FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2026-03-29 11:53:11 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
095e9db2-2b5b-11f1-9839-8447094a420fRoundcube -- SVG Attribute Bypass

The Roundcube project reports:

.


Discovery 2026-03-29
Entry 2026-03-29
roundcube-php82
roundcube-php83
roundcube-php84
roundcube-php85
< 1.6.15,1

https://github.com/roundcube/roundcubemail/releases/tag/1.6.15
c5b93cb5-2363-11f1-81da-8447094a420fRoundcube -- Multiple vulnerabilities

The Roundcube project reports:

pre-auth arbitrary file write via unsafe deserialization in redis/memcache session handler

password could get changed without providing the old password

IMAP Injection + CSRF bypass in mail search

remote image blocking bypass via various SVG animate attributes

remote image blocking bypass via a crafted body background attribute

fixed position mitigation bypass via use of !important

XSS issue in a HTML attachment preview

SSRF + Information Disclosure via stylesheet links to a local network hosts


Discovery 2026-03-18
Entry 2026-03-19
roundcube-php82
roundcube-php83
roundcube-php84
roundcube-php85
< 1.6.14,1

https://github.com/roundcube/roundcubemail/releases/tag/1.6.14