Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/roundcube@1.6.14%2Bdfsg-1?distro=trixie
Typedeb
Namespacedebian
Nameroundcube
Version1.6.14+dfsg-1
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version1.6.15+dfsg-0+deb13u1
Latest_non_vulnerable_version1.6.15+dfsg-1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-2hap-9mqs-v3b8
vulnerability_id VCID-2hap-9mqs-v3b8
summary Roundcube Webmail: Incorrect password comparison in the password plugin
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-35541
reference_id
reference_type
scores
0
value 0.00032
scoring_system epss
scoring_elements 0.09324
published_at 2026-04-08T12:55:00Z
1
value 0.00034
scoring_system epss
scoring_elements 0.10086
published_at 2026-04-04T12:55:00Z
2
value 0.00034
scoring_system epss
scoring_elements 0.09983
published_at 2026-04-07T12:55:00Z
3
value 0.00036
scoring_system epss
scoring_elements 0.10618
published_at 2026-04-18T12:55:00Z
4
value 0.00036
scoring_system epss
scoring_elements 0.10604
published_at 2026-04-16T12:55:00Z
5
value 0.00036
scoring_system epss
scoring_elements 0.10739
published_at 2026-04-13T12:55:00Z
6
value 0.00036
scoring_system epss
scoring_elements 0.10764
published_at 2026-04-12T12:55:00Z
7
value 0.00036
scoring_system epss
scoring_elements 0.10796
published_at 2026-04-11T12:55:00Z
8
value 0.00036
scoring_system epss
scoring_elements 0.10782
published_at 2026-04-09T12:55:00Z
9
value 0.00036
scoring_system epss
scoring_elements 0.10743
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-35541
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35541
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35541
2
reference_url https://github.com/roundcube/roundcubemail
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/roundcube/roundcubemail
3
reference_url https://github.com/roundcube/roundcubemail/commit/2e6a99b2a38110907ea8d3be8e59ec3d5802c394
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:00Z/
url https://github.com/roundcube/roundcubemail/commit/2e6a99b2a38110907ea8d3be8e59ec3d5802c394
4
reference_url https://github.com/roundcube/roundcubemail/commit/6a275676a8043083c05c961914d830b79e2490d4
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:00Z/
url https://github.com/roundcube/roundcubemail/commit/6a275676a8043083c05c961914d830b79e2490d4
5
reference_url https://github.com/roundcube/roundcubemail/commit/6fa2bddc59b9c9fd31cad4a9e2954a208d793dce
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:00Z/
url https://github.com/roundcube/roundcubemail/commit/6fa2bddc59b9c9fd31cad4a9e2954a208d793dce
6
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.5.14
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:00Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.5.14
7
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.6.14
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:00Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.6.14
8
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:00Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5
9
reference_url https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:00Z/
url https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182
reference_id 1131182
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-35541
reference_id CVE-2026-35541
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-35541
12
reference_url https://github.com/advisories/GHSA-46pv-mj2g-93gh
reference_id GHSA-46pv-mj2g-93gh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-46pv-mj2g-93gh
fixed_packages
0
url pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4?distro=trixie
purl pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-rdb5-bbvn-7fcq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4%3Fdistro=trixie
1
url pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u8?distro=trixie
purl pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u8?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u8%3Fdistro=trixie
2
url pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6?distro=trixie
purl pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6%3Fdistro=trixie
3
url pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u8?distro=trixie
purl pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u8?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u8%3Fdistro=trixie
4
url pkg:deb/debian/roundcube@1.6.13%2Bdfsg-0%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/roundcube@1.6.13%2Bdfsg-0%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.13%252Bdfsg-0%252Bdeb13u1%3Fdistro=trixie
5
url pkg:deb/debian/roundcube@1.6.14%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/roundcube@1.6.14%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.14%252Bdfsg-1%3Fdistro=trixie
6
url pkg:deb/debian/roundcube@1.6.15%2Bdfsg-0%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/roundcube@1.6.15%2Bdfsg-0%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.15%252Bdfsg-0%252Bdeb13u1%3Fdistro=trixie
7
url pkg:deb/debian/roundcube@1.6.15%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/roundcube@1.6.15%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.15%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2026-35541, GHSA-46pv-mj2g-93gh
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2hap-9mqs-v3b8
1
url VCID-3rza-7fvy-guce
vulnerability_id VCID-3rza-7fvy-guce
summary Roundcube Webmail: Unsafe deserialization in the redis/memcache session handler
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-35537
reference_id
reference_type
scores
0
value 0.00018
scoring_system epss
scoring_elements 0.04547
published_at 2026-04-21T12:55:00Z
1
value 0.0003
scoring_system epss
scoring_elements 0.08646
published_at 2026-04-04T12:55:00Z
2
value 0.0003
scoring_system epss
scoring_elements 0.08564
published_at 2026-04-07T12:55:00Z
3
value 0.0003
scoring_system epss
scoring_elements 0.08637
published_at 2026-04-08T12:55:00Z
4
value 0.0004
scoring_system epss
scoring_elements 0.12111
published_at 2026-04-11T12:55:00Z
5
value 0.0004
scoring_system epss
scoring_elements 0.12104
published_at 2026-04-09T12:55:00Z
6
value 0.00044
scoring_system epss
scoring_elements 0.13303
published_at 2026-04-18T12:55:00Z
7
value 0.00047
scoring_system epss
scoring_elements 0.14317
published_at 2026-04-13T12:55:00Z
8
value 0.00047
scoring_system epss
scoring_elements 0.14373
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-35537
1
reference_url https://github.com/roundcube/roundcubemail
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/roundcube/roundcubemail
2
reference_url https://github.com/roundcube/roundcubemail/commit/618c5428edc69fb088e7ac6c89e506dd39df3
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:11:34Z/
url https://github.com/roundcube/roundcubemail/commit/618c5428edc69fb088e7ac6c89e506dd39df3
3
reference_url https://github.com/roundcube/roundcubemail/commit/6d586cfa4d8a31f7957f7a445aaedd52592a0e74
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:11:34Z/
url https://github.com/roundcube/roundcubemail/commit/6d586cfa4d8a31f7957f7a445aaedd52592a0e74
4
reference_url https://github.com/roundcube/roundcubemail/commit/a4ead994d2f0ea92e4a1603196a197e0d5df1620
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:11:34Z/
url https://github.com/roundcube/roundcubemail/commit/a4ead994d2f0ea92e4a1603196a197e0d5df1620
5
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.5.14
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:11:34Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.5.14
6
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.6.14
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:11:34Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.6.14
7
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:11:34Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5
8
reference_url https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:11:34Z/
url https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14
9
reference_url http://www.openwall.com/lists/oss-security/2026/04/11/6
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2026/04/11/6
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182
reference_id 1131182
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-35537
reference_id CVE-2026-35537
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-35537
12
reference_url https://github.com/advisories/GHSA-rxj3-rrwm-pj4r
reference_id GHSA-rxj3-rrwm-pj4r
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rxj3-rrwm-pj4r
fixed_packages
0
url pkg:deb/debian/roundcube@0?distro=trixie
purl pkg:deb/debian/roundcube@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@0%3Fdistro=trixie
1
url pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4?distro=trixie
purl pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-rdb5-bbvn-7fcq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4%3Fdistro=trixie
2
url pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6?distro=trixie
purl pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6%3Fdistro=trixie
3
url pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u8?distro=trixie
purl pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u8?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u8%3Fdistro=trixie
4
url pkg:deb/debian/roundcube@1.6.13%2Bdfsg-0%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/roundcube@1.6.13%2Bdfsg-0%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.13%252Bdfsg-0%252Bdeb13u1%3Fdistro=trixie
5
url pkg:deb/debian/roundcube@1.6.14%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/roundcube@1.6.14%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.14%252Bdfsg-1%3Fdistro=trixie
6
url pkg:deb/debian/roundcube@1.6.15%2Bdfsg-0%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/roundcube@1.6.15%2Bdfsg-0%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.15%252Bdfsg-0%252Bdeb13u1%3Fdistro=trixie
7
url pkg:deb/debian/roundcube@1.6.15%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/roundcube@1.6.15%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.15%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2026-35537, GHSA-rxj3-rrwm-pj4r
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3rza-7fvy-guce
2
url VCID-5yts-xnha-4bf3
vulnerability_id VCID-5yts-xnha-4bf3
summary Roundcube Webmail: Insufficient HTML attachment sanitization in preview mode
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-35539
reference_id
reference_type
scores
0
value 0.00036
scoring_system epss
scoring_elements 0.10724
published_at 2026-04-07T12:55:00Z
1
value 0.00036
scoring_system epss
scoring_elements 0.10896
published_at 2026-04-04T12:55:00Z
2
value 0.00038
scoring_system epss
scoring_elements 0.11324
published_at 2026-04-08T12:55:00Z
3
value 0.00041
scoring_system epss
scoring_elements 0.12306
published_at 2026-04-18T12:55:00Z
4
value 0.00041
scoring_system epss
scoring_elements 0.12406
published_at 2026-04-13T12:55:00Z
5
value 0.00041
scoring_system epss
scoring_elements 0.12446
published_at 2026-04-12T12:55:00Z
6
value 0.00041
scoring_system epss
scoring_elements 0.12484
published_at 2026-04-11T12:55:00Z
7
value 0.00041
scoring_system epss
scoring_elements 0.12511
published_at 2026-04-09T12:55:00Z
8
value 0.00041
scoring_system epss
scoring_elements 0.12417
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-35539
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35539
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35539
2
reference_url https://github.com/roundcube/roundcubemail
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/roundcube/roundcubemail
3
reference_url https://github.com/roundcube/roundcubemail/commit/10a6d1fa8acac85c727b0a6ae4a6642bfa27bea1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:10:48Z/
url https://github.com/roundcube/roundcubemail/commit/10a6d1fa8acac85c727b0a6ae4a6642bfa27bea1
4
reference_url https://github.com/roundcube/roundcubemail/commit/1b30edf5369668c92fe91dae3d52e477c808aa4f
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:10:48Z/
url https://github.com/roundcube/roundcubemail/commit/1b30edf5369668c92fe91dae3d52e477c808aa4f
5
reference_url https://github.com/roundcube/roundcubemail/commit/d742954ccbcdee7020f8f2e7c49ce0fca5a0efab
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:10:48Z/
url https://github.com/roundcube/roundcubemail/commit/d742954ccbcdee7020f8f2e7c49ce0fca5a0efab
6
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.5.14
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:10:48Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.5.14
7
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.6.14
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:10:48Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.6.14
8
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:10:48Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5
9
reference_url https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:10:48Z/
url https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182
reference_id 1131182
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-35539
reference_id CVE-2026-35539
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-35539
12
reference_url https://github.com/advisories/GHSA-x4q5-8j5g-hpjc
reference_id GHSA-x4q5-8j5g-hpjc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x4q5-8j5g-hpjc
fixed_packages
0
url pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4?distro=trixie
purl pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-rdb5-bbvn-7fcq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4%3Fdistro=trixie
1
url pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u8?distro=trixie
purl pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u8?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u8%3Fdistro=trixie
2
url pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6?distro=trixie
purl pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6%3Fdistro=trixie
3
url pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u8?distro=trixie
purl pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u8?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u8%3Fdistro=trixie
4
url pkg:deb/debian/roundcube@1.6.13%2Bdfsg-0%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/roundcube@1.6.13%2Bdfsg-0%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.13%252Bdfsg-0%252Bdeb13u1%3Fdistro=trixie
5
url pkg:deb/debian/roundcube@1.6.14%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/roundcube@1.6.14%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.14%252Bdfsg-1%3Fdistro=trixie
6
url pkg:deb/debian/roundcube@1.6.15%2Bdfsg-0%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/roundcube@1.6.15%2Bdfsg-0%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.15%252Bdfsg-0%252Bdeb13u1%3Fdistro=trixie
7
