Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/roundcube@1.2.3%2Bdfsg.1-4%2Bdeb9u6
Typedeb
Namespacedebian
Nameroundcube
Version1.2.3+dfsg.1-4+deb9u6
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.6.5+dfsg-1+deb12u6
Latest_non_vulnerable_version1.6.5+dfsg-1+deb12u6
Affected_by_vulnerabilities
0
url VCID-14vp-t71a-4bh1
vulnerability_id VCID-14vp-t71a-4bh1
summary security update
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-46144
reference_id
reference_type
scores
0
value 0.01055
scoring_system epss
scoring_elements 0.77528
published_at 2026-04-01T12:55:00Z
1
value 0.01055
scoring_system epss
scoring_elements 0.77534
published_at 2026-04-02T12:55:00Z
2
value 0.01055
scoring_system epss
scoring_elements 0.7756
published_at 2026-04-04T12:55:00Z
3
value 0.01055
scoring_system epss
scoring_elements 0.77539
published_at 2026-04-07T12:55:00Z
4
value 0.01055
scoring_system epss
scoring_elements 0.7757
published_at 2026-04-08T12:55:00Z
5
value 0.01055
scoring_system epss
scoring_elements 0.77578
published_at 2026-04-09T12:55:00Z
6
value 0.01055
scoring_system epss
scoring_elements 0.77604
published_at 2026-04-11T12:55:00Z
7
value 0.01055
scoring_system epss
scoring_elements 0.77589
published_at 2026-04-12T12:55:00Z
8
value 0.01055
scoring_system epss
scoring_elements 0.77588
published_at 2026-04-13T12:55:00Z
9
value 0.01055
scoring_system epss
scoring_elements 0.77625
published_at 2026-04-16T12:55:00Z
10
value 0.01055
scoring_system epss
scoring_elements 0.77623
published_at 2026-04-18T12:55:00Z
11
value 0.01055
scoring_system epss
scoring_elements 0.77618
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-46144
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46144
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46144
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003027
reference_id 1003027
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003027
3
reference_url https://usn.ubuntu.com/USN-5182-1/
reference_id USN-USN-5182-1
reference_type
scores
url https://usn.ubuntu.com/USN-5182-1/
fixed_packages
0
url pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2
purl pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14vp-t71a-4bh1
1
vulnerability VCID-2eyy-k49d-m3af
2
vulnerability VCID-2hap-9mqs-v3b8
3
vulnerability VCID-2k4q-26tk-j3gx
4
vulnerability VCID-2nb2-9vgp-tqg9
5
vulnerability VCID-36et-26h7-pke7
6
vulnerability VCID-3kyu-tx4q-p3aq
7
vulnerability VCID-4yzj-hrqv-vbcp
8
vulnerability VCID-5yts-xnha-4bf3
9
vulnerability VCID-79me-pjdn-ykgq
10
vulnerability VCID-7nn6-aywu-z7g8
11
vulnerability VCID-8vmm-1hvf-17ap
12
vulnerability VCID-8xf2-hjfv-hybh
13
vulnerability VCID-9der-5csu-nbbq
14
vulnerability VCID-9uv1-gqq7-3kc9
15
vulnerability VCID-cjkd-2jr6-n7as
16
vulnerability VCID-ck88-1urs-2kes
17
vulnerability VCID-cnkc-vcp7-6kcw
18
vulnerability VCID-ddfq-28qm-2fbn
19
vulnerability VCID-gh6k-19h8-fqbf
20
vulnerability VCID-hg1a-vx5c-hue3
21
vulnerability VCID-jck5-xymf-s3bh
22
vulnerability VCID-jqs5-8ct7-wfgk
23
vulnerability VCID-kyxz-v3sj-w3cw
24
vulnerability VCID-m4yc-ms54-zyhv
25
vulnerability VCID-ncbg-6m11-3qan
26
vulnerability VCID-qwak-6wgy-wfgs
27
vulnerability VCID-rc91-j3kf-zfch
28
vulnerability VCID-s6p1-rf35-euhy
29
vulnerability VCID-u8a4-4pe2-9kcb
30
vulnerability VCID-ub6x-9dku-c7fk
31
vulnerability VCID-vehj-ytsm-kqgz
32
vulnerability VCID-vtz8-zmp4-xbdh
33
vulnerability VCID-x9j7-98zt-6ygt
34
vulnerability VCID-xssa-fwbx-kybq
35
vulnerability VCID-ybv7-hqmj-nbgr
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2
1
url pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4
purl pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hap-9mqs-v3b8
1
vulnerability VCID-2nb2-9vgp-tqg9
2
vulnerability VCID-3kyu-tx4q-p3aq
3
vulnerability VCID-4yzj-hrqv-vbcp
4
vulnerability VCID-5yts-xnha-4bf3
5
vulnerability VCID-8vmm-1hvf-17ap
6
vulnerability VCID-8xf2-hjfv-hybh
7
vulnerability VCID-9uv1-gqq7-3kc9
8
vulnerability VCID-ck88-1urs-2kes
9
vulnerability VCID-ddfq-28qm-2fbn
10
vulnerability VCID-gh6k-19h8-fqbf
11
vulnerability VCID-rdb5-bbvn-7fcq
12
vulnerability VCID-ub6x-9dku-c7fk
13
vulnerability VCID-vtz8-zmp4-xbdh
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4
aliases CVE-2021-46144
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-14vp-t71a-4bh1
1
url VCID-2eyy-k49d-m3af
vulnerability_id VCID-2eyy-k49d-m3af
summary Multiple vulnerabilities have been discovered in Roundcube, the worst of which could lead to execution of arbitrary code.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-44026
reference_id
reference_type
scores
0
value 0.64041
scoring_system epss
scoring_elements 0.98426
published_at 2026-04-04T12:55:00Z
1
value 0.64041
scoring_system epss
scoring_elements 0.98422
published_at 2026-04-02T12:55:00Z
2
value 0.64041
scoring_system epss
scoring_elements 0.9842
published_at 2026-04-01T12:55:00Z
3
value 0.64041
scoring_system epss
scoring_elements 0.9844
published_at 2026-04-16T12:55:00Z
4
value 0.64041
scoring_system epss
scoring_elements 0.98436
published_at 2026-04-13T12:55:00Z
5
value 0.64041
scoring_system epss
scoring_elements 0.98432
published_at 2026-04-09T12:55:00Z
6
value 0.64041
scoring_system epss
scoring_elements 0.98431
published_at 2026-04-08T12:55:00Z
7
value 0.64041
scoring_system epss
scoring_elements 0.98428
published_at 2026-04-07T12:55:00Z
8
value 0.72527
scoring_system epss
scoring_elements 0.98773
published_at 2026-04-21T12:55:00Z
9
value 0.72527
scoring_system epss
scoring_elements 0.98772
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-44026
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44025
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44025
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44026
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44026
3
reference_url https://bugs.debian.org/1000156
reference_id 1000156
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:33:07Z/
url https://bugs.debian.org/1000156
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000156
reference_id 1000156
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000156
5
reference_url https://github.com/roundcube/roundcubemail/commit/c8947ecb762d9e89c2091bda28d49002817263f1
reference_id c8947ecb762d9e89c2091bda28d49002817263f1
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:33:07Z/
url https://github.com/roundcube/roundcubemail/commit/c8947ecb762d9e89c2091bda28d49002817263f1
6
reference_url https://www.debian.org/security/2021/dsa-5013
reference_id dsa-5013
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:33:07Z/
url https://www.debian.org/security/2021/dsa-5013
7
reference_url https://github.com/roundcube/roundcubemail/commit/ee809bde2dcaa04857a919397808a7296681dcfa
reference_id ee809bde2dcaa04857a919397808a7296681dcfa
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:33:07Z/
url https://github.com/roundcube/roundcubemail/commit/ee809bde2dcaa04857a919397808a7296681dcfa
8
reference_url https://security.gentoo.org/glsa/202507-10
reference_id GLSA-202507-10
reference_type
scores
url https://security.gentoo.org/glsa/202507-10
9
reference_url https://lists.debian.org/debian-lts-announce/2021/12/msg00004.html
reference_id msg00004.html
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:33:07Z/
url https://lists.debian.org/debian-lts-announce/2021/12/msg00004.html
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDVGIZMQJ5IOM47Y3SAAJRN5VPANKTKO/
reference_id NDVGIZMQJ5IOM47Y3SAAJRN5VPANKTKO
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:33:07Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDVGIZMQJ5IOM47Y3SAAJRN5VPANKTKO/
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TP3Y5RXTUUOUODNG7HFEKWYNIPIT2NL4/
reference_id TP3Y5RXTUUOUODNG7HFEKWYNIPIT2NL4
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:33:07Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TP3Y5RXTUUOUODNG7HFEKWYNIPIT2NL4/
12
reference_url https://usn.ubuntu.com/USN-5182-1/
reference_id USN-USN-5182-1
reference_type
scores
url https://usn.ubuntu.com/USN-5182-1/
fixed_packages
0
url pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2
purl pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14vp-t71a-4bh1
1
vulnerability VCID-2eyy-k49d-m3af
2
vulnerability VCID-2hap-9mqs-v3b8
3
vulnerability VCID-2k4q-26tk-j3gx
4
vulnerability VCID-2nb2-9vgp-tqg9
5
vulnerability VCID-36et-26h7-pke7
6
vulnerability VCID-3kyu-tx4q-p3aq
7
vulnerability VCID-4yzj-hrqv-vbcp
8
vulnerability VCID-5yts-xnha-4bf3
9
vulnerability VCID-79me-pjdn-ykgq
10
vulnerability VCID-7nn6-aywu-z7g8
11
vulnerability VCID-8vmm-1hvf-17ap
12
vulnerability VCID-8xf2-hjfv-hybh
13
vulnerability VCID-9der-5csu-nbbq
14
vulnerability VCID-9uv1-gqq7-3kc9
15
vulnerability VCID-cjkd-2jr6-n7as
16
vulnerability VCID-ck88-1urs-2kes
17
vulnerability VCID-cnkc-vcp7-6kcw
18
vulnerability VCID-ddfq-28qm-2fbn
19
vulnerability VCID-gh6k-19h8-fqbf
20
vulnerability VCID-hg1a-vx5c-hue3
21
vulnerability VCID-jck5-xymf-s3bh
22
vulnerability VCID-jqs5-8ct7-wfgk
23
vulnerability VCID-kyxz-v3sj-w3cw
24
vulnerability VCID-m4yc-ms54-zyhv
25
vulnerability VCID-ncbg-6m11-3qan
26
vulnerability VCID-qwak-6wgy-wfgs
27
vulnerability VCID-rc91-j3kf-zfch
28
vulnerability VCID-s6p1-rf35-euhy
29
vulnerability VCID-u8a4-4pe2-9kcb
30
vulnerability VCID-ub6x-9dku-c7fk
31
vulnerability VCID-vehj-ytsm-kqgz
32
vulnerability VCID-vtz8-zmp4-xbdh
33
vulnerability VCID-x9j7-98zt-6ygt
34
vulnerability VCID-xssa-fwbx-kybq
35
vulnerability VCID-ybv7-hqmj-nbgr
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2
1
url pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4
purl pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hap-9mqs-v3b8
1
vulnerability VCID-2nb2-9vgp-tqg9
2
vulnerability VCID-3kyu-tx4q-p3aq
3
vulnerability VCID-4yzj-hrqv-vbcp
4
vulnerability VCID-5yts-xnha-4bf3
5
vulnerability VCID-8vmm-1hvf-17ap
6
vulnerability VCID-8xf2-hjfv-hybh
7
vulnerability VCID-9uv1-gqq7-3kc9
8
vulnerability VCID-ck88-1urs-2kes
9
vulnerability VCID-ddfq-28qm-2fbn
10
vulnerability VCID-gh6k-19h8-fqbf
11
vulnerability VCID-rdb5-bbvn-7fcq
12
vulnerability VCID-ub6x-9dku-c7fk
13
vulnerability VCID-vtz8-zmp4-xbdh
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4
aliases CVE-2021-44026
risk_score 10.0
exploitability 2.0
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2eyy-k49d-m3af
2
url VCID-2hap-9mqs-v3b8
vulnerability_id VCID-2hap-9mqs-v3b8
summary Roundcube Webmail: Incorrect password comparison in the password plugin
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-35541
reference_id
reference_type
scores
0
value 0.00032
scoring_system epss
scoring_elements 0.09324
published_at 2026-04-08T12:55:00Z
1
value 0.00034
scoring_system epss
scoring_elements 0.10086
published_at 2026-04-04T12:55:00Z
2
value 0.00034
scoring_system epss
scoring_elements 0.09983
published_at 2026-04-07T12:55:00Z
3
value 0.00036
scoring_system epss
scoring_elements 0.10618
published_at 2026-04-18T12:55:00Z
4
value 0.00036
scoring_system epss
scoring_elements 0.10604
published_at 2026-04-16T12:55:00Z
5
value 0.00036
scoring_system epss
scoring_elements 0.10739
published_at 2026-04-13T12:55:00Z
6
value 0.00036
scoring_system epss
scoring_elements 0.10764
published_at 2026-04-12T12:55:00Z
7
value 0.00036
scoring_system epss
scoring_elements 0.10796
published_at 2026-04-11T12:55:00Z
8
value 0.00036
scoring_system epss
scoring_elements 0.10782
published_at 2026-04-09T12:55:00Z
9
value 0.00036
scoring_system epss
scoring_elements 0.10743
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-35541
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35541
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35541
2
reference_url https://github.com/roundcube/roundcubemail
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/roundcube/roundcubemail
3
reference_url https://github.com/roundcube/roundcubemail/commit/2e6a99b2a38110907ea8d3be8e59ec3d5802c394
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:00Z/
url https://github.com/roundcube/roundcubemail/commit/2e6a99b2a38110907ea8d3be8e59ec3d5802c394
4
reference_url https://github.com/roundcube/roundcubemail/commit/6a275676a8043083c05c961914d830b79e2490d4
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:00Z/
url https://github.com/roundcube/roundcubemail/commit/6a275676a8043083c05c961914d830b79e2490d4
5
reference_url https://github.com/roundcube/roundcubemail/commit/6fa2bddc59b9c9fd31cad4a9e2954a208d793dce
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:00Z/
url https://github.com/roundcube/roundcubemail/commit/6fa2bddc59b9c9fd31cad4a9e2954a208d793dce
6
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.5.14
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:00Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.5.14
7
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.6.14
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:00Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.6.14
8
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:00Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5
9
reference_url https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:00Z/
url https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182
reference_id 1131182
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-35541
reference_id CVE-2026-35541
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-35541
12
reference_url https://github.com/advisories/GHSA-46pv-mj2g-93gh
reference_id GHSA-46pv-mj2g-93gh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-46pv-mj2g-93gh
fixed_packages
0
url pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6
purl pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6
aliases CVE-2026-35541, GHSA-46pv-mj2g-93gh
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2hap-9mqs-v3b8
3
url VCID-2k4q-26tk-j3gx
vulnerability_id VCID-2k4q-26tk-j3gx
summary security update
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-42010
reference_id
reference_type
scores
0
value 0.14764
scoring_system epss
scoring_elements 0.94518
published_at 2026-04-21T12:55:00Z
1
value 0.14764
scoring_system epss
scoring_elements 0.94467
published_at 2026-04-02T12:55:00Z
2
value 0.14764
scoring_system epss
scoring_elements 0.94474
published_at 2026-04-04T12:55:00Z
3
value 0.14764
scoring_system epss
scoring_elements 0.94476
published_at 2026-04-07T12:55:00Z
4
value 0.14764
scoring_system epss
scoring_elements 0.94486
published_at 2026-04-08T12:55:00Z
5
value 0.14764
scoring_system epss
scoring_elements 0.94489
published_at 2026-04-09T12:55:00Z
6
value 0.14764
scoring_system epss
scoring_elements 0.94493
published_at 2026-04-11T12:55:00Z
7
value 0.14764
scoring_system epss
scoring_elements 0.94495
published_at 2026-04-13T12:55:00Z
8
value 0.14764
scoring_system epss
scoring_elements 0.94509
published_at 2026-04-16T12:55:00Z
9
value 0.14764
scoring_system epss
scoring_elements 0.94513
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-42010
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42008
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42008
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42009
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42009
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42010
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42010
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077969
reference_id 1077969
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077969
5
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.5.8
reference_id 1.5.8
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-06T14:03:28Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.5.8
6
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.6.8
reference_id 1.6.8
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-06T14:03:28Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.6.8
7
reference_url https://sonarsource.com/blog/government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail/
reference_id government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-06T14:03:28Z/
url https://sonarsource.com/blog/government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail/
8
reference_url https://github.com/roundcube/roundcubemail/releases
reference_id releases
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-06T14:03:28Z/
url https://github.com/roundcube/roundcubemail/releases
9
reference_url https://roundcube.net/news/2024/08/04/security-updates-1.6.8-and-1.5.8
reference_id security-updates-1.6.8-and-1.5.8
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-06T14:03:28Z/
url https://roundcube.net/news/2024/08/04/security-updates-1.6.8-and-1.5.8
fixed_packages
0
url pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4
purl pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hap-9mqs-v3b8
1
vulnerability VCID-2nb2-9vgp-tqg9
2
vulnerability VCID-3kyu-tx4q-p3aq
3
vulnerability VCID-4yzj-hrqv-vbcp
4
vulnerability VCID-5yts-xnha-4bf3
5
vulnerability VCID-8vmm-1hvf-17ap
6
vulnerability VCID-8xf2-hjfv-hybh
7
vulnerability VCID-9uv1-gqq7-3kc9
8
vulnerability VCID-ck88-1urs-2kes
9
vulnerability VCID-ddfq-28qm-2fbn
10
vulnerability VCID-gh6k-19h8-fqbf
11
vulnerability VCID-rdb5-bbvn-7fcq
12
vulnerability VCID-ub6x-9dku-c7fk
13
vulnerability VCID-vtz8-zmp4-xbdh
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4
aliases CVE-2024-42010
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2k4q-26tk-j3gx
4
url VCID-2nb2-9vgp-tqg9
vulnerability_id VCID-2nb2-9vgp-tqg9
summary roundcubemail: Roundcube Webmail: Information Disclosure via HTML Style Sanitizer
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68460.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68460.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-68460
reference_id
reference_type
scores
0
value 0.00046
scoring_system epss
scoring_elements 0.14181
published_at 2026-04-02T12:55:00Z
1
value 0.00046
scoring_system epss
scoring_elements 0.14238
published_at 2026-04-04T12:55:00Z
2
value 0.00046
scoring_system epss
scoring_elements 0.14053
published_at 2026-04-07T12:55:00Z
3
value 0.00046
scoring_system epss
scoring_elements 0.14134
published_at 2026-04-08T12:55:00Z
4
value 0.00046
scoring_system epss
scoring_elements 0.14185
published_at 2026-04-09T12:55:00Z
5
value 0.00046
scoring_system epss
scoring_elements 0.14136
published_at 2026-04-11T12:55:00Z
6
value 0.00046
scoring_system epss
scoring_elements 0.14094
published_at 2026-04-12T12:55:00Z
7
value 0.00046
scoring_system epss
scoring_elements 0.1404
published_at 2026-04-13T12:55:00Z
8
value 0.00046
scoring_system epss
scoring_elements 0.13935
published_at 2026-04-16T12:55:00Z
9
value 0.00046
scoring_system epss
scoring_elements 0.13934
published_at 2026-04-18T12:55:00Z
10
value 0.00056
scoring_system epss
scoring_elements 0.17503
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-68460
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68460
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68460
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122899
reference_id 1122899
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122899
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2423487
reference_id 2423487
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2423487
fixed_packages
0
url pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6
purl pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6
aliases CVE-2025-68460
risk_score 2.5
exploitability 0.5
weighted_severity 4.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2nb2-9vgp-tqg9
5
url VCID-36et-26h7-pke7
vulnerability_id VCID-36et-26h7-pke7
summary security update
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-42008
reference_id
reference_type
scores
0
value 0.57251
scoring_system epss
scoring_elements 0.98154
published_at 2026-04-21T12:55:00Z
1
value 0.57251
scoring_system epss
scoring_elements 0.98136
published_at 2026-04-02T12:55:00Z
2
value 0.57251
scoring_system epss
scoring_elements 0.98139
published_at 2026-04-04T12:55:00Z
3
value 0.57251
scoring_system epss
scoring_elements 0.98141
published_at 2026-04-07T12:55:00Z
4
value 0.57251
scoring_system epss
scoring_elements 0.98145
published_at 2026-04-08T12:55:00Z
5
value 0.57251
scoring_system epss
scoring_elements 0.98146
published_at 2026-04-09T12:55:00Z
6
value 0.57251
scoring_system epss
scoring_elements 0.98149
published_at 2026-04-11T12:55:00Z
7
value 0.57251
scoring_system epss
scoring_elements 0.9815
published_at 2026-04-13T12:55:00Z
8
value 0.57251
scoring_system epss
scoring_elements 0.98156
published_at 2026-04-16T12:55:00Z
9
value 0.58573
scoring_system epss
scoring_elements 0.98218
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-42008
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42008
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42008
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42009
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42009
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42010
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42010
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077969
reference_id 1077969
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077969
5
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.5.8
reference_id 1.5.8
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-07T19:56:10Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.5.8
6
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.6.8
reference_id 1.6.8
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-07T19:56:10Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.6.8
7
reference_url https://sonarsource.com/blog/government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail/
reference_id government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-07T19:56:10Z/
url https://sonarsource.com/blog/government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail/
8
reference_url https://github.com/roundcube/roundcubemail/releases
reference_id releases
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-07T19:56:10Z/
url https://github.com/roundcube/roundcubemail/releases
9
reference_url https://roundcube.net/news/2024/08/04/security-updates-1.6.8-and-1.5.8
reference_id security-updates-1.6.8-and-1.5.8
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-07T19:56:10Z/
url https://roundcube.net/news/2024/08/04/security-updates-1.6.8-and-1.5.8
fixed_packages
0
url pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4
purl pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hap-9mqs-v3b8
1
vulnerability VCID-2nb2-9vgp-tqg9
2
vulnerability VCID-3kyu-tx4q-p3aq
3
vulnerability VCID-4yzj-hrqv-vbcp
4
vulnerability VCID-5yts-xnha-4bf3
5
vulnerability VCID-8vmm-1hvf-17ap
6
vulnerability VCID-8xf2-hjfv-hybh
7
vulnerability VCID-9uv1-gqq7-3kc9
8
vulnerability VCID-ck88-1urs-2kes
9
vulnerability VCID-ddfq-28qm-2fbn
10
vulnerability VCID-gh6k-19h8-fqbf
11
vulnerability VCID-rdb5-bbvn-7fcq
12
vulnerability VCID-ub6x-9dku-c7fk
13
vulnerability VCID-vtz8-zmp4-xbdh
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4
aliases CVE-2024-42008
risk_score 4.2
exploitability 0.5
weighted_severity 8.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-36et-26h7-pke7
6
url VCID-3kyu-tx4q-p3aq
vulnerability_id VCID-3kyu-tx4q-p3aq
summary 
Roundcube Webmail Vulnerable to Authenticated RCE via PHP Object Deserialization
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49113.json
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49113.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-49113
reference_id
reference_type
scores
0
value 0.90478
scoring_system epss
scoring_elements 0.99609
published_at 2026-04-18T12:55:00Z
1
value 0.90891
scoring_system epss
scoring_elements 0.99636
published_at 2026-04-21T12:55:00Z
2
value 0.91243
scoring_system epss
scoring_elements 0.99653
published_at 2026-04-16T12:55:00Z
3
value 0.91574
scoring_system epss
scoring_elements 0.9967
published_at 2026-04-02T12:55:00Z
4
value 0.91574
scoring_system epss
scoring_elements 0.99675
published_at 2026-04-13T12:55:00Z
5
value 0.91574
scoring_system epss
scoring_elements 0.99674
published_at 2026-04-09T12:55:00Z
6
value 0.91574
scoring_system epss
scoring_elements 0.99673
published_at 2026-04-07T12:55:00Z
7
value 0.91574
scoring_system epss
scoring_elements 0.99672
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-49113
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49113
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49113
3
reference_url https://fearsoff.org/research/roundcube
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-02-20T20:05:40Z/
url https://fearsoff.org/research/roundcube
4
reference_url https://github.com/roundcube/roundcubemail
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/roundcube/roundcubemail
5
reference_url https://github.com/roundcube/roundcubemail/commit/0376f69e958a8fef7f6f09e352c541b4e7729c4d
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-02-20T20:05:40Z/
url https://github.com/roundcube/roundcubemail/commit/0376f69e958a8fef7f6f09e352c541b4e7729c4d
6
reference_url https://github.com/roundcube/roundcubemail/commit/7408f31379666124a39f9cb1018f62bc5e2dc695
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-02-20T20:05:40Z/
url https://github.com/roundcube/roundcubemail/commit/7408f31379666124a39f9cb1018f62bc5e2dc695
7
reference_url https://github.com/roundcube/roundcubemail/commit/c50a07d88ca38f018a0f4a0b008e9a1deb32637e
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-02-20T20:05:40Z/
url https://github.com/roundcube/roundcubemail/commit/c50a07d88ca38f018a0f4a0b008e9a1deb32637e
8
reference_url https://github.com/roundcube/roundcubemail/pull/9865
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-02-20T20:05:40Z/
url https://github.com/roundcube/roundcubemail/pull/9865
9
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.5.10
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-02-20T20:05:40Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.5.10
10
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.6.11
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-02-20T20:05:40Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.6.11
11
reference_url https://lists.debian.org/debian-lts-announce/2025/06/msg00008.html
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/06/msg00008.html
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-49113
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-49113
13
reference_url https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-02-20T20:05:40Z/
url https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10
14
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-49113
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-49113
15
reference_url https://www.vicarius.io/vsociety/posts/cve-2025-49113-roundcube-mitigation-script
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-02-20T20:05:40Z/
url https://www.vicarius.io/vsociety/posts/cve-2025-49113-roundcube-mitigation-script
16
reference_url https://www.vicarius.io/vsociety/posts/cve-2025-49113-roundcube-vulnerability-detection
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-02-20T20:05:40Z/
url https://www.vicarius.io/vsociety/posts/cve-2025-49113-roundcube-vulnerability-detection
17
reference_url http://www.openwall.com/lists/oss-security/2025/06/02/3
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/06/02/3
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107073
reference_id 1107073
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107073
19
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2369696
reference_id 2369696
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2369696
20
reference_url https://security.archlinux.org/ASA-202506-1
reference_id ASA-202506-1
reference_type
scores
url https://security.archlinux.org/ASA-202506-1
21
reference_url https://security.archlinux.org/AVG-2891
reference_id AVG-2891
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2891
22
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52324.NA
reference_id CVE-2025-49113
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52324.NA
23
reference_url https://github.com/advisories/GHSA-8j8w-wwqc-x596
reference_id GHSA-8j8w-wwqc-x596
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8j8w-wwqc-x596
24
reference_url https://usn.ubuntu.com/7584-1/
reference_id USN-7584-1
reference_type
scores
url https://usn.ubuntu.com/7584-1/
fixed_packages
0
url pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6
purl pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6
aliases CVE-2025-49113, GHSA-8j8w-wwqc-x596
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3kyu-tx4q-p3aq
7
url VCID-4yzj-hrqv-vbcp
vulnerability_id VCID-4yzj-hrqv-vbcp
summary Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when "Block remote images" is used, does not block SVG feImage.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25916
reference_id
reference_type
scores
0
value 0.00034
scoring_system epss
scoring_elements 0.09829
published_at 2026-04-07T12:55:00Z
1
value 0.00034
scoring_system epss
scoring_elements 0.09789
published_at 2026-04-16T12:55:00Z
2
value 0.00034
scoring_system epss
scoring_elements 0.09906
published_at 2026-04-13T12:55:00Z
3
value 0.00034
scoring_system epss
scoring_elements 0.09931
published_at 2026-04-12T12:55:00Z
4
value 0.00034
scoring_system epss
scoring_elements 0.09968
published_at 2026-04-11T12:55:00Z
5
value 0.00034
scoring_system epss
scoring_elements 0.09956
published_at 2026-04-09T12:55:00Z
6
value 0.00034
scoring_system epss
scoring_elements 0.09904
published_at 2026-04-08T12:55:00Z
7
value 0.00039
scoring_system epss
scoring_elements 0.11763
published_at 2026-04-21T12:55:00Z
8
value 0.00039
scoring_system epss
scoring_elements 0.11641
published_at 2026-04-18T12:55:00Z
9
value 0.00041
scoring_system epss
scoring_elements 0.12448
published_at 2026-04-02T12:55:00Z
10
value 0.00041
scoring_system epss
scoring_elements 0.12491
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25916
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25916
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25916
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127447
reference_id 1127447
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127447
3
reference_url https://nullcathedral.com/posts/2026-02-08-roundcube-svg-feimage-remote-image-bypass/
reference_id 2026-02-08-roundcube-svg-feimage-remote-image-bypass
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-09T14:54:49Z/
url https://nullcathedral.com/posts/2026-02-08-roundcube-svg-feimage-remote-image-bypass/
4
reference_url https://github.com/roundcube/roundcubemail/commit/26d7677
reference_id 26d7677
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-09T14:54:49Z/
url https://github.com/roundcube/roundcubemail/commit/26d7677
5
reference_url https://news.ycombinator.com/item?id=46937012
reference_id item?id=46937012
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-09T14:54:49Z/
url https://news.ycombinator.com/item?id=46937012
fixed_packages
0
url pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6
purl pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6
aliases CVE-2026-25916
risk_score 1.9
exploitability 0.5
weighted_severity 3.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4yzj-hrqv-vbcp
8
url VCID-5yts-xnha-4bf3
vulnerability_id VCID-5yts-xnha-4bf3
summary Roundcube Webmail: Insufficient HTML attachment sanitization in preview mode
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-35539
reference_id
reference_type
scores
0
value 0.00036
scoring_system epss
scoring_elements 0.10724
published_at 2026-04-07T12:55:00Z
1
value 0.00036
scoring_system epss
scoring_elements 0.10896
published_at 2026-04-04T12:55:00Z
2
value 0.00038
scoring_system epss
scoring_elements 0.11324
published_at 2026-04-08T12:55:00Z
3
value 0.00041
scoring_system epss
scoring_elements 0.12306
published_at 2026-04-18T12:55:00Z
4
value 0.00041
scoring_system epss
scoring_elements 0.12406
published_at 2026-04-13T12:55:00Z
5
value 0.00041
scoring_system epss
scoring_elements 0.12446
published_at 2026-04-12T12:55:00Z
6
value 0.00041
scoring_system epss
scoring_elements 0.12484
published_at 2026-04-11T12:55:00Z
7
value 0.00041
scoring_system epss
scoring_elements 0.12511
published_at 2026-04-09T12:55:00Z
8
value 0.00041
scoring_system epss
scoring_elements 0.12417
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-35539
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35539
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35539
2
reference_url https://github.com/roundcube/roundcubemail
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/roundcube/roundcubemail
3
reference_url https://github.com/roundcube/roundcubemail/commit/10a6d1fa8acac85c727b0a6ae4a6642bfa27bea1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:10:48Z/
url https://github.com/roundcube/roundcubemail/commit/10a6d1fa8acac85c727b0a6ae4a6642bfa27bea1
4
reference_url https://github.com/roundcube/roundcubemail/commit/1b30edf5369668c92fe91dae3d52e477c808aa4f
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:10:48Z/
url https://github.com/roundcube/roundcubemail/commit/1b30edf5369668c92fe91dae3d52e477c808aa4f
5
reference_url https://github.com/roundcube/roundcubemail/commit/d742954ccbcdee7020f8f2e7c49ce0fca5a0efab
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:10:48Z/
url https://github.com/roundcube/roundcubemail/commit/d742954ccbcdee7020f8f2e7c49ce0fca5a0efab
6
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.5.14
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:10:48Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.5.14
7
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.6.14
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:10:48Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.6.14
8
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:10:48Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5
9
reference_url https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:10:48Z/
url https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182
reference_id 1131182
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-35539
reference_id CVE-2026-35539
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-35539
12
reference_url https://github.com/advisories/GHSA-x4q5-8j5g-hpjc
reference_id GHSA-x4q5-8j5g-hpjc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x4q5-8j5g-hpjc
fixed_packages
0
url pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6
purl pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6
aliases CVE-2026-35539, GHSA-x4q5-8j5g-hpjc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5yts-xnha-4bf3
9
url VCID-79me-pjdn-ykgq
vulnerability_id VCID-79me-pjdn-ykgq
summary 
A flaw in Roundcube's handling of configuration files may allow
    arbitrary code execution, amongst other vulnerabilities.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-12640
reference_id
reference_type
scores
0
value 0.22659
scoring_system epss
scoring_elements 0.95822
published_at 2026-04-01T12:55:00Z
1
value 0.22659
scoring_system epss
scoring_elements 0.95831
published_at 2026-04-02T12:55:00Z
2
value 0.22659
scoring_system epss
scoring_elements 0.95839
published_at 2026-04-04T12:55:00Z
3
value 0.22659
scoring_system epss
scoring_elements 0.95842
published_at 2026-04-07T12:55:00Z
4
value 0.22659
scoring_system epss
scoring_elements 0.9585
published_at 2026-04-08T12:55:00Z
5
value 0.22659
scoring_system epss
scoring_elements 0.95854
published_at 2026-04-09T12:55:00Z
6
value 0.22659
scoring_system epss
scoring_elements 0.95857
published_at 2026-04-11T12:55:00Z
7
value 0.22659
scoring_system epss
scoring_elements 0.95856
published_at 2026-04-12T12:55:00Z
8
value 0.22659
scoring_system epss
scoring_elements 0.95858
published_at 2026-04-13T12:55:00Z
9
value 0.22659
scoring_system epss
scoring_elements 0.95869
published_at 2026-04-16T12:55:00Z
10
value 0.22659
scoring_system epss
scoring_elements 0.95875
published_at 2026-04-18T12:55:00Z
11
value 0.22659
scoring_system epss
scoring_elements 0.95877
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-12640
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12640
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12640
2
reference_url https://security.gentoo.org/glsa/202007-41
reference_id GLSA-202007-41
reference_type
scores
url https://security.gentoo.org/glsa/202007-41
3
reference_url https://usn.ubuntu.com/USN-5182-1/
reference_id USN-USN-5182-1
reference_type
scores
url https://usn.ubuntu.com/USN-5182-1/
fixed_packages
0
url pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4
purl pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hap-9mqs-v3b8
1
vulnerability VCID-2nb2-9vgp-tqg9
2
vulnerability VCID-3kyu-tx4q-p3aq
3
vulnerability VCID-4yzj-hrqv-vbcp
4
vulnerability VCID-5yts-xnha-4bf3
5
vulnerability VCID-8vmm-1hvf-17ap
6
vulnerability VCID-8xf2-hjfv-hybh
7
vulnerability VCID-9uv1-gqq7-3kc9
8
vulnerability VCID-ck88-1urs-2kes
9
vulnerability VCID-ddfq-28qm-2fbn
10
vulnerability VCID-gh6k-19h8-fqbf
11
vulnerability VCID-rdb5-bbvn-7fcq
12
vulnerability VCID-ub6x-9dku-c7fk
13
vulnerability VCID-vtz8-zmp4-xbdh
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4
aliases CVE-2020-12640
risk_score 0.1
exploitability 0.5
weighted_severity 0.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-79me-pjdn-ykgq
10
url VCID-7nn6-aywu-z7g8
vulnerability_id VCID-7nn6-aywu-z7g8
summary security update
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13964
reference_id
reference_type
scores
0
value 0.00872
scoring_system epss
scoring_elements 0.75174
published_at 2026-04-01T12:55:00Z
1
value 0.00872
scoring_system epss
scoring_elements 0.75177
published_at 2026-04-02T12:55:00Z
2
value 0.00872
scoring_system epss
scoring_elements 0.75208
published_at 2026-04-04T12:55:00Z
3
value 0.00872
scoring_system epss
scoring_elements 0.75184
published_at 2026-04-07T12:55:00Z
4
value 0.00872
scoring_system epss
scoring_elements 0.75219
published_at 2026-04-08T12:55:00Z
5
value 0.00872
scoring_system epss
scoring_elements 0.75231
published_at 2026-04-09T12:55:00Z
6
value 0.00872
scoring_system epss
scoring_elements 0.75252
published_at 2026-04-11T12:55:00Z
7
value 0.00872
scoring_system epss
scoring_elements 0.75229
published_at 2026-04-12T12:55:00Z
8
value 0.00872
scoring_system epss
scoring_elements 0.75218
published_at 2026-04-13T12:55:00Z
9
value 0.00872
scoring_system epss
scoring_elements 0.75256
published_at 2026-04-16T12:55:00Z
10
value 0.00872
scoring_system epss
scoring_elements 0.75263
published_at 2026-04-18T12:55:00Z
11
value 0.00872
scoring_system epss
scoring_elements 0.75254
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13964
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13964
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13964
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13965
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13965
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962123
reference_id 962123
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962123
4
reference_url https://usn.ubuntu.com/USN-5182-1/
reference_id USN-USN-5182-1
reference_type
scores
url https://usn.ubuntu.com/USN-5182-1/
fixed_packages
0
url pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2
purl pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14vp-t71a-4bh1
1
vulnerability VCID-2eyy-k49d-m3af
2
vulnerability VCID-2hap-9mqs-v3b8
3
vulnerability VCID-2k4q-26tk-j3gx
4
vulnerability VCID-2nb2-9vgp-tqg9
5
vulnerability VCID-36et-26h7-pke7
6
vulnerability VCID-3kyu-tx4q-p3aq
7
vulnerability VCID-4yzj-hrqv-vbcp
8
vulnerability VCID-5yts-xnha-4bf3
9
vulnerability VCID-79me-pjdn-ykgq
10
vulnerability VCID-7nn6-aywu-z7g8
11
vulnerability VCID-8vmm-1hvf-17ap
12
vulnerability VCID-8xf2-hjfv-hybh
13
vulnerability VCID-9der-5csu-nbbq
14
vulnerability VCID-9uv1-gqq7-3kc9
15
vulnerability VCID-cjkd-2jr6-n7as
16
vulnerability VCID-ck88-1urs-2kes
17
vulnerability VCID-cnkc-vcp7-6kcw
18
vulnerability VCID-ddfq-28qm-2fbn
19
vulnerability VCID-gh6k-19h8-fqbf
20
vulnerability VCID-hg1a-vx5c-hue3
21
vulnerability VCID-jck5-xymf-s3bh
22
vulnerability VCID-jqs5-8ct7-wfgk
23
vulnerability VCID-kyxz-v3sj-w3cw
24
vulnerability VCID-m4yc-ms54-zyhv
25
vulnerability VCID-ncbg-6m11-3qan
26
vulnerability VCID-qwak-6wgy-wfgs
27
vulnerability VCID-rc91-j3kf-zfch
28
vulnerability VCID-s6p1-rf35-euhy
29
vulnerability VCID-u8a4-4pe2-9kcb
30
vulnerability VCID-ub6x-9dku-c7fk
31
vulnerability VCID-vehj-ytsm-kqgz
32
vulnerability VCID-vtz8-zmp4-xbdh
33
vulnerability VCID-x9j7-98zt-6ygt
34
vulnerability VCID-xssa-fwbx-kybq
35
vulnerability VCID-ybv7-hqmj-nbgr
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2
1
url pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4
purl pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hap-9mqs-v3b8
1
vulnerability VCID-2nb2-9vgp-tqg9
2
vulnerability VCID-3kyu-tx4q-p3aq
3
vulnerability VCID-4yzj-hrqv-vbcp
4
vulnerability VCID-5yts-xnha-4bf3
5
vulnerability VCID-8vmm-1hvf-17ap
6
vulnerability VCID-8xf2-hjfv-hybh
7
vulnerability VCID-9uv1-gqq7-3kc9
8
vulnerability VCID-ck88-1urs-2kes
9
vulnerability VCID-ddfq-28qm-2fbn
10
vulnerability VCID-gh6k-19h8-fqbf
11
vulnerability VCID-rdb5-bbvn-7fcq
12
vulnerability VCID-ub6x-9dku-c7fk
13
vulnerability VCID-vtz8-zmp4-xbdh
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4
aliases CVE-2020-13964
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7nn6-aywu-z7g8
11
url VCID-8vmm-1hvf-17ap
vulnerability_id VCID-8vmm-1hvf-17ap
summary Roundcube: Bypass of remote image blocking via crafted BODY background attribute
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-35542
reference_id
reference_type
scores
0
value 0.00033
scoring_system epss
scoring_elements 0.09403
published_at 2026-04-08T12:55:00Z
1
value 0.00034
scoring_system epss
scoring_elements 0.10167
published_at 2026-04-04T12:55:00Z
2
value 0.00034
scoring_system epss
scoring_elements 0.10062
published_at 2026-04-07T12:55:00Z
3
value 0.00043
scoring_system epss
scoring_elements 0.12975
published_at 2026-04-18T12:55:00Z
4
value 0.00043
scoring_system epss
scoring_elements 0.12972
published_at 2026-04-16T12:55:00Z
5
value 0.00043
scoring_system epss
scoring_elements 0.1307
published_at 2026-04-13T12:55:00Z
6
value 0.00043
scoring_system epss
scoring_elements 0.13122
published_at 2026-04-12T12:55:00Z
7
value 0.00043
scoring_system epss
scoring_elements 0.1316
published_at 2026-04-11T12:55:00Z
8
value 0.00043
scoring_system epss
scoring_elements 0.13191
published_at 2026-04-09T12:55:00Z
9
value 0.00043
scoring_system epss
scoring_elements 0.13072
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-35542
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35542
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35542
2
reference_url https://github.com/roundcube/roundcubemail
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/roundcube/roundcubemail
3
reference_url https://github.com/roundcube/roundcubemail/commit/e052328e3dc75f13adc2e314eaa4096ac21084ad
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:51:19Z/
url https://github.com/roundcube/roundcubemail/commit/e052328e3dc75f13adc2e314eaa4096ac21084ad
4
reference_url https://github.com/roundcube/roundcubemail/commit/fd0e98178db5c73eaa93d005b561874923f9b0f0
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:51:19Z/
url https://github.com/roundcube/roundcubemail/commit/fd0e98178db5c73eaa93d005b561874923f9b0f0
5
reference_url https://github.com/roundcube/roundcubemail/commit/fde14d01adc9f37893cd82b635883e516ed453f8
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:51:19Z/
url https://github.com/roundcube/roundcubemail/commit/fde14d01adc9f37893cd82b635883e516ed453f8
6
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.5.14
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:51:19Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.5.14
7
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.6.14
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:51:19Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.6.14
8
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:51:19Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5
9
reference_url https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:51:19Z/
url https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182
reference_id 1131182
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-35542
reference_id CVE-2026-35542
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-35542
12
reference_url https://github.com/advisories/GHSA-5hf6-crg4-fg59
reference_id GHSA-5hf6-crg4-fg59
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5hf6-crg4-fg59
fixed_packages
0
url pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6
purl pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6
aliases CVE-2026-35542, GHSA-5hf6-crg4-fg59
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8vmm-1hvf-17ap
12
url VCID-8xf2-hjfv-hybh
vulnerability_id VCID-8xf2-hjfv-hybh
summary Roundcube Webmail: Insufficient CSS sanitization in HTML e-mail messages
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-35544
reference_id
reference_type
scores
0
value 0.00034
scoring_system epss
scoring_elements 0.10066
published_at 2026-04-07T12:55:00Z
1
value 0.00034
scoring_system epss
scoring_elements 0.1017
published_at 2026-04-04T12:55:00Z
2
value 0.00034
scoring_system epss
scoring_elements 0.1014
published_at 2026-04-08T12:55:00Z
3
value 0.00043
scoring_system epss
scoring_elements 0.12978
published_at 2026-04-18T12:55:00Z
4
value 0.00043
scoring_system epss
scoring_elements 0.12975
published_at 2026-04-16T12:55:00Z
5
value 0.00043
scoring_system epss
scoring_elements 0.13074
published_at 2026-04-13T12:55:00Z
6
value 0.00043
scoring_system epss
scoring_elements 0.13126
published_at 2026-04-12T12:55:00Z
7
value 0.00043
scoring_system epss
scoring_elements 0.13164
published_at 2026-04-11T12:55:00Z
8
value 0.00043
scoring_system epss
scoring_elements 0.13195
published_at 2026-04-09T12:55:00Z
9
value 0.00043
scoring_system epss
scoring_elements 0.13076
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-35544
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35544
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35544
2
reference_url https://github.com/roundcube/roundcubemail
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/roundcube/roundcubemail
3
reference_url https://github.com/roundcube/roundcubemail/commit/099009b9c8e1d3c636fb9a5af72f7c2596018662
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:06Z/
url https://github.com/roundcube/roundcubemail/commit/099009b9c8e1d3c636fb9a5af72f7c2596018662
4
reference_url https://github.com/roundcube/roundcubemail/commit/226811a1c974271dbedca72672923abaff8191c0
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:06Z/
url https://github.com/roundcube/roundcubemail/commit/226811a1c974271dbedca72672923abaff8191c0
5
reference_url https://github.com/roundcube/roundcubemail/commit/57dec0c127b98e0c8e3b9c26c80049b9c4bcaea7
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:06Z/
url https://github.com/roundcube/roundcubemail/commit/57dec0c127b98e0c8e3b9c26c80049b9c4bcaea7
6
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.5.14
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:06Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.5.14
7
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.6.14
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:06Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.6.14
8
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:06Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5
9
reference_url https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:06Z/
url https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182
reference_id 1131182
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-35544
reference_id CVE-2026-35544
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-35544
12
reference_url https://github.com/advisories/GHSA-xpqh-grpw-4xmg
reference_id GHSA-xpqh-grpw-4xmg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xpqh-grpw-4xmg
fixed_packages
0
url pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6
purl pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6
aliases CVE-2026-35544, GHSA-xpqh-grpw-4xmg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8xf2-hjfv-hybh
13
url VCID-9der-5csu-nbbq
vulnerability_id VCID-9der-5csu-nbbq
summary security update
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-42009
reference_id
reference_type
scores
0
value 0.91411
scoring_system epss
scoring_elements 0.99657
published_at 2026-04-02T12:55:00Z
1
value 0.91411
scoring_system epss
scoring_elements 0.99666
published_at 2026-04-21T12:55:00Z
2
value 0.91411
scoring_system epss
scoring_elements 0.99665
published_at 2026-04-18T12:55:00Z
3
value 0.91411
scoring_system epss
scoring_elements 0.99664
published_at 2026-04-16T12:55:00Z
4
value 0.91411
scoring_system epss
scoring_elements 0.99663
published_at 2026-04-13T12:55:00Z
5
value 0.91411
scoring_system epss
scoring_elements 0.99662
published_at 2026-04-12T12:55:00Z
6
value 0.91411
scoring_system epss
scoring_elements 0.99661
published_at 2026-04-11T12:55:00Z
7
value 0.91411
scoring_system epss
scoring_elements 0.9966
published_at 2026-04-07T12:55:00Z
8
value 0.91411
scoring_system epss
scoring_elements 0.99658
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-42009
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42008
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42008
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42009
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42009
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42010
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42010
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077969
reference_id 1077969
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077969
5
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.5.8
reference_id 1.5.8
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-08-20T03:56:09Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.5.8
6
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.6.8
reference_id 1.6.8
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-08-20T03:56:09Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.6.8
7
reference_url https://sonarsource.com/blog/government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail/
reference_id government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-08-20T03:56:09Z/
url https://sonarsource.com/blog/government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail/
8
reference_url https://github.com/roundcube/roundcubemail/releases
reference_id releases
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-08-20T03:56:09Z/
url https://github.com/roundcube/roundcubemail/releases
9
reference_url https://roundcube.net/news/2024/08/04/security-updates-1.6.8-and-1.5.8
reference_id security-updates-1.6.8-and-1.5.8
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-08-20T03:56:09Z/
url https://roundcube.net/news/2024/08/04/security-updates-1.6.8-and-1.5.8
10
reference_url https://usn.ubuntu.com/7636-1/
reference_id USN-7636-1
reference_type
scores
url https://usn.ubuntu.com/7636-1/
fixed_packages
0
url pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4
purl pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hap-9mqs-v3b8
1
vulnerability VCID-2nb2-9vgp-tqg9
2
vulnerability VCID-3kyu-tx4q-p3aq
3
vulnerability VCID-4yzj-hrqv-vbcp
4
vulnerability VCID-5yts-xnha-4bf3
5
vulnerability VCID-8vmm-1hvf-17ap
6
vulnerability VCID-8xf2-hjfv-hybh
7
vulnerability VCID-9uv1-gqq7-3kc9
8
vulnerability VCID-ck88-1urs-2kes
9
vulnerability VCID-ddfq-28qm-2fbn
10
vulnerability VCID-gh6k-19h8-fqbf
11
vulnerability VCID-rdb5-bbvn-7fcq
12
vulnerability VCID-ub6x-9dku-c7fk
13
vulnerability VCID-vtz8-zmp4-xbdh
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4
aliases CVE-2024-42009
risk_score 10.0
exploitability 2.0
weighted_severity 8.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9der-5csu-nbbq
14
url VCID-9ktu-55q4-3kau
vulnerability_id VCID-9ktu-55q4-3kau
summary Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which makes it easier for attackers to obtain sensitive information, a related issue to CVE-2017-17688. This is associated with plugins/enigma/lib/enigma_driver_gnupg.php.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-19205
reference_id
reference_type
scores
0
value 0.00322
scoring_system epss
scoring_elements 0.55201
published_at 2026-04-01T12:55:00Z
1
value 0.00322
scoring_system epss
scoring_elements 0.553
published_at 2026-04-02T12:55:00Z
2
value 0.00322
scoring_system epss
scoring_elements 0.55324
published_at 2026-04-04T12:55:00Z
3
value 0.00322
scoring_system epss
scoring_elements 0.55306
published_at 2026-04-07T12:55:00Z
4
value 0.00322
scoring_system epss
scoring_elements 0.55356
published_at 2026-04-08T12:55:00Z
5
value 0.00322
scoring_system epss
scoring_elements 0.55357
published_at 2026-04-09T12:55:00Z
6
value 0.00322
scoring_system epss
scoring_elements 0.55368
published_at 2026-04-18T12:55:00Z
7
value 0.00322
scoring_system epss
scoring_elements 0.55346
published_at 2026-04-12T12:55:00Z
8
value 0.00322
scoring_system epss
scoring_elements 0.55327
published_at 2026-04-13T12:55:00Z
9
value 0.00322
scoring_system epss
scoring_elements 0.55364
published_at 2026-04-16T12:55:00Z
10
value 0.00322
scoring_system epss
scoring_elements 0.55347
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-19205
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19205
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19205
2
reference_url https://usn.ubuntu.com/8132-1/
reference_id USN-8132-1
reference_type
scores
url https://usn.ubuntu.com/8132-1/
fixed_packages
0
url pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2
purl pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14vp-t71a-4bh1
1
vulnerability VCID-2eyy-k49d-m3af
2
vulnerability VCID-2hap-9mqs-v3b8
3
vulnerability VCID-2k4q-26tk-j3gx
4
vulnerability VCID-2nb2-9vgp-tqg9
5
vulnerability VCID-36et-26h7-pke7
6
vulnerability VCID-3kyu-tx4q-p3aq
7
vulnerability VCID-4yzj-hrqv-vbcp
8
vulnerability VCID-5yts-xnha-4bf3
9
vulnerability VCID-79me-pjdn-ykgq
10
vulnerability VCID-7nn6-aywu-z7g8
11
vulnerability VCID-8vmm-1hvf-17ap
12
vulnerability VCID-8xf2-hjfv-hybh
13
vulnerability VCID-9der-5csu-nbbq
14
vulnerability VCID-9uv1-gqq7-3kc9
15
vulnerability VCID-cjkd-2jr6-n7as
16
vulnerability VCID-ck88-1urs-2kes
17
vulnerability VCID-cnkc-vcp7-6kcw
18
vulnerability VCID-ddfq-28qm-2fbn
19
vulnerability VCID-gh6k-19h8-fqbf
20
vulnerability VCID-hg1a-vx5c-hue3
21
vulnerability VCID-jck5-xymf-s3bh
22
vulnerability VCID-jqs5-8ct7-wfgk
23
vulnerability VCID-kyxz-v3sj-w3cw
24
vulnerability VCID-m4yc-ms54-zyhv
25
vulnerability VCID-ncbg-6m11-3qan
26
vulnerability VCID-qwak-6wgy-wfgs
27
vulnerability VCID-rc91-j3kf-zfch
28
vulnerability VCID-s6p1-rf35-euhy
29
vulnerability VCID-u8a4-4pe2-9kcb
30
vulnerability VCID-ub6x-9dku-c7fk
31
vulnerability VCID-vehj-ytsm-kqgz
32
vulnerability VCID-vtz8-zmp4-xbdh
33
vulnerability VCID-x9j7-98zt-6ygt
34
vulnerability VCID-xssa-fwbx-kybq
35
vulnerability VCID-ybv7-hqmj-nbgr
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2
aliases CVE-2018-19205
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9ktu-55q4-3kau
15
url VCID-9uv1-gqq7-3kc9
vulnerability_id VCID-9uv1-gqq7-3kc9
summary roundcubemail: Roundcube Webmail: Cross-Site Scripting (XSS) vulnerability via crafted SVG animate tag
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68461.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68461.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-68461
reference_id
reference_type
scores
0
value 0.06437
scoring_system epss
scoring_elements 0.91026
published_at 2026-04-04T12:55:00Z
1
value 0.06437
scoring_system epss
scoring_elements 0.91017
published_at 2026-04-02T12:55:00Z
2
value 0.06833
scoring_system epss
scoring_elements 0.91329
published_at 2026-04-08T12:55:00Z
3
value 0.06833
scoring_system epss
scoring_elements 0.91316
published_at 2026-04-07T12:55:00Z
4
value 0.06833
scoring_system epss
scoring_elements 0.91334
published_at 2026-04-09T12:55:00Z
5
value 0.06833
scoring_system epss
scoring_elements 0.91341
published_at 2026-04-11T12:55:00Z
6
value 0.06833
scoring_system epss
scoring_elements 0.91344
published_at 2026-04-12T12:55:00Z
7
value 0.06833
scoring_system epss
scoring_elements 0.91343
published_at 2026-04-13T12:55:00Z
8
value 0.06833
scoring_system epss
scoring_elements 0.91368
published_at 2026-04-16T12:55:00Z
9
value 0.06974
scoring_system epss
scoring_elements 0.91471
published_at 2026-04-18T12:55:00Z
10
value 0.08521
scoring_system epss
scoring_elements 0.92395
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-68461
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68461
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68461
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122899
reference_id 1122899
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122899
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2423507
reference_id 2423507
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2423507
5
reference_url https://github.com/roundcube/roundcubemail/commit/bfa032631c36b900e7444dfa278340b33cbf7cdb
reference_id bfa032631c36b900e7444dfa278340b33cbf7cdb
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2026-02-20T20:07:06Z/
url https://github.com/roundcube/roundcubemail/commit/bfa032631c36b900e7444dfa278340b33cbf7cdb
6
reference_url https://roundcube.net/news/2025/12/13/security-updates-1.6.12-and-1.5.12
reference_id security-updates-1.6.12-and-1.5.12
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2026-02-20T20:07:06Z/
url https://roundcube.net/news/2025/12/13/security-updates-1.6.12-and-1.5.12
7
reference_url https://usn.ubuntu.com/8097-1/
reference_id USN-8097-1
reference_type
scores
url https://usn.ubuntu.com/8097-1/
fixed_packages
0
url pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6
purl pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6
aliases CVE-2025-68461
risk_score 10.0
exploitability 2.0
weighted_severity 6.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9uv1-gqq7-3kc9
16
url VCID-cjkd-2jr6-n7as
vulnerability_id VCID-cjkd-2jr6-n7as
summary roundcubemail: allows XSS via SVG animate attributes
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-37383.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-37383.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-37383
reference_id
reference_type
scores
0
value 0.64028
scoring_system epss
scoring_elements 0.98431
published_at 2026-04-09T12:55:00Z
1
value 0.64028
scoring_system epss
scoring_elements 0.98438
published_at 2026-04-21T12:55:00Z
2
value 0.64028
scoring_system epss
scoring_elements 0.98439
published_at 2026-04-16T12:55:00Z
3
value 0.64028
scoring_system epss
scoring_elements 0.98435
published_at 2026-04-13T12:55:00Z
4
value 0.64519
scoring_system epss
scoring_elements 0.98441
published_at 2026-04-02T12:55:00Z
5
value 0.64519
scoring_system epss
scoring_elements 0.98444
published_at 2026-04-04T12:55:00Z
6
value 0.64519
scoring_system epss
scoring_elements 0.98446
published_at 2026-04-07T12:55:00Z
7
value 0.64519
scoring_system epss
scoring_elements 0.9845
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-37383
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37383
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37383
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37384
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37384
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071474
reference_id 1071474
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071474
5
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.5.7
reference_id 1.5.7
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-25T18:32:17Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.5.7
6
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.6.7
reference_id 1.6.7
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-25T18:32:17Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.6.7
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2290826
reference_id 2290826
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2290826
8
reference_url https://github.com/roundcube/roundcubemail/commit/43aaaa528646877789ec028d87924ba1accf5242
reference_id 43aaaa528646877789ec028d87924ba1accf5242
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-25T18:32:17Z/
url https://github.com/roundcube/roundcubemail/commit/43aaaa528646877789ec028d87924ba1accf5242
9
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52173.txt
reference_id CVE-2024-37383
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52173.txt
10
reference_url https://lists.debian.org/debian-lts-announce/2024/06/msg00008.html
reference_id msg00008.html
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-25T18:32:17Z/
url https://lists.debian.org/debian-lts-announce/2024/06/msg00008.html
11
reference_url https://usn.ubuntu.com/6848-1/
reference_id USN-6848-1
reference_type
scores
url https://usn.ubuntu.com/6848-1/
fixed_packages
0
url pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4
purl pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hap-9mqs-v3b8
1
vulnerability VCID-2nb2-9vgp-tqg9
2
vulnerability VCID-3kyu-tx4q-p3aq
3
vulnerability VCID-4yzj-hrqv-vbcp
4
vulnerability VCID-5yts-xnha-4bf3
5
vulnerability VCID-8vmm-1hvf-17ap
6
vulnerability VCID-8xf2-hjfv-hybh
7
vulnerability VCID-9uv1-gqq7-3kc9
8
vulnerability VCID-ck88-1urs-2kes
9
vulnerability VCID-ddfq-28qm-2fbn
10
vulnerability VCID-gh6k-19h8-fqbf
11
vulnerability VCID-rdb5-bbvn-7fcq
12
vulnerability VCID-ub6x-9dku-c7fk
13
vulnerability VCID-vtz8-zmp4-xbdh
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4
aliases CVE-2024-37383
risk_score 10.0
exploitability 2.0
weighted_severity 5.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cjkd-2jr6-n7as
17
url VCID-ck88-1urs-2kes
vulnerability_id VCID-ck88-1urs-2kes
summary Roundcube Webmail: Bypass of remote image blocking via SVG content (with animate attributes) in an e-mail message
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-35543
reference_id
reference_type
scores
0
value 0.00033
scoring_system epss
scoring_elements 0.09403
published_at 2026-04-08T12:55:00Z
1
value 0.00034
scoring_system epss
scoring_elements 0.10167
published_at 2026-04-04T12:55:00Z
2
value 0.00034
scoring_system epss
scoring_elements 0.10062
published_at 2026-04-07T12:55:00Z
3
value 0.00043
scoring_system epss
scoring_elements 0.12975
published_at 2026-04-18T12:55:00Z
4
value 0.00043
scoring_system epss
scoring_elements 0.12972
published_at 2026-04-16T12:55:00Z
5
value 0.00043
scoring_system epss
scoring_elements 0.1307
published_at 2026-04-13T12:55:00Z
6
value 0.00043
scoring_system epss
scoring_elements 0.13122
published_at 2026-04-12T12:55:00Z
7
value 0.00043
scoring_system epss
scoring_elements 0.1316
published_at 2026-04-11T12:55:00Z
8
value 0.00043
scoring_system epss
scoring_elements 0.13191
published_at 2026-04-09T12:55:00Z
9
value 0.00043
scoring_system epss
scoring_elements 0.13072
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-35543
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35543
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35543
2
reference_url https://github.com/roundcube/roundcubemail
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/roundcube/roundcubemail
3
reference_url https://github.com/roundcube/roundcubemail/commit/1a63e01542bff42aaa71c00c4c279a09ef31f20c
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:45Z/
url https://github.com/roundcube/roundcubemail/commit/1a63e01542bff42aaa71c00c4c279a09ef31f20c
4
reference_url https://github.com/roundcube/roundcubemail/commit/39471343ee081ce1d31696c456a2c163462daae3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:45Z/
url https://github.com/roundcube/roundcubemail/commit/39471343ee081ce1d31696c456a2c163462daae3
5
reference_url https://github.com/roundcube/roundcubemail/commit/82ab5eca7b332fce7a174b2b987f0957a66377cd
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:45Z/
url https://github.com/roundcube/roundcubemail/commit/82ab5eca7b332fce7a174b2b987f0957a66377cd
6
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.5.14
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:45Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.5.14
7
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.6.14
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:45Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.6.14
8
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:45Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5
9
reference_url https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:45Z/
url https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182
reference_id 1131182
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-35543
reference_id CVE-2026-35543
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-35543
12
reference_url https://github.com/advisories/GHSA-j2g6-8rvg-7mf6
reference_id GHSA-j2g6-8rvg-7mf6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j2g6-8rvg-7mf6
fixed_packages
0
url pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6
purl pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6
aliases CVE-2026-35543, GHSA-j2g6-8rvg-7mf6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ck88-1urs-2kes
18
url VCID-cnkc-vcp7-6kcw
vulnerability_id VCID-cnkc-vcp7-6kcw
summary 
A flaw in Roundcube's handling of configuration files may allow
    arbitrary code execution, amongst other vulnerabilities.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-12626
reference_id
reference_type
scores
0
value 0.01288
scoring_system epss
scoring_elements 0.79589
published_at 2026-04-01T12:55:00Z
1
value 0.01288
scoring_system epss
scoring_elements 0.79596
published_at 2026-04-02T12:55:00Z
2
value 0.01288
scoring_system epss
scoring_elements 0.79618
published_at 2026-04-04T12:55:00Z
3
value 0.01288
scoring_system epss
scoring_elements 0.79605
published_at 2026-04-07T12:55:00Z
4
value 0.01288
scoring_system epss
scoring_elements 0.79634
published_at 2026-04-08T12:55:00Z
5
value 0.01288
scoring_system epss
scoring_elements 0.79642
published_at 2026-04-09T12:55:00Z
6
value 0.01288
scoring_system epss
scoring_elements 0.79662
published_at 2026-04-11T12:55:00Z
7
value 0.01288
scoring_system epss
scoring_elements 0.79647
published_at 2026-04-12T12:55:00Z
8
value 0.01288
scoring_system epss
scoring_elements 0.79639
published_at 2026-04-13T12:55:00Z
9
value 0.01288
scoring_system epss
scoring_elements 0.7967
published_at 2026-04-16T12:55:00Z
10
value 0.01288
scoring_system epss
scoring_elements 0.79669
published_at 2026-04-18T12:55:00Z
11
value 0.01288
scoring_system epss
scoring_elements 0.79673
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-12626
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12625
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12625
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12626
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12626
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959142
reference_id 959142
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959142
4
reference_url https://security.gentoo.org/glsa/202007-41
reference_id GLSA-202007-41
reference_type
scores
url https://security.gentoo.org/glsa/202007-41
5
reference_url https://usn.ubuntu.com/USN-5182-1/
reference_id USN-USN-5182-1
reference_type
scores
url https://usn.ubuntu.com/USN-5182-1/
fixed_packages
0
url pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2
purl pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14vp-t71a-4bh1
1
vulnerability VCID-2eyy-k49d-m3af
2
vulnerability VCID-2hap-9mqs-v3b8
3
vulnerability VCID-2k4q-26tk-j3gx
4
vulnerability VCID-2nb2-9vgp-tqg9
5
vulnerability VCID-36et-26h7-pke7
6
vulnerability VCID-3kyu-tx4q-p3aq
7
vulnerability VCID-4yzj-hrqv-vbcp
8
vulnerability VCID-5yts-xnha-4bf3
9
vulnerability VCID-79me-pjdn-ykgq
10
vulnerability VCID-7nn6-aywu-z7g8
11
vulnerability VCID-8vmm-1hvf-17ap
12
vulnerability VCID-8xf2-hjfv-hybh
13
vulnerability VCID-9der-5csu-nbbq
14
vulnerability VCID-9uv1-gqq7-3kc9
15
vulnerability VCID-cjkd-2jr6-n7as
16
vulnerability VCID-ck88-1urs-2kes
17
vulnerability VCID-cnkc-vcp7-6kcw
18
vulnerability VCID-ddfq-28qm-2fbn
19
vulnerability VCID-gh6k-19h8-fqbf
20
vulnerability VCID-hg1a-vx5c-hue3
21
vulnerability VCID-jck5-xymf-s3bh
22
vulnerability VCID-jqs5-8ct7-wfgk
23
vulnerability VCID-kyxz-v3sj-w3cw
24
vulnerability VCID-m4yc-ms54-zyhv
25
vulnerability VCID-ncbg-6m11-3qan
26
vulnerability VCID-qwak-6wgy-wfgs
27
vulnerability VCID-rc91-j3kf-zfch
28
vulnerability VCID-s6p1-rf35-euhy
29
vulnerability VCID-u8a4-4pe2-9kcb
30
vulnerability VCID-ub6x-9dku-c7fk
31
vulnerability VCID-vehj-ytsm-kqgz
32
vulnerability VCID-vtz8-zmp4-xbdh
33
vulnerability VCID-x9j7-98zt-6ygt
34
vulnerability VCID-xssa-fwbx-kybq
35
vulnerability VCID-ybv7-hqmj-nbgr
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2
1
url pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4
purl pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hap-9mqs-v3b8
1
vulnerability VCID-2nb2-9vgp-tqg9
2
vulnerability VCID-3kyu-tx4q-p3aq
3
vulnerability VCID-4yzj-hrqv-vbcp
4
vulnerability VCID-5yts-xnha-4bf3
5
vulnerability VCID-8vmm-1hvf-17ap
6
vulnerability VCID-8xf2-hjfv-hybh
7
vulnerability VCID-9uv1-gqq7-3kc9
8
vulnerability VCID-ck88-1urs-2kes
9
vulnerability VCID-ddfq-28qm-2fbn
10
vulnerability VCID-gh6k-19h8-fqbf
11
vulnerability VCID-rdb5-bbvn-7fcq
12
vulnerability VCID-ub6x-9dku-c7fk
13
vulnerability VCID-vtz8-zmp4-xbdh
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4
aliases CVE-2020-12626
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cnkc-vcp7-6kcw
19
url VCID-ddfq-28qm-2fbn
vulnerability_id VCID-ddfq-28qm-2fbn
summary Roundcube Webmail: Remote image blocking feature can be bypassed via SVG content in an e-mail message
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-35545
reference_id
reference_type
scores
0
value 0.00034
scoring_system epss
scoring_elements 0.10066
published_at 2026-04-07T12:55:00Z
1
value 0.00034
scoring_system epss
scoring_elements 0.1017
published_at 2026-04-04T12:55:00Z
2
value 0.00034
scoring_system epss
scoring_elements 0.09759
published_at 2026-04-08T12:55:00Z
3
value 0.00044
scoring_system epss
scoring_elements 0.13391
published_at 2026-04-18T12:55:00Z
4
value 0.00044
scoring_system epss
scoring_elements 0.13393
published_at 2026-04-16T12:55:00Z
5
value 0.00044
scoring_system epss
scoring_elements 0.13482
published_at 2026-04-13T12:55:00Z
6
value 0.00044
scoring_system epss
scoring_elements 0.13529
published_at 2026-04-12T12:55:00Z
7
value 0.00044
scoring_system epss
scoring_elements 0.13567
published_at 2026-04-11T12:55:00Z
8
value 0.00044
scoring_system epss
scoring_elements 0.13595
published_at 2026-04-09T12:55:00Z
9
value 0.00044
scoring_system epss
scoring_elements 0.13463
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-35545
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35545
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35545
2
reference_url https://github.com/roundcube/roundcubemail
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/roundcube/roundcubemail
3
reference_url https://github.com/roundcube/roundcubemail/commit/7ad62de184368bf42c0f522d1aacc030f5ddcc46
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T15:35:57Z/
url https://github.com/roundcube/roundcubemail/commit/7ad62de184368bf42c0f522d1aacc030f5ddcc46
4
reference_url https://github.com/roundcube/roundcubemail/commit/9d18d524f3cc211003fc99e2e54eed09a2f3da88
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T15:35:57Z/
url https://github.com/roundcube/roundcubemail/commit/9d18d524f3cc211003fc99e2e54eed09a2f3da88
5
reference_url https://github.com/roundcube/roundcubemail/commit/fe1320b199d3a2f58351bb699c9ed4316e73221b
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T15:35:57Z/
url https://github.com/roundcube/roundcubemail/commit/fe1320b199d3a2f58351bb699c9ed4316e73221b
6
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.5.15
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T15:35:57Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.5.15
7
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.6.15
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T15:35:57Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.6.15
8
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc6
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T15:35:57Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc6
9
reference_url https://roundcube.net/news/2026/03/29/security-updates-1.7-rc6-1.6.15-1.5.15
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T15:35:57Z/
url https://roundcube.net/news/2026/03/29/security-updates-1.7-rc6-1.6.15-1.5.15
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132268
reference_id 1132268
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132268
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-35545
reference_id CVE-2026-35545
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-35545
12
reference_url https://github.com/advisories/GHSA-w846-74jr-76cv
reference_id GHSA-w846-74jr-76cv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w846-74jr-76cv
fixed_packages
0
url pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6
purl pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6
aliases CVE-2026-35545, GHSA-w846-74jr-76cv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ddfq-28qm-2fbn
20
url VCID-fuh5-bwaq-yyfk
vulnerability_id VCID-fuh5-bwaq-yyfk
summary security update
references
0
reference_url http://packetstormsecurity.com/files/161226/Roundcube-Webmail-1.2-File-Disclosure.html
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T20:56:39Z/
url http://packetstormsecurity.com/files/161226/Roundcube-Webmail-1.2-File-Disclosure.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-16651
reference_id
reference_type
scores
0
value 0.33307
scoring_system epss
scoring_elements 0.96923
published_at 2026-04-16T12:55:00Z
1
value 0.33307
scoring_system epss
scoring_elements 0.9693
published_at 2026-04-21T12:55:00Z
2
value 0.33307
scoring_system epss
scoring_elements 0.96916
published_at 2026-04-13T12:55:00Z
3
value 0.33307
scoring_system epss
scoring_elements 0.96915
published_at 2026-04-12T12:55:00Z
4
value 0.33307
scoring_system epss
scoring_elements 0.96913
published_at 2026-04-11T12:55:00Z
5
value 0.33307
scoring_system epss
scoring_elements 0.9691
published_at 2026-04-09T12:55:00Z
6
value 0.33307
scoring_system epss
scoring_elements 0.96909
published_at 2026-04-08T12:55:00Z
7
value 0.33307
scoring_system epss
scoring_elements 0.969
published_at 2026-04-07T12:55:00Z
8
value 0.33307
scoring_system epss
scoring_elements 0.96896
published_at 2026-04-04T12:55:00Z
9
value 0.33307
scoring_system epss
scoring_elements 0.96927
published_at 2026-04-18T12:55:00Z
10
value 0.35232
scoring_system epss
scoring_elements 0.9701
published_at 2026-04-01T12:55:00Z
11
value 0.35232
scoring_system epss
scoring_elements 0.97018
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-16651
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16651
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16651
3
reference_url https://github.com/roundcube/roundcubemail/issues/6026
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T20:56:39Z/
url https://github.com/roundcube/roundcubemail/issues/6026
4
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.1.10
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T20:56:39Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.1.10
5
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.2.7
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T20:56:39Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.2.7
6
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.3.3
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T20:56:39Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.3.3
7
reference_url https://lists.debian.org/debian-lts-announce/2017/11/msg00039.html
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T20:56:39Z/
url https://lists.debian.org/debian-lts-announce/2017/11/msg00039.html
8
reference_url https://roundcube.net/news/2017/11/08/security-updates-1.3.3-1.2.7-and-1.1.10
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T20:56:39Z/
url https://roundcube.net/news/2017/11/08/security-updates-1.3.3-1.2.7-and-1.1.10
9
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-16651
reference_id
reference_type
scores
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-16651
10
reference_url https://www.debian.org/security/2017/dsa-4030
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T20:56:39Z/
url https://www.debian.org/security/2017/dsa-4030
11
reference_url http://www.securityfocus.com/bid/101793
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T20:56:39Z/
url http://www.securityfocus.com/bid/101793
12
reference_url https://security.archlinux.org/ASA-201711-27
reference_id ASA-201711-27
reference_type
scores
url https://security.archlinux.org/ASA-201711-27
13
reference_url https://security.archlinux.org/AVG-506
reference_id AVG-506
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-506
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.2.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:roundcube:webmail:1.2.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.2.0:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.2.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:roundcube:webmail:1.2.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.2.1:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.2.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:roundcube:webmail:1.2.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.2.2:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.2.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:roundcube:webmail:1.2.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.2.3:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.2.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:roundcube:webmail:1.2.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.2.4:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.2.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:roundcube:webmail:1.2.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.2.5:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.2.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:roundcube:webmail:1.2.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.2.6:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.3.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:roundcube:webmail:1.3.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.3.0:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.3.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:roundcube:webmail:1.3.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.3.1:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.3.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:roundcube:webmail:1.3.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.3.2:*:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
27
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-16651
reference_id CVE-2017-16651
reference_type
scores
0
value 4.6
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:N/C:P/I:P/A:P
1
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://nvd.nist.gov/vuln/detail/CVE-2017-16651
28
reference_url https://usn.ubuntu.com/7200-1/
reference_id USN-7200-1
reference_type
scores
url https://usn.ubuntu.com/7200-1/
fixed_packages
0
url pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2
purl pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14vp-t71a-4bh1
1
vulnerability VCID-2eyy-k49d-m3af
2
vulnerability VCID-2hap-9mqs-v3b8
3
vulnerability VCID-2k4q-26tk-j3gx
4
vulnerability VCID-2nb2-9vgp-tqg9
5
vulnerability VCID-36et-26h7-pke7
6
vulnerability VCID-3kyu-tx4q-p3aq
7
vulnerability VCID-4yzj-hrqv-vbcp
8
vulnerability VCID-5yts-xnha-4bf3
9
vulnerability VCID-79me-pjdn-ykgq
10
vulnerability VCID-7nn6-aywu-z7g8
11
vulnerability VCID-8vmm-1hvf-17ap
12
vulnerability VCID-8xf2-hjfv-hybh
13
vulnerability VCID-9der-5csu-nbbq
14
vulnerability VCID-9uv1-gqq7-3kc9
15
vulnerability VCID-cjkd-2jr6-n7as
16
vulnerability VCID-ck88-1urs-2kes
17
vulnerability VCID-cnkc-vcp7-6kcw
18
vulnerability VCID-ddfq-28qm-2fbn
19
vulnerability VCID-gh6k-19h8-fqbf
20
vulnerability VCID-hg1a-vx5c-hue3
21
vulnerability VCID-jck5-xymf-s3bh
22
vulnerability VCID-jqs5-8ct7-wfgk
23
vulnerability VCID-kyxz-v3sj-w3cw
24
vulnerability VCID-m4yc-ms54-zyhv
25
vulnerability VCID-ncbg-6m11-3qan
26
vulnerability VCID-qwak-6wgy-wfgs
27
vulnerability VCID-rc91-j3kf-zfch
28
vulnerability VCID-s6p1-rf35-euhy
29
vulnerability VCID-u8a4-4pe2-9kcb
30
vulnerability VCID-ub6x-9dku-c7fk
31
vulnerability VCID-vehj-ytsm-kqgz
32
vulnerability VCID-vtz8-zmp4-xbdh
33
vulnerability VCID-x9j7-98zt-6ygt
34
vulnerability VCID-xssa-fwbx-kybq
35
vulnerability VCID-ybv7-hqmj-nbgr
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2
aliases CVE-2017-16651
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fuh5-bwaq-yyfk
21
url VCID-gh6k-19h8-fqbf
vulnerability_id VCID-gh6k-19h8-fqbf
summary Roundcube Webmail: Unsanitized IMAP SEARCH command arguments
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-35538
reference_id
reference_type
scores
0
value 0.00036
scoring_system epss
scoring_elements 0.10455
published_at 2026-04-07T12:55:00Z
1
value 0.00036
scoring_system epss
scoring_elements 0.10593
published_at 2026-04-04T12:55:00Z
2
value 0.00037
scoring_system epss
scoring_elements 0.11044
published_at 2026-04-08T12:55:00Z
3
value 0.00041
scoring_system epss
scoring_elements 0.12436
published_at 2026-04-18T12:55:00Z
4
value 0.00041
scoring_system epss
scoring_elements 0.12431
published_at 2026-04-16T12:55:00Z
5
value 0.00041
scoring_system epss
scoring_elements 0.12527
published_at 2026-04-13T12:55:00Z
6
value 0.00041
scoring_system epss
scoring_elements 0.12566
published_at 2026-04-12T12:55:00Z
7
value 0.00041
scoring_system epss
scoring_elements 0.12607
published_at 2026-04-11T12:55:00Z
8
value 0.00041
scoring_system epss
scoring_elements 0.1264
published_at 2026-04-09T12:55:00Z
9
value 0.00041
scoring_system epss
scoring_elements 0.12551
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-35538
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35538
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35538
2
reference_url https://github.com/roundcube/roundcubemail
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/roundcube/roundcubemail
3
reference_url https://github.com/roundcube/roundcubemail/commit/5fe8a69956a9683a4269f3ad2a68e18deebf8a15
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:11:14Z/
url https://github.com/roundcube/roundcubemail/commit/5fe8a69956a9683a4269f3ad2a68e18deebf8a15
4
reference_url https://github.com/roundcube/roundcubemail/commit/7daf5aa9c190ccc75bb31672d8fee9938877fd64
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:11:14Z/
url https://github.com/roundcube/roundcubemail/commit/7daf5aa9c190ccc75bb31672d8fee9938877fd64
5
reference_url https://github.com/roundcube/roundcubemail/commit/b18a8fa8e81571914c0ff55d4e20edb459c6952c
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:11:14Z/
url https://github.com/roundcube/roundcubemail/commit/b18a8fa8e81571914c0ff55d4e20edb459c6952c
6
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.5.14
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:11:14Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.5.14
7
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.6.14
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:11:14Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.6.14
8
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:11:14Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5
9
reference_url https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:11:14Z/
url https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182
reference_id 1131182
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-35538
reference_id CVE-2026-35538
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-35538
12
reference_url https://github.com/advisories/GHSA-8jr8-v43g-5c57
reference_id GHSA-8jr8-v43g-5c57
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8jr8-v43g-5c57
fixed_packages
0
url pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6
purl pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6
aliases CVE-2026-35538, GHSA-8jr8-v43g-5c57
risk_score 1.4
exploitability 0.5
weighted_severity 2.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gh6k-19h8-fqbf
22
url VCID-hg1a-vx5c-hue3
vulnerability_id VCID-hg1a-vx5c-hue3
summary 
A flaw in Roundcube's handling of configuration files may allow
    arbitrary code execution, amongst other vulnerabilities.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-12641
reference_id
reference_type
scores
0
value 0.93133
scoring_system epss
scoring_elements 0.99793
published_at 2026-04-02T12:55:00Z
1
value 0.93133
scoring_system epss
scoring_elements 0.99794
published_at 2026-04-04T12:55:00Z
2
value 0.93133
scoring_system epss
scoring_elements 0.99795
published_at 2026-04-09T12:55:00Z
3
value 0.93133
scoring_system epss
scoring_elements 0.99796
published_at 2026-04-13T12:55:00Z
4
value 0.93133
scoring_system epss
scoring_elements 0.99797
published_at 2026-04-16T12:55:00Z
5
value 0.93133
scoring_system epss
scoring_elements 0.99798
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-12641
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12641
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12641
2
reference_url https://github.com/roundcube/roundcubemail/compare/1.4.3...1.4.4
reference_id 1.4.3...1.4.4
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:53:48Z/
url https://github.com/roundcube/roundcubemail/compare/1.4.3...1.4.4
3
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.4.4
reference_id 1.4.4
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:53:48Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.4.4
4
reference_url https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-12641-Command%20Injection-Roundcube
reference_id CVE-2020-12641-Command%20Injection-Roundcube
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:53:48Z/
url https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-12641-Command%20Injection-Roundcube
5
reference_url https://github.com/roundcube/roundcubemail/commit/fcfb099477f353373c34c8a65c9035b06b364db3
reference_id fcfb099477f353373c34c8a65c9035b06b364db3
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:53:48Z/
url https://github.com/roundcube/roundcubemail/commit/fcfb099477f353373c34c8a65c9035b06b364db3
6
reference_url https://security.gentoo.org/glsa/202007-41
reference_id GLSA-202007-41
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:53:48Z/
url https://security.gentoo.org/glsa/202007-41
7
reference_url https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1.3.11-and-1.2.10
reference_id security-updates-1.4.4-1.3.11-and-1.2.10
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:53:48Z/
url https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1.3.11-and-1.2.10
8
reference_url https://usn.ubuntu.com/USN-5182-1/
reference_id USN-USN-5182-1
reference_type
scores
url https://usn.ubuntu.com/USN-5182-1/
fixed_packages
0
url pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4
purl pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hap-9mqs-v3b8
1
vulnerability VCID-2nb2-9vgp-tqg9
2
vulnerability VCID-3kyu-tx4q-p3aq
3
vulnerability VCID-4yzj-hrqv-vbcp
4
vulnerability VCID-5yts-xnha-4bf3
5
vulnerability VCID-8vmm-1hvf-17ap
6
vulnerability VCID-8xf2-hjfv-hybh
7
vulnerability VCID-9uv1-gqq7-3kc9
8
vulnerability VCID-ck88-1urs-2kes
9
vulnerability VCID-ddfq-28qm-2fbn
10
vulnerability VCID-gh6k-19h8-fqbf
11
vulnerability VCID-rdb5-bbvn-7fcq
12
vulnerability VCID-ub6x-9dku-c7fk
13
vulnerability VCID-vtz8-zmp4-xbdh
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4
aliases CVE-2020-12641
risk_score 10.0
exploitability 2.0
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hg1a-vx5c-hue3
23
url VCID-j29t-cw2h-mfd8
vulnerability_id VCID-j29t-cw2h-mfd8
summary roundcube version 1.3.4 and earlier contains an Insecure Permissions vulnerability in enigma plugin that can result in exfiltration of gpg private key. This attack appear to be exploitable via network connectivity.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1000071
reference_id
reference_type
scores
0
value 0.00291
scoring_system epss
scoring_elements 0.52412
published_at 2026-04-01T12:55:00Z
1
value 0.00291
scoring_system epss
scoring_elements 0.52458
published_at 2026-04-02T12:55:00Z
2
value 0.00291
scoring_system epss
scoring_elements 0.52485
published_at 2026-04-04T12:55:00Z
3
value 0.00291
scoring_system epss
scoring_elements 0.52452
published_at 2026-04-07T12:55:00Z
4
value 0.00291
scoring_system epss
scoring_elements 0.52504
published_at 2026-04-08T12:55:00Z
5
value 0.00291
scoring_system epss
scoring_elements 0.52498
published_at 2026-04-09T12:55:00Z
6
value 0.00291
scoring_system epss
scoring_elements 0.52549
published_at 2026-04-11T12:55:00Z
7
value 0.00291
scoring_system epss
scoring_elements 0.52532
published_at 2026-04-12T12:55:00Z
8
value 0.00291
scoring_system epss
scoring_elements 0.52516
published_at 2026-04-13T12:55:00Z
9
value 0.00291
scoring_system epss
scoring_elements 0.52556
published_at 2026-04-16T12:55:00Z
10
value 0.00291
scoring_system epss
scoring_elements 0.52561
published_at 2026-04-18T12:55:00Z
11
value 0.00291
scoring_system epss
scoring_elements 0.52545
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1000071
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000071
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000071
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897014
reference_id 897014
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897014
3
reference_url https://usn.ubuntu.com/8132-1/
reference_id USN-8132-1
reference_type
scores
url https://usn.ubuntu.com/8132-1/
fixed_packages
0
url pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2
purl pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14vp-t71a-4bh1
1
vulnerability VCID-2eyy-k49d-m3af
2
vulnerability VCID-2hap-9mqs-v3b8
3
vulnerability VCID-2k4q-26tk-j3gx
4
vulnerability VCID-2nb2-9vgp-tqg9
5
vulnerability VCID-36et-26h7-pke7
6
vulnerability VCID-3kyu-tx4q-p3aq
7
vulnerability VCID-4yzj-hrqv-vbcp
8
vulnerability VCID-5yts-xnha-4bf3
9
vulnerability VCID-79me-pjdn-ykgq
10
vulnerability VCID-7nn6-aywu-z7g8
11
vulnerability VCID-8vmm-1hvf-17ap
12
vulnerability VCID-8xf2-hjfv-hybh
13
vulnerability VCID-9der-5csu-nbbq
14
vulnerability VCID-9uv1-gqq7-3kc9
15
vulnerability VCID-cjkd-2jr6-n7as
16
vulnerability VCID-ck88-1urs-2kes
17
vulnerability VCID-cnkc-vcp7-6kcw
18
vulnerability VCID-ddfq-28qm-2fbn
19
vulnerability VCID-gh6k-19h8-fqbf
20
vulnerability VCID-hg1a-vx5c-hue3
21
vulnerability VCID-jck5-xymf-s3bh
22
vulnerability VCID-jqs5-8ct7-wfgk
23
vulnerability VCID-kyxz-v3sj-w3cw
24
vulnerability VCID-m4yc-ms54-zyhv
25
vulnerability VCID-ncbg-6m11-3qan
26
vulnerability VCID-qwak-6wgy-wfgs
27
vulnerability VCID-rc91-j3kf-zfch
28
vulnerability VCID-s6p1-rf35-euhy
29
vulnerability VCID-u8a4-4pe2-9kcb
30
vulnerability VCID-ub6x-9dku-c7fk
31
vulnerability VCID-vehj-ytsm-kqgz
32
vulnerability VCID-vtz8-zmp4-xbdh
33
vulnerability VCID-x9j7-98zt-6ygt
34
vulnerability VCID-xssa-fwbx-kybq
35
vulnerability VCID-ybv7-hqmj-nbgr
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2
aliases CVE-2018-1000071
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j29t-cw2h-mfd8
24
url VCID-jck5-xymf-s3bh
vulnerability_id VCID-jck5-xymf-s3bh
summary security update
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-16145
reference_id
reference_type
scores
0
value 0.00704
scoring_system epss
scoring_elements 0.72041
published_at 2026-04-01T12:55:00Z
1
value 0.00704
scoring_system epss
scoring_elements 0.72047
published_at 2026-04-02T12:55:00Z
2
value 0.00704
scoring_system epss
scoring_elements 0.72068
published_at 2026-04-04T12:55:00Z
3
value 0.00704
scoring_system epss
scoring_elements 0.72044
published_at 2026-04-07T12:55:00Z
4
value 0.00704
scoring_system epss
scoring_elements 0.72081
published_at 2026-04-08T12:55:00Z
5
value 0.00704
scoring_system epss
scoring_elements 0.72093
published_at 2026-04-09T12:55:00Z
6
value 0.00704
scoring_system epss
scoring_elements 0.72116
published_at 2026-04-11T12:55:00Z
7
value 0.00704
scoring_system epss
scoring_elements 0.72101
published_at 2026-04-12T12:55:00Z
8
value 0.00704
scoring_system epss
scoring_elements 0.72086
published_at 2026-04-13T12:55:00Z
9
value 0.00704
scoring_system epss
scoring_elements 0.72127
published_at 2026-04-16T12:55:00Z
10
value 0.00704
scoring_system epss
scoring_elements 0.72135
published_at 2026-04-18T12:55:00Z
11
value 0.00704
scoring_system epss
scoring_elements 0.7212
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-16145
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16145
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16145
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968216
reference_id 968216
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968216
3
reference_url https://usn.ubuntu.com/USN-5182-1/
reference_id USN-USN-5182-1
reference_type
scores
url https://usn.ubuntu.com/USN-5182-1/
fixed_packages
0
url pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2
purl pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14vp-t71a-4bh1
1
vulnerability VCID-2eyy-k49d-m3af
2
vulnerability VCID-2hap-9mqs-v3b8
3
vulnerability VCID-2k4q-26tk-j3gx
4
vulnerability VCID-2nb2-9vgp-tqg9
5
vulnerability VCID-36et-26h7-pke7
6
vulnerability VCID-3kyu-tx4q-p3aq
7
vulnerability VCID-4yzj-hrqv-vbcp
8
vulnerability VCID-5yts-xnha-4bf3
9
vulnerability VCID-79me-pjdn-ykgq
10
vulnerability VCID-7nn6-aywu-z7g8
11
vulnerability VCID-8vmm-1hvf-17ap
12
vulnerability VCID-8xf2-hjfv-hybh
13
vulnerability VCID-9der-5csu-nbbq
14
vulnerability VCID-9uv1-gqq7-3kc9
15
vulnerability VCID-cjkd-2jr6-n7as
16
vulnerability VCID-ck88-1urs-2kes
17
vulnerability VCID-cnkc-vcp7-6kcw
18
vulnerability VCID-ddfq-28qm-2fbn
19
vulnerability VCID-gh6k-19h8-fqbf
20
vulnerability VCID-hg1a-vx5c-hue3
21
vulnerability VCID-jck5-xymf-s3bh
22
vulnerability VCID-jqs5-8ct7-wfgk
23
vulnerability VCID-kyxz-v3sj-w3cw
24
vulnerability VCID-m4yc-ms54-zyhv
25
vulnerability VCID-ncbg-6m11-3qan
26
vulnerability VCID-qwak-6wgy-wfgs
27
vulnerability VCID-rc91-j3kf-zfch
28
vulnerability VCID-s6p1-rf35-euhy
29
vulnerability VCID-u8a4-4pe2-9kcb
30
vulnerability VCID-ub6x-9dku-c7fk
31
vulnerability VCID-vehj-ytsm-kqgz
32
vulnerability VCID-vtz8-zmp4-xbdh
33
vulnerability VCID-x9j7-98zt-6ygt
34
vulnerability VCID-xssa-fwbx-kybq
35
vulnerability VCID-ybv7-hqmj-nbgr
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2
1
url pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4
purl pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hap-9mqs-v3b8
1
vulnerability VCID-2nb2-9vgp-tqg9
2
vulnerability VCID-3kyu-tx4q-p3aq
3
vulnerability VCID-4yzj-hrqv-vbcp
4
vulnerability VCID-5yts-xnha-4bf3
5
vulnerability VCID-8vmm-1hvf-17ap
6
vulnerability VCID-8xf2-hjfv-hybh
7
vulnerability VCID-9uv1-gqq7-3kc9
8
vulnerability VCID-ck88-1urs-2kes
9
vulnerability VCID-ddfq-28qm-2fbn
10
vulnerability VCID-gh6k-19h8-fqbf
11
vulnerability VCID-rdb5-bbvn-7fcq
12
vulnerability VCID-ub6x-9dku-c7fk
13
vulnerability VCID-vtz8-zmp4-xbdh
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4
aliases CVE-2020-16145
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jck5-xymf-s3bh
25
url VCID-jqs5-8ct7-wfgk
vulnerability_id VCID-jqs5-8ct7-wfgk
summary Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-26925
reference_id
reference_type
scores
0
value 0.00259
scoring_system epss
scoring_elements 0.493
published_at 2026-04-21T12:55:00Z
1
value 0.00259
scoring_system epss
scoring_elements 0.49227
published_at 2026-04-01T12:55:00Z
2
value 0.00259
scoring_system epss
scoring_elements 0.49258
published_at 2026-04-02T12:55:00Z
3
value 0.00259
scoring_system epss
scoring_elements 0.49286
published_at 2026-04-04T12:55:00Z
4
value 0.00259
scoring_system epss
scoring_elements 0.49238
published_at 2026-04-07T12:55:00Z
5
value 0.00259
scoring_system epss
scoring_elements 0.49293
published_at 2026-04-08T12:55:00Z
6
value 0.00259
scoring_system epss
scoring_elements 0.49289
published_at 2026-04-09T12:55:00Z
7
value 0.00259
scoring_system epss
scoring_elements 0.49307
published_at 2026-04-11T12:55:00Z
8
value 0.00259
scoring_system epss
scoring_elements 0.49281
published_at 2026-04-12T12:55:00Z
9
value 0.00259
scoring_system epss
scoring_elements 0.49287
published_at 2026-04-13T12:55:00Z
10
value 0.00259
scoring_system epss
scoring_elements 0.49334
published_at 2026-04-16T12:55:00Z
11
value 0.00259
scoring_system epss
scoring_elements 0.49331
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-26925
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26925
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26925
2
reference_url https://security.archlinux.org/ASA-202102-27
reference_id ASA-202102-27
reference_type
scores
url https://security.archlinux.org/ASA-202102-27
3
reference_url https://security.archlinux.org/AVG-1551
reference_id AVG-1551
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1551
fixed_packages
0
url pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4
purl pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hap-9mqs-v3b8
1
vulnerability VCID-2nb2-9vgp-tqg9
2
vulnerability VCID-3kyu-tx4q-p3aq
3
vulnerability VCID-4yzj-hrqv-vbcp
4
vulnerability VCID-5yts-xnha-4bf3
5
vulnerability VCID-8vmm-1hvf-17ap
6
vulnerability VCID-8xf2-hjfv-hybh
7
vulnerability VCID-9uv1-gqq7-3kc9
8
vulnerability VCID-ck88-1urs-2kes
9
vulnerability VCID-ddfq-28qm-2fbn
10
vulnerability VCID-gh6k-19h8-fqbf
11
vulnerability VCID-rdb5-bbvn-7fcq
12
vulnerability VCID-ub6x-9dku-c7fk
13
vulnerability VCID-vtz8-zmp4-xbdh
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4
aliases CVE-2021-26925
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jqs5-8ct7-wfgk
26
url VCID-kyxz-v3sj-w3cw
vulnerability_id VCID-kyxz-v3sj-w3cw
summary Cross Site Scripting (XSS) vulnerability in Roundcube Mail <=1.4.4 via smtp config in /installer/test.php.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-18671
reference_id
reference_type
scores
0
value 0.00386
scoring_system epss
scoring_elements 0.59664
published_at 2026-04-01T12:55:00Z
1
value 0.00386
scoring_system epss
scoring_elements 0.59737
published_at 2026-04-02T12:55:00Z
2
value 0.00386
scoring_system epss
scoring_elements 0.59762
published_at 2026-04-04T12:55:00Z
3
value 0.00386
scoring_system epss
scoring_elements 0.59732
published_at 2026-04-07T12:55:00Z
4
value 0.00386
scoring_system epss
scoring_elements 0.59784
published_at 2026-04-08T12:55:00Z
5
value 0.00386
scoring_system epss
scoring_elements 0.59797
published_at 2026-04-09T12:55:00Z
6
value 0.00386
scoring_system epss
scoring_elements 0.59817
published_at 2026-04-11T12:55:00Z
7
value 0.00386
scoring_system epss
scoring_elements 0.59801
published_at 2026-04-12T12:55:00Z
8
value 0.00386
scoring_system epss
scoring_elements 0.59783
published_at 2026-04-13T12:55:00Z
9
value 0.00386
scoring_system epss
scoring_elements 0.5982
published_at 2026-04-16T12:55:00Z
10
value 0.00386
scoring_system epss
scoring_elements 0.59827
published_at 2026-04-18T12:55:00Z
11
value 0.00386
scoring_system epss
scoring_elements 0.5981
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-18671
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-18671
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-18671
fixed_packages
0
url pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4
purl pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hap-9mqs-v3b8
1
vulnerability VCID-2nb2-9vgp-tqg9
2
vulnerability VCID-3kyu-tx4q-p3aq
3
vulnerability VCID-4yzj-hrqv-vbcp
4
vulnerability VCID-5yts-xnha-4bf3
5
vulnerability VCID-8vmm-1hvf-17ap
6
vulnerability VCID-8xf2-hjfv-hybh
7
vulnerability VCID-9uv1-gqq7-3kc9
8
vulnerability VCID-ck88-1urs-2kes
9
vulnerability VCID-ddfq-28qm-2fbn
10
vulnerability VCID-gh6k-19h8-fqbf
11
vulnerability VCID-rdb5-bbvn-7fcq
12
vulnerability VCID-ub6x-9dku-c7fk
13
vulnerability VCID-vtz8-zmp4-xbdh
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4
aliases CVE-2020-18671
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kyxz-v3sj-w3cw
27
url VCID-m4yc-ms54-zyhv
vulnerability_id VCID-m4yc-ms54-zyhv
summary security update
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13965.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13965.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13965
reference_id
reference_type
scores
0
value 0.71819
scoring_system epss
scoring_elements 0.98728
published_at 2026-04-02T12:55:00Z
1
value 0.71819
scoring_system epss
scoring_elements 0.98742
published_at 2026-04-21T12:55:00Z
2
value 0.71819
scoring_system epss
scoring_elements 0.98732
published_at 2026-04-04T12:55:00Z
3
value 0.71819
scoring_system epss
scoring_elements 0.98735
published_at 2026-04-09T12:55:00Z
4
value 0.71819
scoring_system epss
scoring_elements 0.98736
published_at 2026-04-08T12:55:00Z
5
value 0.71819
scoring_system epss
scoring_elements 0.98738
published_at 2026-04-12T12:55:00Z
6
value 0.71819
scoring_system epss
scoring_elements 0.98739
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13965
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13964
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13964
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13965
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13965
4
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.3.12
reference_id 1.3.12
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.3.12
5
reference_url https://github.com/roundcube/roundcubemail/compare/1.4.4...1.4.5
reference_id 1.4.4...1.4.5
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/
url https://github.com/roundcube/roundcubemail/compare/1.4.4...1.4.5
6
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.4.5
reference_id 1.4.5
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.4.5
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1848338
reference_id 1848338
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1848338
8
reference_url https://github.com/roundcube/roundcubemail/commit/884eb611627ef2bd5a2e20e02009ebb1eceecdc3
reference_id 884eb611627ef2bd5a2e20e02009ebb1eceecdc3
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/
url https://github.com/roundcube/roundcubemail/commit/884eb611627ef2bd5a2e20e02009ebb1eceecdc3
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962124
reference_id 962124
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962124
10
reference_url https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-13965-Cross%20Site-Scripting%20via%20Malicious%20XML%20Attachment-Roundcube
reference_id CVE-2020-13965-Cross%20Site-Scripting%20via%20Malicious%20XML%20Attachment-Roundcube
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/
url https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-13965-Cross%20Site-Scripting%20via%20Malicious%20XML%20Attachment-Roundcube
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLESQ4LPJGMSWHQ4TBRTVQRDG7IXAZCW/
reference_id DLESQ4LPJGMSWHQ4TBRTVQRDG7IXAZCW
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLESQ4LPJGMSWHQ4TBRTVQRDG7IXAZCW/
12
reference_url https://www.debian.org/security/2020/dsa-4700
reference_id dsa-4700
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/
url https://www.debian.org/security/2020/dsa-4700
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ODPJXBHZ32QSP4MYT2OBCALYXSUJ47SK/
reference_id ODPJXBHZ32QSP4MYT2OBCALYXSUJ47SK
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ODPJXBHZ32QSP4MYT2OBCALYXSUJ47SK/
14
reference_url https://roundcube.net/news/2020/06/02/security-updates-1.4.5-and-1.3.12
reference_id security-updates-1.4.5-and-1.3.12
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/
url https://roundcube.net/news/2020/06/02/security-updates-1.4.5-and-1.3.12
15
reference_url https://usn.ubuntu.com/USN-5182-1/
reference_id USN-USN-5182-1
reference_type
scores
url https://usn.ubuntu.com/USN-5182-1/
fixed_packages
0
url pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2
purl pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14vp-t71a-4bh1
1
vulnerability VCID-2eyy-k49d-m3af
2
vulnerability VCID-2hap-9mqs-v3b8
3
vulnerability VCID-2k4q-26tk-j3gx
4
vulnerability VCID-2nb2-9vgp-tqg9
5
vulnerability VCID-36et-26h7-pke7
6
vulnerability VCID-3kyu-tx4q-p3aq
7
vulnerability VCID-4yzj-hrqv-vbcp
8
vulnerability VCID-5yts-xnha-4bf3
9
vulnerability VCID-79me-pjdn-ykgq
10
vulnerability VCID-7nn6-aywu-z7g8
11
vulnerability VCID-8vmm-1hvf-17ap
12
vulnerability VCID-8xf2-hjfv-hybh
13
vulnerability VCID-9der-5csu-nbbq
14
vulnerability VCID-9uv1-gqq7-3kc9
15
vulnerability VCID-cjkd-2jr6-n7as
16
vulnerability VCID-ck88-1urs-2kes
17
vulnerability VCID-cnkc-vcp7-6kcw
18
vulnerability VCID-ddfq-28qm-2fbn
19
vulnerability VCID-gh6k-19h8-fqbf
20
vulnerability VCID-hg1a-vx5c-hue3
21
vulnerability VCID-jck5-xymf-s3bh
22
vulnerability VCID-jqs5-8ct7-wfgk
23
vulnerability VCID-kyxz-v3sj-w3cw
24
vulnerability VCID-m4yc-ms54-zyhv
25
vulnerability VCID-ncbg-6m11-3qan
26
vulnerability VCID-qwak-6wgy-wfgs
27
vulnerability VCID-rc91-j3kf-zfch
28
vulnerability VCID-s6p1-rf35-euhy
29
vulnerability VCID-u8a4-4pe2-9kcb
30
vulnerability VCID-ub6x-9dku-c7fk
31
vulnerability VCID-vehj-ytsm-kqgz
32
vulnerability VCID-vtz8-zmp4-xbdh
33
vulnerability VCID-x9j7-98zt-6ygt
34
vulnerability VCID-xssa-fwbx-kybq
35
vulnerability VCID-ybv7-hqmj-nbgr
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2
1
url pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4
purl pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hap-9mqs-v3b8
1
vulnerability VCID-2nb2-9vgp-tqg9
2
vulnerability VCID-3kyu-tx4q-p3aq
3
vulnerability VCID-4yzj-hrqv-vbcp
4
vulnerability VCID-5yts-xnha-4bf3
5
vulnerability VCID-8vmm-1hvf-17ap
6
vulnerability VCID-8xf2-hjfv-hybh
7
vulnerability VCID-9uv1-gqq7-3kc9
8
vulnerability VCID-ck88-1urs-2kes
9
vulnerability VCID-ddfq-28qm-2fbn
10
vulnerability VCID-gh6k-19h8-fqbf
11
vulnerability VCID-rdb5-bbvn-7fcq
12
vulnerability VCID-ub6x-9dku-c7fk
13
vulnerability VCID-vtz8-zmp4-xbdh
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4
aliases CVE-2020-13965
risk_score 10.0
exploitability 2.0
weighted_severity 5.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m4yc-ms54-zyhv
28
url VCID-ncbg-6m11-3qan
vulnerability_id VCID-ncbg-6m11-3qan
summary security update
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-47272
reference_id
reference_type
scores
0
value 0.00498
scoring_system epss
scoring_elements 0.65845
published_at 2026-04-02T12:55:00Z
1
value 0.00498
scoring_system epss
scoring_elements 0.65875
published_at 2026-04-04T12:55:00Z
2
value 0.00498
scoring_system epss
scoring_elements 0.6584
published_at 2026-04-07T12:55:00Z
3
value 0.00498
scoring_system epss
scoring_elements 0.65892
published_at 2026-04-08T12:55:00Z
4
value 0.00498
scoring_system epss
scoring_elements 0.65904
published_at 2026-04-09T12:55:00Z
5
value 0.00498
scoring_system epss
scoring_elements 0.65922
published_at 2026-04-11T12:55:00Z
6
value 0.00498
scoring_system epss
scoring_elements 0.65909
published_at 2026-04-12T12:55:00Z
7
value 0.00498
scoring_system epss
scoring_elements 0.65879
published_at 2026-04-13T12:55:00Z
8
value 0.00498
scoring_system epss
scoring_elements 0.65914
published_at 2026-04-16T12:55:00Z
9
value 0.00498
scoring_system epss
scoring_elements 0.65929
published_at 2026-04-18T12:55:00Z
10
value 0.00498
scoring_system epss
scoring_elements 0.65918
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-47272
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47272
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47272
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055421
reference_id 1055421
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055421
3
reference_url https://usn.ubuntu.com/6848-1/
reference_id USN-6848-1
reference_type
scores
url https://usn.ubuntu.com/6848-1/
fixed_packages
0
url pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4
purl pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hap-9mqs-v3b8
1
vulnerability VCID-2nb2-9vgp-tqg9
2
vulnerability VCID-3kyu-tx4q-p3aq
3
vulnerability VCID-4yzj-hrqv-vbcp
4
vulnerability VCID-5yts-xnha-4bf3
5
vulnerability VCID-8vmm-1hvf-17ap
6
vulnerability VCID-8xf2-hjfv-hybh
7
vulnerability VCID-9uv1-gqq7-3kc9
8
vulnerability VCID-ck88-1urs-2kes
9
vulnerability VCID-ddfq-28qm-2fbn
10
vulnerability VCID-gh6k-19h8-fqbf
11
vulnerability VCID-rdb5-bbvn-7fcq
12
vulnerability VCID-ub6x-9dku-c7fk
13
vulnerability VCID-vtz8-zmp4-xbdh
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4
aliases CVE-2023-47272
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ncbg-6m11-3qan
29
url VCID-qwak-6wgy-wfgs
vulnerability_id VCID-qwak-6wgy-wfgs
summary security update
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-37384
reference_id
reference_type
scores
0
value 0.00437
scoring_system epss
scoring_elements 0.63008
published_at 2026-04-07T12:55:00Z
1
value 0.00437
scoring_system epss
scoring_elements 0.63099
published_at 2026-04-18T12:55:00Z
2
value 0.00437
scoring_system epss
scoring_elements 0.63091
published_at 2026-04-16T12:55:00Z
3
value 0.00437
scoring_system epss
scoring_elements 0.63056
published_at 2026-04-13T12:55:00Z
4
value 0.00437
scoring_system epss
scoring_elements 0.63078
published_at 2026-04-12T12:55:00Z
5
value 0.00437
scoring_system epss
scoring_elements 0.63092
published_at 2026-04-11T12:55:00Z
6
value 0.00437
scoring_system epss
scoring_elements 0.63074
published_at 2026-04-09T12:55:00Z
7
value 0.00437
scoring_system epss
scoring_elements 0.63058
published_at 2026-04-08T12:55:00Z
8
value 0.00437
scoring_system epss
scoring_elements 0.63014
published_at 2026-04-02T12:55:00Z
9
value 0.00437
scoring_system epss
scoring_elements 0.63043
published_at 2026-04-04T12:55:00Z
10
value 0.00525
scoring_system epss
scoring_elements 0.67022
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-37384
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37383
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37383
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37384
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37384
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071474
reference_id 1071474
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071474
4
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.5.7
reference_id 1.5.7
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-17T17:48:19Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.5.7
5
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.6.7
reference_id 1.6.7
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-17T17:48:19Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.6.7
6
reference_url https://github.com/roundcube/roundcubemail/commit/cde4522c5c95f13c6aeeb1600ab17e5067a536f7
reference_id cde4522c5c95f13c6aeeb1600ab17e5067a536f7
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-17T17:48:19Z/
url https://github.com/roundcube/roundcubemail/commit/cde4522c5c95f13c6aeeb1600ab17e5067a536f7
7
reference_url https://lists.debian.org/debian-lts-announce/2024/06/msg00008.html
reference_id msg00008.html
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-17T17:48:19Z/
url https://lists.debian.org/debian-lts-announce/2024/06/msg00008.html
8
reference_url https://usn.ubuntu.com/6848-1/
reference_id USN-6848-1
reference_type
scores
url https://usn.ubuntu.com/6848-1/
fixed_packages
0
url pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4
purl pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hap-9mqs-v3b8
1
vulnerability VCID-2nb2-9vgp-tqg9
2
vulnerability VCID-3kyu-tx4q-p3aq
3
vulnerability VCID-4yzj-hrqv-vbcp
4
vulnerability VCID-5yts-xnha-4bf3
5
vulnerability VCID-8vmm-1hvf-17ap
6
vulnerability VCID-8xf2-hjfv-hybh
7
vulnerability VCID-9uv1-gqq7-3kc9
8
vulnerability VCID-ck88-1urs-2kes
9
vulnerability VCID-ddfq-28qm-2fbn
10
vulnerability VCID-gh6k-19h8-fqbf
11
vulnerability VCID-rdb5-bbvn-7fcq
12
vulnerability VCID-ub6x-9dku-c7fk
13
vulnerability VCID-vtz8-zmp4-xbdh
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4
aliases CVE-2024-37384
risk_score 2.8
exploitability 0.5
weighted_severity 5.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qwak-6wgy-wfgs
30
url VCID-rc91-j3kf-zfch
vulnerability_id VCID-rc91-j3kf-zfch
summary security update
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-15562
reference_id
reference_type
scores
0
value 0.00861
scoring_system epss
scoring_elements 0.75004
published_at 2026-04-01T12:55:00Z
1
value 0.00861
scoring_system epss
scoring_elements 0.75007
published_at 2026-04-02T12:55:00Z
2
value 0.00861
scoring_system epss
scoring_elements 0.75036
published_at 2026-04-04T12:55:00Z
3
value 0.00861
scoring_system epss
scoring_elements 0.75012
published_at 2026-04-07T12:55:00Z
4
value 0.00861
scoring_system epss
scoring_elements 0.75046
published_at 2026-04-08T12:55:00Z
5
value 0.00861
scoring_system epss
scoring_elements 0.75058
published_at 2026-04-09T12:55:00Z
6
value 0.00861
scoring_system epss
scoring_elements 0.7508
published_at 2026-04-11T12:55:00Z
7
value 0.00861
scoring_system epss
scoring_elements 0.75059
published_at 2026-04-12T12:55:00Z
8
value 0.00861
scoring_system epss
scoring_elements 0.75048
published_at 2026-04-13T12:55:00Z
9
value 0.00861
scoring_system epss
scoring_elements 0.75086
published_at 2026-04-16T12:55:00Z
10
value 0.00861
scoring_system epss
scoring_elements 0.75093
published_at 2026-04-18T12:55:00Z
11
value 0.00861
scoring_system epss
scoring_elements 0.75083
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-15562
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15562
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15562
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964355
reference_id 964355
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964355
3
reference_url https://usn.ubuntu.com/USN-5182-1/
reference_id USN-USN-5182-1
reference_type
scores
url https://usn.ubuntu.com/USN-5182-1/
fixed_packages
0
url pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2
purl pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14vp-t71a-4bh1
1
vulnerability VCID-2eyy-k49d-m3af
2
vulnerability VCID-2hap-9mqs-v3b8
3
vulnerability VCID-2k4q-26tk-j3gx
4
vulnerability VCID-2nb2-9vgp-tqg9
5
vulnerability VCID-36et-26h7-pke7
6
vulnerability VCID-3kyu-tx4q-p3aq
7
vulnerability VCID-4yzj-hrqv-vbcp
8
vulnerability VCID-5yts-xnha-4bf3
9
vulnerability VCID-79me-pjdn-ykgq
10
vulnerability VCID-7nn6-aywu-z7g8
11
vulnerability VCID-8vmm-1hvf-17ap
12
vulnerability VCID-8xf2-hjfv-hybh
13
vulnerability VCID-9der-5csu-nbbq
14
vulnerability VCID-9uv1-gqq7-3kc9
15
vulnerability VCID-cjkd-2jr6-n7as
16
vulnerability VCID-ck88-1urs-2kes
17
vulnerability VCID-cnkc-vcp7-6kcw
18
vulnerability VCID-ddfq-28qm-2fbn
19
vulnerability VCID-gh6k-19h8-fqbf
20
vulnerability VCID-hg1a-vx5c-hue3
21
vulnerability VCID-jck5-xymf-s3bh
22
vulnerability VCID-jqs5-8ct7-wfgk
23
vulnerability VCID-kyxz-v3sj-w3cw
24
vulnerability VCID-m4yc-ms54-zyhv
25
vulnerability VCID-ncbg-6m11-3qan
26
vulnerability VCID-qwak-6wgy-wfgs
27
vulnerability VCID-rc91-j3kf-zfch
28
vulnerability VCID-s6p1-rf35-euhy
29
vulnerability VCID-u8a4-4pe2-9kcb
30
vulnerability VCID-ub6x-9dku-c7fk
31
vulnerability VCID-vehj-ytsm-kqgz
32
vulnerability VCID-vtz8-zmp4-xbdh
33
vulnerability VCID-x9j7-98zt-6ygt
34
vulnerability VCID-xssa-fwbx-kybq
35
vulnerability VCID-ybv7-hqmj-nbgr
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2
1
url pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4
purl pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hap-9mqs-v3b8
1
vulnerability VCID-2nb2-9vgp-tqg9
2
vulnerability VCID-3kyu-tx4q-p3aq
3
vulnerability VCID-4yzj-hrqv-vbcp
4
vulnerability VCID-5yts-xnha-4bf3
5
vulnerability VCID-8vmm-1hvf-17ap
6
vulnerability VCID-8xf2-hjfv-hybh
7
vulnerability VCID-9uv1-gqq7-3kc9
8
vulnerability VCID-ck88-1urs-2kes
9
vulnerability VCID-ddfq-28qm-2fbn
10
vulnerability VCID-gh6k-19h8-fqbf
11
vulnerability VCID-rdb5-bbvn-7fcq
12
vulnerability VCID-ub6x-9dku-c7fk
13
vulnerability VCID-vtz8-zmp4-xbdh
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4
aliases CVE-2020-15562
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rc91-j3kf-zfch
31
url VCID-s6p1-rf35-euhy
vulnerability_id VCID-s6p1-rf35-euhy
summary Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-43770
reference_id
reference_type
scores
0
value 0.80389
scoring_system epss
scoring_elements 0.99124
published_at 2026-04-13T12:55:00Z
1
value 0.80389
scoring_system epss
scoring_elements 0.99129
published_at 2026-04-21T12:55:00Z
2
value 0.80389
scoring_system epss
scoring_elements 0.99127
published_at 2026-04-18T12:55:00Z
3
value 0.80389
scoring_system epss
scoring_elements 0.99126
published_at 2026-04-16T12:55:00Z
4
value 0.80389
scoring_system epss
scoring_elements 0.99125
published_at 2026-04-12T12:55:00Z
5
value 0.80653
scoring_system epss
scoring_elements 0.99134
published_at 2026-04-04T12:55:00Z
6
value 0.80653
scoring_system epss
scoring_elements 0.99131
published_at 2026-04-02T12:55:00Z
7
value 0.80653
scoring_system epss
scoring_elements 0.99137
published_at 2026-04-07T12:55:00Z
8
value 0.80653
scoring_system epss
scoring_elements 0.99139
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-43770
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43770
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43770
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052059
reference_id 1052059
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052059
3
reference_url https://github.com/roundcube/roundcubemail/commit/e92ec206a886461245e1672d8530cc93c618a49b
reference_id e92ec206a886461245e1672d8530cc93c618a49b
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-01T18:43:07Z/
url https://github.com/roundcube/roundcubemail/commit/e92ec206a886461245e1672d8530cc93c618a49b
4
reference_url https://lists.debian.org/debian-lts-announce/2023/09/msg00024.html
reference_id msg00024.html
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-01T18:43:07Z/
url https://lists.debian.org/debian-lts-announce/2023/09/msg00024.html
5
reference_url https://roundcube.net/news/2023/09/15/security-update-1.6.3-released
reference_id security-update-1.6.3-released
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-01T18:43:07Z/
url https://roundcube.net/news/2023/09/15/security-update-1.6.3-released
6
reference_url https://usn.ubuntu.com/6654-1/
reference_id USN-6654-1
reference_type
scores
url https://usn.ubuntu.com/6654-1/
fixed_packages
0
url pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4
purl pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hap-9mqs-v3b8
1
vulnerability VCID-2nb2-9vgp-tqg9
2
vulnerability VCID-3kyu-tx4q-p3aq
3
vulnerability VCID-4yzj-hrqv-vbcp
4
vulnerability VCID-5yts-xnha-4bf3
5
vulnerability VCID-8vmm-1hvf-17ap
6
vulnerability VCID-8xf2-hjfv-hybh
7
vulnerability VCID-9uv1-gqq7-3kc9
8
vulnerability VCID-ck88-1urs-2kes
9
vulnerability VCID-ddfq-28qm-2fbn
10
vulnerability VCID-gh6k-19h8-fqbf
11
vulnerability VCID-rdb5-bbvn-7fcq
12
vulnerability VCID-ub6x-9dku-c7fk
13
vulnerability VCID-vtz8-zmp4-xbdh
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4
aliases CVE-2023-43770
risk_score 10.0
exploitability 2.0
weighted_severity 5.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s6p1-rf35-euhy
32
url VCID-ts1p-pw9v-cbh3
vulnerability_id VCID-ts1p-pw9v-cbh3
summary security update
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-19206
reference_id
reference_type
scores
0
value 0.02357
scoring_system epss
scoring_elements 0.8484
published_at 2026-04-01T12:55:00Z
1
value 0.02357
scoring_system epss
scoring_elements 0.84856
published_at 2026-04-02T12:55:00Z
2
value 0.02357
scoring_system epss
scoring_elements 0.84874
published_at 2026-04-04T12:55:00Z
3
value 0.02357
scoring_system epss
scoring_elements 0.84876
published_at 2026-04-07T12:55:00Z
4
value 0.02357
scoring_system epss
scoring_elements 0.84899
published_at 2026-04-08T12:55:00Z
5
value 0.02357
scoring_system epss
scoring_elements 0.84906
published_at 2026-04-09T12:55:00Z
6
value 0.02357
scoring_system epss
scoring_elements 0.84924
published_at 2026-04-11T12:55:00Z
7
value 0.02357
scoring_system epss
scoring_elements 0.84923
published_at 2026-04-12T12:55:00Z
8
value 0.02357
scoring_system epss
scoring_elements 0.84917
published_at 2026-04-13T12:55:00Z
9
value 0.02357
scoring_system epss
scoring_elements 0.84939
published_at 2026-04-18T12:55:00Z
10
value 0.02357
scoring_system epss
scoring_elements 0.84936
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-19206
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19206
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19206
2
reference_url https://usn.ubuntu.com/8132-1/
reference_id USN-8132-1
reference_type
scores
url https://usn.ubuntu.com/8132-1/
fixed_packages
0
url pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2
purl pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14vp-t71a-4bh1
1
vulnerability VCID-2eyy-k49d-m3af
2
vulnerability VCID-2hap-9mqs-v3b8
3
vulnerability VCID-2k4q-26tk-j3gx
4
vulnerability VCID-2nb2-9vgp-tqg9
5
vulnerability VCID-36et-26h7-pke7
6
vulnerability VCID-3kyu-tx4q-p3aq
7
vulnerability VCID-4yzj-hrqv-vbcp
8
vulnerability VCID-5yts-xnha-4bf3
9
vulnerability VCID-79me-pjdn-ykgq
10
vulnerability VCID-7nn6-aywu-z7g8
11
vulnerability VCID-8vmm-1hvf-17ap
12
vulnerability VCID-8xf2-hjfv-hybh
13
vulnerability VCID-9der-5csu-nbbq
14
vulnerability VCID-9uv1-gqq7-3kc9
15
vulnerability VCID-cjkd-2jr6-n7as
16
vulnerability VCID-ck88-1urs-2kes
17
vulnerability VCID-cnkc-vcp7-6kcw
18
vulnerability VCID-ddfq-28qm-2fbn
19
vulnerability VCID-gh6k-19h8-fqbf
20
vulnerability VCID-hg1a-vx5c-hue3
21
vulnerability VCID-jck5-xymf-s3bh
22
vulnerability VCID-jqs5-8ct7-wfgk
23
vulnerability VCID-kyxz-v3sj-w3cw
24
vulnerability VCID-m4yc-ms54-zyhv
25
vulnerability VCID-ncbg-6m11-3qan
26
vulnerability VCID-qwak-6wgy-wfgs
27
vulnerability VCID-rc91-j3kf-zfch
28
vulnerability VCID-s6p1-rf35-euhy
29
vulnerability VCID-u8a4-4pe2-9kcb
30
vulnerability VCID-ub6x-9dku-c7fk
31
vulnerability VCID-vehj-ytsm-kqgz
32
vulnerability VCID-vtz8-zmp4-xbdh
33
vulnerability VCID-x9j7-98zt-6ygt
34
vulnerability VCID-xssa-fwbx-kybq
35
vulnerability VCID-ybv7-hqmj-nbgr
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2
aliases CVE-2018-19206
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ts1p-pw9v-cbh3
33
url VCID-u8a4-4pe2-9kcb
vulnerability_id VCID-u8a4-4pe2-9kcb
summary security update
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-35730
reference_id
reference_type
scores
0
value 0.64813
scoring_system epss
scoring_elements 0.98451
published_at 2026-04-01T12:55:00Z
1
value 0.64813
scoring_system epss
scoring_elements 0.98453
published_at 2026-04-02T12:55:00Z
2
value 0.64813
scoring_system epss
scoring_elements 0.98456
published_at 2026-04-04T12:55:00Z
3
value 0.64813
scoring_system epss
scoring_elements 0.98458
published_at 2026-04-07T12:55:00Z
4
value 0.64813
scoring_system epss
scoring_elements 0.98461
published_at 2026-04-08T12:55:00Z
5
value 0.64813
scoring_system epss
scoring_elements 0.98462
published_at 2026-04-09T12:55:00Z
6
value 0.64813
scoring_system epss
scoring_elements 0.98465
published_at 2026-04-13T12:55:00Z
7
value 0.64813
scoring_system epss
scoring_elements 0.9847
published_at 2026-04-18T12:55:00Z
8
value 0.64813
scoring_system epss
scoring_elements 0.98472
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-35730
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35730
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35730
2
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.2.13
reference_id 1.2.13
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:21:48Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.2.13
3
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.3.16
reference_id 1.3.16
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:21:48Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.3.16
4
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.4.10
reference_id 1.4.10
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:21:48Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.4.10
5
reference_url https://github.com/roundcube/roundcubemail/compare/1.4.9...1.4.10
reference_id 1.4.9...1.4.10
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:21:48Z/
url https://github.com/roundcube/roundcubemail/compare/1.4.9...1.4.10
6
reference_url https://security.archlinux.org/ASA-202101-2
reference_id ASA-202101-2
reference_type
scores
url https://security.archlinux.org/ASA-202101-2
7
reference_url https://security.archlinux.org/AVG-1388
reference_id AVG-1388
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1388
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978491
reference_id bugreport.cgi?bug=978491
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:21:48Z/
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978491
9
reference_url https://roundcube.net/download/
reference_id download
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:21:48Z/
url https://roundcube.net/download/
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HCEU4BM5WGIDJWP6Z4PCH62ZMH57QYM2/
reference_id HCEU4BM5WGIDJWP6Z4PCH62ZMH57QYM2
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:21:48Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HCEU4BM5WGIDJWP6Z4PCH62ZMH57QYM2/
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HMLIZWKMTRCLU7KZLEQHELS4INXJ7X5Q/
reference_id HMLIZWKMTRCLU7KZLEQHELS4INXJ7X5Q
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:21:48Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HMLIZWKMTRCLU7KZLEQHELS4INXJ7X5Q/
12
reference_url https://www.alexbirnberg.com/roundcube-xss.html
reference_id roundcube-xss.html
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:21:48Z/
url https://www.alexbirnberg.com/roundcube-xss.html
13
reference_url https://usn.ubuntu.com/USN-5182-1/
reference_id USN-USN-5182-1
reference_type
scores
url https://usn.ubuntu.com/USN-5182-1/
fixed_packages
0
url pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2
purl pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14vp-t71a-4bh1
1
vulnerability VCID-2eyy-k49d-m3af
2
vulnerability VCID-2hap-9mqs-v3b8
3
vulnerability VCID-2k4q-26tk-j3gx
4
vulnerability VCID-2nb2-9vgp-tqg9
5
vulnerability VCID-36et-26h7-pke7
6
vulnerability VCID-3kyu-tx4q-p3aq
7
vulnerability VCID-4yzj-hrqv-vbcp
8
vulnerability VCID-5yts-xnha-4bf3
9
vulnerability VCID-79me-pjdn-ykgq
10
vulnerability VCID-7nn6-aywu-z7g8
11
vulnerability VCID-8vmm-1hvf-17ap
12
vulnerability VCID-8xf2-hjfv-hybh
13
vulnerability VCID-9der-5csu-nbbq
14
vulnerability VCID-9uv1-gqq7-3kc9
15
vulnerability VCID-cjkd-2jr6-n7as
16
vulnerability VCID-ck88-1urs-2kes
17
vulnerability VCID-cnkc-vcp7-6kcw
18
vulnerability VCID-ddfq-28qm-2fbn
19
vulnerability VCID-gh6k-19h8-fqbf
20
vulnerability VCID-hg1a-vx5c-hue3
21
vulnerability VCID-jck5-xymf-s3bh
22
vulnerability VCID-jqs5-8ct7-wfgk
23
vulnerability VCID-kyxz-v3sj-w3cw
24
vulnerability VCID-m4yc-ms54-zyhv
25
vulnerability VCID-ncbg-6m11-3qan
26
vulnerability VCID-qwak-6wgy-wfgs
27
vulnerability VCID-rc91-j3kf-zfch
28
vulnerability VCID-s6p1-rf35-euhy
29
vulnerability VCID-u8a4-4pe2-9kcb
30
vulnerability VCID-ub6x-9dku-c7fk
31
vulnerability VCID-vehj-ytsm-kqgz
32
vulnerability VCID-vtz8-zmp4-xbdh
33
vulnerability VCID-x9j7-98zt-6ygt
34
vulnerability VCID-xssa-fwbx-kybq
35
vulnerability VCID-ybv7-hqmj-nbgr
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2
1
url pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4
purl pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hap-9mqs-v3b8
1
vulnerability VCID-2nb2-9vgp-tqg9
2
vulnerability VCID-3kyu-tx4q-p3aq
3
vulnerability VCID-4yzj-hrqv-vbcp
4
vulnerability VCID-5yts-xnha-4bf3
5
vulnerability VCID-8vmm-1hvf-17ap
6
vulnerability VCID-8xf2-hjfv-hybh
7
vulnerability VCID-9uv1-gqq7-3kc9
8
vulnerability VCID-ck88-1urs-2kes
9
vulnerability VCID-ddfq-28qm-2fbn
10
vulnerability VCID-gh6k-19h8-fqbf
11
vulnerability VCID-rdb5-bbvn-7fcq
12
vulnerability VCID-ub6x-9dku-c7fk
13
vulnerability VCID-vtz8-zmp4-xbdh
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4
aliases CVE-2020-35730
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u8a4-4pe2-9kcb
34
url VCID-ub6x-9dku-c7fk
vulnerability_id VCID-ub6x-9dku-c7fk
summary Roundcube Webmail: Insufficient CSS sanitization in HTML e-mail messages
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-35540
reference_id
reference_type
scores
0
value 0.00031
scoring_system epss
scoring_elements 0.08833
published_at 2026-04-07T12:55:00Z
1
value 0.00031
scoring_system epss
scoring_elements 0.08902
published_at 2026-04-04T12:55:00Z
2
value 0.00033
scoring_system epss
scoring_elements 0.09441
published_at 2026-04-08T12:55:00Z
3
value 0.00043
scoring_system epss
scoring_elements 0.1304
published_at 2026-04-18T12:55:00Z
4
value 0.00043
scoring_system epss
scoring_elements 0.13038
published_at 2026-04-16T12:55:00Z
5
value 0.00043
scoring_system epss
scoring_elements 0.13135
published_at 2026-04-13T12:55:00Z
6
value 0.00043
scoring_system epss
scoring_elements 0.13187
published_at 2026-04-12T12:55:00Z
7
value 0.00043
scoring_system epss
scoring_elements 0.13224
published_at 2026-04-11T12:55:00Z
8
value 0.00043
scoring_system epss
scoring_elements 0.13255
published_at 2026-04-09T12:55:00Z
9
value 0.00047
scoring_system epss
scoring_elements 0.14425
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-35540
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35540
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35540
2
reference_url https://github.com/roundcube/roundcubemail
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/roundcube/roundcubemail
3
reference_url https://github.com/roundcube/roundcubemail/commit/27ec6cc9cb25e1ef8b4d4ef39ce76d619caa6870
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:31Z/
url https://github.com/roundcube/roundcubemail/commit/27ec6cc9cb25e1ef8b4d4ef39ce76d619caa6870
4
reference_url https://github.com/roundcube/roundcubemail/commit/579b68eff90650a5c782e153debd66c765648942
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:31Z/
url https://github.com/roundcube/roundcubemail/commit/579b68eff90650a5c782e153debd66c765648942
5
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.6.14
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:31Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.6.14
6
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:31Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5
7
reference_url https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:31Z/
url https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182
reference_id 1131182
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-35540
reference_id CVE-2026-35540
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-35540
10
reference_url https://github.com/advisories/GHSA-vxg2-hhgr-37fx
reference_id GHSA-vxg2-hhgr-37fx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vxg2-hhgr-37fx
fixed_packages
0
url pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6
purl pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6
aliases CVE-2026-35540, GHSA-vxg2-hhgr-37fx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ub6x-9dku-c7fk
35
url VCID-ur1a-7tdn-h3hu
vulnerability_id VCID-ur1a-7tdn-h3hu
summary In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00083.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00083.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10740
reference_id
reference_type
scores
0
value 0.00174
scoring_system epss
scoring_elements 0.38688
published_at 2026-04-21T12:55:00Z
1
value 0.00174
scoring_system epss
scoring_elements 0.38768
published_at 2026-04-18T12:55:00Z
2
value 0.00174
scoring_system epss
scoring_elements 0.38656
published_at 2026-04-01T12:55:00Z
3
value 0.00174
scoring_system epss
scoring_elements 0.38785
published_at 2026-04-08T12:55:00Z
4
value 0.00174
scoring_system epss
scoring_elements 0.38806
published_at 2026-04-04T12:55:00Z
5
value 0.00174
scoring_system epss
scoring_elements 0.38735
published_at 2026-04-07T12:55:00Z
6
value 0.00174
scoring_system epss
scoring_elements 0.38796
published_at 2026-04-09T12:55:00Z
7
value 0.00174
scoring_system epss
scoring_elements 0.38808
published_at 2026-04-11T12:55:00Z
8
value 0.00174
scoring_system epss
scoring_elements 0.38772
published_at 2026-04-12T12:55:00Z
9
value 0.00174
scoring_system epss
scoring_elements 0.38744
published_at 2026-04-13T12:55:00Z
10
value 0.00174
scoring_system epss
scoring_elements 0.3879
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10740
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10740
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10740
3
reference_url https://github.com/roundcube/roundcubemail/issues/6638
reference_id
reference_type
scores
url https://github.com/roundcube/roundcubemail/issues/6638
4
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.3.10
reference_id
reference_type
scores
url https://github.com/roundcube/roundcubemail/releases/tag/1.3.10
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TFFMSO5WKEYSGMTZPZFF4ZADUJ57PRN5/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TFFMSO5WKEYSGMTZPZFF4ZADUJ57PRN5/
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927713
reference_id 927713
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927713
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
reference_id cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:sp2:*:*:*:*:*:*
reference_id cpe:2.3:a:opensuse:backports_sle:15.0:sp2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:sp2:*:*:*:*:*:*
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
reference_id cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
reference_id cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
reference_id cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10740
reference_id CVE-2019-10740
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:P/A:N
1
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
url https://nvd.nist.gov/vuln/detail/CVE-2019-10740
14
reference_url https://usn.ubuntu.com/8132-1/
reference_id USN-8132-1
reference_type
scores
url https://usn.ubuntu.com/8132-1/
fixed_packages
0
url pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2
purl pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14vp-t71a-4bh1
1
vulnerability VCID-2eyy-k49d-m3af
2
vulnerability VCID-2hap-9mqs-v3b8
3
vulnerability VCID-2k4q-26tk-j3gx
4
vulnerability VCID-2nb2-9vgp-tqg9
5
vulnerability VCID-36et-26h7-pke7
6
vulnerability VCID-3kyu-tx4q-p3aq
7
vulnerability VCID-4yzj-hrqv-vbcp
8
vulnerability VCID-5yts-xnha-4bf3
9
vulnerability VCID-79me-pjdn-ykgq
10
vulnerability VCID-7nn6-aywu-z7g8
11
vulnerability VCID-8vmm-1hvf-17ap
12
vulnerability VCID-8xf2-hjfv-hybh
13
vulnerability VCID-9der-5csu-nbbq
14
vulnerability VCID-9uv1-gqq7-3kc9
15
vulnerability VCID-cjkd-2jr6-n7as
16
vulnerability VCID-ck88-1urs-2kes
17
vulnerability VCID-cnkc-vcp7-6kcw
18
vulnerability VCID-ddfq-28qm-2fbn
19
vulnerability VCID-gh6k-19h8-fqbf
20
vulnerability VCID-hg1a-vx5c-hue3
21
vulnerability VCID-jck5-xymf-s3bh
22
vulnerability VCID-jqs5-8ct7-wfgk
23
vulnerability VCID-kyxz-v3sj-w3cw
24
vulnerability VCID-m4yc-ms54-zyhv
25
vulnerability VCID-ncbg-6m11-3qan
26
vulnerability VCID-qwak-6wgy-wfgs
27
vulnerability VCID-rc91-j3kf-zfch
28
vulnerability VCID-s6p1-rf35-euhy
29
vulnerability VCID-u8a4-4pe2-9kcb
30
vulnerability VCID-ub6x-9dku-c7fk
31
vulnerability VCID-vehj-ytsm-kqgz
32
vulnerability VCID-vtz8-zmp4-xbdh
33
vulnerability VCID-x9j7-98zt-6ygt
34
vulnerability VCID-xssa-fwbx-kybq
35
vulnerability VCID-ybv7-hqmj-nbgr
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2
aliases CVE-2019-10740
risk_score 1.9
exploitability 0.5
weighted_severity 3.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ur1a-7tdn-h3hu
36
url VCID-vehj-ytsm-kqgz
vulnerability_id VCID-vehj-ytsm-kqgz
summary security update
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-5631
reference_id
reference_type
scores
0
value 0.83338
scoring_system epss
scoring_elements 0.99269
published_at 2026-04-04T12:55:00Z
1
value 0.83338
scoring_system epss
scoring_elements 0.99266
published_at 2026-04-02T12:55:00Z
2
value 0.83433
scoring_system epss
scoring_elements 0.9928
published_at 2026-04-12T12:55:00Z
3
value 0.83433
scoring_system epss
scoring_elements 0.99281
published_at 2026-04-18T12:55:00Z
4
value 0.83433
scoring_system epss
scoring_elements 0.99278
published_at 2026-04-09T12:55:00Z
5
value 0.83433
scoring_system epss
scoring_elements 0.99277
published_at 2026-04-08T12:55:00Z
6
value 0.83433
scoring_system epss
scoring_elements 0.99279
published_at 2026-04-13T12:55:00Z
7
value 0.85084
scoring_system epss
scoring_elements 0.99356
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-5631
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5631
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5631
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url http://www.openwall.com/lists/oss-security/2023/11/01/1
reference_id 1
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/
url http://www.openwall.com/lists/oss-security/2023/11/01/1
4
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.4.15
reference_id 1.4.15
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.4.15
5
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.5.5
reference_id 1.5.5
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.5.5
6
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.6.4
reference_id 1.6.4
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.6.4
7
reference_url http://www.openwall.com/lists/oss-security/2023/11/17/2
reference_id 2
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/
url http://www.openwall.com/lists/oss-security/2023/11/17/2
8
reference_url http://www.openwall.com/lists/oss-security/2023/11/01/3
reference_id 3
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/
url http://www.openwall.com/lists/oss-security/2023/11/01/3
9
reference_url https://github.com/roundcube/roundcubemail/commit/41756cc3331b495cc0b71886984474dc529dd31d
reference_id 41756cc3331b495cc0b71886984474dc529dd31d
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/
url https://github.com/roundcube/roundcubemail/commit/41756cc3331b495cc0b71886984474dc529dd31d
10
reference_url https://github.com/roundcube/roundcubemail/commit/6ee6e7ae301e165e2b2cb703edf75552e5376613
reference_id 6ee6e7ae301e165e2b2cb703edf75552e5376613
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/
url https://github.com/roundcube/roundcubemail/commit/6ee6e7ae301e165e2b2cb703edf75552e5376613
11
reference_url https://github.com/roundcube/roundcubemail/issues/9168
reference_id 9168
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/
url https://github.com/roundcube/roundcubemail/issues/9168
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054079
reference_id bugreport.cgi?bug=1054079
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054079
13
reference_url https://www.debian.org/security/2023/dsa-5531
reference_id dsa-5531
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/
url https://www.debian.org/security/2023/dsa-5531
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LK67Q46OIEGJCRQUBHKLH3IIJTBNGGX4/
reference_id LK67Q46OIEGJCRQUBHKLH3IIJTBNGGX4
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LK67Q46OIEGJCRQUBHKLH3IIJTBNGGX4/
15
reference_url https://lists.debian.org/debian-lts-announce/2023/10/msg00035.html
reference_id msg00035.html
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/
url https://lists.debian.org/debian-lts-announce/2023/10/msg00035.html
16
reference_url https://roundcube.net/news/2023/10/16/security-update-1.6.4-released
reference_id security-update-1.6.4-released
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/
url https://roundcube.net/news/2023/10/16/security-update-1.6.4-released
17
reference_url https://roundcube.net/news/2023/10/16/security-updates-1.5.5-and-1.4.15
reference_id security-updates-1.5.5-and-1.4.15
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/
url https://roundcube.net/news/2023/10/16/security-updates-1.5.5-and-1.4.15
18
reference_url https://usn.ubuntu.com/6848-1/
reference_id USN-6848-1
reference_type
scores
url https://usn.ubuntu.com/6848-1/
fixed_packages
0
url pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4
purl pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hap-9mqs-v3b8
1
vulnerability VCID-2nb2-9vgp-tqg9
2
vulnerability VCID-3kyu-tx4q-p3aq
3
vulnerability VCID-4yzj-hrqv-vbcp
4
vulnerability VCID-5yts-xnha-4bf3
5
vulnerability VCID-8vmm-1hvf-17ap
6
vulnerability VCID-8xf2-hjfv-hybh
7
vulnerability VCID-9uv1-gqq7-3kc9
8
vulnerability VCID-ck88-1urs-2kes
9
vulnerability VCID-ddfq-28qm-2fbn
10
vulnerability VCID-gh6k-19h8-fqbf
11
vulnerability VCID-rdb5-bbvn-7fcq
12
vulnerability VCID-ub6x-9dku-c7fk
13
vulnerability VCID-vtz8-zmp4-xbdh
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4
aliases CVE-2023-5631
risk_score 10.0
exploitability 2.0
weighted_severity 5.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vehj-ytsm-kqgz
37
url VCID-vtz8-zmp4-xbdh
vulnerability_id VCID-vtz8-zmp4-xbdh
summary roundcubemail: Roundcube Webmail: Cascading Style Sheets (CSS) injection via mishandled comments
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26079.json
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26079.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-26079
reference_id
reference_type
scores
0
value 0.00074
scoring_system epss
scoring_elements 0.22382
published_at 2026-04-18T12:55:00Z
1
value 0.00074
scoring_system epss
scoring_elements 0.22386
published_at 2026-04-16T12:55:00Z
2
value 0.00074
scoring_system epss
scoring_elements 0.22368
published_at 2026-04-13T12:55:00Z
3
value 0.00074
scoring_system epss
scoring_elements 0.22423
published_at 2026-04-12T12:55:00Z
4
value 0.00074
scoring_system epss
scoring_elements 0.22465
published_at 2026-04-11T12:55:00Z
5
value 0.00074
scoring_system epss
scoring_elements 0.22443
published_at 2026-04-09T12:55:00Z
6
value 0.00074
scoring_system epss
scoring_elements 0.22307
published_at 2026-04-07T12:55:00Z
7
value 0.00074
scoring_system epss
scoring_elements 0.22389
published_at 2026-04-08T12:55:00Z
8
value 0.00085
scoring_system epss
scoring_elements 0.2465
published_at 2026-04-21T12:55:00Z
9
value 0.00089
scoring_system epss
scoring_elements 0.25439
published_at 2026-04-04T12:55:00Z
10
value 0.00089
scoring_system epss
scoring_elements 0.25403
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-26079
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26079
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26079
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127447
reference_id 1127447
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127447
5
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.5.13
reference_id 1.5.13
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T16:05:48Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.5.13
6
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.6.13
reference_id 1.6.13
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T16:05:48Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.6.13
7
reference_url https://github.com/roundcube/roundcubemail/commit/1f4c3a5af5033747f9685a8a395dbd8228d19816
reference_id 1f4c3a5af5033747f9685a8a395dbd8228d19816
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T16:05:48Z/
url https://github.com/roundcube/roundcubemail/commit/1f4c3a5af5033747f9685a8a395dbd8228d19816
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2438807
reference_id 2438807
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2438807
9
reference_url https://github.com/roundcube/roundcubemail/commit/2b5625f1d2ef7e050fd1ae481b2a52dc35466447
reference_id 2b5625f1d2ef7e050fd1ae481b2a52dc35466447
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T16:05:48Z/
url https://github.com/roundcube/roundcubemail/commit/2b5625f1d2ef7e050fd1ae481b2a52dc35466447
10
reference_url https://github.com/roundcube/roundcubemail/commit/53d75d5dfebef235a344d476b900c20c12d52b01
reference_id 53d75d5dfebef235a344d476b900c20c12d52b01
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T16:05:48Z/
url https://github.com/roundcube/roundcubemail/commit/53d75d5dfebef235a344d476b900c20c12d52b01
11
reference_url https://github.com/roundcube/roundcubemail/commit/5a3315cce587e0be58335d11ff9a5571c90494a5
reference_id 5a3315cce587e0be58335d11ff9a5571c90494a5
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T16:05:48Z/
url https://github.com/roundcube/roundcubemail/commit/5a3315cce587e0be58335d11ff9a5571c90494a5
12
reference_url https://github.com/roundcube/roundcubemail/commit/bf89cbaa5897d8ad62e8057d9a3f6babb90b7954
reference_id bf89cbaa5897d8ad62e8057d9a3f6babb90b7954
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T16:05:48Z/
url https://github.com/roundcube/roundcubemail/commit/bf89cbaa5897d8ad62e8057d9a3f6babb90b7954
13
reference_url https://github.com/roundcube/roundcubemail/commit/c15f5dbf093a497e19a749b20e7f8fb5a9c24cde
reference_id c15f5dbf093a497e19a749b20e7f8fb5a9c24cde
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T16:05:48Z/
url https://github.com/roundcube/roundcubemail/commit/c15f5dbf093a497e19a749b20e7f8fb5a9c24cde
14
reference_url https://roundcube.net/news/2026/02/08/security-updates-1.6.13-and-1.5.13
reference_id security-updates-1.6.13-and-1.5.13
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T16:05:48Z/
url https://roundcube.net/news/2026/02/08/security-updates-1.6.13-and-1.5.13
fixed_packages
0
url pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6
purl pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6
aliases CVE-2026-26079
risk_score 2.1
exploitability 0.5
weighted_severity 4.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vtz8-zmp4-xbdh
38
url VCID-x9j7-98zt-6ygt
vulnerability_id VCID-x9j7-98zt-6ygt
summary 
A flaw in Roundcube's handling of configuration files may allow
    arbitrary code execution, amongst other vulnerabilities.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-12625
reference_id
reference_type
scores
0
value 0.0231
scoring_system epss
scoring_elements 0.84692
published_at 2026-04-01T12:55:00Z
1
value 0.0231
scoring_system epss
scoring_elements 0.84707
published_at 2026-04-02T12:55:00Z
2
value 0.0231
scoring_system epss
scoring_elements 0.84727
published_at 2026-04-04T12:55:00Z
3
value 0.0231
scoring_system epss
scoring_elements 0.84729
published_at 2026-04-07T12:55:00Z
4
value 0.0231
scoring_system epss
scoring_elements 0.84751
published_at 2026-04-08T12:55:00Z
5
value 0.0231
scoring_system epss
scoring_elements 0.84758
published_at 2026-04-09T12:55:00Z
6
value 0.0231
scoring_system epss
scoring_elements 0.84775
published_at 2026-04-11T12:55:00Z
7
value 0.0231
scoring_system epss
scoring_elements 0.84771
published_at 2026-04-12T12:55:00Z
8
value 0.0231
scoring_system epss
scoring_elements 0.84766
published_at 2026-04-13T12:55:00Z
9
value 0.0231
scoring_system epss
scoring_elements 0.84787
published_at 2026-04-16T12:55:00Z
10
value 0.0231
scoring_system epss
scoring_elements 0.84788
published_at 2026-04-18T12:55:00Z
11
value 0.0231
scoring_system epss
scoring_elements 0.84786
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-12625
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12625
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12625
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12626
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12626
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959140
reference_id 959140
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959140
4
reference_url https://security.gentoo.org/glsa/202007-41
reference_id GLSA-202007-41
reference_type
scores
url https://security.gentoo.org/glsa/202007-41
5
reference_url https://usn.ubuntu.com/USN-5182-1/
reference_id USN-USN-5182-1
reference_type
scores
url https://usn.ubuntu.com/USN-5182-1/
fixed_packages
0
url pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2
purl pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14vp-t71a-4bh1
1
vulnerability VCID-2eyy-k49d-m3af
2
vulnerability VCID-2hap-9mqs-v3b8
3
vulnerability VCID-2k4q-26tk-j3gx
4
vulnerability VCID-2nb2-9vgp-tqg9
5
vulnerability VCID-36et-26h7-pke7
6
vulnerability VCID-3kyu-tx4q-p3aq
7
vulnerability VCID-4yzj-hrqv-vbcp
8
vulnerability VCID-5yts-xnha-4bf3
9
vulnerability VCID-79me-pjdn-ykgq
10
vulnerability VCID-7nn6-aywu-z7g8
11
vulnerability VCID-8vmm-1hvf-17ap
12
vulnerability VCID-8xf2-hjfv-hybh
13
vulnerability VCID-9der-5csu-nbbq
14
vulnerability VCID-9uv1-gqq7-3kc9
15
vulnerability VCID-cjkd-2jr6-n7as
16
vulnerability VCID-ck88-1urs-2kes
17
vulnerability VCID-cnkc-vcp7-6kcw
18
vulnerability VCID-ddfq-28qm-2fbn
19
vulnerability VCID-gh6k-19h8-fqbf
20
vulnerability VCID-hg1a-vx5c-hue3
21
vulnerability VCID-jck5-xymf-s3bh
22
vulnerability VCID-jqs5-8ct7-wfgk
23
vulnerability VCID-kyxz-v3sj-w3cw
24
vulnerability VCID-m4yc-ms54-zyhv
25
vulnerability VCID-ncbg-6m11-3qan
26
vulnerability VCID-qwak-6wgy-wfgs
27
vulnerability VCID-rc91-j3kf-zfch
28
vulnerability VCID-s6p1-rf35-euhy
29
vulnerability VCID-u8a4-4pe2-9kcb
30
vulnerability VCID-ub6x-9dku-c7fk
31
vulnerability VCID-vehj-ytsm-kqgz
32
vulnerability VCID-vtz8-zmp4-xbdh
33
vulnerability VCID-x9j7-98zt-6ygt
34
vulnerability VCID-xssa-fwbx-kybq
35
vulnerability VCID-ybv7-hqmj-nbgr
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2
1
url pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4
purl pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hap-9mqs-v3b8
1
vulnerability VCID-2nb2-9vgp-tqg9
2
vulnerability VCID-3kyu-tx4q-p3aq
3
vulnerability VCID-4yzj-hrqv-vbcp
4
vulnerability VCID-5yts-xnha-4bf3
5
vulnerability VCID-8vmm-1hvf-17ap
6
vulnerability VCID-8xf2-hjfv-hybh
7
vulnerability VCID-9uv1-gqq7-3kc9
8
vulnerability VCID-ck88-1urs-2kes
9
vulnerability VCID-ddfq-28qm-2fbn
10
vulnerability VCID-gh6k-19h8-fqbf
11
vulnerability VCID-rdb5-bbvn-7fcq
12
vulnerability VCID-ub6x-9dku-c7fk
13
vulnerability VCID-vtz8-zmp4-xbdh
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4
aliases CVE-2020-12625
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x9j7-98zt-6ygt
39
url VCID-xssa-fwbx-kybq
vulnerability_id VCID-xssa-fwbx-kybq
summary Cross Site Scripting (XSS) vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-18670
reference_id
reference_type
scores
0
value 0.00415
scoring_system epss
scoring_elements 0.61508
published_at 2026-04-01T12:55:00Z
1
value 0.00415
scoring_system epss
scoring_elements 0.61583
published_at 2026-04-07T12:55:00Z
2
value 0.00415
scoring_system epss
scoring_elements 0.61612
published_at 2026-04-04T12:55:00Z
3
value 0.00415
scoring_system epss
scoring_elements 0.61632
published_at 2026-04-08T12:55:00Z
4
value 0.00415
scoring_system epss
scoring_elements 0.61646
published_at 2026-04-09T12:55:00Z
5
value 0.00415
scoring_system epss
scoring_elements 0.61668
published_at 2026-04-11T12:55:00Z
6
value 0.00415
scoring_system epss
scoring_elements 0.61656
published_at 2026-04-12T12:55:00Z
7
value 0.00415
scoring_system epss
scoring_elements 0.61637
published_at 2026-04-13T12:55:00Z
8
value 0.00415
scoring_system epss
scoring_elements 0.61679
published_at 2026-04-16T12:55:00Z
9
value 0.00415
scoring_system epss
scoring_elements 0.61684
published_at 2026-04-18T12:55:00Z
10
value 0.00415
scoring_system epss
scoring_elements 0.61669
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-18670
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-18670
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-18670
fixed_packages
0
url pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4
purl pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hap-9mqs-v3b8
1
vulnerability VCID-2nb2-9vgp-tqg9
2
vulnerability VCID-3kyu-tx4q-p3aq
3
vulnerability VCID-4yzj-hrqv-vbcp
4
vulnerability VCID-5yts-xnha-4bf3
5
vulnerability VCID-8vmm-1hvf-17ap
6
vulnerability VCID-8xf2-hjfv-hybh
7
vulnerability VCID-9uv1-gqq7-3kc9
8
vulnerability VCID-ck88-1urs-2kes
9
vulnerability VCID-ddfq-28qm-2fbn
10
vulnerability VCID-gh6k-19h8-fqbf
11
vulnerability VCID-rdb5-bbvn-7fcq
12
vulnerability VCID-ub6x-9dku-c7fk
13
vulnerability VCID-vtz8-zmp4-xbdh
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4
aliases CVE-2020-18670
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xssa-fwbx-kybq
40
url VCID-ybv7-hqmj-nbgr
vulnerability_id VCID-ybv7-hqmj-nbgr
summary Multiple vulnerabilities have been discovered in Roundcube, the worst of which could lead to execution of arbitrary code.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-44025
reference_id
reference_type
scores
0
value 0.00629
scoring_system epss
scoring_elements 0.7019
published_at 2026-04-01T12:55:00Z
1
value 0.00629
scoring_system epss
scoring_elements 0.70202
published_at 2026-04-02T12:55:00Z
2
value 0.00629
scoring_system epss
scoring_elements 0.70219
published_at 2026-04-04T12:55:00Z
3
value 0.00629
scoring_system epss
scoring_elements 0.70196
published_at 2026-04-07T12:55:00Z
4
value 0.00629
scoring_system epss
scoring_elements 0.70242
published_at 2026-04-08T12:55:00Z
5
value 0.00629
scoring_system epss
scoring_elements 0.70257
published_at 2026-04-09T12:55:00Z
6
value 0.00629
scoring_system epss
scoring_elements 0.7028
published_at 2026-04-11T12:55:00Z
7
value 0.00629
scoring_system epss
scoring_elements 0.70266
published_at 2026-04-12T12:55:00Z
8
value 0.00629
scoring_system epss
scoring_elements 0.70253
published_at 2026-04-13T12:55:00Z
9
value 0.00629
scoring_system epss
scoring_elements 0.70294
published_at 2026-04-16T12:55:00Z
10
value 0.00629
scoring_system epss
scoring_elements 0.70304
published_at 2026-04-18T12:55:00Z
11
value 0.00629
scoring_system epss
scoring_elements 0.70285
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-44025
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44025
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44025
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44026
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44026
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000156
reference_id 1000156
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000156
4
reference_url https://security.gentoo.org/glsa/202507-10
reference_id GLSA-202507-10
reference_type
scores
url https://security.gentoo.org/glsa/202507-10
5
reference_url https://usn.ubuntu.com/USN-5182-1/
reference_id USN-USN-5182-1
reference_type
scores
url https://usn.ubuntu.com/USN-5182-1/
fixed_packages
0
url pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2
purl pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14vp-t71a-4bh1
1
vulnerability VCID-2eyy-k49d-m3af
2
vulnerability VCID-2hap-9mqs-v3b8
3
vulnerability VCID-2k4q-26tk-j3gx
4
vulnerability VCID-2nb2-9vgp-tqg9
5
vulnerability VCID-36et-26h7-pke7
6
vulnerability VCID-3kyu-tx4q-p3aq
7
vulnerability VCID-4yzj-hrqv-vbcp
8
vulnerability VCID-5yts-xnha-4bf3
9
vulnerability VCID-79me-pjdn-ykgq
10
vulnerability VCID-7nn6-aywu-z7g8
11
vulnerability VCID-8vmm-1hvf-17ap
12
vulnerability VCID-8xf2-hjfv-hybh
13
vulnerability VCID-9der-5csu-nbbq
14
vulnerability VCID-9uv1-gqq7-3kc9
15
vulnerability VCID-cjkd-2jr6-n7as
16
vulnerability VCID-ck88-1urs-2kes
17
vulnerability VCID-cnkc-vcp7-6kcw
18
vulnerability VCID-ddfq-28qm-2fbn
19
vulnerability VCID-gh6k-19h8-fqbf
20
vulnerability VCID-hg1a-vx5c-hue3
21
vulnerability VCID-jck5-xymf-s3bh
22
vulnerability VCID-jqs5-8ct7-wfgk
23
vulnerability VCID-kyxz-v3sj-w3cw
24
vulnerability VCID-m4yc-ms54-zyhv
25
vulnerability VCID-ncbg-6m11-3qan
26
vulnerability VCID-qwak-6wgy-wfgs
27
vulnerability VCID-rc91-j3kf-zfch
28
vulnerability VCID-s6p1-rf35-euhy
29
vulnerability VCID-u8a4-4pe2-9kcb
30
vulnerability VCID-ub6x-9dku-c7fk
31
vulnerability VCID-vehj-ytsm-kqgz
32
vulnerability VCID-vtz8-zmp4-xbdh
33
vulnerability VCID-x9j7-98zt-6ygt
34
vulnerability VCID-xssa-fwbx-kybq
35
vulnerability VCID-ybv7-hqmj-nbgr
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2
1
url pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4
purl pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hap-9mqs-v3b8
1
vulnerability VCID-2nb2-9vgp-tqg9
2
vulnerability VCID-3kyu-tx4q-p3aq
3
vulnerability VCID-4yzj-hrqv-vbcp
4
vulnerability VCID-5yts-xnha-4bf3
5
vulnerability VCID-8vmm-1hvf-17ap
6
vulnerability VCID-8xf2-hjfv-hybh
7
vulnerability VCID-9uv1-gqq7-3kc9
8
vulnerability VCID-ck88-1urs-2kes
9
vulnerability VCID-ddfq-28qm-2fbn
10
vulnerability VCID-gh6k-19h8-fqbf
11
vulnerability VCID-rdb5-bbvn-7fcq
12
vulnerability VCID-ub6x-9dku-c7fk
13
vulnerability VCID-vtz8-zmp4-xbdh
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4
aliases CVE-2021-44025
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ybv7-hqmj-nbgr
41
url VCID-z3kp-p8ch-myhz
vulnerability_id VCID-z3kp-p8ch-myhz
summary security update
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-9846
reference_id
reference_type
scores
0
value 0.00852
scoring_system epss
scoring_elements 0.74869
published_at 2026-04-01T12:55:00Z
1
value 0.00852
scoring_system epss
scoring_elements 0.7487
published_at 2026-04-02T12:55:00Z
2
value 0.00852
scoring_system epss
scoring_elements 0.74899
published_at 2026-04-04T12:55:00Z
3
value 0.00852
scoring_system epss
scoring_elements 0.74947
published_at 2026-04-21T12:55:00Z
4
value 0.00876
scoring_system epss
scoring_elements 0.75344
published_at 2026-04-18T12:55:00Z
5
value 0.00876
scoring_system epss
scoring_elements 0.75299
published_at 2026-04-08T12:55:00Z
6
value 0.00876
scoring_system epss
scoring_elements 0.7531
published_at 2026-04-09T12:55:00Z
7
value 0.00876
scoring_system epss
scoring_elements 0.75331
published_at 2026-04-11T12:55:00Z
8
value 0.00876
scoring_system epss
scoring_elements 0.75309
published_at 2026-04-12T12:55:00Z
9
value 0.00876
scoring_system epss
scoring_elements 0.75298
published_at 2026-04-13T12:55:00Z
10
value 0.00876
scoring_system epss
scoring_elements 0.75256
published_at 2026-04-07T12:55:00Z
11
value 0.00876
scoring_system epss
scoring_elements 0.75337
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-9846
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9846
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9846
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895184
reference_id 895184
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895184
3
reference_url https://security.archlinux.org/ASA-201804-8
reference_id ASA-201804-8
reference_type
scores
url https://security.archlinux.org/ASA-201804-8
4
reference_url https://security.archlinux.org/AVG-670
reference_id AVG-670
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-670
5
reference_url https://usn.ubuntu.com/8132-1/
reference_id USN-8132-1
reference_type
scores
url https://usn.ubuntu.com/8132-1/
fixed_packages
0
url pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2
purl pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14vp-t71a-4bh1
1
vulnerability VCID-2eyy-k49d-m3af
2
vulnerability VCID-2hap-9mqs-v3b8
3
vulnerability VCID-2k4q-26tk-j3gx
4
vulnerability VCID-2nb2-9vgp-tqg9
5
vulnerability VCID-36et-26h7-pke7
6
vulnerability VCID-3kyu-tx4q-p3aq
7
vulnerability VCID-4yzj-hrqv-vbcp
8
vulnerability VCID-5yts-xnha-4bf3
9
vulnerability VCID-79me-pjdn-ykgq
10
vulnerability VCID-7nn6-aywu-z7g8
11
vulnerability VCID-8vmm-1hvf-17ap
12
vulnerability VCID-8xf2-hjfv-hybh
13
vulnerability VCID-9der-5csu-nbbq
14
vulnerability VCID-9uv1-gqq7-3kc9
15
vulnerability VCID-cjkd-2jr6-n7as
16
vulnerability VCID-ck88-1urs-2kes
17
vulnerability VCID-cnkc-vcp7-6kcw
18
vulnerability VCID-ddfq-28qm-2fbn
19
vulnerability VCID-gh6k-19h8-fqbf
20
vulnerability VCID-hg1a-vx5c-hue3
21
vulnerability VCID-jck5-xymf-s3bh
22
vulnerability VCID-jqs5-8ct7-wfgk
23
vulnerability VCID-kyxz-v3sj-w3cw
24
vulnerability VCID-m4yc-ms54-zyhv
25
vulnerability VCID-ncbg-6m11-3qan
26
vulnerability VCID-qwak-6wgy-wfgs
27
vulnerability VCID-rc91-j3kf-zfch
28
vulnerability VCID-s6p1-rf35-euhy
29
vulnerability VCID-u8a4-4pe2-9kcb
30
vulnerability VCID-ub6x-9dku-c7fk
31
vulnerability VCID-vehj-ytsm-kqgz
32
vulnerability VCID-vtz8-zmp4-xbdh
33
vulnerability VCID-x9j7-98zt-6ygt
34
vulnerability VCID-xssa-fwbx-kybq
35
vulnerability VCID-ybv7-hqmj-nbgr
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2
aliases CVE-2018-9846
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z3kp-p8ch-myhz
Fixing_vulnerabilities
0
url VCID-7nn6-aywu-z7g8
vulnerability_id VCID-7nn6-aywu-z7g8
summary security update
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13964
reference_id
reference_type
scores
0
value 0.00872
scoring_system epss
scoring_elements 0.75174
published_at 2026-04-01T12:55:00Z
1
value 0.00872
scoring_system epss
scoring_elements 0.75177
published_at 2026-04-02T12:55:00Z
2
value 0.00872
scoring_system epss
scoring_elements 0.75208
published_at 2026-04-04T12:55:00Z
3
value 0.00872
scoring_system epss
scoring_elements 0.75184
published_at 2026-04-07T12:55:00Z
4
value 0.00872
scoring_system epss
scoring_elements 0.75219
published_at 2026-04-08T12:55:00Z
5
value 0.00872
scoring_system epss
scoring_elements 0.75231
published_at 2026-04-09T12:55:00Z
6
value 0.00872
scoring_system epss
scoring_elements 0.75252
published_at 2026-04-11T12:55:00Z
7
value 0.00872
scoring_system epss
scoring_elements 0.75229
published_at 2026-04-12T12:55:00Z
8
value 0.00872
scoring_system epss
scoring_elements 0.75218
published_at 2026-04-13T12:55:00Z
9
value 0.00872
scoring_system epss
scoring_elements 0.75256
published_at 2026-04-16T12:55:00Z
10
value 0.00872
scoring_system epss
scoring_elements 0.75263
published_at 2026-04-18T12:55:00Z
11
value 0.00872
scoring_system epss
scoring_elements 0.75254
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13964
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13964
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13964
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13965
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13965
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962123
reference_id 962123
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962123
4
reference_url https://usn.ubuntu.com/USN-5182-1/
reference_id USN-USN-5182-1
reference_type
scores
url https://usn.ubuntu.com/USN-5182-1/
fixed_packages
0
url pkg:deb/debian/roundcube@1.2.3%2Bdfsg.1-4%2Bdeb9u6
purl pkg:deb/debian/roundcube@1.2.3%2Bdfsg.1-4%2Bdeb9u6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14vp-t71a-4bh1
1
vulnerability VCID-2eyy-k49d-m3af
2
vulnerability VCID-2hap-9mqs-v3b8
3
vulnerability VCID-2k4q-26tk-j3gx
4
vulnerability VCID-2nb2-9vgp-tqg9
5
vulnerability VCID-36et-26h7-pke7
6
vulnerability VCID-3kyu-tx4q-p3aq
7
vulnerability VCID-4yzj-hrqv-vbcp
8
vulnerability VCID-5yts-xnha-4bf3
9
vulnerability VCID-79me-pjdn-ykgq
10
vulnerability VCID-7nn6-aywu-z7g8
11
vulnerability VCID-8vmm-1hvf-17ap
12
vulnerability VCID-8xf2-hjfv-hybh
13
vulnerability VCID-9der-5csu-nbbq
14
vulnerability VCID-9ktu-55q4-3kau
15
vulnerability VCID-9uv1-gqq7-3kc9
16
vulnerability VCID-cjkd-2jr6-n7as
17
vulnerability VCID-ck88-1urs-2kes
18
vulnerability VCID-cnkc-vcp7-6kcw
19
vulnerability VCID-ddfq-28qm-2fbn
20
vulnerability VCID-fuh5-bwaq-yyfk
21
vulnerability VCID-gh6k-19h8-fqbf
22
vulnerability VCID-hg1a-vx5c-hue3
23
vulnerability VCID-j29t-cw2h-mfd8
24
vulnerability VCID-jck5-xymf-s3bh
25
vulnerability VCID-jqs5-8ct7-wfgk
26
vulnerability VCID-kyxz-v3sj-w3cw
27
vulnerability VCID-m4yc-ms54-zyhv
28
vulnerability VCID-ncbg-6m11-3qan
29
vulnerability VCID-qwak-6wgy-wfgs
30
vulnerability VCID-rc91-j3kf-zfch
31
vulnerability VCID-s6p1-rf35-euhy
32
vulnerability VCID-ts1p-pw9v-cbh3
33
vulnerability VCID-u8a4-4pe2-9kcb
34
vulnerability VCID-ub6x-9dku-c7fk
35
vulnerability VCID-ur1a-7tdn-h3hu
36
vulnerability VCID-vehj-ytsm-kqgz
37
vulnerability VCID-vtz8-zmp4-xbdh
38
vulnerability VCID-x9j7-98zt-6ygt
39
vulnerability VCID-xssa-fwbx-kybq
40
vulnerability VCID-ybv7-hqmj-nbgr
41
vulnerability VCID-z3kp-p8ch-myhz
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.2.3%252Bdfsg.1-4%252Bdeb9u6
1
url pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2
purl pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14vp-t71a-4bh1
1
vulnerability VCID-2eyy-k49d-m3af
2
vulnerability VCID-2hap-9mqs-v3b8
3
vulnerability VCID-2k4q-26tk-j3gx
4
vulnerability VCID-2nb2-9vgp-tqg9
5
vulnerability VCID-36et-26h7-pke7
6
vulnerability VCID-3kyu-tx4q-p3aq
7
vulnerability VCID-4yzj-hrqv-vbcp
8
vulnerability VCID-5yts-xnha-4bf3
9
vulnerability VCID-79me-pjdn-ykgq
10
vulnerability VCID-7nn6-aywu-z7g8
11
vulnerability VCID-8vmm-1hvf-17ap
12
vulnerability VCID-8xf2-hjfv-hybh
13
vulnerability VCID-9der-5csu-nbbq
14
vulnerability VCID-9uv1-gqq7-3kc9
15
vulnerability VCID-cjkd-2jr6-n7as
16
vulnerability VCID-ck88-1urs-2kes
17
vulnerability VCID-cnkc-vcp7-6kcw
18
vulnerability VCID-ddfq-28qm-2fbn
19
vulnerability VCID-gh6k-19h8-fqbf
20
vulnerability VCID-hg1a-vx5c-hue3
21
vulnerability VCID-jck5-xymf-s3bh
22
vulnerability VCID-jqs5-8ct7-wfgk
23
vulnerability VCID-kyxz-v3sj-w3cw
24
vulnerability VCID-m4yc-ms54-zyhv
25
vulnerability VCID-ncbg-6m11-3qan
26
vulnerability VCID-qwak-6wgy-wfgs
27
vulnerability VCID-rc91-j3kf-zfch
28
vulnerability VCID-s6p1-rf35-euhy
29
vulnerability VCID-u8a4-4pe2-9kcb
30
vulnerability VCID-ub6x-9dku-c7fk
31
vulnerability VCID-vehj-ytsm-kqgz
32
vulnerability VCID-vtz8-zmp4-xbdh
33
vulnerability VCID-x9j7-98zt-6ygt
34
vulnerability VCID-xssa-fwbx-kybq
35
vulnerability VCID-ybv7-hqmj-nbgr
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2
2
url pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4
purl pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hap-9mqs-v3b8
1
vulnerability VCID-2nb2-9vgp-tqg9
2
vulnerability VCID-3kyu-tx4q-p3aq
3
vulnerability VCID-4yzj-hrqv-vbcp
4
vulnerability VCID-5yts-xnha-4bf3
5
vulnerability VCID-8vmm-1hvf-17ap
6
vulnerability VCID-8xf2-hjfv-hybh
7
vulnerability VCID-9uv1-gqq7-3kc9
8
vulnerability VCID-ck88-1urs-2kes
9
vulnerability VCID-ddfq-28qm-2fbn
10
vulnerability VCID-gh6k-19h8-fqbf
11
vulnerability VCID-rdb5-bbvn-7fcq
12
vulnerability VCID-ub6x-9dku-c7fk
13
vulnerability VCID-vtz8-zmp4-xbdh
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4
aliases CVE-2020-13964
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7nn6-aywu-z7g8
1
url VCID-brmp-djyb-q3b7
vulnerability_id VCID-brmp-djyb-q3b7
summary Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail before 1.1.5 allows remote attackers to hijack the authentication of users for requests that download attachments and cause a denial of service (disk consumption) via unspecified vectors.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-4069
reference_id
reference_type
scores
0
value 0.01131
scoring_system epss
scoring_elements 0.78273
published_at 2026-04-01T12:55:00Z
1
value 0.01131
scoring_system epss
scoring_elements 0.7828
published_at 2026-04-02T12:55:00Z
2
value 0.01131
scoring_system epss
scoring_elements 0.78312
published_at 2026-04-04T12:55:00Z
3
value 0.01131
scoring_system epss
scoring_elements 0.78293
published_at 2026-04-07T12:55:00Z
4
value 0.01131
scoring_system epss
scoring_elements 0.7832
published_at 2026-04-08T12:55:00Z
5
value 0.01131
scoring_system epss
scoring_elements 0.78326
published_at 2026-04-09T12:55:00Z
6
value 0.01131
scoring_system epss
scoring_elements 0.78352
published_at 2026-04-11T12:55:00Z
7
value 0.01131
scoring_system epss
scoring_elements 0.78335
published_at 2026-04-12T12:55:00Z
8
value 0.01131
scoring_system epss
scoring_elements 0.78328
published_at 2026-04-13T12:55:00Z
9
value 0.01131
scoring_system epss
scoring_elements 0.78357
published_at 2026-04-16T12:55:00Z
10
value 0.01131
scoring_system epss
scoring_elements 0.78355
published_at 2026-04-18T12:55:00Z
11
value 0.01131
scoring_system epss
scoring_elements 0.78353
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-4069
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4069
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4069
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=822333
reference_id 822333
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=822333
3
reference_url https://usn.ubuntu.com/8132-1/
reference_id USN-8132-1
reference_type
scores
url https://usn.ubuntu.com/8132-1/
fixed_packages
0
url pkg:deb/debian/roundcube@1.2.3%2Bdfsg.1-4%2Bdeb9u6
purl pkg:deb/debian/roundcube@1.2.3%2Bdfsg.1-4%2Bdeb9u6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14vp-t71a-4bh1
1
vulnerability VCID-2eyy-k49d-m3af
2
vulnerability VCID-2hap-9mqs-v3b8
3
vulnerability VCID-2k4q-26tk-j3gx
4
vulnerability VCID-2nb2-9vgp-tqg9
5
vulnerability VCID-36et-26h7-pke7
6
vulnerability VCID-3kyu-tx4q-p3aq
7
vulnerability VCID-4yzj-hrqv-vbcp
8
vulnerability VCID-5yts-xnha-4bf3
9
vulnerability VCID-79me-pjdn-ykgq
10
vulnerability VCID-7nn6-aywu-z7g8
11
vulnerability VCID-8vmm-1hvf-17ap
12
vulnerability VCID-8xf2-hjfv-hybh
13
vulnerability VCID-9der-5csu-nbbq
14
vulnerability VCID-9ktu-55q4-3kau
15
vulnerability VCID-9uv1-gqq7-3kc9
16
vulnerability VCID-cjkd-2jr6-n7as
17
vulnerability VCID-ck88-1urs-2kes
18
vulnerability VCID-cnkc-vcp7-6kcw
19
vulnerability VCID-ddfq-28qm-2fbn
20
vulnerability VCID-fuh5-bwaq-yyfk
21
vulnerability VCID-gh6k-19h8-fqbf
22
vulnerability VCID-hg1a-vx5c-hue3
23
vulnerability VCID-j29t-cw2h-mfd8
24
vulnerability VCID-jck5-xymf-s3bh
25
vulnerability VCID-jqs5-8ct7-wfgk
26
vulnerability VCID-kyxz-v3sj-w3cw
27
vulnerability VCID-m4yc-ms54-zyhv
28
vulnerability VCID-ncbg-6m11-3qan
29
vulnerability VCID-qwak-6wgy-wfgs
30
vulnerability VCID-rc91-j3kf-zfch
31
vulnerability VCID-s6p1-rf35-euhy
32
vulnerability VCID-ts1p-pw9v-cbh3
33
vulnerability VCID-u8a4-4pe2-9kcb
34
vulnerability VCID-ub6x-9dku-c7fk
35
vulnerability VCID-ur1a-7tdn-h3hu
36
vulnerability VCID-vehj-ytsm-kqgz
37
vulnerability VCID-vtz8-zmp4-xbdh
38
vulnerability VCID-x9j7-98zt-6ygt
39
vulnerability VCID-xssa-fwbx-kybq
40
vulnerability VCID-ybv7-hqmj-nbgr
41
vulnerability VCID-z3kp-p8ch-myhz
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.2.3%252Bdfsg.1-4%252Bdeb9u6
aliases CVE-2016-4069
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-brmp-djyb-q3b7
2
url VCID-c4ys-1wzp-vqej
vulnerability_id VCID-c4ys-1wzp-vqej
summary 
A vulnerability in RoundCube may allow authenticated users to
    bypass security restrictions.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-8114
reference_id
reference_type
scores
0
value 0.00632
scoring_system epss
scoring_elements 0.70357
published_at 2026-04-21T12:55:00Z
1
value 0.00632
scoring_system epss
scoring_elements 0.70375
published_at 2026-04-18T12:55:00Z
2
value 0.00632
scoring_system epss
scoring_elements 0.70261
published_at 2026-04-01T12:55:00Z
3
value 0.00632
scoring_system epss
scoring_elements 0.70274
published_at 2026-04-02T12:55:00Z
4
value 0.00632
scoring_system epss
scoring_elements 0.70291
published_at 2026-04-04T12:55:00Z
5
value 0.00632
scoring_system epss
scoring_elements 0.70267
published_at 2026-04-07T12:55:00Z
6
value 0.00632
scoring_system epss
scoring_elements 0.70313
published_at 2026-04-08T12:55:00Z
7
value 0.00632
scoring_system epss
scoring_elements 0.70328
published_at 2026-04-09T12:55:00Z
8
value 0.00632
scoring_system epss
scoring_elements 0.70351
published_at 2026-04-11T12:55:00Z
9
value 0.00632
scoring_system epss
scoring_elements 0.70336
published_at 2026-04-12T12:55:00Z
10
value 0.00632
scoring_system epss
scoring_elements 0.70323
published_at 2026-04-13T12:55:00Z
11
value 0.00632
scoring_system epss
scoring_elements 0.70366
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-8114
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8114
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8114
2
reference_url https://github.com/ilsani/rd/tree/master/security-advisories/web/roundcube/cve-2017-8114
reference_id
reference_type
scores
url https://github.com/ilsani/rd/tree/master/security-advisories/web/roundcube/cve-2017-8114
3
reference_url https://roundcube.net/news/2017/04/28/security-updates-1.2.5-1.1.9-and-1.0.11
reference_id
reference_type
scores
url https://roundcube.net/news/2017/04/28/security-updates-1.2.5-1.1.9-and-1.0.11
4
reference_url http://www.securityfocus.com/bid/98445
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/98445
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861388
reference_id 861388
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861388
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-8114
reference_id CVE-2017-8114
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://nvd.nist.gov/vuln/detail/CVE-2017-8114
8
reference_url https://security.gentoo.org/glsa/201707-11
reference_id GLSA-201707-11
reference_type
scores
url https://security.gentoo.org/glsa/201707-11
9
reference_url https://usn.ubuntu.com/8132-1/
reference_id USN-8132-1
reference_type
scores
url https://usn.ubuntu.com/8132-1/
fixed_packages
0
url pkg:deb/debian/roundcube@1.2.3%2Bdfsg.1-4%2Bdeb9u6
purl pkg:deb/debian/roundcube@1.2.3%2Bdfsg.1-4%2Bdeb9u6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14vp-t71a-4bh1
1
vulnerability VCID-2eyy-k49d-m3af
2
vulnerability VCID-2hap-9mqs-v3b8
3
vulnerability VCID-2k4q-26tk-j3gx
4
vulnerability VCID-2nb2-9vgp-tqg9
5
vulnerability VCID-36et-26h7-pke7
6
vulnerability VCID-3kyu-tx4q-p3aq
7
vulnerability VCID-4yzj-hrqv-vbcp
8
vulnerability VCID-5yts-xnha-4bf3
9
vulnerability VCID-79me-pjdn-ykgq
10
vulnerability VCID-7nn6-aywu-z7g8
11
vulnerability VCID-8vmm-1hvf-17ap
12
vulnerability VCID-8xf2-hjfv-hybh
13
vulnerability VCID-9der-5csu-nbbq
14
vulnerability VCID-9ktu-55q4-3kau
15
vulnerability VCID-9uv1-gqq7-3kc9
16
vulnerability VCID-cjkd-2jr6-n7as
17
vulnerability VCID-ck88-1urs-2kes
18
vulnerability VCID-cnkc-vcp7-6kcw
19
vulnerability VCID-ddfq-28qm-2fbn
20
vulnerability VCID-fuh5-bwaq-yyfk
21
vulnerability VCID-gh6k-19h8-fqbf
22
vulnerability VCID-hg1a-vx5c-hue3
23
vulnerability VCID-j29t-cw2h-mfd8
24
vulnerability VCID-jck5-xymf-s3bh
25
vulnerability VCID-jqs5-8ct7-wfgk
26
vulnerability VCID-kyxz-v3sj-w3cw
27
vulnerability VCID-m4yc-ms54-zyhv
28
vulnerability VCID-ncbg-6m11-3qan
29
vulnerability VCID-qwak-6wgy-wfgs
30
vulnerability VCID-rc91-j3kf-zfch
31
vulnerability VCID-s6p1-rf35-euhy
32
vulnerability VCID-ts1p-pw9v-cbh3
33
vulnerability VCID-u8a4-4pe2-9kcb
34
vulnerability VCID-ub6x-9dku-c7fk
35
vulnerability VCID-ur1a-7tdn-h3hu
36
vulnerability VCID-vehj-ytsm-kqgz
37
vulnerability VCID-vtz8-zmp4-xbdh
38
vulnerability VCID-x9j7-98zt-6ygt
39
vulnerability VCID-xssa-fwbx-kybq
40
vulnerability VCID-ybv7-hqmj-nbgr
41
vulnerability VCID-z3kp-p8ch-myhz
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.2.3%252Bdfsg.1-4%252Bdeb9u6
aliases CVE-2017-8114
risk_score 4.0
exploitability 0.5
weighted_severity 7.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c4ys-1wzp-vqej
3
url VCID-cnkc-vcp7-6kcw
vulnerability_id VCID-cnkc-vcp7-6kcw
summary 
A flaw in Roundcube's handling of configuration files may allow
    arbitrary code execution, amongst other vulnerabilities.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-12626
reference_id
reference_type
scores
0
value 0.01288
scoring_system epss
scoring_elements 0.79589
published_at 2026-04-01T12:55:00Z
1
value 0.01288
scoring_system epss
scoring_elements 0.79596
published_at 2026-04-02T12:55:00Z
2
value 0.01288
scoring_system epss
scoring_elements 0.79618
published_at 2026-04-04T12:55:00Z
3
value 0.01288
scoring_system epss
scoring_elements 0.79605
published_at 2026-04-07T12:55:00Z
4
value 0.01288
scoring_system epss
scoring_elements 0.79634
published_at 2026-04-08T12:55:00Z
5
value 0.01288
scoring_system epss
scoring_elements 0.79642
published_at 2026-04-09T12:55:00Z
6
value 0.01288
scoring_system epss
scoring_elements 0.79662
published_at 2026-04-11T12:55:00Z
7
value 0.01288
scoring_system epss
scoring_elements 0.79647
published_at 2026-04-12T12:55:00Z
8
value 0.01288
scoring_system epss
scoring_elements 0.79639
published_at 2026-04-13T12:55:00Z
9
value 0.01288
scoring_system epss
scoring_elements 0.7967
published_at 2026-04-16T12:55:00Z
10
value 0.01288
scoring_system epss
scoring_elements 0.79669
published_at 2026-04-18T12:55:00Z
11
value 0.01288
scoring_system epss
scoring_elements 0.79673
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-12626
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12625
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12625
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12626
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12626
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959142
reference_id 959142
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959142
4
reference_url https://security.gentoo.org/glsa/202007-41
reference_id GLSA-202007-41
reference_type
scores
url https://security.gentoo.org/glsa/202007-41
5
reference_url https://usn.ubuntu.com/USN-5182-1/
reference_id USN-USN-5182-1
reference_type
scores
url https://usn.ubuntu.com/USN-5182-1/
fixed_packages
0
url pkg:deb/debian/roundcube@1.2.3%2Bdfsg.1-4%2Bdeb9u6
purl pkg:deb/debian/roundcube@1.2.3%2Bdfsg.1-4%2Bdeb9u6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14vp-t71a-4bh1
1
vulnerability VCID-2eyy-k49d-m3af
2
vulnerability VCID-2hap-9mqs-v3b8
3
vulnerability VCID-2k4q-26tk-j3gx
4
vulnerability VCID-2nb2-9vgp-tqg9
5
vulnerability VCID-36et-26h7-pke7
6
vulnerability VCID-3kyu-tx4q-p3aq
7
vulnerability VCID-4yzj-hrqv-vbcp
8
vulnerability VCID-5yts-xnha-4bf3
9
vulnerability VCID-79me-pjdn-ykgq
10
vulnerability VCID-7nn6-aywu-z7g8
11
vulnerability VCID-8vmm-1hvf-17ap
12
vulnerability VCID-8xf2-hjfv-hybh
13
vulnerability VCID-9der-5csu-nbbq
14
vulnerability VCID-9ktu-55q4-3kau
15
vulnerability VCID-9uv1-gqq7-3kc9
16
vulnerability VCID-cjkd-2jr6-n7as
17
vulnerability VCID-ck88-1urs-2kes
18
vulnerability VCID-cnkc-vcp7-6kcw
19
vulnerability VCID-ddfq-28qm-2fbn
20
vulnerability VCID-fuh5-bwaq-yyfk
21
vulnerability VCID-gh6k-19h8-fqbf
22
vulnerability VCID-hg1a-vx5c-hue3
23
vulnerability VCID-j29t-cw2h-mfd8
24
vulnerability VCID-jck5-xymf-s3bh
25
vulnerability VCID-jqs5-8ct7-wfgk
26
vulnerability VCID-kyxz-v3sj-w3cw
27
vulnerability VCID-m4yc-ms54-zyhv
28
vulnerability VCID-ncbg-6m11-3qan
29
vulnerability VCID-qwak-6wgy-wfgs
30
vulnerability VCID-rc91-j3kf-zfch
31
vulnerability VCID-s6p1-rf35-euhy
32
vulnerability VCID-ts1p-pw9v-cbh3
33
vulnerability VCID-u8a4-4pe2-9kcb
34
vulnerability VCID-ub6x-9dku-c7fk
35
vulnerability VCID-ur1a-7tdn-h3hu
36
vulnerability VCID-vehj-ytsm-kqgz
37
vulnerability VCID-vtz8-zmp4-xbdh
38
vulnerability VCID-x9j7-98zt-6ygt
39
vulnerability VCID-xssa-fwbx-kybq
40
vulnerability VCID-ybv7-hqmj-nbgr
41
vulnerability VCID-z3kp-p8ch-myhz
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.2.3%252Bdfsg.1-4%252Bdeb9u6
1
url pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2
purl pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14vp-t71a-4bh1
1
vulnerability VCID-2eyy-k49d-m3af
2
vulnerability VCID-2hap-9mqs-v3b8
3
vulnerability VCID-2k4q-26tk-j3gx
4
vulnerability VCID-2nb2-9vgp-tqg9
5
vulnerability VCID-36et-26h7-pke7
6
vulnerability VCID-3kyu-tx4q-p3aq
7
vulnerability VCID-4yzj-hrqv-vbcp
8
vulnerability VCID-5yts-xnha-4bf3
9
vulnerability VCID-79me-pjdn-ykgq
10
vulnerability VCID-7nn6-aywu-z7g8
11
vulnerability VCID-8vmm-1hvf-17ap
12
vulnerability VCID-8xf2-hjfv-hybh
13
vulnerability VCID-9der-5csu-nbbq
14
vulnerability VCID-9uv1-gqq7-3kc9
15
vulnerability VCID-cjkd-2jr6-n7as
16
vulnerability VCID-ck88-1urs-2kes
17
vulnerability VCID-cnkc-vcp7-6kcw
18
vulnerability VCID-ddfq-28qm-2fbn
19
vulnerability VCID-gh6k-19h8-fqbf
20
vulnerability VCID-hg1a-vx5c-hue3
21
vulnerability VCID-jck5-xymf-s3bh
22
vulnerability VCID-jqs5-8ct7-wfgk
23
vulnerability VCID-kyxz-v3sj-w3cw
24
vulnerability VCID-m4yc-ms54-zyhv
25
vulnerability VCID-ncbg-6m11-3qan
26
vulnerability VCID-qwak-6wgy-wfgs
27
vulnerability VCID-rc91-j3kf-zfch
28
vulnerability VCID-s6p1-rf35-euhy
29
vulnerability VCID-u8a4-4pe2-9kcb
30
vulnerability VCID-ub6x-9dku-c7fk
31
vulnerability VCID-vehj-ytsm-kqgz
32
vulnerability VCID-vtz8-zmp4-xbdh
33
vulnerability VCID-x9j7-98zt-6ygt
34
vulnerability VCID-xssa-fwbx-kybq
35
vulnerability VCID-ybv7-hqmj-nbgr
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2
2
url pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4
purl pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hap-9mqs-v3b8
1
vulnerability VCID-2nb2-9vgp-tqg9
2
vulnerability VCID-3kyu-tx4q-p3aq
3
vulnerability VCID-4yzj-hrqv-vbcp
4
vulnerability VCID-5yts-xnha-4bf3
5
vulnerability VCID-8vmm-1hvf-17ap
6
vulnerability VCID-8xf2-hjfv-hybh
7
vulnerability VCID-9uv1-gqq7-3kc9
8
vulnerability VCID-ck88-1urs-2kes
9
vulnerability VCID-ddfq-28qm-2fbn
10
vulnerability VCID-gh6k-19h8-fqbf
11
vulnerability VCID-rdb5-bbvn-7fcq
12
vulnerability VCID-ub6x-9dku-c7fk
13
vulnerability VCID-vtz8-zmp4-xbdh
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4
aliases CVE-2020-12626
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cnkc-vcp7-6kcw
4
url VCID-ekhg-mmjb-v3c3
vulnerability_id VCID-ekhg-mmjb-v3c3
summary 
A vulnerability in Roundcube could potentially lead to arbitrary
    code execution.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-9920
reference_id
reference_type
scores
0
value 0.38304
scoring_system epss
scoring_elements 0.97202
published_at 2026-04-01T12:55:00Z
1
value 0.38304
scoring_system epss
scoring_elements 0.97208
published_at 2026-04-02T12:55:00Z
2
value 0.38304
scoring_system epss
scoring_elements 0.97213
published_at 2026-04-04T12:55:00Z
3
value 0.38304
scoring_system epss
scoring_elements 0.97214
published_at 2026-04-07T12:55:00Z
4
value 0.38304
scoring_system epss
scoring_elements 0.97224
published_at 2026-04-08T12:55:00Z
5
value 0.38304
scoring_system epss
scoring_elements 0.97225
published_at 2026-04-09T12:55:00Z
6
value 0.38304
scoring_system epss
scoring_elements 0.97228
published_at 2026-04-11T12:55:00Z
7
value 0.38304
scoring_system epss
scoring_elements 0.97229
published_at 2026-04-12T12:55:00Z
8
value 0.38304
scoring_system epss
scoring_elements 0.9723
published_at 2026-04-13T12:55:00Z
9
value 0.38304
scoring_system epss
scoring_elements 0.97238
published_at 2026-04-16T12:55:00Z
10
value 0.38304
scoring_system epss
scoring_elements 0.9724
published_at 2026-04-18T12:55:00Z
11
value 0.38304
scoring_system epss
scoring_elements 0.97243
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-9920
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9920
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9920
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847287
reference_id 847287
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847287
3
reference_url https://security.gentoo.org/glsa/201612-44
reference_id GLSA-201612-44
reference_type
scores
url https://security.gentoo.org/glsa/201612-44
4
reference_url https://usn.ubuntu.com/8132-1/
reference_id USN-8132-1
reference_type
scores
url https://usn.ubuntu.com/8132-1/
fixed_packages
0
url pkg:deb/debian/roundcube@1.2.3%2Bdfsg.1-4%2Bdeb9u6
purl pkg:deb/debian/roundcube@1.2.3%2Bdfsg.1-4%2Bdeb9u6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14vp-t71a-4bh1
1
vulnerability VCID-2eyy-k49d-m3af
2
vulnerability VCID-2hap-9mqs-v3b8
3
vulnerability VCID-2k4q-26tk-j3gx
4
vulnerability VCID-2nb2-9vgp-tqg9
5
vulnerability VCID-36et-26h7-pke7
6
vulnerability VCID-3kyu-tx4q-p3aq
7
vulnerability VCID-4yzj-hrqv-vbcp
8
vulnerability VCID-5yts-xnha-4bf3
9
vulnerability VCID-79me-pjdn-ykgq
10
vulnerability VCID-7nn6-aywu-z7g8
11
vulnerability VCID-8vmm-1hvf-17ap
12
vulnerability VCID-8xf2-hjfv-hybh
13
vulnerability VCID-9der-5csu-nbbq
14
vulnerability VCID-9ktu-55q4-3kau
15
vulnerability VCID-9uv1-gqq7-3kc9
16
vulnerability VCID-cjkd-2jr6-n7as
17
vulnerability VCID-ck88-1urs-2kes
18
vulnerability VCID-cnkc-vcp7-6kcw
19
vulnerability VCID-ddfq-28qm-2fbn
20
vulnerability VCID-fuh5-bwaq-yyfk
21
vulnerability VCID-gh6k-19h8-fqbf
22
vulnerability VCID-hg1a-vx5c-hue3
23
vulnerability VCID-j29t-cw2h-mfd8
24
vulnerability VCID-jck5-xymf-s3bh
25
vulnerability VCID-jqs5-8ct7-wfgk
26
vulnerability VCID-kyxz-v3sj-w3cw
27
vulnerability VCID-m4yc-ms54-zyhv
28
vulnerability VCID-ncbg-6m11-3qan
29
vulnerability VCID-qwak-6wgy-wfgs
30
vulnerability VCID-rc91-j3kf-zfch
31
vulnerability VCID-s6p1-rf35-euhy
32
vulnerability VCID-ts1p-pw9v-cbh3
33
vulnerability VCID-u8a4-4pe2-9kcb
34
vulnerability VCID-ub6x-9dku-c7fk
35
vulnerability VCID-ur1a-7tdn-h3hu
36
vulnerability VCID-vehj-ytsm-kqgz
37
vulnerability VCID-vtz8-zmp4-xbdh
38
vulnerability VCID-x9j7-98zt-6ygt
39
vulnerability VCID-xssa-fwbx-kybq
40
vulnerability VCID-ybv7-hqmj-nbgr
41
vulnerability VCID-z3kp-p8ch-myhz
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.2.3%252Bdfsg.1-4%252Bdeb9u6
aliases CVE-2016-9920
risk_score 0.1
exploitability 0.5
weighted_severity 0.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ekhg-mmjb-v3c3
5
url VCID-fuh5-bwaq-yyfk
vulnerability_id VCID-fuh5-bwaq-yyfk
summary security update
references
0
reference_url http://packetstormsecurity.com/files/161226/Roundcube-Webmail-1.2-File-Disclosure.html
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T20:56:39Z/
url http://packetstormsecurity.com/files/161226/Roundcube-Webmail-1.2-File-Disclosure.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-16651
reference_id
reference_type
scores
0
value 0.33307
scoring_system epss
scoring_elements 0.96923
published_at 2026-04-16T12:55:00Z
1
value 0.33307
scoring_system epss
scoring_elements 0.9693
published_at 2026-04-21T12:55:00Z
2
value 0.33307
scoring_system epss
scoring_elements 0.96916
published_at 2026-04-13T12:55:00Z
3
value 0.33307
scoring_system epss
scoring_elements 0.96915
published_at 2026-04-12T12:55:00Z
4
value 0.33307
scoring_system epss
scoring_elements 0.96913
published_at 2026-04-11T12:55:00Z
5
value 0.33307
scoring_system epss
scoring_elements 0.9691
published_at 2026-04-09T12:55:00Z
6
value 0.33307
scoring_system epss
scoring_elements 0.96909
published_at 2026-04-08T12:55:00Z
7
value 0.33307
scoring_system epss
scoring_elements 0.969
published_at 2026-04-07T12:55:00Z
8
value 0.33307
scoring_system epss
scoring_elements 0.96896
published_at 2026-04-04T12:55:00Z
9
value 0.33307
scoring_system epss
scoring_elements 0.96927
published_at 2026-04-18T12:55:00Z
10
value 0.35232
scoring_system epss
scoring_elements 0.9701
published_at 2026-04-01T12:55:00Z
11
value 0.35232
scoring_system epss
scoring_elements 0.97018
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-16651
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16651
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16651
3
reference_url https://github.com/roundcube/roundcubemail/issues/6026
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T20:56:39Z/
url https://github.com/roundcube/roundcubemail/issues/6026
4
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.1.10
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T20:56:39Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.1.10
5
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.2.7
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T20:56:39Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.2.7
6
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.3.3
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T20:56:39Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.3.3
7
reference_url https://lists.debian.org/debian-lts-announce/2017/11/msg00039.html
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T20:56:39Z/
url https://lists.debian.org/debian-lts-announce/2017/11/msg00039.html
8
reference_url https://roundcube.net/news/2017/11/08/security-updates-1.3.3-1.2.7-and-1.1.10
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T20:56:39Z/
url https://roundcube.net/news/2017/11/08/security-updates-1.3.3-1.2.7-and-1.1.10
9
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-16651
reference_id
reference_type
scores
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-16651
10
reference_url https://www.debian.org/security/2017/dsa-4030
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T20:56:39Z/
url https://www.debian.org/security/2017/dsa-4030
11
reference_url http://www.securityfocus.com/bid/101793
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T20:56:39Z/
url http://www.securityfocus.com/bid/101793
12
reference_url https://security.archlinux.org/ASA-201711-27
reference_id ASA-201711-27
reference_type
scores
url https://security.archlinux.org/ASA-201711-27
13
reference_url https://security.archlinux.org/AVG-506
reference_id AVG-506
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-506
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.2.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:roundcube:webmail:1.2.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.2.0:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.2.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:roundcube:webmail:1.2.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.2.1:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.2.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:roundcube:webmail:1.2.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.2.2:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.2.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:roundcube:webmail:1.2.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.2.3:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.2.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:roundcube:webmail:1.2.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.2.4:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.2.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:roundcube:webmail:1.2.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.2.5:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.2.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:roundcube:webmail:1.2.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.2.6:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.3.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:roundcube:webmail:1.3.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.3.0:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.3.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:roundcube:webmail:1.3.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.3.1:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.3.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:roundcube:webmail:1.3.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.3.2:*:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
27
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-16651
reference_id CVE-2017-16651
reference_type
scores
0
value 4.6
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:N/C:P/I:P/A:P
1
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://nvd.nist.gov/vuln/detail/CVE-2017-16651
28
reference_url https://usn.ubuntu.com/7200-1/
reference_id USN-7200-1
reference_type
scores
url https://usn.ubuntu.com/7200-1/
fixed_packages
0
url pkg:deb/debian/roundcube@1.2.3%2Bdfsg.1-4%2Bdeb9u6
purl pkg:deb/debian/roundcube@1.2.3%2Bdfsg.1-4%2Bdeb9u6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14vp-t71a-4bh1
1
vulnerability VCID-2eyy-k49d-m3af
2
vulnerability VCID-2hap-9mqs-v3b8
3
vulnerability VCID-2k4q-26tk-j3gx
4
vulnerability VCID-2nb2-9vgp-tqg9
5
vulnerability VCID-36et-26h7-pke7
6
vulnerability VCID-3kyu-tx4q-p3aq
7
vulnerability VCID-4yzj-hrqv-vbcp
8
vulnerability VCID-5yts-xnha-4bf3
9
vulnerability VCID-79me-pjdn-ykgq
10
vulnerability VCID-7nn6-aywu-z7g8
11
vulnerability VCID-8vmm-1hvf-17ap
12
vulnerability VCID-8xf2-hjfv-hybh
13
vulnerability VCID-9der-5csu-nbbq
14
vulnerability VCID-9ktu-55q4-3kau
15
vulnerability VCID-9uv1-gqq7-3kc9
16
vulnerability VCID-cjkd-2jr6-n7as
17
vulnerability VCID-ck88-1urs-2kes
18
vulnerability VCID-cnkc-vcp7-6kcw
19
vulnerability VCID-ddfq-28qm-2fbn
20
vulnerability VCID-fuh5-bwaq-yyfk
21
vulnerability VCID-gh6k-19h8-fqbf
22
vulnerability VCID-hg1a-vx5c-hue3
23
vulnerability VCID-j29t-cw2h-mfd8
24
vulnerability VCID-jck5-xymf-s3bh
25
vulnerability VCID-jqs5-8ct7-wfgk
26
vulnerability VCID-kyxz-v3sj-w3cw
27
vulnerability VCID-m4yc-ms54-zyhv
28
vulnerability VCID-ncbg-6m11-3qan
29
vulnerability VCID-qwak-6wgy-wfgs
30
vulnerability VCID-rc91-j3kf-zfch
31
vulnerability VCID-s6p1-rf35-euhy
32
vulnerability VCID-ts1p-pw9v-cbh3
33
vulnerability VCID-u8a4-4pe2-9kcb
34
vulnerability VCID-ub6x-9dku-c7fk
35
vulnerability VCID-ur1a-7tdn-h3hu
36
vulnerability VCID-vehj-ytsm-kqgz
37
vulnerability VCID-vtz8-zmp4-xbdh
38
vulnerability VCID-x9j7-98zt-6ygt
39
vulnerability VCID-xssa-fwbx-kybq
40
vulnerability VCID-ybv7-hqmj-nbgr
41
vulnerability VCID-z3kp-p8ch-myhz
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.2.3%252Bdfsg.1-4%252Bdeb9u6
1
url pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2
purl pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14vp-t71a-4bh1
1
vulnerability VCID-2eyy-k49d-m3af
2
vulnerability VCID-2hap-9mqs-v3b8
3
vulnerability VCID-2k4q-26tk-j3gx
4
vulnerability VCID-2nb2-9vgp-tqg9
5
vulnerability VCID-36et-26h7-pke7
6
vulnerability VCID-3kyu-tx4q-p3aq
7
vulnerability VCID-4yzj-hrqv-vbcp
8
vulnerability VCID-5yts-xnha-4bf3
9
vulnerability VCID-79me-pjdn-ykgq
10
vulnerability VCID-7nn6-aywu-z7g8
11
vulnerability VCID-8vmm-1hvf-17ap
12
vulnerability VCID-8xf2-hjfv-hybh
13
vulnerability VCID-9der-5csu-nbbq
14
vulnerability VCID-9uv1-gqq7-3kc9
15
vulnerability VCID-cjkd-2jr6-n7as
16
vulnerability VCID-ck88-1urs-2kes
17
vulnerability VCID-cnkc-vcp7-6kcw
18
vulnerability VCID-ddfq-28qm-2fbn
19
vulnerability VCID-gh6k-19h8-fqbf
20
vulnerability VCID-hg1a-vx5c-hue3
21
vulnerability VCID-jck5-xymf-s3bh
22
vulnerability VCID-jqs5-8ct7-wfgk
23
vulnerability VCID-kyxz-v3sj-w3cw
24
vulnerability VCID-m4yc-ms54-zyhv
25
vulnerability VCID-ncbg-6m11-3qan
26
vulnerability VCID-qwak-6wgy-wfgs
27
vulnerability VCID-rc91-j3kf-zfch
28
vulnerability VCID-s6p1-rf35-euhy
29
vulnerability VCID-u8a4-4pe2-9kcb
30
vulnerability VCID-ub6x-9dku-c7fk
31
vulnerability VCID-vehj-ytsm-kqgz
32
vulnerability VCID-vtz8-zmp4-xbdh
33
vulnerability VCID-x9j7-98zt-6ygt
34
vulnerability VCID-xssa-fwbx-kybq
35
vulnerability VCID-ybv7-hqmj-nbgr
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2
aliases CVE-2017-16651
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fuh5-bwaq-yyfk
6
url VCID-m4yc-ms54-zyhv
vulnerability_id VCID-m4yc-ms54-zyhv
summary security update
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13965.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13965.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13965
reference_id
reference_type
scores
0
value 0.71819
scoring_system epss
scoring_elements 0.98728
published_at 2026-04-02T12:55:00Z
1
value 0.71819
scoring_system epss
scoring_elements 0.98742
published_at 2026-04-21T12:55:00Z
2
value 0.71819
scoring_system epss
scoring_elements 0.98732
published_at 2026-04-04T12:55:00Z
3
value 0.71819
scoring_system epss
scoring_elements 0.98735
published_at 2026-04-09T12:55:00Z
4
value 0.71819
scoring_system epss
scoring_elements 0.98736
published_at 2026-04-08T12:55:00Z
5
value 0.71819
scoring_system epss
scoring_elements 0.98738
published_at 2026-04-12T12:55:00Z
6
value 0.71819
scoring_system epss
scoring_elements 0.98739
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13965
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13964
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13964
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13965
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13965
4
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.3.12
reference_id 1.3.12
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.3.12
5
reference_url https://github.com/roundcube/roundcubemail/compare/1.4.4...1.4.5
reference_id 1.4.4...1.4.5
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/
url https://github.com/roundcube/roundcubemail/compare/1.4.4...1.4.5
6
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.4.5
reference_id 1.4.5
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/
url https://github.com/roundcube/roundcubemail/releases/tag/1.4.5
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1848338
reference_id 1848338
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1848338
8
reference_url https://github.com/roundcube/roundcubemail/commit/884eb611627ef2bd5a2e20e02009ebb1eceecdc3
reference_id 884eb611627ef2bd5a2e20e02009ebb1eceecdc3
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/
url https://github.com/roundcube/roundcubemail/commit/884eb611627ef2bd5a2e20e02009ebb1eceecdc3
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962124
reference_id 962124
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962124
10
reference_url https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-13965-Cross%20Site-Scripting%20via%20Malicious%20XML%20Attachment-Roundcube
reference_id CVE-2020-13965-Cross%20Site-Scripting%20via%20Malicious%20XML%20Attachment-Roundcube
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/
url https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-13965-Cross%20Site-Scripting%20via%20Malicious%20XML%20Attachment-Roundcube
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLESQ4LPJGMSWHQ4TBRTVQRDG7IXAZCW/
reference_id DLESQ4LPJGMSWHQ4TBRTVQRDG7IXAZCW
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLESQ4LPJGMSWHQ4TBRTVQRDG7IXAZCW/
12
reference_url https://www.debian.org/security/2020/dsa-4700
reference_id dsa-4700
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/
url https://www.debian.org/security/2020/dsa-4700
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ODPJXBHZ32QSP4MYT2OBCALYXSUJ47SK/
reference_id ODPJXBHZ32QSP4MYT2OBCALYXSUJ47SK
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ODPJXBHZ32QSP4MYT2OBCALYXSUJ47SK/
14
reference_url https://roundcube.net/news/2020/06/02/security-updates-1.4.5-and-1.3.12
reference_id security-updates-1.4.5-and-1.3.12
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/
url https://roundcube.net/news/2020/06/02/security-updates-1.4.5-and-1.3.12
15
reference_url https://usn.ubuntu.com/USN-5182-1/
reference_id USN-USN-5182-1
reference_type
scores
url https://usn.ubuntu.com/USN-5182-1/
fixed_packages
0
url pkg:deb/debian/roundcube@1.2.3%2Bdfsg.1-4%2Bdeb9u6
purl pkg:deb/debian/roundcube@1.2.3%2Bdfsg.1-4%2Bdeb9u6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14vp-t71a-4bh1
1
vulnerability VCID-2eyy-k49d-m3af
2
vulnerability VCID-2hap-9mqs-v3b8
3
vulnerability VCID-2k4q-26tk-j3gx
4
vulnerability VCID-2nb2-9vgp-tqg9
5
vulnerability VCID-36et-26h7-pke7
6
vulnerability VCID-3kyu-tx4q-p3aq
7
vulnerability VCID-4yzj-hrqv-vbcp
8
vulnerability VCID-5yts-xnha-4bf3
9
vulnerability VCID-79me-pjdn-ykgq
10
vulnerability VCID-7nn6-aywu-z7g8
11
vulnerability VCID-8vmm-1hvf-17ap
12
vulnerability VCID-8xf2-hjfv-hybh
13
vulnerability VCID-9der-5csu-nbbq
14
vulnerability VCID-9ktu-55q4-3kau
15
vulnerability VCID-9uv1-gqq7-3kc9
16
vulnerability VCID-cjkd-2jr6-n7as
17
vulnerability VCID-ck88-1urs-2kes
18
vulnerability VCID-cnkc-vcp7-6kcw
19
vulnerability VCID-ddfq-28qm-2fbn
20
vulnerability VCID-fuh5-bwaq-yyfk
21
vulnerability VCID-gh6k-19h8-fqbf
22
vulnerability VCID-hg1a-vx5c-hue3
23
vulnerability VCID-j29t-cw2h-mfd8
24
vulnerability VCID-jck5-xymf-s3bh
25
vulnerability VCID-jqs5-8ct7-wfgk
26
vulnerability VCID-kyxz-v3sj-w3cw
27
vulnerability VCID-m4yc-ms54-zyhv
28
vulnerability VCID-ncbg-6m11-3qan
29
vulnerability VCID-qwak-6wgy-wfgs
30
vulnerability VCID-rc91-j3kf-zfch
31
vulnerability VCID-s6p1-rf35-euhy
32
vulnerability VCID-ts1p-pw9v-cbh3
33
vulnerability VCID-u8a4-4pe2-9kcb
34
vulnerability VCID-ub6x-9dku-c7fk
35
vulnerability VCID-ur1a-7tdn-h3hu
36
vulnerability VCID-vehj-ytsm-kqgz
37
vulnerability VCID-vtz8-zmp4-xbdh
38
vulnerability VCID-x9j7-98zt-6ygt
39
vulnerability VCID-xssa-fwbx-kybq
40
vulnerability VCID-ybv7-hqmj-nbgr
41
vulnerability VCID-z3kp-p8ch-myhz
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.2.3%252Bdfsg.1-4%252Bdeb9u6
1
url pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2
purl pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14vp-t71a-4bh1
1
vulnerability VCID-2eyy-k49d-m3af
2
vulnerability VCID-2hap-9mqs-v3b8
3
vulnerability VCID-2k4q-26tk-j3gx
4
vulnerability VCID-2nb2-9vgp-tqg9
5
vulnerability VCID-36et-26h7-pke7
6
vulnerability VCID-3kyu-tx4q-p3aq
7
vulnerability VCID-4yzj-hrqv-vbcp
8
vulnerability VCID-5yts-xnha-4bf3
9
vulnerability VCID-79me-pjdn-ykgq
10
vulnerability VCID-7nn6-aywu-z7g8
11
vulnerability VCID-8vmm-1hvf-17ap
12
vulnerability VCID-8xf2-hjfv-hybh
13
vulnerability VCID-9der-5csu-nbbq
14
vulnerability VCID-9uv1-gqq7-3kc9
15
vulnerability VCID-cjkd-2jr6-n7as
16
vulnerability VCID-ck88-1urs-2kes
17
vulnerability VCID-cnkc-vcp7-6kcw
18
vulnerability VCID-ddfq-28qm-2fbn
19
vulnerability VCID-gh6k-19h8-fqbf
20
vulnerability VCID-hg1a-vx5c-hue3
21
vulnerability VCID-jck5-xymf-s3bh
22
vulnerability VCID-jqs5-8ct7-wfgk
23
vulnerability VCID-kyxz-v3sj-w3cw
24
vulnerability VCID-m4yc-ms54-zyhv
25
vulnerability VCID-ncbg-6m11-3qan
26
vulnerability VCID-qwak-6wgy-wfgs
27
vulnerability VCID-rc91-j3kf-zfch
28
vulnerability VCID-s6p1-rf35-euhy
29
vulnerability VCID-u8a4-4pe2-9kcb
30
vulnerability VCID-ub6x-9dku-c7fk
31
vulnerability VCID-vehj-ytsm-kqgz
32
vulnerability VCID-vtz8-zmp4-xbdh
33
vulnerability VCID-x9j7-98zt-6ygt
34
vulnerability VCID-xssa-fwbx-kybq
35
vulnerability VCID-ybv7-hqmj-nbgr
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2
2
url pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4
purl pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hap-9mqs-v3b8
1
vulnerability VCID-2nb2-9vgp-tqg9
2
vulnerability VCID-3kyu-tx4q-p3aq
3
vulnerability VCID-4yzj-hrqv-vbcp
4
vulnerability VCID-5yts-xnha-4bf3
5
vulnerability VCID-8vmm-1hvf-17ap
6
vulnerability VCID-8xf2-hjfv-hybh
7
vulnerability VCID-9uv1-gqq7-3kc9
8
vulnerability VCID-ck88-1urs-2kes
9
vulnerability VCID-ddfq-28qm-2fbn
10
vulnerability VCID-gh6k-19h8-fqbf
11
vulnerability VCID-rdb5-bbvn-7fcq
12
vulnerability VCID-ub6x-9dku-c7fk
13
vulnerability VCID-vtz8-zmp4-xbdh
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4
aliases CVE-2020-13965
risk_score 10.0
exploitability 2.0
weighted_severity 5.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m4yc-ms54-zyhv
7
url VCID-rthq-fqk2-yydk
vulnerability_id VCID-rthq-fqk2-yydk
summary Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2015-8864.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2016-08/msg00078.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2016-08/msg00078.html
1
reference_url http://lists.opensuse.org/opensuse-updates/2016-08/msg00079.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2016-08/msg00079.html
2
reference_url http://lists.opensuse.org/opensuse-updates/2016-08/msg00095.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2016-08/msg00095.html
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-4068
reference_id
reference_type
scores
0
value 0.00353
scoring_system epss
scoring_elements 0.57635
published_at 2026-04-02T12:55:00Z
1
value 0.00353
scoring_system epss
scoring_elements 0.57657
published_at 2026-04-04T12:55:00Z
2
value 0.00362
scoring_system epss
scoring_elements 0.58314
published_at 2026-04-07T12:55:00Z
3
value 0.00414
scoring_system epss
scoring_elements 0.61405
published_at 2026-04-01T12:55:00Z
4
value 0.00414
scoring_system epss
scoring_elements 0.61562
published_at 2026-04-21T12:55:00Z
5
value 0.00425
scoring_system epss
scoring_elements 0.62279
published_at 2026-04-18T12:55:00Z
6
value 0.00425
scoring_system epss
scoring_elements 0.62223
published_at 2026-04-08T12:55:00Z
7
value 0.00425
scoring_system epss
scoring_elements 0.6224
published_at 2026-04-09T12:55:00Z
8
value 0.00425
scoring_system epss
scoring_elements 0.62259
published_at 2026-04-11T12:55:00Z
9
value 0.00425
scoring_system epss
scoring_elements 0.62248
published_at 2026-04-12T12:55:00Z
10
value 0.00425
scoring_system epss
scoring_elements 0.62227
published_at 2026-04-13T12:55:00Z
11
value 0.00425
scoring_system epss
scoring_elements 0.62272
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-4068
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4068
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4068
5
reference_url https://github.com/roundcube/roundcubemail/commit/40d7342dd9c9bd2a1d613edc848ed95a4d71aa18#commitcomment-15294218
reference_id
reference_type
scores
url https://github.com/roundcube/roundcubemail/commit/40d7342dd9c9bd2a1d613edc848ed95a4d71aa18#commitcomment-15294218
6
reference_url https://github.com/roundcube/roundcubemail/issues/4949
reference_id
reference_type
scores
url https://github.com/roundcube/roundcubemail/issues/4949
7
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.0.9
reference_id
reference_type
scores
url https://github.com/roundcube/roundcubemail/releases/tag/1.0.9
8
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.1.5
reference_id
reference_type
scores
url https://github.com/roundcube/roundcubemail/releases/tag/1.1.5
9
reference_url https://github.com/roundcube/roundcubemail/wiki/Changelog#release-115
reference_id
reference_type
scores
url https://github.com/roundcube/roundcubemail/wiki/Changelog#release-115
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:roundcube_webmail:1.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:roundcube:roundcube_webmail:1.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:roundcube_webmail:1.1.1:*:*:*:*:*:*:*
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:roundcube_webmail:1.1.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:roundcube:roundcube_webmail:1.1.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:roundcube_webmail:1.1.2:*:*:*:*:*:*:*
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:roundcube_webmail:1.1.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:roundcube:roundcube_webmail:1.1.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:roundcube_webmail:1.1.3:*:*:*:*:*:*:*
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:roundcube:webmail:1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.1:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.1.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:roundcube:webmail:1.1.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.1.4:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.1:beta:*:*:*:*:*:*
reference_id cpe:2.3:a:roundcube:webmail:1.1:beta:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.1:beta:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.1:rc:*:*:*:*:*:*
reference_id cpe:2.3:a:roundcube:webmail:1.1:rc:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.1:rc:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
reference_id cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
reference_id cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
reference_id cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-4068
reference_id CVE-2016-4068
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:P/A:N
1
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://nvd.nist.gov/vuln/detail/CVE-2016-4068
22
reference_url https://usn.ubuntu.com/8132-1/
reference_id USN-8132-1
reference_type
scores
url https://usn.ubuntu.com/8132-1/
fixed_packages
0
url pkg:deb/debian/roundcube@1.2.3%2Bdfsg.1-4%2Bdeb9u6
purl pkg:deb/debian/roundcube@1.2.3%2Bdfsg.1-4%2Bdeb9u6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14vp-t71a-4bh1
1
vulnerability VCID-2eyy-k49d-m3af
2
vulnerability VCID-2hap-9mqs-v3b8
3
vulnerability VCID-2k4q-26tk-j3gx
4
vulnerability VCID-2nb2-9vgp-tqg9
5
vulnerability VCID-36et-26h7-pke7
6
vulnerability VCID-3kyu-tx4q-p3aq
7
vulnerability VCID-4yzj-hrqv-vbcp
8
vulnerability VCID-5yts-xnha-4bf3
9
vulnerability VCID-79me-pjdn-ykgq
10
vulnerability VCID-7nn6-aywu-z7g8
11
vulnerability VCID-8vmm-1hvf-17ap
12
vulnerability VCID-8xf2-hjfv-hybh
13
vulnerability VCID-9der-5csu-nbbq
14
vulnerability VCID-9ktu-55q4-3kau
15
vulnerability VCID-9uv1-gqq7-3kc9
16
vulnerability VCID-cjkd-2jr6-n7as
17
vulnerability VCID-ck88-1urs-2kes
18
vulnerability VCID-cnkc-vcp7-6kcw
19
vulnerability VCID-ddfq-28qm-2fbn
20
vulnerability VCID-fuh5-bwaq-yyfk
21
vulnerability VCID-gh6k-19h8-fqbf
22
vulnerability VCID-hg1a-vx5c-hue3
23
vulnerability VCID-j29t-cw2h-mfd8
24
vulnerability VCID-jck5-xymf-s3bh
25
vulnerability VCID-jqs5-8ct7-wfgk
26
vulnerability VCID-kyxz-v3sj-w3cw
27
vulnerability VCID-m4yc-ms54-zyhv
28
vulnerability VCID-ncbg-6m11-3qan
29
vulnerability VCID-qwak-6wgy-wfgs
30
vulnerability VCID-rc91-j3kf-zfch
31
vulnerability VCID-s6p1-rf35-euhy
32
vulnerability VCID-ts1p-pw9v-cbh3
33
vulnerability VCID-u8a4-4pe2-9kcb
34
vulnerability VCID-ub6x-9dku-c7fk
35
vulnerability VCID-ur1a-7tdn-h3hu
36
vulnerability VCID-vehj-ytsm-kqgz
37
vulnerability VCID-vtz8-zmp4-xbdh
38
vulnerability VCID-x9j7-98zt-6ygt
39
vulnerability VCID-xssa-fwbx-kybq
40
vulnerability VCID-ybv7-hqmj-nbgr
41
vulnerability VCID-z3kp-p8ch-myhz
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.2.3%252Bdfsg.1-4%252Bdeb9u6
aliases CVE-2016-4068
risk_score 2.8
exploitability 0.5
weighted_severity 5.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rthq-fqk2-yydk
8
url VCID-spk8-q616-rkda
vulnerability_id VCID-spk8-q616-rkda
summary Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2016-4068.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2016-08/msg00078.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2016-08/msg00078.html
1
reference_url http://lists.opensuse.org/opensuse-updates/2016-08/msg00079.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2016-08/msg00079.html
2
reference_url http://lists.opensuse.org/opensuse-updates/2016-08/msg00095.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2016-08/msg00095.html
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-8864
reference_id
reference_type
scores
0
value 0.00482
scoring_system epss
scoring_elements 0.65173
published_at 2026-04-21T12:55:00Z
1
value 0.00482
scoring_system epss
scoring_elements 0.65188
published_at 2026-04-18T12:55:00Z
2
value 0.00482
scoring_system epss
scoring_elements 0.65059
published_at 2026-04-01T12:55:00Z
3
value 0.00482
scoring_system epss
scoring_elements 0.65109
published_at 2026-04-02T12:55:00Z
4
value 0.00482
scoring_system epss
scoring_elements 0.65136
published_at 2026-04-04T12:55:00Z
5
value 0.00482
scoring_system epss
scoring_elements 0.65102
published_at 2026-04-07T12:55:00Z
6
value 0.00482
scoring_system epss
scoring_elements 0.65151
published_at 2026-04-08T12:55:00Z
7
value 0.00482
scoring_system epss
scoring_elements 0.65164
published_at 2026-04-09T12:55:00Z
8
value 0.00482
scoring_system epss
scoring_elements 0.65183
published_at 2026-04-11T12:55:00Z
9
value 0.00482
scoring_system epss
scoring_elements 0.6517
published_at 2026-04-12T12:55:00Z
10
value 0.00482
scoring_system epss
scoring_elements 0.65143
published_at 2026-04-13T12:55:00Z
11
value 0.00482
scoring_system epss
scoring_elements 0.65179
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-8864
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8864
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8864
5
reference_url https://github.com/roundcube/roundcubemail/commit/40d7342dd9c9bd2a1d613edc848ed95a4d71aa18
reference_id
reference_type
scores
url https://github.com/roundcube/roundcubemail/commit/40d7342dd9c9bd2a1d613edc848ed95a4d71aa18
6
reference_url https://github.com/roundcube/roundcubemail/issues/4949
reference_id
reference_type
scores
url https://github.com/roundcube/roundcubemail/issues/4949
7
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.0.9
reference_id
reference_type
scores
url https://github.com/roundcube/roundcubemail/releases/tag/1.0.9
8
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.1.5
reference_id
reference_type
scores
url https://github.com/roundcube/roundcubemail/releases/tag/1.1.5
9
reference_url https://github.com/roundcube/roundcubemail/wiki/Changelog#release-115
reference_id
reference_type
scores
url https://github.com/roundcube/roundcubemail/wiki/Changelog#release-115
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=822333
reference_id 822333
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=822333
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:roundcube_webmail:1.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:roundcube:roundcube_webmail:1.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:roundcube_webmail:1.1.1:*:*:*:*:*:*:*
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:roundcube_webmail:1.1.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:roundcube:roundcube_webmail:1.1.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:roundcube_webmail:1.1.2:*:*:*:*:*:*:*
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:roundcube_webmail:1.1.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:roundcube:roundcube_webmail:1.1.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:roundcube_webmail:1.1.3:*:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:roundcube:webmail:1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.1:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.1.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:roundcube:webmail:1.1.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.1.4:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.1:beta:*:*:*:*:*:*
reference_id cpe:2.3:a:roundcube:webmail:1.1:beta:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.1:beta:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.1:rc:*:*:*:*:*:*
reference_id cpe:2.3:a:roundcube:webmail:1.1:rc:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.1:rc:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
reference_id cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
reference_id cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
reference_id cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-8864
reference_id CVE-2015-8864
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:P/A:N
1
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://nvd.nist.gov/vuln/detail/CVE-2015-8864
fixed_packages
0
url pkg:deb/debian/roundcube@1.2.3%2Bdfsg.1-4%2Bdeb9u6
purl pkg:deb/debian/roundcube@1.2.3%2Bdfsg.1-4%2Bdeb9u6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14vp-t71a-4bh1
1
vulnerability VCID-2eyy-k49d-m3af
2
vulnerability VCID-2hap-9mqs-v3b8
3
vulnerability VCID-2k4q-26tk-j3gx
4
vulnerability VCID-2nb2-9vgp-tqg9
5
vulnerability VCID-36et-26h7-pke7
6
vulnerability VCID-3kyu-tx4q-p3aq
7
vulnerability VCID-4yzj-hrqv-vbcp
8
vulnerability VCID-5yts-xnha-4bf3
9
vulnerability VCID-79me-pjdn-ykgq
10
vulnerability VCID-7nn6-aywu-z7g8
11
vulnerability VCID-8vmm-1hvf-17ap
12
vulnerability VCID-8xf2-hjfv-hybh
13
vulnerability VCID-9der-5csu-nbbq
14
vulnerability VCID-9ktu-55q4-3kau
15
vulnerability VCID-9uv1-gqq7-3kc9
16
vulnerability VCID-cjkd-2jr6-n7as
17
vulnerability VCID-ck88-1urs-2kes
18
vulnerability VCID-cnkc-vcp7-6kcw
19
vulnerability VCID-ddfq-28qm-2fbn
20
vulnerability VCID-fuh5-bwaq-yyfk
21
vulnerability VCID-gh6k-19h8-fqbf
22
vulnerability VCID-hg1a-vx5c-hue3
23
vulnerability VCID-j29t-cw2h-mfd8
24
vulnerability VCID-jck5-xymf-s3bh
25
vulnerability VCID-jqs5-8ct7-wfgk
26
vulnerability VCID-kyxz-v3sj-w3cw
27
vulnerability VCID-m4yc-ms54-zyhv
28
vulnerability VCID-ncbg-6m11-3qan
29
vulnerability VCID-qwak-6wgy-wfgs
30
vulnerability VCID-rc91-j3kf-zfch
31
vulnerability VCID-s6p1-rf35-euhy
32
vulnerability VCID-ts1p-pw9v-cbh3
33
vulnerability VCID-u8a4-4pe2-9kcb
34
vulnerability VCID-ub6x-9dku-c7fk
35
vulnerability VCID-ur1a-7tdn-h3hu
36
vulnerability VCID-vehj-ytsm-kqgz
37
vulnerability VCID-vtz8-zmp4-xbdh
38
vulnerability VCID-x9j7-98zt-6ygt
39
vulnerability VCID-xssa-fwbx-kybq
40
vulnerability VCID-ybv7-hqmj-nbgr
41
vulnerability VCID-z3kp-p8ch-myhz
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.2.3%252Bdfsg.1-4%252Bdeb9u6
aliases CVE-2015-8864
risk_score 2.8
exploitability 0.5
weighted_severity 5.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-spk8-q616-rkda
9
url VCID-tmch-gj6d-tyfq
vulnerability_id VCID-tmch-gj6d-tyfq
summary Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the href attribute in an area tag in an e-mail message.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-4552
reference_id
reference_type
scores
0
value 0.00276
scoring_system epss
scoring_elements 0.5094
published_at 2026-04-01T12:55:00Z
1
value 0.00276
scoring_system epss
scoring_elements 0.50994
published_at 2026-04-02T12:55:00Z
2
value 0.00276
scoring_system epss
scoring_elements 0.51019
published_at 2026-04-04T12:55:00Z
3
value 0.00276
scoring_system epss
scoring_elements 0.50976
published_at 2026-04-07T12:55:00Z
4
value 0.00276
scoring_system epss
scoring_elements 0.51033
published_at 2026-04-08T12:55:00Z
5
value 0.00276
scoring_system epss
scoring_elements 0.5103
published_at 2026-04-09T12:55:00Z
6
value 0.00276
scoring_system epss
scoring_elements 0.51073
published_at 2026-04-11T12:55:00Z
7
value 0.00276
scoring_system epss
scoring_elements 0.51051
published_at 2026-04-12T12:55:00Z
8
value 0.00276
scoring_system epss
scoring_elements 0.51034
published_at 2026-04-13T12:55:00Z
9
value 0.00276
scoring_system epss
scoring_elements 0.51072
published_at 2026-04-16T12:55:00Z
10
value 0.00276
scoring_system epss
scoring_elements 0.51078
published_at 2026-04-18T12:55:00Z
11
value 0.00276
scoring_system epss
scoring_elements 0.51055
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-4552
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4552
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4552
fixed_packages
0
url pkg:deb/debian/roundcube@1.2.3%2Bdfsg.1-4%2Bdeb9u6
purl pkg:deb/debian/roundcube@1.2.3%2Bdfsg.1-4%2Bdeb9u6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14vp-t71a-4bh1
1
vulnerability VCID-2eyy-k49d-m3af
2
vulnerability VCID-2hap-9mqs-v3b8
3
vulnerability VCID-2k4q-26tk-j3gx
4
vulnerability VCID-2nb2-9vgp-tqg9
5
vulnerability VCID-36et-26h7-pke7
6
vulnerability VCID-3kyu-tx4q-p3aq
7
vulnerability VCID-4yzj-hrqv-vbcp
8
vulnerability VCID-5yts-xnha-4bf3
9
vulnerability VCID-79me-pjdn-ykgq
10
vulnerability VCID-7nn6-aywu-z7g8
11
vulnerability VCID-8vmm-1hvf-17ap
12
vulnerability VCID-8xf2-hjfv-hybh
13
vulnerability VCID-9der-5csu-nbbq
14
vulnerability VCID-9ktu-55q4-3kau
15
vulnerability VCID-9uv1-gqq7-3kc9
16
vulnerability VCID-cjkd-2jr6-n7as
17
vulnerability VCID-ck88-1urs-2kes
18
vulnerability VCID-cnkc-vcp7-6kcw
19
vulnerability VCID-ddfq-28qm-2fbn
20
vulnerability VCID-fuh5-bwaq-yyfk
21
vulnerability VCID-gh6k-19h8-fqbf
22
vulnerability VCID-hg1a-vx5c-hue3
23
vulnerability VCID-j29t-cw2h-mfd8
24
vulnerability VCID-jck5-xymf-s3bh
25
vulnerability VCID-jqs5-8ct7-wfgk
26
vulnerability VCID-kyxz-v3sj-w3cw
27
vulnerability VCID-m4yc-ms54-zyhv
28
vulnerability VCID-ncbg-6m11-3qan
29
vulnerability VCID-qwak-6wgy-wfgs
30
vulnerability VCID-rc91-j3kf-zfch
31
vulnerability VCID-s6p1-rf35-euhy
32
vulnerability VCID-ts1p-pw9v-cbh3
33
vulnerability VCID-u8a4-4pe2-9kcb
34
vulnerability VCID-ub6x-9dku-c7fk
35
vulnerability VCID-ur1a-7tdn-h3hu
36
vulnerability VCID-vehj-ytsm-kqgz
37
vulnerability VCID-vtz8-zmp4-xbdh
38
vulnerability VCID-x9j7-98zt-6ygt
39
vulnerability VCID-xssa-fwbx-kybq
40
vulnerability VCID-ybv7-hqmj-nbgr
41
vulnerability VCID-z3kp-p8ch-myhz
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.2.3%252Bdfsg.1-4%252Bdeb9u6
aliases CVE-2016-4552
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tmch-gj6d-tyfq
10
url VCID-ts1p-pw9v-cbh3
vulnerability_id VCID-ts1p-pw9v-cbh3
summary security update
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-19206
reference_id
reference_type
scores
0
value 0.02357
scoring_system epss
scoring_elements 0.8484
published_at 2026-04-01T12:55:00Z
1
value 0.02357
scoring_system epss
scoring_elements 0.84856
published_at 2026-04-02T12:55:00Z
2
value 0.02357
scoring_system epss
scoring_elements 0.84874
published_at 2026-04-04T12:55:00Z
3
value 0.02357
scoring_system epss
scoring_elements 0.84876
published_at 2026-04-07T12:55:00Z
4
value 0.02357
scoring_system epss
scoring_elements 0.84899
published_at 2026-04-08T12:55:00Z
5
value 0.02357
scoring_system epss
scoring_elements 0.84906
published_at 2026-04-09T12:55:00Z
6
value 0.02357
scoring_system epss
scoring_elements 0.84924
published_at 2026-04-11T12:55:00Z
7
value 0.02357
scoring_system epss
scoring_elements 0.84923
published_at 2026-04-12T12:55:00Z
8
value 0.02357
scoring_system epss
scoring_elements 0.84917
published_at 2026-04-13T12:55:00Z
9
value 0.02357
scoring_system epss
scoring_elements 0.84939
published_at 2026-04-18T12:55:00Z
10
value 0.02357
scoring_system epss
scoring_elements 0.84936
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-19206
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19206
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19206
2
reference_url https://usn.ubuntu.com/8132-1/
reference_id USN-8132-1
reference_type
scores
url https://usn.ubuntu.com/8132-1/
fixed_packages
0
url pkg:deb/debian/roundcube@1.2.3%2Bdfsg.1-4%2Bdeb9u6
purl pkg:deb/debian/roundcube@1.2.3%2Bdfsg.1-4%2Bdeb9u6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14vp-t71a-4bh1
1
vulnerability VCID-2eyy-k49d-m3af
2
vulnerability VCID-2hap-9mqs-v3b8
3
vulnerability VCID-2k4q-26tk-j3gx
4
vulnerability VCID-2nb2-9vgp-tqg9
5
vulnerability VCID-36et-26h7-pke7
6
vulnerability VCID-3kyu-tx4q-p3aq
7
vulnerability VCID-4yzj-hrqv-vbcp
8
vulnerability VCID-5yts-xnha-4bf3
9
vulnerability VCID-79me-pjdn-ykgq
10
vulnerability VCID-7nn6-aywu-z7g8
11
vulnerability VCID-8vmm-1hvf-17ap
12
vulnerability VCID-8xf2-hjfv-hybh
13
vulnerability VCID-9der-5csu-nbbq
14
vulnerability VCID-9ktu-55q4-3kau
15
vulnerability VCID-9uv1-gqq7-3kc9
16
vulnerability VCID-cjkd-2jr6-n7as
17
vulnerability VCID-ck88-1urs-2kes
18
vulnerability VCID-cnkc-vcp7-6kcw
19
vulnerability VCID-ddfq-28qm-2fbn
20
vulnerability VCID-fuh5-bwaq-yyfk
21
vulnerability VCID-gh6k-19h8-fqbf
22
vulnerability VCID-hg1a-vx5c-hue3
23
vulnerability VCID-j29t-cw2h-mfd8
24
vulnerability VCID-jck5-xymf-s3bh
25
vulnerability VCID-jqs5-8ct7-wfgk
26
vulnerability VCID-kyxz-v3sj-w3cw
27
vulnerability VCID-m4yc-ms54-zyhv
28
vulnerability VCID-ncbg-6m11-3qan
29
vulnerability VCID-qwak-6wgy-wfgs
30
vulnerability VCID-rc91-j3kf-zfch
31
vulnerability VCID-s6p1-rf35-euhy
32
vulnerability VCID-ts1p-pw9v-cbh3
33
vulnerability VCID-u8a4-4pe2-9kcb
34
vulnerability VCID-ub6x-9dku-c7fk
35
vulnerability VCID-ur1a-7tdn-h3hu
36
vulnerability VCID-vehj-ytsm-kqgz
37
vulnerability VCID-vtz8-zmp4-xbdh
38
vulnerability VCID-x9j7-98zt-6ygt
39
vulnerability VCID-xssa-fwbx-kybq
40
vulnerability VCID-ybv7-hqmj-nbgr
41
vulnerability VCID-z3kp-p8ch-myhz
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.2.3%252Bdfsg.1-4%252Bdeb9u6
1
url pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2
purl pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14vp-t71a-4bh1
1
vulnerability VCID-2eyy-k49d-m3af
2
vulnerability VCID-2hap-9mqs-v3b8
3
vulnerability VCID-2k4q-26tk-j3gx
4
vulnerability VCID-2nb2-9vgp-tqg9
5
vulnerability VCID-36et-26h7-pke7
6
vulnerability VCID-3kyu-tx4q-p3aq
7
vulnerability VCID-4yzj-hrqv-vbcp
8
vulnerability VCID-5yts-xnha-4bf3
9
vulnerability VCID-79me-pjdn-ykgq
10
vulnerability VCID-7nn6-aywu-z7g8
11
vulnerability VCID-8vmm-1hvf-17ap
12
vulnerability VCID-8xf2-hjfv-hybh
13
vulnerability VCID-9der-5csu-nbbq
14
vulnerability VCID-9uv1-gqq7-3kc9
15
vulnerability VCID-cjkd-2jr6-n7as
16
vulnerability VCID-ck88-1urs-2kes
17
vulnerability VCID-cnkc-vcp7-6kcw
18
vulnerability VCID-ddfq-28qm-2fbn
19
vulnerability VCID-gh6k-19h8-fqbf
20
vulnerability VCID-hg1a-vx5c-hue3
21
vulnerability VCID-jck5-xymf-s3bh
22
vulnerability VCID-jqs5-8ct7-wfgk
23
vulnerability VCID-kyxz-v3sj-w3cw
24
vulnerability VCID-m4yc-ms54-zyhv
25
vulnerability VCID-ncbg-6m11-3qan
26
vulnerability VCID-qwak-6wgy-wfgs
27
vulnerability VCID-rc91-j3kf-zfch
28
vulnerability VCID-s6p1-rf35-euhy
29
vulnerability VCID-u8a4-4pe2-9kcb
30
vulnerability VCID-ub6x-9dku-c7fk
31
vulnerability VCID-vehj-ytsm-kqgz
32
vulnerability VCID-vtz8-zmp4-xbdh
33
vulnerability VCID-x9j7-98zt-6ygt
34
vulnerability VCID-xssa-fwbx-kybq
35
vulnerability VCID-ybv7-hqmj-nbgr
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2
aliases CVE-2018-19206
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ts1p-pw9v-cbh3
11
url VCID-x9j7-98zt-6ygt
vulnerability_id VCID-x9j7-98zt-6ygt
summary 
A flaw in Roundcube's handling of configuration files may allow
    arbitrary code execution, amongst other vulnerabilities.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-12625
reference_id
reference_type
scores
0
value 0.0231
scoring_system epss
scoring_elements 0.84692
published_at 2026-04-01T12:55:00Z
1
value 0.0231
scoring_system epss
scoring_elements 0.84707
published_at 2026-04-02T12:55:00Z
2
value 0.0231
scoring_system epss
scoring_elements 0.84727
published_at 2026-04-04T12:55:00Z
3
value 0.0231
scoring_system epss
scoring_elements 0.84729
published_at 2026-04-07T12:55:00Z
4
value 0.0231
scoring_system epss
scoring_elements 0.84751
published_at 2026-04-08T12:55:00Z
5
value 0.0231
scoring_system epss
scoring_elements 0.84758
published_at 2026-04-09T12:55:00Z
6
value 0.0231
scoring_system epss
scoring_elements 0.84775
published_at 2026-04-11T12:55:00Z
7
value 0.0231
scoring_system epss
scoring_elements 0.84771
published_at 2026-04-12T12:55:00Z
8
value 0.0231
scoring_system epss
scoring_elements 0.84766
published_at 2026-04-13T12:55:00Z
9
value 0.0231
scoring_system epss
scoring_elements 0.84787
published_at 2026-04-16T12:55:00Z
10
value 0.0231
scoring_system epss
scoring_elements 0.84788
published_at 2026-04-18T12:55:00Z
11
value 0.0231
scoring_system epss
scoring_elements 0.84786
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-12625
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12625
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12625
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12626
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12626
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959140
reference_id 959140
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959140
4
reference_url https://security.gentoo.org/glsa/202007-41
reference_id GLSA-202007-41
reference_type
scores
url https://security.gentoo.org/glsa/202007-41
5
reference_url https://usn.ubuntu.com/USN-5182-1/
reference_id USN-USN-5182-1
reference_type
scores
url https://usn.ubuntu.com/USN-5182-1/
fixed_packages
0
url pkg:deb/debian/roundcube@1.2.3%2Bdfsg.1-4%2Bdeb9u6
purl pkg:deb/debian/roundcube@1.2.3%2Bdfsg.1-4%2Bdeb9u6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14vp-t71a-4bh1
1
vulnerability VCID-2eyy-k49d-m3af
2
vulnerability VCID-2hap-9mqs-v3b8
3
vulnerability VCID-2k4q-26tk-j3gx
4
vulnerability VCID-2nb2-9vgp-tqg9
5
vulnerability VCID-36et-26h7-pke7
6
vulnerability VCID-3kyu-tx4q-p3aq
7
vulnerability VCID-4yzj-hrqv-vbcp
8
vulnerability VCID-5yts-xnha-4bf3
9
vulnerability VCID-79me-pjdn-ykgq
10
vulnerability VCID-7nn6-aywu-z7g8
11
vulnerability VCID-8vmm-1hvf-17ap
12
vulnerability VCID-8xf2-hjfv-hybh
13
vulnerability VCID-9der-5csu-nbbq
14
vulnerability VCID-9ktu-55q4-3kau
15
vulnerability VCID-9uv1-gqq7-3kc9
16
vulnerability VCID-cjkd-2jr6-n7as
17
vulnerability VCID-ck88-1urs-2kes
18
vulnerability VCID-cnkc-vcp7-6kcw
19
vulnerability VCID-ddfq-28qm-2fbn
20
vulnerability VCID-fuh5-bwaq-yyfk
21
vulnerability VCID-gh6k-19h8-fqbf
22
vulnerability VCID-hg1a-vx5c-hue3
23
vulnerability VCID-j29t-cw2h-mfd8
24
vulnerability VCID-jck5-xymf-s3bh
25
vulnerability VCID-jqs5-8ct7-wfgk
26
vulnerability VCID-kyxz-v3sj-w3cw
27
vulnerability VCID-m4yc-ms54-zyhv
28
vulnerability VCID-ncbg-6m11-3qan
29
vulnerability VCID-qwak-6wgy-wfgs
30
vulnerability VCID-rc91-j3kf-zfch
31
vulnerability VCID-s6p1-rf35-euhy
32
vulnerability VCID-ts1p-pw9v-cbh3
33
vulnerability VCID-u8a4-4pe2-9kcb
34
vulnerability VCID-ub6x-9dku-c7fk
35
vulnerability VCID-ur1a-7tdn-h3hu
36
vulnerability VCID-vehj-ytsm-kqgz
37
vulnerability VCID-vtz8-zmp4-xbdh
38
vulnerability VCID-x9j7-98zt-6ygt
39
vulnerability VCID-xssa-fwbx-kybq
40
vulnerability VCID-ybv7-hqmj-nbgr
41
vulnerability VCID-z3kp-p8ch-myhz
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.2.3%252Bdfsg.1-4%252Bdeb9u6
1
url pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2
purl pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14vp-t71a-4bh1
1
vulnerability VCID-2eyy-k49d-m3af
2
vulnerability VCID-2hap-9mqs-v3b8
3
vulnerability VCID-2k4q-26tk-j3gx
4
vulnerability VCID-2nb2-9vgp-tqg9
5
vulnerability VCID-36et-26h7-pke7
6
vulnerability VCID-3kyu-tx4q-p3aq
7
vulnerability VCID-4yzj-hrqv-vbcp
8
vulnerability VCID-5yts-xnha-4bf3
9
vulnerability VCID-79me-pjdn-ykgq
10
vulnerability VCID-7nn6-aywu-z7g8
11
vulnerability VCID-8vmm-1hvf-17ap
12
vulnerability VCID-8xf2-hjfv-hybh
13
vulnerability VCID-9der-5csu-nbbq
14
vulnerability VCID-9uv1-gqq7-3kc9
15
vulnerability VCID-cjkd-2jr6-n7as
16
vulnerability VCID-ck88-1urs-2kes
17
vulnerability VCID-cnkc-vcp7-6kcw
18
vulnerability VCID-ddfq-28qm-2fbn
19
vulnerability VCID-gh6k-19h8-fqbf
20
vulnerability VCID-hg1a-vx5c-hue3
21
vulnerability VCID-jck5-xymf-s3bh
22
vulnerability VCID-jqs5-8ct7-wfgk
23
vulnerability VCID-kyxz-v3sj-w3cw
24
vulnerability VCID-m4yc-ms54-zyhv
25
vulnerability VCID-ncbg-6m11-3qan
26
vulnerability VCID-qwak-6wgy-wfgs
27
vulnerability VCID-rc91-j3kf-zfch
28
vulnerability VCID-s6p1-rf35-euhy
29
vulnerability VCID-u8a4-4pe2-9kcb
30
vulnerability VCID-ub6x-9dku-c7fk
31
vulnerability VCID-vehj-ytsm-kqgz
32
vulnerability VCID-vtz8-zmp4-xbdh
33
vulnerability VCID-x9j7-98zt-6ygt
34
vulnerability VCID-xssa-fwbx-kybq
35
vulnerability VCID-ybv7-hqmj-nbgr
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2
2
url pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4
purl pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hap-9mqs-v3b8
1
vulnerability VCID-2nb2-9vgp-tqg9
2
vulnerability VCID-3kyu-tx4q-p3aq
3
vulnerability VCID-4yzj-hrqv-vbcp
4
vulnerability VCID-5yts-xnha-4bf3
5
vulnerability VCID-8vmm-1hvf-17ap
6
vulnerability VCID-8xf2-hjfv-hybh
7
vulnerability VCID-9uv1-gqq7-3kc9
8
vulnerability VCID-ck88-1urs-2kes
9
vulnerability VCID-ddfq-28qm-2fbn
10
vulnerability VCID-gh6k-19h8-fqbf
11
vulnerability VCID-rdb5-bbvn-7fcq
12
vulnerability VCID-ub6x-9dku-c7fk
13
vulnerability VCID-vtz8-zmp4-xbdh
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4
aliases CVE-2020-12625
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x9j7-98zt-6ygt
12
url VCID-yerh-ssat-abah
vulnerability_id VCID-yerh-ssat-abah
summary rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted Cascading Style Sheets (CSS) token sequence within an SVG element.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-6820
reference_id
reference_type
scores
0
value 0.00556
scoring_system epss
scoring_elements 0.68172
published_at 2026-04-21T12:55:00Z
1
value 0.00556
scoring_system epss
scoring_elements 0.68078
published_at 2026-04-01T12:55:00Z
2
value 0.00556
scoring_system epss
scoring_elements 0.681
published_at 2026-04-02T12:55:00Z
3
value 0.00556
scoring_system epss
scoring_elements 0.68119
published_at 2026-04-04T12:55:00Z
4
value 0.00556
scoring_system epss
scoring_elements 0.68096
published_at 2026-04-07T12:55:00Z
5
value 0.00556
scoring_system epss
scoring_elements 0.68147
published_at 2026-04-08T12:55:00Z
6
value 0.00556
scoring_system epss
scoring_elements 0.68162
published_at 2026-04-09T12:55:00Z
7
value 0.00556
scoring_system epss
scoring_elements 0.68187
published_at 2026-04-11T12:55:00Z
8
value 0.00556
scoring_system epss
scoring_elements 0.68173
published_at 2026-04-12T12:55:00Z
9
value 0.00556
scoring_system epss
scoring_elements 0.6814
published_at 2026-04-13T12:55:00Z
10
value 0.00556
scoring_system epss
scoring_elements 0.68177
published_at 2026-04-16T12:55:00Z
11
value 0.00556
scoring_system epss
scoring_elements 0.6819
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-6820
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6820
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6820
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857473
reference_id 857473
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857473
3
reference_url https://security.archlinux.org/ASA-201703-10
reference_id ASA-201703-10
reference_type
scores
url https://security.archlinux.org/ASA-201703-10
4
reference_url https://security.archlinux.org/AVG-199
reference_id AVG-199
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-199
5
reference_url https://usn.ubuntu.com/8132-1/
reference_id USN-8132-1
reference_type
scores
url https://usn.ubuntu.com/8132-1/
fixed_packages
0
url pkg:deb/debian/roundcube@1.2.3%2Bdfsg.1-4%2Bdeb9u6
purl pkg:deb/debian/roundcube@1.2.3%2Bdfsg.1-4%2Bdeb9u6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14vp-t71a-4bh1
1
vulnerability VCID-2eyy-k49d-m3af
2
vulnerability VCID-2hap-9mqs-v3b8
3
vulnerability VCID-2k4q-26tk-j3gx
4
vulnerability VCID-2nb2-9vgp-tqg9
5
vulnerability VCID-36et-26h7-pke7
6
vulnerability VCID-3kyu-tx4q-p3aq
7
vulnerability VCID-4yzj-hrqv-vbcp
8
vulnerability VCID-5yts-xnha-4bf3
9
vulnerability VCID-79me-pjdn-ykgq
10
vulnerability VCID-7nn6-aywu-z7g8
11
vulnerability VCID-8vmm-1hvf-17ap
12
vulnerability VCID-8xf2-hjfv-hybh
13
vulnerability VCID-9der-5csu-nbbq
14
vulnerability VCID-9ktu-55q4-3kau
15
vulnerability VCID-9uv1-gqq7-3kc9
16
vulnerability VCID-cjkd-2jr6-n7as
17
vulnerability VCID-ck88-1urs-2kes
18
vulnerability VCID-cnkc-vcp7-6kcw
19
vulnerability VCID-ddfq-28qm-2fbn
20
vulnerability VCID-fuh5-bwaq-yyfk
21
vulnerability VCID-gh6k-19h8-fqbf
22
vulnerability VCID-hg1a-vx5c-hue3
23
vulnerability VCID-j29t-cw2h-mfd8
24
vulnerability VCID-jck5-xymf-s3bh
25
vulnerability VCID-jqs5-8ct7-wfgk
26
vulnerability VCID-kyxz-v3sj-w3cw
27
vulnerability VCID-m4yc-ms54-zyhv
28
vulnerability VCID-ncbg-6m11-3qan
29
vulnerability VCID-qwak-6wgy-wfgs
30
vulnerability VCID-rc91-j3kf-zfch
31
vulnerability VCID-s6p1-rf35-euhy
32
vulnerability VCID-ts1p-pw9v-cbh3
33
vulnerability VCID-u8a4-4pe2-9kcb
34
vulnerability VCID-ub6x-9dku-c7fk
35
vulnerability VCID-ur1a-7tdn-h3hu
36
vulnerability VCID-vehj-ytsm-kqgz
37
vulnerability VCID-vtz8-zmp4-xbdh
38
vulnerability VCID-x9j7-98zt-6ygt
39
vulnerability VCID-xssa-fwbx-kybq
40
vulnerability VCID-ybv7-hqmj-nbgr
41
vulnerability VCID-z3kp-p8ch-myhz
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.2.3%252Bdfsg.1-4%252Bdeb9u6
aliases CVE-2017-6820
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yerh-ssat-abah
13
url VCID-z3kp-p8ch-myhz
vulnerability_id VCID-z3kp-p8ch-myhz
summary security update
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-9846
reference_id
reference_type
scores
0
value 0.00852
scoring_system epss
scoring_elements 0.74869
published_at 2026-04-01T12:55:00Z
1
value 0.00852
scoring_system epss
scoring_elements 0.7487
published_at 2026-04-02T12:55:00Z
2
value 0.00852
scoring_system epss
scoring_elements 0.74899
published_at 2026-04-04T12:55:00Z
3
value 0.00852
scoring_system epss
scoring_elements 0.74947
published_at 2026-04-21T12:55:00Z
4
value 0.00876
scoring_system epss
scoring_elements 0.75344
published_at 2026-04-18T12:55:00Z
5
value 0.00876
scoring_system epss
scoring_elements 0.75299
published_at 2026-04-08T12:55:00Z
6
value 0.00876
scoring_system epss
scoring_elements 0.7531
published_at 2026-04-09T12:55:00Z
7
value 0.00876
scoring_system epss
scoring_elements 0.75331
published_at 2026-04-11T12:55:00Z
8
value 0.00876
scoring_system epss
scoring_elements 0.75309
published_at 2026-04-12T12:55:00Z
9
value 0.00876
scoring_system epss
scoring_elements 0.75298
published_at 2026-04-13T12:55:00Z
10
value 0.00876
scoring_system epss
scoring_elements 0.75256
published_at 2026-04-07T12:55:00Z
11
value 0.00876
scoring_system epss
scoring_elements 0.75337
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-9846
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9846
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9846
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895184
reference_id 895184
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895184
3
reference_url https://security.archlinux.org/ASA-201804-8
reference_id ASA-201804-8
reference_type
scores
url https://security.archlinux.org/ASA-201804-8
4
reference_url https://security.archlinux.org/AVG-670
reference_id AVG-670
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-670
5
reference_url https://usn.ubuntu.com/8132-1/
reference_id USN-8132-1
reference_type
scores
url https://usn.ubuntu.com/8132-1/
fixed_packages
0
url pkg:deb/debian/roundcube@1.2.3%2Bdfsg.1-4%2Bdeb9u6
purl pkg:deb/debian/roundcube@1.2.3%2Bdfsg.1-4%2Bdeb9u6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14vp-t71a-4bh1
1
vulnerability VCID-2eyy-k49d-m3af
2
vulnerability VCID-2hap-9mqs-v3b8
3
vulnerability VCID-2k4q-26tk-j3gx
4
vulnerability VCID-2nb2-9vgp-tqg9
5
vulnerability VCID-36et-26h7-pke7
6
vulnerability VCID-3kyu-tx4q-p3aq
7
vulnerability VCID-4yzj-hrqv-vbcp
8
vulnerability VCID-5yts-xnha-4bf3
9
vulnerability VCID-79me-pjdn-ykgq
10
vulnerability VCID-7nn6-aywu-z7g8
11
vulnerability VCID-8vmm-1hvf-17ap
12
vulnerability VCID-8xf2-hjfv-hybh
13
vulnerability VCID-9der-5csu-nbbq
14
vulnerability VCID-9ktu-55q4-3kau
15
vulnerability VCID-9uv1-gqq7-3kc9
16
vulnerability VCID-cjkd-2jr6-n7as
17
vulnerability VCID-ck88-1urs-2kes
18
vulnerability VCID-cnkc-vcp7-6kcw
19
vulnerability VCID-ddfq-28qm-2fbn
20
vulnerability VCID-fuh5-bwaq-yyfk
21
vulnerability VCID-gh6k-19h8-fqbf
22
vulnerability VCID-hg1a-vx5c-hue3
23
vulnerability VCID-j29t-cw2h-mfd8
24
vulnerability VCID-jck5-xymf-s3bh
25
vulnerability VCID-jqs5-8ct7-wfgk
26
vulnerability VCID-kyxz-v3sj-w3cw
27
vulnerability VCID-m4yc-ms54-zyhv
28
vulnerability VCID-ncbg-6m11-3qan
29
vulnerability VCID-qwak-6wgy-wfgs
30
vulnerability VCID-rc91-j3kf-zfch
31
vulnerability VCID-s6p1-rf35-euhy
32
vulnerability VCID-ts1p-pw9v-cbh3
33
vulnerability VCID-u8a4-4pe2-9kcb
34
vulnerability VCID-ub6x-9dku-c7fk
35
vulnerability VCID-ur1a-7tdn-h3hu
36
vulnerability VCID-vehj-ytsm-kqgz
37
vulnerability VCID-vtz8-zmp4-xbdh
38
vulnerability VCID-x9j7-98zt-6ygt
39
vulnerability VCID-xssa-fwbx-kybq
40
vulnerability VCID-ybv7-hqmj-nbgr
41
vulnerability VCID-z3kp-p8ch-myhz
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.2.3%252Bdfsg.1-4%252Bdeb9u6
1
url pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2
purl pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14vp-t71a-4bh1
1
vulnerability VCID-2eyy-k49d-m3af
2
vulnerability VCID-2hap-9mqs-v3b8
3
vulnerability VCID-2k4q-26tk-j3gx
4
vulnerability VCID-2nb2-9vgp-tqg9
5
vulnerability VCID-36et-26h7-pke7
6
vulnerability VCID-3kyu-tx4q-p3aq
7
vulnerability VCID-4yzj-hrqv-vbcp
8
vulnerability VCID-5yts-xnha-4bf3
9
vulnerability VCID-79me-pjdn-ykgq
10
vulnerability VCID-7nn6-aywu-z7g8
11
vulnerability VCID-8vmm-1hvf-17ap
12
vulnerability VCID-8xf2-hjfv-hybh
13
vulnerability VCID-9der-5csu-nbbq
14
vulnerability VCID-9uv1-gqq7-3kc9
15
vulnerability VCID-cjkd-2jr6-n7as
16
vulnerability VCID-ck88-1urs-2kes
17
vulnerability VCID-cnkc-vcp7-6kcw
18
vulnerability VCID-ddfq-28qm-2fbn
19
vulnerability VCID-gh6k-19h8-fqbf
20
vulnerability VCID-hg1a-vx5c-hue3
21
vulnerability VCID-jck5-xymf-s3bh
22
vulnerability VCID-jqs5-8ct7-wfgk
23
vulnerability VCID-kyxz-v3sj-w3cw
24
vulnerability VCID-m4yc-ms54-zyhv
25
vulnerability VCID-ncbg-6m11-3qan
26
vulnerability VCID-qwak-6wgy-wfgs
27
vulnerability VCID-rc91-j3kf-zfch
28
vulnerability VCID-s6p1-rf35-euhy
29
vulnerability VCID-u8a4-4pe2-9kcb
30
vulnerability VCID-ub6x-9dku-c7fk
31
vulnerability VCID-vehj-ytsm-kqgz
32
vulnerability VCID-vtz8-zmp4-xbdh
33
vulnerability VCID-x9j7-98zt-6ygt
34
vulnerability VCID-xssa-fwbx-kybq
35
vulnerability VCID-ybv7-hqmj-nbgr
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2
aliases CVE-2018-9846
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z3kp-p8ch-myhz
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.2.3%252Bdfsg.1-4%252Bdeb9u6