| 0 |
| url |
VCID-14vp-t71a-4bh1 |
| vulnerability_id |
VCID-14vp-t71a-4bh1 |
| summary |
security update |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-46144 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01055 |
| scoring_system |
epss |
| scoring_elements |
0.77528 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.01055 |
| scoring_system |
epss |
| scoring_elements |
0.77534 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.01055 |
| scoring_system |
epss |
| scoring_elements |
0.7756 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.01055 |
| scoring_system |
epss |
| scoring_elements |
0.77539 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.01055 |
| scoring_system |
epss |
| scoring_elements |
0.7757 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.01055 |
| scoring_system |
epss |
| scoring_elements |
0.77578 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.01055 |
| scoring_system |
epss |
| scoring_elements |
0.77604 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.01055 |
| scoring_system |
epss |
| scoring_elements |
0.77589 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.01055 |
| scoring_system |
epss |
| scoring_elements |
0.77588 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.01055 |
| scoring_system |
epss |
| scoring_elements |
0.77625 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.01055 |
| scoring_system |
epss |
| scoring_elements |
0.77623 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.01055 |
| scoring_system |
epss |
| scoring_elements |
0.77618 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-46144 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-46144
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-14vp-t71a-4bh1 |
|
| 1 |
| url |
VCID-1aph-76b1-eyhv |
| vulnerability_id |
VCID-1aph-76b1-eyhv |
| summary |
Cross-site scripting (XSS) vulnerability in the UI messages functionality in Roundcube Webmail before 0.5.4 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter to the default URI. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2011-2937 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00548 |
| scoring_system |
epss |
| scoring_elements |
0.67839 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00548 |
| scoring_system |
epss |
| scoring_elements |
0.67863 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00548 |
| scoring_system |
epss |
| scoring_elements |
0.67882 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00548 |
| scoring_system |
epss |
| scoring_elements |
0.67862 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00548 |
| scoring_system |
epss |
| scoring_elements |
0.67913 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00548 |
| scoring_system |
epss |
| scoring_elements |
0.67926 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00548 |
| scoring_system |
epss |
| scoring_elements |
0.6795 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00548 |
| scoring_system |
epss |
| scoring_elements |
0.67937 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00548 |
| scoring_system |
epss |
| scoring_elements |
0.67901 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00548 |
| scoring_system |
epss |
| scoring_elements |
0.67938 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00548 |
| scoring_system |
epss |
| scoring_elements |
0.67952 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00548 |
| scoring_system |
epss |
| scoring_elements |
0.67933 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2011-2937 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2011-2937
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1aph-76b1-eyhv |
|
| 2 |
| url |
VCID-23v8-vzqs-j3f6 |
| vulnerability_id |
VCID-23v8-vzqs-j3f6 |
| summary |
program/steps/addressbook/photo.inc in Roundcube Webmail before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via the _alt parameter when uploading a vCard. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5382 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01037 |
| scoring_system |
epss |
| scoring_elements |
0.77347 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.01037 |
| scoring_system |
epss |
| scoring_elements |
0.77354 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.01037 |
| scoring_system |
epss |
| scoring_elements |
0.77381 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.01037 |
| scoring_system |
epss |
| scoring_elements |
0.77361 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.01037 |
| scoring_system |
epss |
| scoring_elements |
0.77391 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.01037 |
| scoring_system |
epss |
| scoring_elements |
0.774 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.01037 |
| scoring_system |
epss |
| scoring_elements |
0.77427 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.01037 |
| scoring_system |
epss |
| scoring_elements |
0.77406 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.01037 |
| scoring_system |
epss |
| scoring_elements |
0.77403 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.01037 |
| scoring_system |
epss |
| scoring_elements |
0.77442 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.01037 |
| scoring_system |
epss |
| scoring_elements |
0.77441 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.01037 |
| scoring_system |
epss |
| scoring_elements |
0.77433 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5382 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-5382
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-23v8-vzqs-j3f6 |
|
| 3 |
| url |
VCID-2eyy-k49d-m3af |
| vulnerability_id |
VCID-2eyy-k49d-m3af |
| summary |
Multiple vulnerabilities have been discovered in Roundcube, the worst of which could lead to execution of arbitrary code. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-44026 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.64041 |
| scoring_system |
epss |
| scoring_elements |
0.98426 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.64041 |
| scoring_system |
epss |
| scoring_elements |
0.98422 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.64041 |
| scoring_system |
epss |
| scoring_elements |
0.9842 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.64041 |
| scoring_system |
epss |
| scoring_elements |
0.9844 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.64041 |
| scoring_system |
epss |
| scoring_elements |
0.98436 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.64041 |
| scoring_system |
epss |
| scoring_elements |
0.98432 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.64041 |
| scoring_system |
epss |
| scoring_elements |
0.98431 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.64041 |
| scoring_system |
epss |
| scoring_elements |
0.98428 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.72527 |
| scoring_system |
epss |
| scoring_elements |
0.98773 |
| published_at |
2026-04-21T12:55:00Z |
|
| 9 |
| value |
0.72527 |
| scoring_system |
epss |
| scoring_elements |
0.98772 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-44026 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://bugs.debian.org/1000156 |
| reference_id |
1000156 |
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
Act |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:33:07Z/ |
|
|
| url |
https://bugs.debian.org/1000156 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-44026
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
8.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2eyy-k49d-m3af |
|
| 4 |
| url |
VCID-2hap-9mqs-v3b8 |
| vulnerability_id |
VCID-2hap-9mqs-v3b8 |
| summary |
Roundcube Webmail: Incorrect password comparison in the password plugin |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-35541 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00032 |
| scoring_system |
epss |
| scoring_elements |
0.09324 |
| published_at |
2026-04-08T12:55:00Z |
|
| 1 |
| value |
0.00034 |
| scoring_system |
epss |
| scoring_elements |
0.10086 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.00034 |
| scoring_system |
epss |
| scoring_elements |
0.09983 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.00036 |
| scoring_system |
epss |
| scoring_elements |
0.10618 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.00036 |
| scoring_system |
epss |
| scoring_elements |
0.10604 |
| published_at |
2026-04-16T12:55:00Z |
|
| 5 |
| value |
0.00036 |
| scoring_system |
epss |
| scoring_elements |
0.10739 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.00036 |
| scoring_system |
epss |
| scoring_elements |
0.10764 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00036 |
| scoring_system |
epss |
| scoring_elements |
0.10796 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00036 |
| scoring_system |
epss |
| scoring_elements |
0.10782 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00036 |
| scoring_system |
epss |
| scoring_elements |
0.10743 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-35541 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-35541, GHSA-46pv-mj2g-93gh
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2hap-9mqs-v3b8 |
|
| 5 |
| url |
VCID-2k4q-26tk-j3gx |
| vulnerability_id |
VCID-2k4q-26tk-j3gx |
| summary |
security update |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-42010 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.14764 |
| scoring_system |
epss |
| scoring_elements |
0.94518 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.14764 |
| scoring_system |
epss |
| scoring_elements |
0.94467 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.14764 |
| scoring_system |
epss |
| scoring_elements |
0.94474 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.14764 |
| scoring_system |
epss |
| scoring_elements |
0.94476 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.14764 |
| scoring_system |
epss |
| scoring_elements |
0.94486 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.14764 |
| scoring_system |
epss |
| scoring_elements |
0.94489 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.14764 |
| scoring_system |
epss |
| scoring_elements |
0.94493 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.14764 |
| scoring_system |
epss |
| scoring_elements |
0.94495 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.14764 |
| scoring_system |
epss |
| scoring_elements |
0.94509 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.14764 |
| scoring_system |
epss |
| scoring_elements |
0.94513 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-42010 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-42010
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2k4q-26tk-j3gx |
|
| 6 |
| url |
VCID-2nb2-9vgp-tqg9 |
| vulnerability_id |
VCID-2nb2-9vgp-tqg9 |
| summary |
roundcubemail: Roundcube Webmail: Information Disclosure via HTML Style Sanitizer |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-68460 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00046 |
| scoring_system |
epss |
| scoring_elements |
0.14181 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00046 |
| scoring_system |
epss |
| scoring_elements |
0.14238 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.00046 |
| scoring_system |
epss |
| scoring_elements |
0.14053 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.00046 |
| scoring_system |
epss |
| scoring_elements |
0.14134 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00046 |
| scoring_system |
epss |
| scoring_elements |
0.14185 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00046 |
| scoring_system |
epss |
| scoring_elements |
0.14136 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00046 |
| scoring_system |
epss |
| scoring_elements |
0.14094 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00046 |
| scoring_system |
epss |
| scoring_elements |
0.1404 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.00046 |
| scoring_system |
epss |
| scoring_elements |
0.13935 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.00046 |
| scoring_system |
epss |
| scoring_elements |
0.13934 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.00056 |
| scoring_system |
epss |
| scoring_elements |
0.17503 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-68460 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-68460
|
| risk_score |
2.5 |
| exploitability |
0.5 |
| weighted_severity |
4.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2nb2-9vgp-tqg9 |
|
| 7 |
| url |
VCID-36et-26h7-pke7 |
| vulnerability_id |
VCID-36et-26h7-pke7 |
| summary |
security update |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-42008 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.57251 |
| scoring_system |
epss |
| scoring_elements |
0.98154 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.57251 |
| scoring_system |
epss |
| scoring_elements |
0.98136 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.57251 |
| scoring_system |
epss |
| scoring_elements |
0.98139 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.57251 |
| scoring_system |
epss |
| scoring_elements |
0.98141 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.57251 |
| scoring_system |
epss |
| scoring_elements |
0.98145 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.57251 |
| scoring_system |
epss |
| scoring_elements |
0.98146 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.57251 |
| scoring_system |
epss |
| scoring_elements |
0.98149 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.57251 |
| scoring_system |
epss |
| scoring_elements |
0.9815 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.57251 |
| scoring_system |
epss |
| scoring_elements |
0.98156 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.58573 |
| scoring_system |
epss |
| scoring_elements |
0.98218 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-42008 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-42008
|
| risk_score |
4.2 |
| exploitability |
0.5 |
| weighted_severity |
8.4 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-36et-26h7-pke7 |
|
| 8 |
| url |
VCID-3kyu-tx4q-p3aq |
| vulnerability_id |
VCID-3kyu-tx4q-p3aq |
| summary |
Roundcube Webmail Vulnerable to Authenticated RCE via PHP Object Deserialization
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-49113 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.90478 |
| scoring_system |
epss |
| scoring_elements |
0.99609 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.90891 |
| scoring_system |
epss |
| scoring_elements |
0.99636 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.91243 |
| scoring_system |
epss |
| scoring_elements |
0.99653 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.91574 |
| scoring_system |
epss |
| scoring_elements |
0.9967 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.91574 |
| scoring_system |
epss |
| scoring_elements |
0.99675 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.91574 |
| scoring_system |
epss |
| scoring_elements |
0.99674 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.91574 |
| scoring_system |
epss |
| scoring_elements |
0.99673 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.91574 |
| scoring_system |
epss |
| scoring_elements |
0.99672 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-49113 |
|
| 2 |
|
| 3 |
| reference_url |
https://fearsoff.org/research/roundcube |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
|
| 1 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 2 |
| value |
Attend |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-02-20T20:05:40Z/ |
|
|
| url |
https://fearsoff.org/research/roundcube |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-49113, GHSA-8j8w-wwqc-x596
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3kyu-tx4q-p3aq |
|
| 9 |
| url |
VCID-3rza-7fvy-guce |
| vulnerability_id |
VCID-3rza-7fvy-guce |
| summary |
Roundcube Webmail: Unsafe deserialization in the redis/memcache session handler |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-35537 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00018 |
| scoring_system |
epss |
| scoring_elements |
0.04547 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.0003 |
| scoring_system |
epss |
| scoring_elements |
0.08646 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.0003 |
| scoring_system |
epss |
| scoring_elements |
0.08564 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.0003 |
| scoring_system |
epss |
| scoring_elements |
0.08637 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.0004 |
| scoring_system |
epss |
| scoring_elements |
0.12111 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.0004 |
| scoring_system |
epss |
| scoring_elements |
0.12104 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13303 |
| published_at |
2026-04-18T12:55:00Z |
|
| 7 |
| value |
0.00047 |
| scoring_system |
epss |
| scoring_elements |
0.14317 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.00047 |
| scoring_system |
epss |
| scoring_elements |
0.14373 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-35537 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-35537, GHSA-rxj3-rrwm-pj4r
|
| risk_score |
1.6 |
| exploitability |
0.5 |
| weighted_severity |
3.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3rza-7fvy-guce |
|
| 10 |
| url |
VCID-489e-j7sj-5kgv |
| vulnerability_id |
VCID-489e-j7sj-5kgv |
| summary |
The DBMail driver in the Password plugin in Roundcube before 1.1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the password. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-2180 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.02743 |
| scoring_system |
epss |
| scoring_elements |
0.8592 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.02743 |
| scoring_system |
epss |
| scoring_elements |
0.85932 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.02743 |
| scoring_system |
epss |
| scoring_elements |