url pkg:deb/debian/roundcube@1.6.15%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/roundcube@1.6.15%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.15%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2026-35539, GHSA-x4q5-8j5g-hpjc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5yts-xnha-4bf3
3
url VCID-8vmm-1hvf-17ap
vulnerability_id VCID-8vmm-1hvf-17ap
summary Roundcube: Bypass of remote image blocking via crafted BODY background attribute
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-35542
reference_id
reference_type
scores
0
value 0.00033
scoring_system epss
scoring_elements 0.09403
published_at 2026-04-08T12:55:00Z
1
value 0.00034
scoring_system epss
scoring_elements 0.10167
published_at 2026-04-04T12:55:00Z
2
value 0.00034
scoring_system epss
scoring_elements 0.10062
published_at 2026-04-07T12:55:00Z
3
value 0.00043
scoring_system epss
scoring_elements 0.12975
published_at 2026-04-18T12:55:00Z
4
value 0.00043
scoring_system epss
scoring_elements 0.12972
published_at 2026-04-16T12:55:00Z
5
value 0.00043
scoring_system epss
scoring_elements 0.1307
published_at 2026-04-13T12:55:00Z
6
value 0.00043
scoring_system epss
scoring_elements 0.13122
published_at 2026-04-12T12:55:00Z
7
value 0.00043
scoring_system epss
scoring_elements 0.1316
published_at 2026-04-11T12:55:00Z
8
value 0.00043
scoring_system epss
scoring_elements 0.13191
published_at 2026-04-09T12:55:00Z
9
value 0.00043
scoring_system epss
scoring_elements 0.13072
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-35542
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35542
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35542
2
reference_url https://github.com/roundcube/roundcubemail
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/roundcube/roundcubemail
3
reference_url https://github.com/roundcube/roundcubemail/commit/e052328e3dc75f13adc2e314eaa4096ac21084ad
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:51:19Z/
url https://github.com/roundcube/roundcubemail/commit/e052328e3dc75f13adc2e314eaa4096ac21084ad
4
reference_url https://github.com/roundcube/roundcubemail/commit/fd0e98178db5c73eaa93d005b561874923f9b0f0
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:51:19Z/
url https://github.com/roundcube/roundcubemail/commit/fd0e98178db5c73eaa93d005b561874923f9b0f0
5
reference_url https://github.com/roundcube/roundcubemail/commit/fde14d01adc9f37893cd82b635883e516ed453f8
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:51:19Z/
url https://github.com/roundcube/roundcubemail/commit/fde14d01adc9f37893cd82b635883e516ed453f8
6
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.5.14
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:51:19Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.5.14
7
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.6.14
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:51:19Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.6.14
8
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:51:19Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5
9
reference_url https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:51:19Z/
url https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182
reference_id 1131182
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-35542
reference_id CVE-2026-35542
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-35542
12
reference_url https://github.com/advisories/GHSA-5hf6-crg4-fg59
reference_id GHSA-5hf6-crg4-fg59
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5hf6-crg4-fg59
fixed_packages
0
url pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4?distro=trixie
purl pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-rdb5-bbvn-7fcq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4%3Fdistro=trixie
1
url pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u8?distro=trixie
purl pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u8?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u8%3Fdistro=trixie
2
url pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6?distro=trixie
purl pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6%3Fdistro=trixie
3
url pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u8?distro=trixie
purl pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u8?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u8%3Fdistro=trixie
4
url pkg:deb/debian/roundcube@1.6.13%2Bdfsg-0%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/roundcube@1.6.13%2Bdfsg-0%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.13%252Bdfsg-0%252Bdeb13u1%3Fdistro=trixie
5
url pkg:deb/debian/roundcube@1.6.14%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/roundcube@1.6.14%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.14%252Bdfsg-1%3Fdistro=trixie
6
url pkg:deb/debian/roundcube@1.6.15%2Bdfsg-0%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/roundcube@1.6.15%2Bdfsg-0%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.15%252Bdfsg-0%252Bdeb13u1%3Fdistro=trixie
7
url pkg:deb/debian/roundcube@1.6.15%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/roundcube@1.6.15%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.15%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2026-35542, GHSA-5hf6-crg4-fg59
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8vmm-1hvf-17ap
4
url VCID-8xf2-hjfv-hybh
vulnerability_id VCID-8xf2-hjfv-hybh
summary Roundcube Webmail: Insufficient CSS sanitization in HTML e-mail messages
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-35544
reference_id
reference_type
scores
0
value 0.00034
scoring_system epss
scoring_elements 0.10066
published_at 2026-04-07T12:55:00Z
1
value 0.00034
scoring_system epss
scoring_elements 0.1017
published_at 2026-04-04T12:55:00Z
2
value 0.00034
scoring_system epss
scoring_elements 0.1014
published_at 2026-04-08T12:55:00Z
3
value 0.00043
scoring_system epss
scoring_elements 0.12978
published_at 2026-04-18T12:55:00Z
4
value 0.00043
scoring_system epss
scoring_elements 0.12975
published_at 2026-04-16T12:55:00Z
5
value 0.00043
scoring_system epss
scoring_elements 0.13074
published_at 2026-04-13T12:55:00Z
6
value 0.00043
scoring_system epss
scoring_elements 0.13126
published_at 2026-04-12T12:55:00Z
7
value 0.00043
scoring_system epss
scoring_elements 0.13164
published_at 2026-04-11T12:55:00Z
8
value 0.00043
scoring_system epss
scoring_elements 0.13195
published_at 2026-04-09T12:55:00Z
9
value 0.00043
scoring_system epss
scoring_elements 0.13076
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-35544
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35544
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35544
2
reference_url https://github.com/roundcube/roundcubemail
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/roundcube/roundcubemail
3
reference_url https://github.com/roundcube/roundcubemail/commit/099009b9c8e1d3c636fb9a5af72f7c2596018662
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:06Z/
url https://github.com/roundcube/roundcubemail/commit/099009b9c8e1d3c636fb9a5af72f7c2596018662
4
reference_url https://github.com/roundcube/roundcubemail/commit/226811a1c974271dbedca72672923abaff8191c0
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:06Z/
url https://github.com/roundcube/roundcubemail/commit/226811a1c974271dbedca72672923abaff8191c0
5
reference_url https://github.com/roundcube/roundcubemail/commit/57dec0c127b98e0c8e3b9c26c80049b9c4bcaea7
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:06Z/
url https://github.com/roundcube/roundcubemail/commit/57dec0c127b98e0c8e3b9c26c80049b9c4bcaea7
6
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.5.14
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:06Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.5.14
7
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.6.14
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:06Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.6.14
8
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:06Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5
9
reference_url https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:06Z/
url https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182
reference_id 1131182
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-35544
reference_id CVE-2026-35544
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-35544
12
reference_url https://github.com/advisories/GHSA-xpqh-grpw-4xmg
reference_id GHSA-xpqh-grpw-4xmg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xpqh-grpw-4xmg
fixed_packages
0
url pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4?distro=trixie
purl pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-rdb5-bbvn-7fcq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4%3Fdistro=trixie
1
url pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u8?distro=trixie
purl pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u8?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u8%3Fdistro=trixie
2
url pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6?distro=trixie
purl pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6%3Fdistro=trixie
3
url pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u8?distro=trixie
purl pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u8?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u8%3Fdistro=trixie
4
url pkg:deb/debian/roundcube@1.6.13%2Bdfsg-0%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/roundcube@1.6.13%2Bdfsg-0%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.13%252Bdfsg-0%252Bdeb13u1%3Fdistro=trixie
5
url pkg:deb/debian/roundcube@1.6.14%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/roundcube@1.6.14%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.14%252Bdfsg-1%3Fdistro=trixie
6
url pkg:deb/debian/roundcube@1.6.15%2Bdfsg-0%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/roundcube@1.6.15%2Bdfsg-0%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.15%252Bdfsg-0%252Bdeb13u1%3Fdistro=trixie
7
