Vendor

Roundcube

5 briefs RSS

Multiple Vulnerabilities in Roundcube Webmail

Multiple vulnerabilities in Roundcube Webmail versions 1.6.x before 1.6.16 and 1.7.x before 1.7.1 could lead to remote code execution, data confidentiality breaches, data integrity breaches, SSRF, and SQL Injection.

Roundcube Webmail < 1.6.16 +1 roundcube webmail vulnerability rce ssrf sqli

2r 3t 3w ago

critical advisory

Multiple Vulnerabilities in Roundcube Webmail

2 rules 3 TTPs

Multiple vulnerabilities in Roundcube Webmail allow an attacker to perform SQL injection attacks, bypass security measures, manipulate data, disclose confidential information, obtain extended privileges, execute arbitrary code, or perform cross-site scripting attacks.

Roundcube Webmail roundcube webmail vulnerability sqli xss code execution

2r 3t 3w ago

critical advisory

Roundcube Vulnerability Allows Remote Code Execution

2 rules 1 TTP

A remote, authenticated attacker can exploit a vulnerability in Roundcube to execute arbitrary program code, potentially leading to complete system compromise.

Roundcube code-execution vulnerability webmail

2r 1t 4w ago

high threat

FrostyNeighbor Targets Ukraine with Updated PicassoLoader Chain

2 rules 3 TTPs 3 IOCs

The FrostyNeighbor threat actor is targeting Ukrainian governmental organizations with spearphishing emails containing malicious PDFs that deliver a JavaScript dropper (PicassoLoader) and ultimately a Cobalt Strike beacon.

Cobalt Strike +2 FrostyNeighbor cyberespionage cobaltstrike picassoloader ukraine

2r 3t 3i May 15, 2026

medium advisory

Roundcube Vulnerabilities Leading to Cross-Site Scripting and Information Disclosure

2 rules 1 TTP 3 CVEs

Multiple vulnerabilities in Roundcube allow an attacker to perform a cross-site scripting attack and disclose confidential information.

Roundcube xss vulnerability

2r 1t 3c Jun 24, 2024