0.85948 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.02743 |
| scoring_system |
epss |
| scoring_elements |
0.8595 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.02743 |
| scoring_system |
epss |
| scoring_elements |
0.85969 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.02743 |
| scoring_system |
epss |
| scoring_elements |
0.85979 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.02743 |
| scoring_system |
epss |
| scoring_elements |
0.85993 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.02743 |
| scoring_system |
epss |
| scoring_elements |
0.85991 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.02743 |
| scoring_system |
epss |
| scoring_elements |
0.85986 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.02743 |
| scoring_system |
epss |
| scoring_elements |
0.86005 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.02743 |
| scoring_system |
epss |
| scoring_elements |
0.8601 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.02743 |
| scoring_system |
epss |
| scoring_elements |
0.86 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-2180 |
|
| 1 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-2180
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-489e-j7sj-5kgv |
|
| 11 |
| url |
VCID-4wpg-mwxc-pqhr |
| vulnerability_id |
VCID-4wpg-mwxc-pqhr |
| summary |
roundcubemail: privacy compromise via DNS prefetching in web mail |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2010-0464 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0026 |
| scoring_system |
epss |
| scoring_elements |
0.49342 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.0026 |
| scoring_system |
epss |
| scoring_elements |
0.4937 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.0026 |
| scoring_system |
epss |
| scoring_elements |
0.49398 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.0026 |
| scoring_system |
epss |
| scoring_elements |
0.49351 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.0026 |
| scoring_system |
epss |
| scoring_elements |
0.49406 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.0026 |
| scoring_system |
epss |
| scoring_elements |
0.49401 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.0026 |
| scoring_system |
epss |
| scoring_elements |
0.4942 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.0026 |
| scoring_system |
epss |
| scoring_elements |
0.49392 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.0026 |
| scoring_system |
epss |
| scoring_elements |
0.49395 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.0026 |
| scoring_system |
epss |
| scoring_elements |
0.4944 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.0026 |
| scoring_system |
epss |
| scoring_elements |
0.49437 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.0026 |
| scoring_system |
epss |
| scoring_elements |
0.49408 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2010-0464 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2010-0464
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4wpg-mwxc-pqhr |
|
| 12 |
| url |
VCID-4yzj-hrqv-vbcp |
| vulnerability_id |
VCID-4yzj-hrqv-vbcp |
| summary |
Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when "Block remote images" is used, does not block SVG feImage. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-25916 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00034 |
| scoring_system |
epss |
| scoring_elements |
0.09829 |
| published_at |
2026-04-07T12:55:00Z |
|
| 1 |
| value |
0.00034 |
| scoring_system |
epss |
| scoring_elements |
0.09789 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00034 |
| scoring_system |
epss |
| scoring_elements |
0.09906 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00034 |
| scoring_system |
epss |
| scoring_elements |
0.09931 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00034 |
| scoring_system |
epss |
| scoring_elements |
0.09968 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00034 |
| scoring_system |
epss |
| scoring_elements |
0.09956 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00034 |
| scoring_system |
epss |
| scoring_elements |
0.09904 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00039 |
| scoring_system |
epss |
| scoring_elements |
0.11763 |
| published_at |
2026-04-21T12:55:00Z |
|
| 8 |
| value |
0.00039 |
| scoring_system |
epss |
| scoring_elements |
0.11641 |
| published_at |
2026-04-18T12:55:00Z |
|
| 9 |
| value |
0.00041 |
| scoring_system |
epss |
| scoring_elements |
0.12448 |
| published_at |
2026-04-02T12:55:00Z |
|
| 10 |
| value |
0.00041 |
| scoring_system |
epss |
| scoring_elements |
0.12491 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-25916 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-25916
|
| risk_score |
1.9 |
| exploitability |
0.5 |
| weighted_severity |
3.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4yzj-hrqv-vbcp |
|
| 13 |
| url |
VCID-53mq-nmxf-eug3 |
| vulnerability_id |
VCID-53mq-nmxf-eug3 |
| summary |
steps/utils/modcss.inc in Roundcube Webmail before 0.5.1 does not properly verify that a request is an expected request for an external Cascading Style Sheets (CSS) stylesheet, which allows remote authenticated users to trigger arbitrary outbound TCP connections from the server, and possibly obtain sensitive information, via a crafted request. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2011-1492 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0039 |
| scoring_system |
epss |
| scoring_elements |
0.60058 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.0039 |
| scoring_system |
epss |
| scoring_elements |
0.59901 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.0039 |
| scoring_system |
epss |
| scoring_elements |
0.59979 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.0039 |
| scoring_system |
epss |
| scoring_elements |
0.60004 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.0039 |
| scoring_system |
epss |
| scoring_elements |
0.59975 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.0039 |
| scoring_system |
epss |
| scoring_elements |
0.60025 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.0039 |
| scoring_system |
epss |
| scoring_elements |
0.60038 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.0039 |
| scoring_system |
epss |
| scoring_elements |
0.60059 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.0039 |
| scoring_system |
epss |
| scoring_elements |
0.60043 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.0039 |
| scoring_system |
epss |
| scoring_elements |
0.60026 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.0039 |
| scoring_system |
epss |
| scoring_elements |
0.60066 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.0039 |
| scoring_system |
epss |
| scoring_elements |
0.60072 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2011-1492 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
|
| fixed_packages |
|
| aliases |
CVE-2011-1492
|
| risk_score |
2.5 |
| exploitability |
0.5 |
| weighted_severity |
5.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-53mq-nmxf-eug3 |
|
| 14 |
| url |
VCID-5yts-xnha-4bf3 |
| vulnerability_id |
VCID-5yts-xnha-4bf3 |
| summary |
Roundcube Webmail: Insufficient HTML attachment sanitization in preview mode |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-35539 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00036 |
| scoring_system |
epss |
| scoring_elements |
0.10724 |
| published_at |
2026-04-07T12:55:00Z |
|
| 1 |
| value |
0.00036 |
| scoring_system |
epss |
| scoring_elements |
0.10896 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11324 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.00041 |
| scoring_system |
epss |
| scoring_elements |
0.12306 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.00041 |
| scoring_system |
epss |
| scoring_elements |
0.12406 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.00041 |
| scoring_system |
epss |
| scoring_elements |
0.12446 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00041 |
| scoring_system |
epss |
| scoring_elements |
0.12484 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00041 |
| scoring_system |
epss |
| scoring_elements |
0.12511 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00041 |
| scoring_system |
epss |
| scoring_elements |
0.12417 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-35539 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-35539, GHSA-x4q5-8j5g-hpjc
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5yts-xnha-4bf3 |
|
| 15 |
| url |
VCID-76t7-q4pa-gkct |
| vulnerability_id |
VCID-76t7-q4pa-gkct |
| summary |
Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter to the default URI. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5381 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01182 |
| scoring_system |
epss |
| scoring_elements |
0.78708 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.01182 |
| scoring_system |
epss |
| scoring_elements |
0.78714 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.01182 |
| scoring_system |
epss |
| scoring_elements |
0.78745 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.01182 |
| scoring_system |
epss |
| scoring_elements |
0.78727 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.01182 |
| scoring_system |
epss |
| scoring_elements |
0.78753 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.01182 |
| scoring_system |
epss |
| scoring_elements |
0.7876 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.01182 |
| scoring_system |
epss |
| scoring_elements |
0.78784 |
| published_at |
2026-04-18T12:55:00Z |
|
| 7 |
| value |
0.01182 |
| scoring_system |
epss |
| scoring_elements |
0.78766 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.01182 |
| scoring_system |
epss |
| scoring_elements |
0.78758 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.01182 |
| scoring_system |
epss |
| scoring_elements |
0.78786 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.01182 |
| scoring_system |
epss |
| scoring_elements |
0.7878 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5381 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-5381
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-76t7-q4pa-gkct |
|
| 16 |
| url |
VCID-79me-pjdn-ykgq |
| vulnerability_id |
VCID-79me-pjdn-ykgq |
| summary |
A flaw in Roundcube's handling of configuration files may allow
arbitrary code execution, amongst other vulnerabilities. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-12640 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.22659 |
| scoring_system |
epss |
| scoring_elements |
0.95822 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.22659 |
| scoring_system |
epss |
| scoring_elements |
0.95831 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.22659 |
| scoring_system |
epss |
| scoring_elements |
0.95839 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.22659 |
| scoring_system |
epss |
| scoring_elements |
0.95842 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.22659 |
| scoring_system |
epss |
| scoring_elements |
0.9585 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.22659 |
| scoring_system |
epss |
| scoring_elements |
0.95854 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.22659 |
| scoring_system |
epss |
| scoring_elements |
0.95857 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.22659 |
| scoring_system |
epss |
| scoring_elements |
0.95856 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.22659 |
| scoring_system |
epss |
| scoring_elements |
0.95858 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.22659 |
| scoring_system |
epss |
| scoring_elements |
0.95869 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.22659 |
| scoring_system |
epss |
| scoring_elements |
0.95875 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.22659 |
| scoring_system |
epss |
| scoring_elements |
0.95877 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-12640 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-12640
|
| risk_score |
0.1 |
| exploitability |
0.5 |
| weighted_severity |
0.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-79me-pjdn-ykgq |
|
| 17 |
| url |
VCID-7hh1-8grz-7fa9 |
| vulnerability_id |
VCID-7hh1-8grz-7fa9 |
| summary |
include/iniset.php in Roundcube Webmail 0.5.4 and earlier, when PHP 5.3.7 or 5.3.8 is used, allows remote attackers to trigger a GET request for an arbitrary URL, and cause a denial of service (resource consumption and inbox outage), via a Subject header containing only a URL, a related issue to CVE-2011-3379. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2011-4078 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00859 |
| scoring_system |
epss |
| scoring_elements |
0.74969 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00859 |
| scoring_system |
epss |
| scoring_elements |
0.74973 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00859 |
| scoring_system |
epss |
| scoring_elements |
0.75002 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00859 |
| scoring_system |
epss |
| scoring_elements |
0.74978 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00859 |
| scoring_system |
epss |
| scoring_elements |
0.75012 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00859 |
| scoring_system |
epss |
| scoring_elements |
0.75023 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.00859 |
| scoring_system |
epss |
| scoring_elements |
0.75045 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00859 |
| scoring_system |
epss |
| scoring_elements |
0.75013 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.00859 |
| scoring_system |
epss |
| scoring_elements |
0.75049 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.00859 |
| scoring_system |
epss |
| scoring_elements |
0.75057 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.00859 |
| scoring_system |
epss |
| scoring_elements |
0.75046 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2011-4078 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2011-4078
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7hh1-8grz-7fa9 |
|
| 18 |
| url |
VCID-7nn6-aywu-z7g8 |
| vulnerability_id |
VCID-7nn6-aywu-z7g8 |
| summary |
security update |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-13964 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00872 |
| scoring_system |
epss |
| scoring_elements |
0.75174 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00872 |
| scoring_system |
epss |
| scoring_elements |
0.75177 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00872 |
| scoring_system |
epss |
| scoring_elements |
0.75208 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00872 |
| scoring_system |
epss |
| scoring_elements |
0.75184 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00872 |
| scoring_system |
epss |
| scoring_elements |
0.75219 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00872 |
| scoring_system |
epss |
| scoring_elements |
0.75231 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00872 |
| scoring_system |
epss |
| scoring_elements |
0.75252 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00872 |
| scoring_system |
epss |
| scoring_elements |
0.75229 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00872 |
| scoring_system |
epss |
| scoring_elements |
0.75218 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00872 |
| scoring_system |
epss |
| scoring_elements |
0.75256 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00872 |
| scoring_system |
epss |
| scoring_elements |
0.75263 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00872 |
| scoring_system |
epss |
| scoring_elements |
0.75254 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-13964 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-13964
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7nn6-aywu-z7g8 |
|
| 19 |
| url |
VCID-8keg-wbj1-8ua9 |
| vulnerability_id |
VCID-8keg-wbj1-8ua9 |
| summary |
The login form in Roundcube Webmail before 0.5.1 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account and then compose an e-mail message, related to a "login CSRF" issue. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2011-1491 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0039 |
| scoring_system |
epss |
| scoring_elements |
0.60058 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.0039 |
| scoring_system |
epss |
| scoring_elements |
0.59901 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.0039 |
| scoring_system |
epss |
| scoring_elements |
0.59979 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.0039 |
| scoring_system |
epss |
| scoring_elements |
0.60004 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.0039 |
| scoring_system |
epss |
| scoring_elements |
0.59975 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.0039 |
| scoring_system |
epss |
| scoring_elements |
0.60025 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.0039 |
| scoring_system |
epss |
| scoring_elements |
0.60038 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.0039 |
| scoring_system |
epss |
| scoring_elements |
0.60059 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.0039 |
| scoring_system |
epss |
| scoring_elements |
0.60043 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.0039 |
| scoring_system |
epss |
| scoring_elements |
0.60026 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.0039 |
| scoring_system |
epss |
| scoring_elements |
0.60066 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.0039 |
| scoring_system |
epss |
| scoring_elements |
0.60072 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2011-1491 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
|
| fixed_packages |
|
| aliases |
CVE-2011-1491
|
| risk_score |
1.6 |
| exploitability |
0.5 |
| weighted_severity |
3.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8keg-wbj1-8ua9 |
|
| 20 |
| url |
VCID-8vmm-1hvf-17ap |
| vulnerability_id |
VCID-8vmm-1hvf-17ap |
| summary |
Roundcube: Bypass of remote image blocking via crafted BODY background attribute |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-35542 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00033 |
| scoring_system |
epss |
| scoring_elements |
0.09403 |
| published_at |
2026-04-08T12:55:00Z |
|
| 1 |
| value |
0.00034 |
| scoring_system |
epss |
| scoring_elements |
0.10167 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.00034 |
| scoring_system |
epss |
| scoring_elements |
0.10062 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.12975 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.12972 |
| published_at |
2026-04-16T12:55:00Z |
|
| 5 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.1307 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.13122 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.1316 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.13191 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.13072 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-35542 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-35542, GHSA-5hf6-crg4-fg59
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8vmm-1hvf-17ap |
|
| 21 |
| url |
VCID-8xf2-hjfv-hybh |
| vulnerability_id |
VCID-8xf2-hjfv-hybh |
| summary |
Roundcube Webmail: Insufficient CSS sanitization in HTML e-mail messages |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-35544 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00034 |
| scoring_system |
epss |
| scoring_elements |
0.10066 |
| published_at |
2026-04-07T12:55:00Z |
|
| 1 |
| value |
0.00034 |
| scoring_system |
epss |
| scoring_elements |
0.1017 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.00034 |
| scoring_system |
epss |
| scoring_elements |
0.1014 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.12978 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.12975 |
| published_at |
2026-04-16T12:55:00Z |
|
| 5 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.13074 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.13126 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.13164 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.13195 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.13076 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-35544 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-35544, GHSA-xpqh-grpw-4xmg
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8xf2-hjfv-hybh |
|
| 22 |
| url |
VCID-9der-5csu-nbbq |
| vulnerability_id |
VCID-9der-5csu-nbbq |
| summary |
security update |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-42009 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.91411 |
| scoring_system |
epss |
| scoring_elements |
0.99657 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.91411 |
| scoring_system |
epss |
| scoring_elements |
0.99666 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.91411 |
| scoring_system |
epss |
| scoring_elements |
0.99665 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.91411 |
| scoring_system |
epss |
| scoring_elements |
0.99664 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.91411 |
| scoring_system |
epss |
| scoring_elements |
0.99663 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.91411 |
| scoring_system |
epss |
| scoring_elements |
0.99662 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.91411 |
| scoring_system |
epss |
| scoring_elements |
0.99661 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.91411 |
| scoring_system |
epss |
| scoring_elements |
0.9966 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.91411 |
| scoring_system |
epss |
| scoring_elements |
0.99658 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-42009 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-42009
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
8.4 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9der-5csu-nbbq |
|
| 23 |
| url |
VCID-9ktu-55q4-3kau |
| vulnerability_id |
VCID-9ktu-55q4-3kau |
| summary |
Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which makes it easier for attackers to obtain sensitive information, a related issue to CVE-2017-17688. This is associated with plugins/enigma/lib/enigma_driver_gnupg.php. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-19205 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.55201 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.553 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.55324 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.55306 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.55356 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.55357 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.55368 |
| published_at |
2026-04-18T12:55:00Z |
|
| 7 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.55346 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.55327 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.55364 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00322 |
| scoring_system |
epss |
| scoring_elements |
0.55347 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-19205 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-19205
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9ktu-55q4-3kau |
|
| 24 |
| url |
VCID-9uqr-ph81-gfef |
| vulnerability_id |
VCID-9uqr-ph81-gfef |
| summary |
Multiple buffer overflows in the DBMail driver in the Password plugin in Roundcube before 1.1.0 allow remote attackers to have unspecified impact via the (1) password or (2) username. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-2181 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00764 |
| scoring_system |
epss |
| scoring_elements |
0.73379 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00764 |
| scoring_system |
epss |
| scoring_elements |
0.73388 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00764 |
| scoring_system |
epss |
| scoring_elements |
0.7341 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00764 |
| scoring_system |
epss |
| scoring_elements |
0.73382 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00764 |
| scoring_system |
epss |
| scoring_elements |
0.73419 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00764 |
| scoring_system |
epss |
| scoring_elements |
0.73433 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00764 |
| scoring_system |
epss |
| scoring_elements |
0.73456 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00764 |
| scoring_system |
epss |
| scoring_elements |
0.73436 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00764 |
| scoring_system |
epss |
| scoring_elements |
0.73429 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00764 |
| scoring_system |
epss |
| scoring_elements |
0.73472 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00764 |
| scoring_system |
epss |
| scoring_elements |
0.7348 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00764 |
| scoring_system |
epss |
| scoring_elements |
0.73474 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-2181 |
|
| 1 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-2181
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9uqr-ph81-gfef |
|
| 25 |
| url |
VCID-9uv1-gqq7-3kc9 |
| vulnerability_id |
VCID-9uv1-gqq7-3kc9 |
| summary |
roundcubemail: Roundcube Webmail: Cross-Site Scripting (XSS) vulnerability via crafted SVG animate tag |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-68461 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.06437 |
| scoring_system |
epss |
| scoring_elements |
0.91026 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.06437 |
| scoring_system |
epss |
| scoring_elements |
0.91017 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.06833 |
| scoring_system |
epss |
| scoring_elements |
0.91329 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.06833 |
| scoring_system |
epss |
| scoring_elements |
0.91316 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.06833 |
| scoring_system |
epss |
| scoring_elements |
0.91334 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.06833 |
| scoring_system |
epss |
| scoring_elements |
0.91341 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.06833 |
| scoring_system |
epss |
| scoring_elements |
0.91344 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.06833 |
| scoring_system |
epss |
| scoring_elements |
0.91343 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.06833 |
| scoring_system |
epss |
| scoring_elements |
0.91368 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.06974 |
| scoring_system |
epss |
| scoring_elements |
0.91471 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.08521 |
| scoring_system |
epss |
| scoring_elements |
0.92395 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-68461 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-68461
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
6.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9uv1-gqq7-3kc9 |
|
| 26 |
| url |
VCID-am6h-k37a-j3au |
| vulnerability_id |
VCID-am6h-k37a-j3au |
| summary |
Cross-site scripting (XSS) vulnerability in Roundcube webmail 1.0-git allows remote authenticated users to inject arbitrary web script or HTML via the Name field of an addressbook group. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-5646 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00159 |
| scoring_system |
epss |
| scoring_elements |
0.36672 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00159 |
| scoring_system |
epss |
| scoring_elements |
0.36827 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00159 |
| scoring_system |
epss |
| scoring_elements |
0.36859 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00159 |
| scoring_system |
epss |
| scoring_elements |
0.36695 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00159 |
| scoring_system |
epss |
| scoring_elements |
0.36745 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00159 |
| scoring_system |
epss |
| scoring_elements |
0.36762 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00159 |
| scoring_system |
epss |
| scoring_elements |
0.36771 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00159 |
| scoring_system |
epss |
| scoring_elements |
0.36736 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00159 |
| scoring_system |
epss |
| scoring_elements |
0.3671 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00159 |
| scoring_system |
epss |
| scoring_elements |
0.36755 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00159 |
| scoring_system |
epss |
| scoring_elements |
0.36737 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00159 |
| scoring_system |
epss |
| scoring_elements |
0.36678 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-5646 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-5646
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-am6h-k37a-j3au |
|
| 27 |
| url |
VCID-brmp-djyb-q3b7 |
| vulnerability_id |
VCID-brmp-djyb-q3b7 |
| summary |
Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail before 1.1.5 allows remote attackers to hijack the authentication of users for requests that download attachments and cause a denial of service (disk consumption) via unspecified vectors. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-4069 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01131 |
| scoring_system |
epss |
| scoring_elements |
0.78273 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.01131 |
| scoring_system |
epss |
| scoring_elements |
0.7828 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.01131 |
| scoring_system |
epss |
| scoring_elements |
0.78312 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.01131 |
| scoring_system |
epss |
| scoring_elements |
0.78293 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.01131 |
| scoring_system |
epss |
| scoring_elements |
0.7832 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.01131 |
| scoring_system |
epss |
| scoring_elements |
0.78326 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.01131 |
| scoring_system |
epss |
| scoring_elements |
0.78352 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.01131 |
| scoring_system |
epss |
| scoring_elements |
0.78335 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.01131 |
| scoring_system |
epss |
| scoring_elements |
0.78328 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.01131 |
| scoring_system |
epss |
| scoring_elements |
0.78357 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.01131 |
| scoring_system |
epss |
| scoring_elements |
0.78355 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.01131 |
| scoring_system |
epss |
| scoring_elements |
0.78353 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-4069 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-4069
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-brmp-djyb-q3b7 |
|
| 28 |
| url |
VCID-c196-941x-8kfj |
| vulnerability_id |
VCID-c196-941x-8kfj |
| summary |
Absolute path traversal vulnerability in steps/mail/sendmail.inc in Roundcube Webmail before 0.7.3 and 0.8.x before 0.8.6 allows remote attackers to read arbitrary files via a full pathname in the _value parameter for the generic_message_footer setting in a save-perf action to index.php, as exploited in the wild in March 2013. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-1904 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0034 |
| scoring_system |
epss |
| scoring_elements |
0.56609 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.0034 |
| scoring_system |
epss |
| scoring_elements |
0.56704 |
| published_at |
2026-04-07T12:55:00Z |
|
| 2 |
| value |
0.0034 |
| scoring_system |
epss |
| scoring_elements |
0.56726 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.0034 |
| scoring_system |
epss |
| scoring_elements |
0.56755 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.0034 |
| scoring_system |
epss |
| scoring_elements |
0.5676 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.0034 |
| scoring_system |
epss |
| scoring_elements |
0.56769 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.0034 |
| scoring_system |
epss |
| scoring_elements |
0.56746 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.0034 |
| scoring_system |
epss |
| scoring_elements |
0.56725 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.0034 |
| scoring_system |
epss |
| scoring_elements |
0.56756 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.0034 |
| scoring_system |
epss |
| scoring_elements |
0.56753 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.0034 |
| scoring_system |
epss |
| scoring_elements |
0.56728 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-1904 |
|
| 1 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-1904
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-c196-941x-8kfj |
|
| 29 |
| url |
VCID-c4ys-1wzp-vqej |
| vulnerability_id |
VCID-c4ys-1wzp-vqej |
| summary |
A vulnerability in RoundCube may allow authenticated users to
bypass security restrictions. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-8114 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00632 |
| scoring_system |
epss |
| scoring_elements |
0.70357 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00632 |
| scoring_system |
epss |
| scoring_elements |
0.70375 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00632 |
| scoring_system |
epss |
| scoring_elements |
0.70261 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00632 |
| scoring_system |
epss |
| scoring_elements |
0.70274 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00632 |
| scoring_system |
epss |
| scoring_elements |
0.70291 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00632 |
| scoring_system |
epss |
| scoring_elements |
0.70267 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00632 |
| scoring_system |
epss |
| scoring_elements |
0.70313 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00632 |
| scoring_system |
epss |
| scoring_elements |
0.70328 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00632 |
| scoring_system |
epss |
| scoring_elements |
0.70351 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00632 |
| scoring_system |
epss |
| scoring_elements |
0.70336 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00632 |
| scoring_system |
epss |
| scoring_elements |
0.70323 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00632 |
| scoring_system |
epss |
| scoring_elements |
0.70366 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-8114 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-8114
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
7.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-c4ys-1wzp-vqej |
|
| 30 |
| url |
VCID-cjkd-2jr6-n7as |
| vulnerability_id |
VCID-cjkd-2jr6-n7as |
| summary |
roundcubemail: allows XSS via SVG animate attributes |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-37383 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.64028 |
| scoring_system |
epss |
| scoring_elements |
0.98431 |
| published_at |
2026-04-09T12:55:00Z |
|
| 1 |
| value |
0.64028 |
| scoring_system |
epss |
| scoring_elements |
0.98438 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.64028 |
| scoring_system |
epss |
| scoring_elements |
0.98439 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.64028 |
| scoring_system |
epss |
| scoring_elements |
0.98435 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.64519 |
| scoring_system |
epss |
| scoring_elements |
0.98441 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.64519 |
| scoring_system |
epss |
| scoring_elements |
0.98444 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.64519 |
| scoring_system |
epss |
| scoring_elements |
0.98446 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.64519 |
| scoring_system |
epss |
| scoring_elements |
0.9845 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-37383 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-37383
