Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2026-35543
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via SVG content (with animate attributes) in an e-mail message. This may lead to information disclosure or access-control bypass.
CVSS Score
5.3
EPSS Score
0.0
Published
2026-04-03
CVE-2026-35543
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via SVG content (with animate attributes) in an e-mail message. This may lead to information disclosure or access-control bypass.
CVSS Score
5.3
EPSS Score
0.0
Published
2026-04-03
CVE-2026-35545
An issue was discovered in Roundcube Webmail before 1.5.15 and 1.6.15. The remote image blocking feature can be bypassed via SVG content in an e-mail message. This may lead to information disclosure or access-control bypass. This involves the animate element with attributeName=fill/filter/stroke.
CVSS Score
5.3
EPSS Score
0.0
Published
2026-04-03
CVE-2026-35538
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsanitized IMAP SEARCH command arguments could lead to IMAP injection or CSRF bypass during mail search.
CVSS Score
3.1
EPSS Score
0.0
Published
2026-04-03
CVE-2026-35538
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsanitized IMAP SEARCH command arguments could lead to IMAP injection or CSRF bypass during mail search.
CVSS Score
3.1
EPSS Score
0.0
Published
2026-04-03
CVE-2026-35539
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. XSS exists because of insufficient HTML attachment sanitization in preview mode. A victim must preview a text/html attachment.
CVSS Score
6.1
EPSS Score
0.0
Published
2026-04-03
CVE-2026-35539
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. XSS exists because of insufficient HTML attachment sanitization in preview mode. A victim must preview a text/html attachment.
CVSS Score
6.1
EPSS Score
0.0
Published
2026-04-03
CVE-2026-33105
Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network.
CVSS Score
10.0
EPSS Score
0.001
Published
2026-04-03
CVE-2026-33107
Server-side request forgery (ssrf) in Azure Databricks allows an unauthorized attacker to elevate privileges over a network.
CVSS Score
10.0
EPSS Score
0.001
Published
2026-04-03
CVE-2026-26135
Server-side request forgery (ssrf) in Azure Custom Locations Resource Provider (RP) allows an authorized attacker to elevate privileges over a network.
CVSS Score
9.6
EPSS Score
0.0
Published
2026-04-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved