeek · 2026-02-23
CRITICAL
CISA Adds Two Actively Exploited Roundcube Flaws to KEV Catalog
The Hacker News · 2026-02-21
CRITICAL
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA All Advisories · 2026-02-20
MEDIUM
DSA-6137-1 roundcube - security update
Debian Security · 2026-02-17
MEDIUM
Roundcube Webmail Vulnerability Let Attackers Track Email Opens | Cryptika Cybersecurity
Web Discovery · 2026-02-11
MEDIUM
Roundcube Webmail Vulnerability Let Attackers Track Email Opens
Web Discovery · 2026-02-11
MEDIUM
Roundcube Webmail News
Web Discovery · 2026-02-11
MEDIUM
Roundcube Project News - Latest Update Release Articles
Web Discovery · 2026-02-11
MEDIUM
[NEU] [niedrig] Roundcube: Mehrere Schwachstellen
BSI Germany · 2026-02-10
MEDIUM
Roundcube Webmail 1.6.6 - Stored Cross Site Scripting (XSS)
Web Discovery · 2026-02-09
CRITICAL
Government Emails at Risk: Critical Cross-Site Scripting Vulnerability in Roundcube Webmail
Web Discovery · 2026-02-09
HIGH
CVE-2023-5631: Roundcube Webmail XSS Vulnerability
Web Discovery · 2026-02-09
MEDIUM
Roundcube Webmail 1.6.x < 1.6.8 Multiples Vulnerabilities
Web Discovery · 2026-02-09
CRITICAL
CVE‑2025‑49113 – Post‑Auth Remote Code Execution in Roundcube via PHP Object Deserialization
Web Discovery · 2026-02-09
CRITICAL
Nearly 2.5m Roundcube Devices Potentially Vulnerable to RCE
Web Discovery · 2026-02-09
MEDIUM
NVD - CVE-2026-26079
Web Discovery · 2026-02-09
MEDIUM
CVE-2026-25916: Roundcube Webmail XSS Vulnerability
Web Discovery · 2026-02-09
MEDIUM
CVE-2026-26079: Roundcube Webmail CSS Injection Vulnerability
Web Discovery · 2026-02-09
MEDIUM
Multiples vulnérabilités dans Roundcube (09 février 2026)
CERT-FR (ANSSI) · 2026-02-09
MEDIUM
Roundcube Webmail: SVG feImage bypasses image blocking to track email opens
Reddit r/netsec · 2026-02-08
MEDIUM
Operation Roundish: Uncovering an APT28 Roundcube Toolkit Used Against Ukrainian Government Targets
Malpedia ·