VYPR

rpm package

opensuse/roundcubemail&distro=openSUSE Leap 16.0

pkg:rpm/opensuse/roundcubemail&distro=openSUSE%20Leap%2016.0

Vulnerabilities (5)

  • CVE-2026-35537LowApr 3, 2026
    affected < 1.6.15-bp160.1.1fixed 1.6.15-bp160.1.1

    An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsafe deserialization in the redis/memcache session handler may lead to arbitrary file write operations by unauthenticated attackers via crafted session data.

  • CVE-2026-26079MedFeb 11, 2026
    affected < 1.6.13-bp160.1.1fixed 1.6.13-bp160.1.1

    Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets (CSS) injection, e.g., because comments are mishandled.

  • CVE-2026-25916MedFeb 9, 2026
    affected < 1.6.13-bp160.1.1fixed 1.6.13-bp160.1.1

    Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when "Block remote images" is used, does not block SVG feImage.

  • CVE-2025-68461KEVDec 18, 2025
    affected < 1.6.13-bp160.1.1fixed 1.6.13-bp160.1.1

    Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting (XSS) vulnerability via the animate tag in an SVG document.

  • CVE-2025-68460Dec 18, 2025
    affected < 1.6.13-bp160.1.1fixed 1.6.13-bp160.1.1

    Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a information disclosure vulnerability in the HTML style sanitizer.