pkg:Packagist/roundcube/roundcubemail

所有已知漏洞

• CRITICAL9.9CVE-2025-49113⚠ KEVRoundcube Webmail Vulnerable to Authenticated RCE via PHP Object Deserialization
  from 0, < 1.5.10
• MEDIUM6.1CVE-2026-35539Roundcube Webmail: Insufficient HTML attachment sanitization in preview mode
  >= 1.7-beta, < 1.7-rc5
• MEDIUM5.4CVE-2026-35540Roundcube Webmail: Insufficient CSS sanitization in HTML e-mail messages
  >= 1.7-beta, < 1.7-rc5
• MEDIUM5.3CVE-2026-35542Roundcube: Bypass of remote image blocking via crafted BODY background attribute
  >= 1.7-beta, < 1.7-rc5
• MEDIUM5.3CVE-2026-35544Roundcube Webmail: Insufficient CSS sanitization in HTML e-mail messages
  >= 1.7-beta, < 1.7-rc5
• MEDIUM5.3CVE-2026-35545Roundcube Webmail: Remote image blocking feature can be bypassed via SVG content in an e-mail message
  >= 1.7-beta, < 1.7-rc5
• MEDIUM5.3CVE-2026-35543Roundcube Webmail: Bypass of remote image blocking via SVG content (with animate attributes) in an e-mail message
  >= 1.7-beta, < 1.7-rc5
• MEDIUM4.2CVE-2026-35541Roundcube Webmail: Incorrect password comparison in the password plugin
  >= 1.7-beta, < 1.7-rc5
• LOW3.7CVE-2026-35537Roundcube Webmail: Unsafe deserialization in the redis/memcache session handler
  >= 1.7-beta, < 1.7-rc5
• LOW3.1CVE-2026-35538Roundcube Webmail: Unsanitized IMAP SEARCH command arguments
  >= 1.7-beta, < 1.7-rc5