Roundcube

Roundcube Exploits

CVE-2025-49113 – Authenticated RCE in Roundcube via unsafe deserialization in upload.php

Roundcube ≤ 1.6.10 Post-Auth RCE via PHP Object Deserialization [CVE-2025-49113]

Nuclei template

Roundcube Webmail - Remote Code ExecutionAI-Powered Template Generation and Scanning

CVE-2024-37383

Fake attachment. Roundcube mail server attacks exploit CVE-2024-37383 vulnerability.

GitHub - bartfroklage/CVE-2024-37383-POC: Proof of concept for CVE-2024-37383GitHub

Interesting Books

Interesting Books

Disclaimer: As an Amazon Associate, I earn from qualifying purchases. This helps support this GitBook project at no extra cost to you.

• The Web Application Hacker’s Handbook The go-to manual for web app pentesters. Covers XSS, SQLi, logic flaws, and more

• Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities Learn how to perform reconnaissance on a target, how to identify vulnerabilities, and how to exploit them

• Real-World Bug Hunting: A Field Guide to Web Hacking Learn about the most common types of bugs like cross-site scripting, insecure direct object references, and server-side request forgery.

Support this Gitbook

I hope it helps you as much as it has helped me. If you can support me in any way, I would deeply appreciate it.