url pkg:deb/debian/roundcube@1.6.15%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/roundcube@1.6.15%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.15%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2026-35544, GHSA-xpqh-grpw-4xmg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8xf2-hjfv-hybh
5
url VCID-ck88-1urs-2kes
vulnerability_id VCID-ck88-1urs-2kes
summary Roundcube Webmail: Bypass of remote image blocking via SVG content (with animate attributes) in an e-mail message
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-35543
reference_id
reference_type
scores
0
value 0.00033
scoring_system epss
scoring_elements 0.09403
published_at 2026-04-08T12:55:00Z
1
value 0.00034
scoring_system epss
scoring_elements 0.10167
published_at 2026-04-04T12:55:00Z
2
value 0.00034
scoring_system epss
scoring_elements 0.10062
published_at 2026-04-07T12:55:00Z
3
value 0.00043
scoring_system epss
scoring_elements 0.12975
published_at 2026-04-18T12:55:00Z
4
value 0.00043
scoring_system epss
scoring_elements 0.12972
published_at 2026-04-16T12:55:00Z
5
value 0.00043
scoring_system epss
scoring_elements 0.1307
published_at 2026-04-13T12:55:00Z
6
value 0.00043
scoring_system epss
scoring_elements 0.13122
published_at 2026-04-12T12:55:00Z
7
value 0.00043
scoring_system epss
scoring_elements 0.1316
published_at 2026-04-11T12:55:00Z
8
value 0.00043
scoring_system epss
scoring_elements 0.13191
published_at 2026-04-09T12:55:00Z
9
value 0.00043
scoring_system epss
scoring_elements 0.13072
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-35543
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35543
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35543
2
reference_url https://github.com/roundcube/roundcubemail
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/roundcube/roundcubemail
3
reference_url https://github.com/roundcube/roundcubemail/commit/1a63e01542bff42aaa71c00c4c279a09ef31f20c
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:45Z/
url https://github.com/roundcube/roundcubemail/commit/1a63e01542bff42aaa71c00c4c279a09ef31f20c
4
reference_url https://github.com/roundcube/roundcubemail/commit/39471343ee081ce1d31696c456a2c163462daae3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:45Z/
url https://github.com/roundcube/roundcubemail/commit/39471343ee081ce1d31696c456a2c163462daae3
5
reference_url https://github.com/roundcube/roundcubemail/commit/82ab5eca7b332fce7a174b2b987f0957a66377cd
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:45Z/
url https://github.com/roundcube/roundcubemail/commit/82ab5eca7b332fce7a174b2b987f0957a66377cd
6
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.5.14
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:45Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.5.14
7
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.6.14
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:45Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.6.14
8
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:45Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5
9
reference_url https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:45Z/
url https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182
reference_id 1131182
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-35543
reference_id CVE-2026-35543
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-35543
12
reference_url https://github.com/advisories/GHSA-j2g6-8rvg-7mf6
reference_id GHSA-j2g6-8rvg-7mf6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j2g6-8rvg-7mf6
fixed_packages
0
url pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4?distro=trixie
purl pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-rdb5-bbvn-7fcq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4%3Fdistro=trixie
1
url pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u8?distro=trixie
purl pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u8?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u8%3Fdistro=trixie
2
url pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6?distro=trixie
purl pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6%3Fdistro=trixie
3
url pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u8?distro=trixie
purl pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u8?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u8%3Fdistro=trixie
4
url pkg:deb/debian/roundcube@1.6.13%2Bdfsg-0%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/roundcube@1.6.13%2Bdfsg-0%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.13%252Bdfsg-0%252Bdeb13u1%3Fdistro=trixie
5
url pkg:deb/debian/roundcube@1.6.14%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/roundcube@1.6.14%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.14%252Bdfsg-1%3Fdistro=trixie
6
url pkg:deb/debian/roundcube@1.6.15%2Bdfsg-0%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/roundcube@1.6.15%2Bdfsg-0%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.15%252Bdfsg-0%252Bdeb13u1%3Fdistro=trixie
7
url pkg:deb/debian/roundcube@1.6.15%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/roundcube@1.6.15%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.15%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2026-35543, GHSA-j2g6-8rvg-7mf6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ck88-1urs-2kes
6
url VCID-gh6k-19h8-fqbf
vulnerability_id VCID-gh6k-19h8-fqbf
summary Roundcube Webmail: Unsanitized IMAP SEARCH command arguments
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-35538
reference_id
reference_type
scores
0
value 0.00036
scoring_system epss
scoring_elements 0.10455
published_at 2026-04-07T12:55:00Z
1
value 0.00036
scoring_system epss
scoring_elements 0.10593
published_at 2026-04-04T12:55:00Z
2
value 0.00037
scoring_system epss
scoring_elements 0.11044
published_at 2026-04-08T12:55:00Z
3
value 0.00041
scoring_system epss
scoring_elements 0.12436
published_at 2026-04-18T12:55:00Z
4
value 0.00041
scoring_system epss
scoring_elements 0.12431
published_at 2026-04-16T12:55:00Z
5
value 0.00041
scoring_system epss
scoring_elements 0.12527
published_at 2026-04-13T12:55:00Z
6
value 0.00041
scoring_system epss
scoring_elements 0.12566
published_at 2026-04-12T12:55:00Z
7
value 0.00041
scoring_system epss
scoring_elements 0.12607
published_at 2026-04-11T12:55:00Z
8
value 0.00041
scoring_system epss
scoring_elements 0.1264
published_at 2026-04-09T12:55:00Z
9
value 0.00041
scoring_system epss
scoring_elements 0.12551
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-35538
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35538
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35538
2
reference_url https://github.com/roundcube/roundcubemail
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/roundcube/roundcubemail
3
reference_url https://github.com/roundcube/roundcubemail/commit/5fe8a69956a9683a4269f3ad2a68e18deebf8a15
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:11:14Z/
url https://github.com/roundcube/roundcubemail/commit/5fe8a69956a9683a4269f3ad2a68e18deebf8a15
4
reference_url https://github.com/roundcube/roundcubemail/commit/7daf5aa9c190ccc75bb31672d8fee9938877fd64
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:11:14Z/
url https://github.com/roundcube/roundcubemail/commit/7daf5aa9c190ccc75bb31672d8fee9938877fd64
5
reference_url https://github.com/roundcube/roundcubemail/commit/b18a8fa8e81571914c0ff55d4e20edb459c6952c
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:11:14Z/
url https://github.com/roundcube/roundcubemail/commit/b18a8fa8e81571914c0ff55d4e20edb459c6952c
6
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.5.14
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:11:14Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.5.14
7
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.6.14
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:11:14Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.6.14
8
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:11:14Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5
9
reference_url https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:11:14Z/
url https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182
reference_id 1131182
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-35538
reference_id CVE-2026-35538
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-35538
12
reference_url https://github.com/advisories/GHSA-8jr8-v43g-5c57
reference_id GHSA-8jr8-v43g-5c57
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8jr8-v43g-5c57
fixed_packages
0
url pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4?distro=trixie
purl pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-rdb5-bbvn-7fcq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4%3Fdistro=trixie
1
url pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u8?distro=trixie
purl pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u8?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u8%3Fdistro=trixie
2
url pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6?distro=trixie
purl pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6%3Fdistro=trixie
3
url pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u8?distro=trixie
purl pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u8?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u8%3Fdistro=trixie
4
url pkg:deb/debian/roundcube@1.6.13%2Bdfsg-0%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/roundcube@1.6.13%2Bdfsg-0%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.13%252Bdfsg-0%252Bdeb13u1%3Fdistro=trixie
5
url pkg:deb/debian/roundcube@1.6.14%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/roundcube@1.6.14%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.14%252Bdfsg-1%3Fdistro=trixie
6
url pkg:deb/debian/roundcube@1.6.15%2Bdfsg-0%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/roundcube@1.6.15%2Bdfsg-0%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.15%252Bdfsg-0%252Bdeb13u1%3Fdistro=trixie
7
