Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2026-35544
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to a fixed-position mitigation bypass via the use of !important.
CVSS Score
5.3
EPSS Score
0.0
Published
2026-04-03
CVE-2026-35545
An issue was discovered in Roundcube Webmail before 1.5.15 and 1.6.15. The remote image blocking feature can be bypassed via SVG content in an e-mail message. This may lead to information disclosure or access-control bypass. This involves the animate element with attributeName=fill/filter/stroke.
CVSS Score
5.3
EPSS Score
0.0
Published
2026-04-03
CVE-2026-35538
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsanitized IMAP SEARCH command arguments could lead to IMAP injection or CSRF bypass during mail search.
CVSS Score
3.1
EPSS Score
0.0
Published
2026-04-03
CVE-2026-35538
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsanitized IMAP SEARCH command arguments could lead to IMAP injection or CSRF bypass during mail search.
CVSS Score
3.1
EPSS Score
0.0
Published
2026-04-03
CVE-2026-35539
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. XSS exists because of insufficient HTML attachment sanitization in preview mode. A victim must preview a text/html attachment.
CVSS Score
6.1
EPSS Score
0.0
Published
2026-04-03
CVE-2026-35539
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. XSS exists because of insufficient HTML attachment sanitization in preview mode. A victim must preview a text/html attachment.
CVSS Score
6.1
EPSS Score
0.0
Published
2026-04-03
CVE-2026-35536
In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.set_cookie were not checked for crafted characters.
CVSS Score
7.2
EPSS Score
0.0
Published
2026-04-03
CVE-2026-35507
Shynet before 0.14.0 allows Host header injection in the password reset flow.
CVSS Score
6.4
EPSS Score
0.0
Published
2026-04-03
CVE-2026-35508
Shynet before 0.14.0 allows XSS in urldisplay and iconify template filters,
CVSS Score
5.4
EPSS Score
0.0
Published
2026-04-03
CVE-2026-33105
Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network.
CVSS Score
10.0
EPSS Score
0.0
Published
2026-04-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved