pkg:Packagist/roundcube/roundcubemail

All known vulnerabilities

• CRITICAL9.9CVE-2025-49113⚠ KEVroundcube - security update
  from 0, < 1.5.10
• MEDIUM6.1CVE-2026-35539Roundcube Webmail: Insufficient HTML attachment sanitization in preview mode
  >= 1.7-beta, < 1.7-rc5
• MEDIUM5.4Roundcube Webmail: Insufficient CSS sanitization in HTML e-mail messages
  >= 1.7-beta, < 1.7-rc5
• MEDIUM5.3Roundcube: Bypass of remote image blocking via crafted BODY background attribute
  >= 1.7-beta, < 1.7-rc5
• MEDIUM5.3Roundcube Webmail: Insufficient CSS sanitization in HTML e-mail messages
  >= 1.7-beta, < 1.7-rc5
• MEDIUM5.3Roundcube Webmail: Remote image blocking feature can be bypassed via SVG content in an e-mail message
  >= 1.7-beta, < 1.7-rc5
• MEDIUM5.3Roundcube Webmail: Bypass of remote image blocking via SVG content (with animate attributes) in an e-mail message
  >= 1.7-beta, < 1.7-rc5
• MEDIUM4.2Roundcube Webmail: Incorrect password comparison in the password plugin
  >= 1.7-beta, < 1.7-rc5
• LOW3.7Roundcube Webmail: Unsafe deserialization in the redis/memcache session handler
  >= 1.7-beta, < 1.7-rc5
• LOW3.1Roundcube Webmail: Unsanitized IMAP SEARCH command arguments
  >= 1.7-beta, < 1.7-rc5