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-cjkd-2jr6-n7as |
|
| 31 |
| url |
VCID-ck88-1urs-2kes |
| vulnerability_id |
VCID-ck88-1urs-2kes |
| summary |
Roundcube Webmail: Bypass of remote image blocking via SVG content (with animate attributes) in an e-mail message |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-35543 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00033 |
| scoring_system |
epss |
| scoring_elements |
0.09403 |
| published_at |
2026-04-08T12:55:00Z |
|
| 1 |
| value |
0.00034 |
| scoring_system |
epss |
| scoring_elements |
0.10167 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.00034 |
| scoring_system |
epss |
| scoring_elements |
0.10062 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.12975 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.12972 |
| published_at |
2026-04-16T12:55:00Z |
|
| 5 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.1307 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.13122 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.1316 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.13191 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.13072 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-35543 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-35543, GHSA-j2g6-8rvg-7mf6
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ck88-1urs-2kes |
|
| 32 |
| url |
VCID-cnkc-vcp7-6kcw |
| vulnerability_id |
VCID-cnkc-vcp7-6kcw |
| summary |
A flaw in Roundcube's handling of configuration files may allow
arbitrary code execution, amongst other vulnerabilities. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-12626 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01288 |
| scoring_system |
epss |
| scoring_elements |
0.79589 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.01288 |
| scoring_system |
epss |
| scoring_elements |
0.79596 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.01288 |
| scoring_system |
epss |
| scoring_elements |
0.79618 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.01288 |
| scoring_system |
epss |
| scoring_elements |
0.79605 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.01288 |
| scoring_system |
epss |
| scoring_elements |
0.79634 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.01288 |
| scoring_system |
epss |
| scoring_elements |
0.79642 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.01288 |
| scoring_system |
epss |
| scoring_elements |
0.79662 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.01288 |
| scoring_system |
epss |
| scoring_elements |
0.79647 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.01288 |
| scoring_system |
epss |
| scoring_elements |
0.79639 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.01288 |
| scoring_system |
epss |
| scoring_elements |
0.7967 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.01288 |
| scoring_system |
epss |
| scoring_elements |
0.79669 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.01288 |
| scoring_system |
epss |
| scoring_elements |
0.79673 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-12626 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-12626
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-cnkc-vcp7-6kcw |
|
| 33 |
| url |
VCID-cqkb-9pzc-skf1 |
| vulnerability_id |
VCID-cqkb-9pzc-skf1 |
| summary |
Cross-site scripting (XSS) vulnerability in program/steps/mail/func.inc in RoundCube Webmail before 0.8.0, when using the Larry skin, allows remote attackers to inject arbitrary web script or HTML via the email message subject. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-3507 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00407 |
| scoring_system |
epss |
| scoring_elements |
0.61166 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00407 |
| scoring_system |
epss |
| scoring_elements |
0.61014 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00407 |
| scoring_system |
epss |
| scoring_elements |
0.61091 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00407 |
| scoring_system |
epss |
| scoring_elements |
0.61119 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00407 |
| scoring_system |
epss |
| scoring_elements |
0.61085 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00407 |
| scoring_system |
epss |
| scoring_elements |
0.61134 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00407 |
| scoring_system |
epss |
| scoring_elements |
0.61149 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00407 |
| scoring_system |
epss |
| scoring_elements |
0.6117 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00407 |
| scoring_system |
epss |
| scoring_elements |
0.61156 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00407 |
| scoring_system |
epss |
| scoring_elements |
0.61137 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00407 |
| scoring_system |
epss |
| scoring_elements |
0.61178 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00407 |
| scoring_system |
epss |
| scoring_elements |
0.61184 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-3507 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
|
| fixed_packages |
|
| aliases |
CVE-2012-3507
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-cqkb-9pzc-skf1 |
|
| 34 |
| url |
VCID-ddfq-28qm-2fbn |
| vulnerability_id |
VCID-ddfq-28qm-2fbn |
| summary |
Roundcube Webmail: Remote image blocking feature can be bypassed via SVG content in an e-mail message |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-35545 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00034 |
| scoring_system |
epss |
| scoring_elements |
0.10066 |
| published_at |
2026-04-07T12:55:00Z |
|
| 1 |
| value |
0.00034 |
| scoring_system |
epss |
| scoring_elements |
0.1017 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.00034 |
| scoring_system |
epss |
| scoring_elements |
0.09759 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13391 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13393 |
| published_at |
2026-04-16T12:55:00Z |
|
| 5 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13482 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13529 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13567 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13595 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13463 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-35545 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-35545, GHSA-w846-74jr-76cv
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ddfq-28qm-2fbn |
|
| 35 |
| url |
VCID-dska-q14x-sqfr |
| vulnerability_id |
VCID-dska-q14x-sqfr |
| summary |
roundcubemail: DoS due insufficient quota image size paramaters checking (use excessive amount of memory) |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2008-5620 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00568 |
| scoring_system |
epss |
| scoring_elements |
0.68575 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00568 |
| scoring_system |
epss |
| scoring_elements |
0.68458 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00568 |
| scoring_system |
epss |
| scoring_elements |
0.68476 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00568 |
| scoring_system |
epss |
| scoring_elements |
0.68495 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00568 |
| scoring_system |
epss |
| scoring_elements |
0.68472 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00568 |
| scoring_system |
epss |
| scoring_elements |
0.68522 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.00568 |
| scoring_system |
epss |
| scoring_elements |
0.68539 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00568 |
| scoring_system |
epss |
| scoring_elements |
0.68565 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00568 |
| scoring_system |
epss |
| scoring_elements |
0.68553 |
| published_at |
2026-04-21T12:55:00Z |
|
| 9 |
| value |
0.00568 |
| scoring_system |
epss |
| scoring_elements |
0.68562 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2008-5620 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
|
| fixed_packages |
|
| aliases |
CVE-2008-5620
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dska-q14x-sqfr |
|
| 36 |
| url |
VCID-dzu5-531f-qqgy |
| vulnerability_id |
VCID-dzu5-531f-qqgy |
| summary |
program/lib/Roundcube/rcube_washtml.php in Roundcube before 1.0.5 does not properly quote strings, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the style attribute in an email. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-1433 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00679 |
| scoring_system |
epss |
| scoring_elements |
0.71508 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00679 |
| scoring_system |
epss |
| scoring_elements |
0.71514 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00679 |
| scoring_system |
epss |
| scoring_elements |
0.71531 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00679 |
| scoring_system |
epss |
| scoring_elements |
0.71504 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00679 |
| scoring_system |
epss |
| scoring_elements |
0.71544 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00679 |
| scoring_system |
epss |
| scoring_elements |
0.71556 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00679 |
| scoring_system |
epss |
| scoring_elements |
0.71579 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00679 |
| scoring_system |
epss |
| scoring_elements |
0.71563 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00679 |
| scoring_system |
epss |
| scoring_elements |
0.71545 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00679 |
| scoring_system |
epss |
| scoring_elements |
0.71591 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00679 |
| scoring_system |
epss |
| scoring_elements |
0.71597 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00679 |
| scoring_system |
epss |
| scoring_elements |
0.71576 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-1433 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-1433
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dzu5-531f-qqgy |
|
| 37 |
| url |
VCID-eewu-36xn-myf9 |
| vulnerability_id |
VCID-eewu-36xn-myf9 |
| summary |
Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 on Windows allows command injection via im_convert_path and im_identify_path. NOTE: this issue exists because of an incomplete fix for CVE-2020-12641. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-37385 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00832 |
| scoring_system |
epss |
| scoring_elements |
0.74608 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00832 |
| scoring_system |
epss |
| scoring_elements |
0.74577 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.00832 |
| scoring_system |
epss |
| scoring_elements |
0.746 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.00832 |
| scoring_system |
epss |
| scoring_elements |
0.74581 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00832 |
| scoring_system |
epss |
| scoring_elements |
0.74572 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.00832 |
| scoring_system |
epss |
| scoring_elements |
0.74609 |
| published_at |
2026-04-16T12:55:00Z |
|
| 6 |
| value |
0.00832 |
| scoring_system |
epss |
| scoring_elements |
0.74617 |
| published_at |
2026-04-18T12:55:00Z |
|
| 7 |
| value |
0.00832 |
| scoring_system |
epss |
| scoring_elements |
0.74528 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.00832 |
| scoring_system |
epss |
| scoring_elements |
0.74555 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00832 |
| scoring_system |
epss |
| scoring_elements |
0.74529 |
| published_at |
2026-04-07T12:55:00Z |
|
| 10 |
| value |
0.00832 |
| scoring_system |
epss |
| scoring_elements |
0.74561 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-37385 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-37385
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-eewu-36xn-myf9 |
|
| 38 |
| url |
VCID-ekhg-mmjb-v3c3 |
| vulnerability_id |
VCID-ekhg-mmjb-v3c3 |
| summary |
A vulnerability in Roundcube could potentially lead to arbitrary
code execution. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-9920 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.38304 |
| scoring_system |
epss |
| scoring_elements |
0.97202 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.38304 |
| scoring_system |
epss |
| scoring_elements |
0.97208 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.38304 |
| scoring_system |
epss |
| scoring_elements |
0.97213 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.38304 |
| scoring_system |
epss |
| scoring_elements |
0.97214 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.38304 |
| scoring_system |
epss |
| scoring_elements |
0.97224 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.38304 |
| scoring_system |
epss |
| scoring_elements |
0.97225 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.38304 |
| scoring_system |
epss |
| scoring_elements |
0.97228 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.38304 |
| scoring_system |
epss |
| scoring_elements |
0.97229 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.38304 |
| scoring_system |
epss |
| scoring_elements |
0.9723 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.38304 |
| scoring_system |
epss |
| scoring_elements |
0.97238 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.38304 |
| scoring_system |
epss |
| scoring_elements |
0.9724 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.38304 |
| scoring_system |
epss |
| scoring_elements |
0.97243 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-9920 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-9920
|
| risk_score |
0.1 |
| exploitability |
0.5 |
| weighted_severity |
0.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ekhg-mmjb-v3c3 |
|
| 39 |
| url |
VCID-fuh5-bwaq-yyfk |
| vulnerability_id |
VCID-fuh5-bwaq-yyfk |
| summary |
security update |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-16651 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.33307 |
| scoring_system |
epss |
| scoring_elements |
0.96923 |
| published_at |
2026-04-16T12:55:00Z |
|
| 1 |
| value |
0.33307 |
| scoring_system |
epss |
| scoring_elements |
0.9693 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.33307 |
| scoring_system |
epss |
| scoring_elements |
0.96916 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.33307 |
| scoring_system |
epss |
| scoring_elements |
0.96915 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.33307 |
| scoring_system |
epss |
| scoring_elements |
0.96913 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.33307 |
| scoring_system |
epss |
| scoring_elements |
0.9691 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.33307 |
| scoring_system |
epss |
| scoring_elements |
0.96909 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.33307 |
| scoring_system |
epss |
| scoring_elements |
0.969 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.33307 |
| scoring_system |
epss |
| scoring_elements |
0.96896 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.33307 |
| scoring_system |
epss |
| scoring_elements |
0.96927 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.35232 |
| scoring_system |
epss |
| scoring_elements |
0.9701 |
| published_at |
2026-04-01T12:55:00Z |
|
| 11 |
| value |
0.35232 |
| scoring_system |
epss |
| scoring_elements |
0.97018 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-16651 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-16651
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fuh5-bwaq-yyfk |
|
| 40 |
| url |
VCID-g7dn-kxs3-p7bx |
| vulnerability_id |
VCID-g7dn-kxs3-p7bx |
| summary |
Multiple vulnerabilities have been found in Roundcube allowing
remote authenticated users to execute arbitrary code, inject arbitrary web
scripts, and perform cross-site scripting (XSS). |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-8770 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.28303 |
| scoring_system |
epss |
| scoring_elements |
0.96521 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.28303 |
| scoring_system |
epss |
| scoring_elements |
0.9652 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.28303 |
| scoring_system |
epss |
| scoring_elements |
0.96474 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.28303 |
| scoring_system |
epss |
| scoring_elements |
0.96483 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.28303 |
| scoring_system |
epss |
| scoring_elements |
0.96487 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.28303 |
| scoring_system |
epss |
| scoring_elements |
0.96491 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.28303 |
| scoring_system |
epss |
| scoring_elements |
0.965 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.28303 |
| scoring_system |
epss |
| scoring_elements |
0.96502 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.28303 |
| scoring_system |
epss |
| scoring_elements |
0.96506 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.28303 |
| scoring_system |
epss |
| scoring_elements |
0.96509 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.28303 |
| scoring_system |
epss |
| scoring_elements |
0.96515 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-8770 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-8770
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-g7dn-kxs3-p7bx |
|
| 41 |
| url |
VCID-gh6k-19h8-fqbf |
| vulnerability_id |
VCID-gh6k-19h8-fqbf |
| summary |
Roundcube Webmail: Unsanitized IMAP SEARCH command arguments |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-35538 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00036 |
| scoring_system |
epss |
| scoring_elements |
0.10455 |
| published_at |
2026-04-07T12:55:00Z |
|
| 1 |
| value |
0.00036 |
| scoring_system |
epss |
| scoring_elements |
0.10593 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.00037 |
| scoring_system |
epss |
| scoring_elements |
0.11044 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.00041 |
| scoring_system |
epss |
| scoring_elements |
0.12436 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.00041 |
| scoring_system |
epss |
| scoring_elements |
0.12431 |
| published_at |
2026-04-16T12:55:00Z |
|
| 5 |
| value |
0.00041 |
| scoring_system |
epss |
| scoring_elements |
0.12527 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.00041 |
| scoring_system |
epss |
| scoring_elements |
0.12566 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00041 |
| scoring_system |
epss |
| scoring_elements |
0.12607 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00041 |
| scoring_system |
epss |
| scoring_elements |
0.1264 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00041 |
| scoring_system |
epss |
| scoring_elements |
0.12551 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-35538 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-35538, GHSA-8jr8-v43g-5c57
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gh6k-19h8-fqbf |
|
| 42 |
| url |
VCID-hg1a-vx5c-hue3 |
| vulnerability_id |
VCID-hg1a-vx5c-hue3 |
| summary |
A flaw in Roundcube's handling of configuration files may allow
arbitrary code execution, amongst other vulnerabilities. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-12641 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.93133 |
| scoring_system |
epss |
| scoring_elements |
0.99793 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.93133 |
| scoring_system |
epss |
| scoring_elements |
0.99794 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.93133 |
| scoring_system |
epss |
| scoring_elements |
0.99795 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.93133 |
| scoring_system |
epss |
| scoring_elements |
0.99796 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.93133 |
| scoring_system |
epss |
| scoring_elements |
0.99797 |
| published_at |
2026-04-16T12:55:00Z |
|
| 5 |
| value |
0.93133 |
| scoring_system |
epss |
| scoring_elements |
0.99798 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-12641 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-12641
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
8.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hg1a-vx5c-hue3 |
|
| 43 |
| url |
VCID-j29t-cw2h-mfd8 |
| vulnerability_id |
VCID-j29t-cw2h-mfd8 |
| summary |
roundcube version 1.3.4 and earlier contains an Insecure Permissions vulnerability in enigma plugin that can result in exfiltration of gpg private key. This attack appear to be exploitable via network connectivity. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-1000071 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00291 |
| scoring_system |
epss |
| scoring_elements |
0.52412 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00291 |
| scoring_system |
epss |
| scoring_elements |
0.52458 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00291 |
| scoring_system |
epss |
| scoring_elements |
0.52485 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00291 |
| scoring_system |
epss |
| scoring_elements |
0.52452 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00291 |
| scoring_system |
epss |
| scoring_elements |
0.52504 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00291 |
| scoring_system |
epss |
| scoring_elements |
0.52498 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00291 |
| scoring_system |
epss |
| scoring_elements |
0.52549 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00291 |
| scoring_system |
epss |
| scoring_elements |
0.52532 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00291 |
| scoring_system |
epss |
| scoring_elements |
0.52516 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00291 |
| scoring_system |
epss |
| scoring_elements |
0.52556 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00291 |
| scoring_system |
epss |
| scoring_elements |
0.52561 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00291 |
| scoring_system |
epss |
| scoring_elements |
0.52545 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-1000071 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-1000071
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-j29t-cw2h-mfd8 |
|
| 44 |
| url |
VCID-ja7n-zgpp-dfh4 |
| vulnerability_id |
VCID-ja7n-zgpp-dfh4 |
| summary |
A vulnerability in Roundcube could result in arbitrary code
execution, SQL injection, or reading of arbitrary files. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-6172 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01114 |
| scoring_system |
epss |
| scoring_elements |
0.78114 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.01114 |
| scoring_system |
epss |
| scoring_elements |
0.78123 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.01114 |
| scoring_system |
epss |
| scoring_elements |
0.78153 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.01114 |
| scoring_system |
epss |
| scoring_elements |
0.78135 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.01114 |
| scoring_system |
epss |
| scoring_elements |
0.78162 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.01114 |
| scoring_system |
epss |
| scoring_elements |
0.78168 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.01114 |
| scoring_system |
epss |
| scoring_elements |
0.78193 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.01114 |
| scoring_system |
epss |
| scoring_elements |
0.78176 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.01114 |
| scoring_system |
epss |
| scoring_elements |
0.78172 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.01114 |
| scoring_system |
epss |
| scoring_elements |
0.78205 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.01114 |
| scoring_system |
epss |
| scoring_elements |
0.78203 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.01114 |
| scoring_system |
epss |
| scoring_elements |
0.78198 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-6172 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-6172
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ja7n-zgpp-dfh4 |
|
| 45 |
| url |
VCID-jck5-xymf-s3bh |
| vulnerability_id |
VCID-jck5-xymf-s3bh |
| summary |
security update |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-16145 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00704 |
| scoring_system |
epss |
| scoring_elements |
0.72041 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00704 |
| scoring_system |
epss |
| scoring_elements |
0.72047 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00704 |
| scoring_system |
epss |
| scoring_elements |
0.72068 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00704 |
| scoring_system |
epss |
| scoring_elements |
0.72044 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00704 |
| scoring_system |
epss |
| scoring_elements |
0.72081 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00704 |
| scoring_system |
epss |
| scoring_elements |
0.72093 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00704 |
| scoring_system |
epss |
| scoring_elements |
0.72116 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00704 |
| scoring_system |
epss |
| scoring_elements |
0.72101 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00704 |
| scoring_system |
epss |
| scoring_elements |
0.72086 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00704 |
| scoring_system |
epss |
| scoring_elements |
0.72127 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00704 |
| scoring_system |
epss |
| scoring_elements |
0.72135 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00704 |
| scoring_system |
epss |
| scoring_elements |
0.7212 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-16145 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-16145
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jck5-xymf-s3bh |
|
| 46 |
| url |
VCID-jkut-q94f-sbd5 |
| vulnerability_id |
VCID-jkut-q94f-sbd5 |
| summary |
roundcube webmail Alpha, with a default high verbose level ($rcmail_config['debug_level'] = 1), allows remote attackers to obtain the full path of the application via an invalid_task parameter, which leaks the path in an error message. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2005-4368 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00346 |
| scoring_system |
epss |
| scoring_elements |
0.5715 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00346 |
| scoring_system |
epss |
| scoring_elements |
0.57031 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00346 |
| scoring_system |
epss |
| scoring_elements |
0.57125 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00346 |
| scoring_system |
epss |
| scoring_elements |
0.57147 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00346 |
| scoring_system |
epss |
| scoring_elements |
0.57123 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00346 |
| scoring_system |
epss |
| scoring_elements |
0.57174 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00346 |
| scoring_system |
epss |
| scoring_elements |
0.57177 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00346 |
| scoring_system |
epss |
| scoring_elements |
0.57188 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00346 |
| scoring_system |
epss |
| scoring_elements |
0.57167 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00346 |
| scoring_system |
epss |
| scoring_elements |
0.57175 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00346 |
| scoring_system |
epss |
| scoring_elements |
0.57171 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2005-4368 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2005-4368
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jkut-q94f-sbd5 |
|
| 47 |
| url |
VCID-jqs5-8ct7-wfgk |
| vulnerability_id |
VCID-jqs5-8ct7-wfgk |
| summary |
Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-26925 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00259 |
| scoring_system |
epss |
| scoring_elements |
0.493 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00259 |
| scoring_system |
epss |
| scoring_elements |
0.49227 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00259 |
| scoring_system |
epss |
| scoring_elements |
0.49258 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00259 |
| scoring_system |
epss |
| scoring_elements |
0.49286 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00259 |
| scoring_system |
epss |
| scoring_elements |
0.49238 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00259 |
| scoring_system |
epss |
| scoring_elements |
0.49293 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00259 |
| scoring_system |
epss |
| scoring_elements |
0.49289 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00259 |
| scoring_system |
epss |
| scoring_elements |
0.49307 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00259 |
| scoring_system |
epss |
| scoring_elements |
0.49281 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00259 |
| scoring_system |
epss |
| scoring_elements |
0.49287 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00259 |
| scoring_system |
epss |
| scoring_elements |
0.49334 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00259 |
| scoring_system |
epss |
| scoring_elements |
0.49331 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-26925 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-26925
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jqs5-8ct7-wfgk |
|
| 48 |
| url |
VCID-kch8-wrzv-bfdm |
| vulnerability_id |
VCID-kch8-wrzv-bfdm |
| summary |
Cross-site scripting (XSS) vulnerability in Roundcube Webmail 0.8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the signature in an email. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-4668 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.05064 |
| scoring_system |
epss |
| scoring_elements |
0.89796 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.05064 |
| scoring_system |
epss |
| scoring_elements |
0.89745 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.05064 |
| scoring_system |
epss |
| scoring_elements |
0.89748 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.05064 |
| scoring_system |
epss |
| scoring_elements |
0.89763 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.05064 |
| scoring_system |
epss |
| scoring_elements |
0.89765 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.05064 |
| scoring_system |
epss |
| scoring_elements |
0.89782 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.05064 |
| scoring_system |
epss |
| scoring_elements |
0.89788 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.05064 |
| scoring_system |
epss |
| scoring_elements |
0.89795 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.05064 |
| scoring_system |
epss |
| scoring_elements |
0.89793 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.05064 |
| scoring_system |
epss |
| scoring_elements |
0.89786 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.05064 |
| scoring_system |
epss |
| scoring_elements |
0.89801 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.05064 |
| scoring_system |
epss |
| scoring_elements |
0.89802 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-4668 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
|
| fixed_packages |
|
| aliases |
CVE-2012-4668
|
| risk_score |
7.8 |
| exploitability |
2.0 |
| weighted_severity |
3.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kch8-wrzv-bfdm |
|
| 49 |
| url |
VCID-kep3-256k-fqdm |
| vulnerability_id |
VCID-kep3-256k-fqdm |
| summary |
Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0.7, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via vectors involving an embedded image attachment. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-1253 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.48726 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.48765 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.48791 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.48745 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.48799 |
| published_at |
2026-04-21T12:55:00Z |
|
| 5 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.48796 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.48814 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.48788 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.48795 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.48844 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.4884 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-1253 |
|
| 1 |
|
|
| fixed_packages |
|
| aliases |
CVE-2012-1253
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kep3-256k-fqdm |
|
| 50 |
| url |
VCID-kf54-x29g-63fb |
| vulnerability_id |
VCID-kf54-x29g-63fb |
| summary |
Absolute path traversal vulnerability in program/steps/addressbook/photo.inc in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via a full pathname in the _alt parameter, related to contact photo handling. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-8794 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00288 |
| scoring_system |
epss |
| scoring_elements |
0.52333 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00288 |
| scoring_system |
epss |
| scoring_elements |
0.52349 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00288 |
| scoring_system |
epss |
| scoring_elements |
0.52208 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00288 |
| scoring_system |
epss |
| scoring_elements |
0.52251 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00288 |
| scoring_system |
epss |
| scoring_elements |
0.52278 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00288 |
| scoring_system |
epss |
| scoring_elements |
0.5224 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00288 |
| scoring_system |
epss |
| scoring_elements |
0.52292 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00288 |
| scoring_system |
epss |
| scoring_elements |
0.52288 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00288 |
| scoring_system |
epss |
| scoring_elements |
0.52338 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00288 |
| scoring_system |
epss |
| scoring_elements |
0.52322 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00288 |
| scoring_system |
epss |
| scoring_elements |
0.52308 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00288 |
| scoring_system |
epss |
| scoring_elements |
0.52346 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-8794 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-8794
|
| risk_score |
3.0 |
| exploitability |
0.5 |
| weighted_severity |
5.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kf54-x29g-63fb |
|
| 51 |
| url |
VCID-kyxz-v3sj-w3cw |
| vulnerability_id |
VCID-kyxz-v3sj-w3cw |
| summary |
Cross Site Scripting (XSS) vulnerability in Roundcube Mail <=1.4.4 via smtp config in /installer/test.php. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-18671 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00386 |
| scoring_system |
epss |
| scoring_elements |
0.59664 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00386 |
| scoring_system |
epss |
| scoring_elements |
0.59737 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00386 |
| scoring_system |
epss |
| scoring_elements |
0.59762 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00386 |
| scoring_system |
epss |
| scoring_elements |
0.59732 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00386 |
| scoring_system |
epss |
| scoring_elements |
0.59784 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00386 |
| scoring_system |
epss |
| scoring_elements |
0.59797 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00386 |
| scoring_system |
epss |
| scoring_elements |
0.59817 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00386 |
| scoring_system |
epss |
| scoring_elements |
0.59801 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00386 |
| scoring_system |
epss |
| scoring_elements |
0.59783 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00386 |
| scoring_system |
epss |
| scoring_elements |
0.5982 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00386 |
| scoring_system |
epss |
| scoring_elements |
0.59827 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00386 |
| scoring_system |
epss |
| scoring_elements |
0.5981 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-18671 |
|
| 1 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-18671
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kyxz-v3sj-w3cw |
|
| 52 |
| url |
VCID-m4yc-ms54-zyhv |
| vulnerability_id |
VCID-m4yc-ms54-zyhv |
| summary |
security update |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-13965 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.71819 |
| scoring_system |
epss |
| scoring_elements |
0.98728 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.71819 |
| scoring_system |
epss |
| scoring_elements |
0.98742 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.71819 |
| scoring_system |
epss |
| scoring_elements |
0.98732 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.71819 |
| scoring_system |
epss |
| scoring_elements |
0.98735 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.71819 |
| scoring_system |
epss |
| scoring_elements |
0.98736 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.71819 |
| scoring_system |
epss |
| scoring_elements |
0.98738 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.71819 |
| scoring_system |
epss |
| scoring_elements |
0.98739 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-13965 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-13965
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
5.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-m4yc-ms54-zyhv |
|
| 53 |
| url |
VCID-n13m-y4ks-euep |
| vulnerability_id |
VCID-n13m-y4ks-euep |
| summary |
Improper Control of Generation of Code ('Code Injection')
html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail (roundcubemail) 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the preg_replace function with the eval switch. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2008-5619 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.77692 |
| scoring_system |
epss |
| scoring_elements |
0.98995 |
| published_at |
2026-04-16T12:55:00Z |
|
| 1 |
| value |
0.77692 |
| scoring_system |
epss |
| scoring_elements |
0.98994 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.77692 |
| scoring_system |
epss |
| scoring_elements |
0.98993 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.77692 |
| scoring_system |
epss |
| scoring_elements |
0.98991 |
| published_at |
2026-04-09T12:55:00Z |
|
| 4 |
| value |
0.77692 |
| scoring_system |
epss |
| scoring_elements |
0.98992 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.77692 |
| scoring_system |
epss |
| scoring_elements |
0.9899 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.77692 |
| scoring_system |
epss |
| scoring_elements |
0.98988 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.77692 |
| scoring_system |
epss |
| scoring_elements |
0.98986 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.77692 |
| scoring_system |
epss |
| scoring_elements |
0.98997 |
| published_at |
2026-04-21T12:55:00Z |
|
| 9 |
| value |
0.77692 |
| scoring_system |
epss |
| scoring_elements |
0.98984 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2008-5619 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
|
| fixed_packages |
|
| aliases |
CVE-2008-5619, GHSA-v5c9-mmw9-829q
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-n13m-y4ks-euep |
|
| 54 |
| url |
VCID-ncbg-6m11-3qan |
| vulnerability_id |
VCID-ncbg-6m11-3qan |
| summary |
security update |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-47272 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00498 |
| scoring_system |
epss |
| scoring_elements |
0.65845 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00498 |
| scoring_system |
epss |
| scoring_elements |
0.65875 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.00498 |
| scoring_system |
epss |
| scoring_elements |
0.6584 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.00498 |
| scoring_system |
epss |
| scoring_elements |
0.65892 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00498 |
| scoring_system |
epss |
| scoring_elements |
0.65904 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00498 |
| scoring_system |
epss |
| scoring_elements |
0.65922 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00498 |
| scoring_system |
epss |
| scoring_elements |
0.65909 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00498 |
| scoring_system |
epss |
| scoring_elements |
0.65879 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.00498 |
| scoring_system |
epss |
| scoring_elements |
0.65914 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.00498 |
| scoring_system |
epss |
| scoring_elements |
0.65929 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.00498 |
| scoring_system |
epss |
| scoring_elements |
0.65918 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-47272 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-47272
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ncbg-6m11-3qan |
|
| 55 |
| url |
VCID-nsmn-bdjj-ffbx |
| vulnerability_id |
VCID-nsmn-bdjj-ffbx |
| summary |
Webmail: Multiple CSRF flaws |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2009-4076 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43657 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43713 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43738 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43672 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43722 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43726 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43746 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43714 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43697 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43759 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.4375 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43682 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2009-4076 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2009-4076
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-nsmn-bdjj-ffbx |
|
| 56 |
| url |
VCID-p1fk-9wdh-83ae |
| vulnerability_id |
VCID-p1fk-9wdh-83ae |
| summary |
Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to obtain sensitive information by reading files in the (1) config, (2) temp, or (3) logs directory. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5383 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01804 |
| scoring_system |
epss |
| scoring_elements |
0.82745 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.01804 |
| scoring_system |
epss |
| scoring_elements |
0.82761 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.01804 |
| scoring_system |
epss |
| scoring_elements |
0.82774 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.01804 |
| scoring_system |
epss |
| scoring_elements |
0.82771 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.01804 |
| scoring_system |
epss |
| scoring_elements |
0.82797 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.01804 |
| scoring_system |
epss |
| scoring_elements |
0.82803 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.01804 |
| scoring_system |
epss |
| scoring_elements |
0.82819 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.01804 |
| scoring_system |
epss |
| scoring_elements |
0.82815 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.01804 |
| scoring_system |
epss |
| scoring_elements |
0.8281 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.01804 |
| scoring_system |
epss |
| scoring_elements |
0.82849 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.01804 |
| scoring_system |
epss |
| scoring_elements |
0.82848 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.01804 |
| scoring_system |
epss |
| scoring_elements |
0.82851 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-5383 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-5383
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-p1fk-9wdh-83ae |
|
| 57 |
| url |
VCID-q1v9-tt8f-k3hp |
| vulnerability_id |
VCID-q1v9-tt8f-k3hp |
| summary |
roundcubemail: Remotely exploitable web script or HTML code injection vulnerability via the background attribute embedded in an HTML e-mail message (XSS) |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2009-0413 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00407 |
| scoring_system |
epss |
| scoring_elements |
0.61166 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00407 |
| scoring_system |
epss |
| scoring_elements |
0.61014 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00407 |
| scoring_system |
epss |
| scoring_elements |
0.61091 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00407 |
| scoring_system |
epss |
| scoring_elements |
0.61119 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00407 |
| scoring_system |
epss |
| scoring_elements |
0.61085 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00407 |
| scoring_system |
epss |
| scoring_elements |
0.61134 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00407 |
| scoring_system |
epss |
| scoring_elements |
0.61149 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00407 |
| scoring_system |
epss |
| scoring_elements |
0.6117 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00407 |
| scoring_system |
epss |
| scoring_elements |
0.61156 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00407 |
| scoring_system |
epss |
| scoring_elements |
0.61137 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00407 |
| scoring_system |
epss |
| scoring_elements |
0.61178 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00407 |
| scoring_system |
epss |
| scoring_elements |
0.61184 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2009-0413 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
|
| aliases |
CVE-2009-0413
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-q1v9-tt8f-k3hp |
|
| 58 |
| url |
VCID-q7hf-9w59-n3an |
| vulnerability_id |
VCID-q7hf-9w59-n3an |
| summary |
Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0.8.5 allows remote attackers to inject arbitrary web script or HTML via a (1) data:text or (2) vbscript link. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-6121 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00407 |
| scoring_system |
epss |
| scoring_elements |
0.61166 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00407 |
| scoring_system |
epss |
| scoring_elements |
0.61014 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00407 |
| scoring_system |
epss |
| scoring_elements |
0.61091 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00407 |
| scoring_system |
epss |
| scoring_elements |
0.61119 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00407 |
| scoring_system |
epss |
| scoring_elements |
0.61085 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00407 |
| scoring_system |
epss |
| scoring_elements |
0.61134 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00407 |
| scoring_system |
epss |
| scoring_elements |
0.61149 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00407 |
| scoring_system |
epss |
| scoring_elements |
0.6117 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00407 |
| scoring_system |
epss |
| scoring_elements |
0.61156 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00407 |
| scoring_system |
epss |
| scoring_elements |
0.61137 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00407 |
| scoring_system |
epss |
| scoring_elements |
0.61178 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00407 |
| scoring_system |
epss |
| scoring_elements |
0.61184 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-6121 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
|
| fixed_packages |
|
| aliases |
CVE-2012-6121
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-q7hf-9w59-n3an |
|
| 59 |
| url |
VCID-qfyq-umv5-e7h1 |
| vulnerability_id |
VCID-qfyq-umv5-e7h1 |
| summary |
Cross-site scripting (XSS) vulnerability in program/lib/washtml.php in Roundcube Webmail 0.8.0 allows remote attackers to inject arbitrary web script or HTML by using "javascript:" in an href attribute in the body of an HTML-formatted email. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-3508 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.09998 |
| scoring_system |
epss |
| scoring_elements |
0.93072 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.09998 |
| scoring_system |
epss |
| scoring_elements |
0.93024 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.09998 |
| scoring_system |
epss |
| scoring_elements |
0.93033 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.09998 |
| scoring_system |
epss |
| scoring_elements |
0.93036 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.09998 |
| scoring_system |
epss |
| scoring_elements |
0.93044 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.09998 |
| scoring_system |
epss |
| scoring_elements |
0.93048 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.09998 |
| scoring_system |
epss |
| scoring_elements |
0.93053 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.09998 |
| scoring_system |
epss |
| scoring_elements |
0.93051 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.09998 |
| scoring_system |
epss |
| scoring_elements |
0.93052 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.09998 |
| scoring_system |
epss |
| scoring_elements |
0.93063 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.09998 |
| scoring_system |
epss |
| scoring_elements |
0.93066 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-3508 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2012-3508
|
| risk_score |
7.8 |
| exploitability |
2.0 |
| weighted_severity |
3.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qfyq-umv5-e7h1 |
|
| 60 |
| url |
VCID-qr2m-f4yw-qqa5 |
| vulnerability_id |
VCID-qr2m-f4yw-qqa5 |
| summary |
Multiple cross-site scripting (XSS) vulnerabilities in Roundcube webmail before 0.9.3 allow user-assisted remote attackers to inject arbitrary web script or HTML via the body of a message visited in (1) new or (2) draft mode, related to compose.inc; and (3) might allow remote authenticated users to inject arbitrary web script or HTML via an HTML signature, related to save_identity.inc. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-5645 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00305 |
| scoring_system |
epss |
| scoring_elements |
0.53668 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00305 |
| scoring_system |
epss |
| scoring_elements |
0.53688 |
| published_at |
2026-04-07T12:55:00Z |
|
| 2 |
| value |
0.00305 |
| scoring_system |
epss |
| scoring_elements |
0.53715 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00305 |
| scoring_system |
epss |
| scoring_elements |
0.5374 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00305 |
| scoring_system |
epss |
| scoring_elements |
0.53738 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00305 |
| scoring_system |
epss |
| scoring_elements |
0.53787 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00305 |
| scoring_system |
epss |
| scoring_elements |
0.5377 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00305 |
| scoring_system |
epss |
| scoring_elements |
0.53754 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.00305 |
| scoring_system |
epss |
| scoring_elements |
0.53792 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.00305 |
| scoring_system |
epss |
| scoring_elements |
0.53796 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.00305 |
| scoring_system |
epss |
| scoring_elements |
0.53778 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-5645 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2013-5645
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qr2m-f4yw-qqa5 |
|
| 61 |
| url |
VCID-qwak-6wgy-wfgs |
| vulnerability_id |
VCID-qwak-6wgy-wfgs |
| summary |
security update |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-37384 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00437 |
| scoring_system |
epss |
| scoring_elements |
0.63008 |
| published_at |
2026-04-07T12:55:00Z |
|
| 1 |
| value |
0.00437 |
| scoring_system |
epss |
| scoring_elements |
0.63099 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00437 |
| scoring_system |
epss |
| scoring_elements |
0.63091 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00437 |
| scoring_system |
epss |
| scoring_elements |
0.63056 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00437 |
| scoring_system |
epss |
| scoring_elements |
0.63078 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00437 |
| scoring_system |
epss |
| scoring_elements |
0.63092 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00437 |
| scoring_system |
epss |
| scoring_elements |
0.63074 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00437 |
| scoring_system |
epss |
| scoring_elements |
0.63058 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00437 |
| scoring_system |
epss |
| scoring_elements |
0.63014 |
| published_at |
2026-04-02T12:55:00Z |
|
| 9 |
| value |
0.00437 |
| scoring_system |
epss |
| scoring_elements |
0.63043 |
| published_at |
2026-04-04T12:55:00Z |
|
| 10 |
| value |
0.00525 |
| scoring_system |
epss |
| scoring_elements |
0.67022 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-37384 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-37384
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qwak-6wgy-wfgs |
|
| 62 |
| url |
VCID-r1hb-f5nm-ykhk |
| vulnerability_id |
VCID-r1hb-f5nm-ykhk |
| summary |
Multiple vulnerabilities have been found in Roundcube allowing
remote authenticated users to execute arbitrary code, inject arbitrary web
scripts, and perform cross-site scripting (XSS). |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-8105 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0018 |
| scoring_system |
epss |
| scoring_elements |
0.39531 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.0018 |
| scoring_system |
epss |
| scoring_elements |
0.39478 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.0018 |
| scoring_system |
epss |
| scoring_elements |
0.39627 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.0018 |
| scoring_system |
epss |
| scoring_elements |
0.3965 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.0018 |
| scoring_system |
epss |
| scoring_elements |
0.39566 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.0018 |
| scoring_system |
epss |
| scoring_elements |
0.39621 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.0018 |
| scoring_system |
epss |
| scoring_elements |
0.39636 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.0018 |
| scoring_system |
epss |
| scoring_elements |
0.39645 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.0018 |
| scoring_system |
epss |
| scoring_elements |
0.39609 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.0018 |
| scoring_system |
epss |
| scoring_elements |
0.39593 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.0018 |
| scoring_system |
epss |
| scoring_elements |
0.39644 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.0018 |
| scoring_system |
epss |
| scoring_elements |
0.39614 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-8105 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-8105
|
| risk_score |
1.6 |
| exploitability |
0.5 |
| weighted_severity |
3.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-r1hb-f5nm-ykhk |
|
| 63 |
| url |
VCID-r64m-rd3v-ekbu |
| vulnerability_id |
VCID-r64m-rd3v-ekbu |
| summary |
roundcubemail: XSS vulnerability |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2007-6321 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.05192 |
| scoring_system |
epss |
| scoring_elements |
0.89933 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.05192 |
| scoring_system |
epss |
| scoring_elements |
0.89929 |
| published_at |
2026-04-12T12:55:00Z |
|
| 2 |
| value |
0.05192 |
| scoring_system |
epss |
| scoring_elements |
0.89922 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.05192 |
| scoring_system |
epss |
| scoring_elements |
0.89936 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.05192 |
| scoring_system |
epss |
| scoring_elements |
0.89938 |
| published_at |
2026-04-18T12:55:00Z |
|
| 5 |
| value |
0.05192 |
| scoring_system |
epss |
| scoring_elements |
0.89918 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.05192 |
| scoring_system |
epss |
| scoring_elements |
0.89924 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.05192 |
| scoring_system |
epss |
| scoring_elements |
0.89931 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.05901 |
| scoring_system |
epss |
| scoring_elements |
0.90558 |
| published_at |
2026-04-02T12:55:00Z |
|
| 9 |
| value |
0.05901 |
| scoring_system |
epss |
| scoring_elements |
0.90569 |
| published_at |
2026-04-04T12:55:00Z |
|
| 10 |
| value |
0.05901 |
| scoring_system |
epss |
| scoring_elements |
0.90577 |
| published_at |
2026-04-07T12:55:00Z |
|
| 11 |
| value |
0.05901 |
| scoring_system |
epss |
| scoring_elements |
0.90554 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2007-6321 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2007-6321
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-r64m-rd3v-ekbu |
|
| 64 |
| url |
VCID-rc91-j3kf-zfch |
| vulnerability_id |
VCID-rc91-j3kf-zfch |
| summary |
security update |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-15562 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00861 |
| scoring_system |
epss |
| scoring_elements |
0.75004 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00861 |
| scoring_system |
epss |
| scoring_elements |
0.75007 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00861 |
| scoring_system |
epss |
| scoring_elements |
0.75036 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00861 |
| scoring_system |
epss |
| scoring_elements |
0.75012 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00861 |
| scoring_system |
epss |
| scoring_elements |
0.75046 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00861 |
| scoring_system |
epss |
| scoring_elements |
0.75058 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00861 |
| scoring_system |
epss |
| scoring_elements |
0.7508 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00861 |
| scoring_system |
epss |
| scoring_elements |
0.75059 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00861 |
| scoring_system |
epss |
| scoring_elements |
0.75048 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00861 |
| scoring_system |
epss |
| scoring_elements |
0.75086 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00861 |
| scoring_system |
epss |
| scoring_elements |
0.75093 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00861 |
| scoring_system |
epss |
| scoring_elements |
0.75083 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-15562 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-15562
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rc91-j3kf-zfch |
|
| 65 |
| url |
VCID-rthq-fqk2-yydk |
| vulnerability_id |
VCID-rthq-fqk2-yydk |
| summary |
Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2015-8864. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-4068 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00353 |
| scoring_system |
epss |
| scoring_elements |
0.57635 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00353 |
| scoring_system |
epss |
| scoring_elements |
0.57657 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.00362 |
| scoring_system |
epss |
| scoring_elements |
0.58314 |
| published_at |
2026-04-07T12:55:00Z |
|
| 3 |
| value |
0.00414 |
| scoring_system |
epss |
| scoring_elements |
0.61405 |
| published_at |
2026-04-01T12:55:00Z |
|
| 4 |
| value |
0.00414 |
| scoring_system |
epss |
| scoring_elements |
0.61562 |
| published_at |
2026-04-21T12:55:00Z |
|
| 5 |
| value |
0.00425 |
| scoring_system |
epss |
| scoring_elements |
0.62279 |
| published_at |
2026-04-18T12:55:00Z |
|
| 6 |
| value |
0.00425 |
| scoring_system |
epss |
| scoring_elements |
0.62223 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00425 |
| scoring_system |
epss |
| scoring_elements |
0.6224 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00425 |
| scoring_system |
epss |
| scoring_elements |
0.62259 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00425 |
| scoring_system |
epss |
| scoring_elements |
0.62248 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00425 |
| scoring_system |
epss |
| scoring_elements |
0.62227 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00425 |
| scoring_system |
epss |
| scoring_elements |
0.62272 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-4068 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-4068
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rthq-fqk2-yydk |
|
| 66 |
| url |
VCID-s6p1-rf35-euhy |
| vulnerability_id |
VCID-s6p1-rf35-euhy |
| summary |
Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-43770 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.80389 |
| scoring_system |
epss |
| scoring_elements |
0.99124 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.80389 |
| scoring_system |
epss |
| scoring_elements |
0.99129 |
| published_at |
2026-04-21T12:55:00Z |
|
| 2 |
| value |
0.80389 |
| scoring_system |
epss |
| scoring_elements |
0.99127 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.80389 |
| scoring_system |
epss |
| scoring_elements |
0.99126 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.80389 |
| scoring_system |
epss |
| scoring_elements |
0.99125 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.80653 |
| scoring_system |
epss |
| scoring_elements |
0.99134 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.80653 |
| scoring_system |
epss |
| scoring_elements |
0.99131 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.80653 |
| scoring_system |
epss |
| scoring_elements |
0.99137 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.80653 |
| scoring_system |
epss |
| scoring_elements |
0.99139 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-43770 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-43770
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-s6p1-rf35-euhy |
|
| 67 |
| url |
VCID-spk8-q616-rkda |
| vulnerability_id |
VCID-spk8-q616-rkda |
| summary |
Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2016-4068. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-8864 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00482 |
| scoring_system |
epss |
| scoring_elements |
0.65173 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00482 |
| scoring_system |
epss |
| scoring_elements |
0.65188 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00482 |
| scoring_system |
epss |
| scoring_elements |
0.65059 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00482 |
| scoring_system |
epss |
| scoring_elements |
0.65109 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00482 |
| scoring_system |
epss |
| scoring_elements |
0.65136 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00482 |
| scoring_system |
epss |
| scoring_elements |
0.65102 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00482 |
| scoring_system |
epss |
| scoring_elements |
0.65151 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00482 |
| scoring_system |
epss |
| scoring_elements |
0.65164 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00482 |
| scoring_system |
epss |
| scoring_elements |
0.65183 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00482 |
| scoring_system |
epss |
| scoring_elements |
0.6517 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00482 |
| scoring_system |
epss |
| scoring_elements |
0.65143 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00482 |
| scoring_system |
epss |
| scoring_elements |
0.65179 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-8864 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-8864
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-spk8-q616-rkda |
|
| 68 |
| url |
VCID-tmch-gj6d-tyfq |
| vulnerability_id |
VCID-tmch-gj6d-tyfq |
| summary |
Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the href attribute in an area tag in an e-mail message. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-4552 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00276 |
| scoring_system |
epss |
| scoring_elements |
0.5094 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00276 |
| scoring_system |
epss |
| scoring_elements |
0.50994 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00276 |
| scoring_system |
epss |
| scoring_elements |
0.51019 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00276 |
| scoring_system |
epss |
| scoring_elements |
0.50976 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00276 |
| scoring_system |
epss |
| scoring_elements |
0.51033 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00276 |
| scoring_system |
epss |
| scoring_elements |
0.5103 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00276 |
| scoring_system |
epss |
| scoring_elements |
0.51073 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00276 |
| scoring_system |
epss |
| scoring_elements |
0.51051 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00276 |
| scoring_system |
epss |
| scoring_elements |
0.51034 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00276 |
| scoring_system |
epss |
| scoring_elements |
0.51072 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00276 |
| scoring_system |
epss |
| scoring_elements |
0.51078 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00276 |
| scoring_system |
epss |
| scoring_elements |
0.51055 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-4552 |
|
| 1 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-4552
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tmch-gj6d-tyfq |
|
| 69 |
| url |
VCID-ts1p-pw9v-cbh3 |
| vulnerability_id |
VCID-ts1p-pw9v-cbh3 |
| summary |
security update |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-19206 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.02357 |
| scoring_system |
epss |
| scoring_elements |
0.8484 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.02357 |
| scoring_system |
epss |
| scoring_elements |
0.84856 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.02357 |
| scoring_system |
epss |
| scoring_elements |
0.84874 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.02357 |
| scoring_system |
epss |
| scoring_elements |
0.84876 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.02357 |
| scoring_system |
epss |
| scoring_elements |
0.84899 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.02357 |
| scoring_system |
epss |
| scoring_elements |
0.84906 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.02357 |
| scoring_system |
epss |
| scoring_elements |
0.84924 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.02357 |
| scoring_system |
epss |
| scoring_elements |
0.84923 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.02357 |
| scoring_system |
epss |
| scoring_elements |
0.84917 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.02357 |
| scoring_system |
epss |
| scoring_elements |
0.84939 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.02357 |
| scoring_system |
epss |
| scoring_elements |
0.84936 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-19206 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-19206
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ts1p-pw9v-cbh3 |
|
| 70 |
| url |
VCID-u8a4-4pe2-9kcb |
| vulnerability_id |
VCID-u8a4-4pe2-9kcb |
| summary |
security update |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-35730 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.64813 |
| scoring_system |
epss |
| scoring_elements |
0.98451 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.64813 |
| scoring_system |
epss |
| scoring_elements |
0.98453 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.64813 |
| scoring_system |
epss |
| scoring_elements |
0.98456 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.64813 |
| scoring_system |
epss |
| scoring_elements |
0.98458 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.64813 |
| scoring_system |
epss |
| scoring_elements |
0.98461 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.64813 |
| scoring_system |
epss |
| scoring_elements |
0.98462 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.64813 |
| scoring_system |
epss |
| scoring_elements |
0.98465 |
| published_at |
2026-04-13T12:55:00Z |
|
| 7 |
| value |
0.64813 |
| scoring_system |
epss |
| scoring_elements |
0.9847 |
| published_at |
2026-04-18T12:55:00Z |
|
| 8 |
| value |
0.64813 |
| scoring_system |
epss |
| scoring_elements |
0.98472 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-35730 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
| reference_url |
https://roundcube.net/download/ |
| reference_id |
download |
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:21:48Z/ |
|
|
| url |
https://roundcube.net/download/ |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-35730
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-u8a4-4pe2-9kcb |
|
| 71 |
| url |
VCID-ub6x-9dku-c7fk |
| vulnerability_id |
VCID-ub6x-9dku-c7fk |
| summary |
Roundcube Webmail: Insufficient CSS sanitization in HTML e-mail messages |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-35540 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00031 |
| scoring_system |
epss |
| scoring_elements |
0.08833 |
| published_at |
2026-04-07T12:55:00Z |
|
| 1 |
| value |
0.00031 |
| scoring_system |
epss |
| scoring_elements |
0.08902 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.00033 |
| scoring_system |
epss |
| scoring_elements |
0.09441 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.1304 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.13038 |
| published_at |
2026-04-16T12:55:00Z |
|
| 5 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.13135 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.13187 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.13224 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00043 |
| scoring_system |
epss |
| scoring_elements |
0.13255 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00047 |
| scoring_system |
epss |
| scoring_elements |
0.14425 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-35540 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-35540, GHSA-vxg2-hhgr-37fx
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ub6x-9dku-c7fk |
|
| 72 |
| url |
VCID-ur1a-7tdn-h3hu |
| vulnerability_id |
VCID-ur1a-7tdn-h3hu |
| summary |
In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-10740 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00174 |
| scoring_system |
epss |
| scoring_elements |
0.38688 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00174 |
| scoring_system |
epss |
| scoring_elements |
0.38768 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00174 |
| scoring_system |
epss |
| scoring_elements |
0.38656 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00174 |
| scoring_system |
epss |
| scoring_elements |
0.38785 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00174 |
| scoring_system |
epss |
| scoring_elements |
0.38806 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00174 |
| scoring_system |
epss |
| scoring_elements |
0.38735 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00174 |
| scoring_system |
epss |
| scoring_elements |
0.38796 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00174 |
| scoring_system |
epss |
| scoring_elements |
0.38808 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00174 |
| scoring_system |
epss |
| scoring_elements |
0.38772 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00174 |
| scoring_system |
epss |
| scoring_elements |
0.38744 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00174 |
| scoring_system |
epss |
| scoring_elements |
0.3879 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-10740 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-10740
|
| risk_score |
1.9 |
| exploitability |
0.5 |
| weighted_severity |
3.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ur1a-7tdn-h3hu |
|
| 73 |
| url |
VCID-vehj-ytsm-kqgz |
| vulnerability_id |
VCID-vehj-ytsm-kqgz |
| summary |
security update |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-5631 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.83338 |
| scoring_system |
epss |
| scoring_elements |
0.99269 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.83338 |
| scoring_system |
epss |
| scoring_elements |
0.99266 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.83433 |
| scoring_system |
epss |
| scoring_elements |
0.9928 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.83433 |
| scoring_system |
epss |
| scoring_elements |
0.99281 |
| published_at |
2026-04-18T12:55:00Z |
|
| 4 |
| value |
0.83433 |
| scoring_system |
epss |
| scoring_elements |
0.99278 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.83433 |
| scoring_system |
epss |
| scoring_elements |
0.99277 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.83433 |
| scoring_system |
epss |
| scoring_elements |
0.99279 |
| published_at |
2026-04-13T12:55:00Z |
|
| 7 |
| value |
0.85084 |
| scoring_system |
epss |
| scoring_elements |
0.99356 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-5631 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-5631
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vehj-ytsm-kqgz |
|
| 74 |
| url |
VCID-vtz8-zmp4-xbdh |
| vulnerability_id |
VCID-vtz8-zmp4-xbdh |
| summary |
roundcubemail: Roundcube Webmail: Cascading Style Sheets (CSS) injection via mishandled comments |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-26079 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00074 |
| scoring_system |
epss |
| scoring_elements |
0.22382 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00074 |
| scoring_system |
epss |
| scoring_elements |
0.22386 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00074 |
| scoring_system |
epss |
| scoring_elements |
0.22368 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00074 |
| scoring_system |
epss |
| scoring_elements |
0.22423 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00074 |
| scoring_system |
epss |
| scoring_elements |
0.22465 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00074 |
| scoring_system |
epss |
| scoring_elements |
0.22443 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00074 |
| scoring_system |
epss |
| scoring_elements |
0.22307 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00074 |
| scoring_system |
epss |
| scoring_elements |
0.22389 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00085 |
| scoring_system |
epss |
| scoring_elements |
0.2465 |
| published_at |
2026-04-21T12:55:00Z |
|
| 9 |
| value |
0.00089 |
| scoring_system |
epss |
| scoring_elements |
0.25439 |
| published_at |
2026-04-04T12:55:00Z |
|
| 10 |
| value |
0.00089 |
| scoring_system |
epss |
| scoring_elements |
0.25403 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-26079 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-26079
|
| risk_score |
2.1 |
| exploitability |
0.5 |
| weighted_severity |
4.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vtz8-zmp4-xbdh |
|
| 75 |
| url |
VCID-x9j7-98zt-6ygt |
| vulnerability_id |
VCID-x9j7-98zt-6ygt |
| summary |
A flaw in Roundcube's handling of configuration files may allow
arbitrary code execution, amongst other vulnerabilities. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-12625 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0231 |
| scoring_system |
epss |
| scoring_elements |
0.84692 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.0231 |
| scoring_system |
epss |
| scoring_elements |
0.84707 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.0231 |
| scoring_system |
epss |
| scoring_elements |
0.84727 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.0231 |
| scoring_system |
epss |
| scoring_elements |
0.84729 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.0231 |
| scoring_system |
epss |
| scoring_elements |
0.84751 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.0231 |
| scoring_system |
epss |
| scoring_elements |
0.84758 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.0231 |
| scoring_system |
epss |
| scoring_elements |
0.84775 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.0231 |
| scoring_system |
epss |
| scoring_elements |
0.84771 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.0231 |
| scoring_system |
epss |
| scoring_elements |
0.84766 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.0231 |
| scoring_system |
epss |
| scoring_elements |
0.84787 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.0231 |
| scoring_system |
epss |
| scoring_elements |
0.84788 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.0231 |
| scoring_system |
epss |
| scoring_elements |
0.84786 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-12625 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-12625
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-x9j7-98zt-6ygt |
|
| 76 |
| url |
VCID-xssa-fwbx-kybq |
| vulnerability_id |
VCID-xssa-fwbx-kybq |
| summary |
Cross Site Scripting (XSS) vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-18670 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00415 |
| scoring_system |
epss |
| scoring_elements |
0.61508 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00415 |
| scoring_system |
epss |
| scoring_elements |
0.61583 |
| published_at |
2026-04-07T12:55:00Z |
|
| 2 |
| value |
0.00415 |
| scoring_system |
epss |
| scoring_elements |
0.61612 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00415 |
| scoring_system |
epss |
| scoring_elements |
0.61632 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.00415 |
| scoring_system |
epss |
| scoring_elements |
0.61646 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00415 |
| scoring_system |
epss |
| scoring_elements |
0.61668 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00415 |
| scoring_system |
epss |
| scoring_elements |
0.61656 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00415 |
| scoring_system |
epss |
| scoring_elements |
0.61637 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.00415 |
| scoring_system |
epss |
| scoring_elements |
0.61679 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.00415 |
| scoring_system |
epss |
| scoring_elements |
0.61684 |
| published_at |
2026-04-18T12:55:00Z |
|
| 10 |
| value |
0.00415 |
| scoring_system |
epss |
| scoring_elements |
0.61669 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-18670 |
|
| 1 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-18670
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xssa-fwbx-kybq |
|
| 77 |
| url |
VCID-y12r-rry9-ckhm |
| vulnerability_id |
VCID-y12r-rry9-ckhm |
| summary |
Webmail: Multiple CSRF flaws |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2009-4077 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43657 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43713 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43738 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43672 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43722 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43726 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43746 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43714 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43697 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43759 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.4375 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00212 |
| scoring_system |
epss |
| scoring_elements |
0.43682 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2009-4077 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
|
| aliases |
CVE-2009-4077
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-y12r-rry9-ckhm |
|
| 78 |
| url |
VCID-ybv7-hqmj-nbgr |
| vulnerability_id |
VCID-ybv7-hqmj-nbgr |
| summary |
Multiple vulnerabilities have been discovered in Roundcube, the worst of which could lead to execution of arbitrary code. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-44025 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00629 |
| scoring_system |
epss |
| scoring_elements |
0.7019 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00629 |
| scoring_system |
epss |
| scoring_elements |
0.70202 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00629 |
| scoring_system |
epss |
| scoring_elements |
0.70219 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00629 |
| scoring_system |
epss |
| scoring_elements |
0.70196 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00629 |
| scoring_system |
epss |
| scoring_elements |
0.70242 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00629 |
| scoring_system |
epss |
| scoring_elements |
0.70257 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00629 |
| scoring_system |
epss |
| scoring_elements |
0.7028 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00629 |
| scoring_system |
epss |
| scoring_elements |
0.70266 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00629 |
| scoring_system |
epss |
| scoring_elements |
0.70253 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00629 |
| scoring_system |
epss |
| scoring_elements |
0.70294 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00629 |
| scoring_system |
epss |
| scoring_elements |
0.70304 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.00629 |
| scoring_system |
epss |
| scoring_elements |
0.70285 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-44025 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-44025
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ybv7-hqmj-nbgr |
|
| 79 |
| url |
VCID-yerh-ssat-abah |
| vulnerability_id |
VCID-yerh-ssat-abah |
| summary |
rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted Cascading Style Sheets (CSS) token sequence within an SVG element. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6820 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00556 |
| scoring_system |
epss |
| scoring_elements |
0.68172 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00556 |
| scoring_system |
epss |
| scoring_elements |
0.68078 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00556 |
| scoring_system |
epss |
| scoring_elements |
0.681 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00556 |
| scoring_system |
epss |
| scoring_elements |
0.68119 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00556 |
| scoring_system |
epss |
| scoring_elements |
0.68096 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00556 |
| scoring_system |
epss |
| scoring_elements |
0.68147 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00556 |
| scoring_system |
epss |
| scoring_elements |
0.68162 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00556 |
| scoring_system |
epss |
| scoring_elements |
0.68187 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00556 |
| scoring_system |
epss |
| scoring_elements |
0.68173 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00556 |
| scoring_system |
epss |
| scoring_elements |
0.6814 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00556 |
| scoring_system |
epss |
| scoring_elements |
0.68177 |
| published_at |
2026-04-16T12:55:00Z |
|
| 11 |
| value |
0.00556 |
| scoring_system |
epss |
| scoring_elements |
0.6819 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-6820 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-6820
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yerh-ssat-abah |
|
| 80 |
| url |
VCID-yv5x-shsw-57cv |
| vulnerability_id |
VCID-yv5x-shsw-57cv |
| summary |
Multiple cross-site request forgery (CSRF) vulnerabilities in Roundcube Webmail before 1.0.4 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, related to (1) address book operations or the (2) ACL or (3) Managesieve plugins. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-9587 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.03651 |
| scoring_system |
epss |
| scoring_elements |
0.87814 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.03651 |
| scoring_system |
epss |
| scoring_elements |
0.87825 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.03651 |
| scoring_system |
epss |
| scoring_elements |
0.87836 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.03651 |
| scoring_system |
epss |
| scoring_elements |
0.87839 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.03651 |
| scoring_system |
epss |
| scoring_elements |
0.87861 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.03651 |
| scoring_system |
epss |
| scoring_elements |
0.87867 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.03651 |
| scoring_system |
epss |
| scoring_elements |
0.87878 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.03651 |
| scoring_system |
epss |
| scoring_elements |
0.87871 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.03651 |
| scoring_system |
epss |
| scoring_elements |
0.8787 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.03651 |
| scoring_system |
epss |
| scoring_elements |
0.87885 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.03651 |
| scoring_system |
epss |
| scoring_elements |
0.87883 |
| published_at |
2026-04-18T12:55:00Z |
|
| 11 |
| value |
0.03651 |
| scoring_system |
epss |
| scoring_elements |
0.87882 |
| published_at |
2026-04-21T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-9587 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-9587
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yv5x-shsw-57cv |
|
| 81 |
| url |
VCID-z3kp-p8ch-myhz |
| vulnerability_id |
VCID-z3kp-p8ch-myhz |
| summary |
security update |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-9846 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00852 |
| scoring_system |
epss |
| scoring_elements |
0.74869 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00852 |
| scoring_system |
epss |
| scoring_elements |
0.7487 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00852 |
| scoring_system |
epss |
| scoring_elements |
0.74899 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00852 |
| scoring_system |
epss |
| scoring_elements |
0.74947 |
| published_at |
2026-04-21T12:55:00Z |
|
| 4 |
| value |
0.00876 |
| scoring_system |
epss |
| scoring_elements |
0.75344 |
| published_at |
2026-04-18T12:55:00Z |
|
| 5 |
| value |
0.00876 |
| scoring_system |
epss |
| scoring_elements |
0.75299 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00876 |
| scoring_system |
epss |
| scoring_elements |
0.7531 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00876 |
| scoring_system |
epss |
| scoring_elements |
0.75331 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00876 |
| scoring_system |
epss |
| scoring_elements |
0.75309 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00876 |
| scoring_system |
epss |
| scoring_elements |
0.75298 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00876 |
| scoring_system |
epss |
| scoring_elements |
0.75256 |
| published_at |
2026-04-07T12:55:00Z |
|
| 11 |
| value |
0.00876 |
| scoring_system |
epss |
| scoring_elements |
0.75337 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-9846 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-9846
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-z3kp-p8ch-myhz |
|
| 82 |
| url |
VCID-z7fn-ubfx-g3em |
| vulnerability_id |
VCID-z7fn-ubfx-g3em |
| summary |
Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter in a mail task to the default URL, a different vulnerability than CVE-2011-2937. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-8793 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00276 |
| scoring_system |
epss |
| scoring_elements |
0.51055 |
| published_at |
2026-04-21T12:55:00Z |
|
| 1 |
| value |
0.00276 |
| scoring_system |
epss |
| scoring_elements |
0.51078 |
| published_at |
2026-04-18T12:55:00Z |
|
| 2 |
| value |
0.00276 |
| scoring_system |
epss |
| scoring_elements |
0.5094 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00276 |
| scoring_system |
epss |
| scoring_elements |
0.50994 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00276 |
| scoring_system |
epss |
| scoring_elements |
0.51019 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00276 |
| scoring_system |
epss |
| scoring_elements |
0.50976 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00276 |
| scoring_system |
epss |
| scoring_elements |
0.51033 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00276 |
| scoring_system |
epss |
| scoring_elements |
0.5103 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00276 |
| scoring_system |
epss |
| scoring_elements |
0.51073 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00276 |
| scoring_system |
epss |
| scoring_elements |
0.51051 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00276 |
| scoring_system |
epss |
| scoring_elements |
0.51034 |
| published_at |
2026-04-13T12:55:00Z |
|
| 11 |
| value |
0.00276 |
| scoring_system |
epss |
| scoring_elements |
0.51072 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-8793 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2015-8793
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-z7fn-ubfx-g3em |
|