url pkg:deb/debian/roundcube@1.6.15%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/roundcube@1.6.15%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.15%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2026-35538, GHSA-8jr8-v43g-5c57
risk_score 1.4
exploitability 0.5
weighted_severity 2.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gh6k-19h8-fqbf
7
url VCID-ub6x-9dku-c7fk
vulnerability_id VCID-ub6x-9dku-c7fk
summary Roundcube Webmail: Insufficient CSS sanitization in HTML e-mail messages
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-35540
reference_id
reference_type
scores
0
value 0.00031
scoring_system epss
scoring_elements 0.08833
published_at 2026-04-07T12:55:00Z
1
value 0.00031
scoring_system epss
scoring_elements 0.08902
published_at 2026-04-04T12:55:00Z
2
value 0.00033
scoring_system epss
scoring_elements 0.09441
published_at 2026-04-08T12:55:00Z
3
value 0.00043
scoring_system epss
scoring_elements 0.1304
published_at 2026-04-18T12:55:00Z
4
value 0.00043
scoring_system epss
scoring_elements 0.13038
published_at 2026-04-16T12:55:00Z
5
value 0.00043
scoring_system epss
scoring_elements 0.13135
published_at 2026-04-13T12:55:00Z
6
value 0.00043
scoring_system epss
scoring_elements 0.13187
published_at 2026-04-12T12:55:00Z
7
value 0.00043
scoring_system epss
scoring_elements 0.13224
published_at 2026-04-11T12:55:00Z
8
value 0.00043
scoring_system epss
scoring_elements 0.13255
published_at 2026-04-09T12:55:00Z
9
value 0.00047
scoring_system epss
scoring_elements 0.14425
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-35540
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35540
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35540
2
reference_url https://github.com/roundcube/roundcubemail
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/roundcube/roundcubemail
3
reference_url https://github.com/roundcube/roundcubemail/commit/27ec6cc9cb25e1ef8b4d4ef39ce76d619caa6870
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:31Z/
url https://github.com/roundcube/roundcubemail/commit/27ec6cc9cb25e1ef8b4d4ef39ce76d619caa6870
4
reference_url https://github.com/roundcube/roundcubemail/commit/579b68eff90650a5c782e153debd66c765648942
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:31Z/
url https://github.com/roundcube/roundcubemail/commit/579b68eff90650a5c782e153debd66c765648942
5
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.6.14
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:31Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.6.14
6
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:31Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5
7
reference_url https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:31Z/
url https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182
reference_id 1131182
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-35540
reference_id CVE-2026-35540
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-35540
10
reference_url https://github.com/advisories/GHSA-vxg2-hhgr-37fx
reference_id GHSA-vxg2-hhgr-37fx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vxg2-hhgr-37fx
fixed_packages
0
url pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4?distro=trixie
purl pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-rdb5-bbvn-7fcq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4%3Fdistro=trixie
1
url pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u8?distro=trixie
purl pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u8?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u8%3Fdistro=trixie
2
url pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6?distro=trixie
purl pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6%3Fdistro=trixie
3
url pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u8?distro=trixie
purl pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u8?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u8%3Fdistro=trixie
4
url pkg:deb/debian/roundcube@1.6.13%2Bdfsg-0%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/roundcube@1.6.13%2Bdfsg-0%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.13%252Bdfsg-0%252Bdeb13u1%3Fdistro=trixie
5
url pkg:deb/debian/roundcube@1.6.14%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/roundcube@1.6.14%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.14%252Bdfsg-1%3Fdistro=trixie
6
url pkg:deb/debian/roundcube@1.6.15%2Bdfsg-0%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/roundcube@1.6.15%2Bdfsg-0%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.15%252Bdfsg-0%252Bdeb13u1%3Fdistro=trixie
7
url pkg:deb/debian/roundcube@1.6.15%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/roundcube@1.6.15%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.15%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2026-35540, GHSA-vxg2-hhgr-37fx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ub6x-9dku-c7fk
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.14%252Bdfsg-1%3Fdistro=trixie