VulnerableCode Package Details - pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u8?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-2hap-9mqs-v3b8	Roundcube Webmail: Incorrect password comparison in the password plugin	CVE-2026-35541 GHSA-46pv-mj2g-93gh
VCID-5yts-xnha-4bf3	Roundcube Webmail: Insufficient HTML attachment sanitization in preview mode	CVE-2026-35539 GHSA-x4q5-8j5g-hpjc
VCID-8vmm-1hvf-17ap	Roundcube: Bypass of remote image blocking via crafted BODY background attribute	CVE-2026-35542 GHSA-5hf6-crg4-fg59
VCID-8xf2-hjfv-hybh	Roundcube Webmail: Insufficient CSS sanitization in HTML e-mail messages	CVE-2026-35544 GHSA-xpqh-grpw-4xmg
VCID-ck88-1urs-2kes	Roundcube Webmail: Bypass of remote image blocking via SVG content (with animate attributes) in an e-mail message	CVE-2026-35543 GHSA-j2g6-8rvg-7mf6
VCID-ddfq-28qm-2fbn	Roundcube Webmail: Remote image blocking feature can be bypassed via SVG content in an e-mail message	CVE-2026-35545 GHSA-w846-74jr-76cv
VCID-gh6k-19h8-fqbf	Roundcube Webmail: Unsanitized IMAP SEARCH command arguments	CVE-2026-35538 GHSA-8jr8-v43g-5c57
VCID-ub6x-9dku-c7fk	Roundcube Webmail: Insufficient CSS sanitization in HTML e-mail messages	CVE-2026-35540 GHSA-vxg2-hhgr-37fx

Vulnerability

Summary

Aliases

VCID-2hap-9mqs-v3b8

Roundcube Webmail: Incorrect password comparison in the password plugin

CVE-2026-35541
GHSA-46pv-mj2g-93gh

VCID-5yts-xnha-4bf3

Roundcube Webmail: Insufficient HTML attachment sanitization in preview mode

CVE-2026-35539
GHSA-x4q5-8j5g-hpjc

VCID-8vmm-1hvf-17ap

Roundcube: Bypass of remote image blocking via crafted BODY background attribute

CVE-2026-35542
GHSA-5hf6-crg4-fg59

VCID-8xf2-hjfv-hybh

Roundcube Webmail: Insufficient CSS sanitization in HTML e-mail messages

CVE-2026-35544
GHSA-xpqh-grpw-4xmg

VCID-ck88-1urs-2kes

Roundcube Webmail: Bypass of remote image blocking via SVG content (with animate attributes) in an e-mail message

CVE-2026-35543
GHSA-j2g6-8rvg-7mf6

VCID-ddfq-28qm-2fbn

Roundcube Webmail: Remote image blocking feature can be bypassed via SVG content in an e-mail message

CVE-2026-35545
GHSA-w846-74jr-76cv

VCID-gh6k-19h8-fqbf

Roundcube Webmail: Unsanitized IMAP SEARCH command arguments

CVE-2026-35538
GHSA-8jr8-v43g-5c57

VCID-ub6x-9dku-c7fk

Roundcube Webmail: Insufficient CSS sanitization in HTML e-mail messages

CVE-2026-35540
GHSA-vxg2-hhgr-37fx

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T13:23:09.043740+00:00	Debian Importer	Fixing	VCID-8xf2-hjfv-hybh	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:46:39.016793+00:00	Debian Importer	Fixing	VCID-8vmm-1hvf-17ap	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:45:13.136591+00:00	Debian Importer	Fixing	VCID-ck88-1urs-2kes	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:10:46.666741+00:00	Debian Importer	Fixing	VCID-ub6x-9dku-c7fk	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:30:42.239150+00:00	Debian Importer	Fixing	VCID-ddfq-28qm-2fbn	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:13:08.106155+00:00	Debian Importer	Fixing	VCID-5yts-xnha-4bf3	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:44:33.460860+00:00	Debian Importer	Fixing	VCID-gh6k-19h8-fqbf	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:41:23.426089+00:00	Debian Importer	Fixing	VCID-2hap-9mqs-v3b8	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T09:13:49.779132+00:00	Debian Importer	Fixing	VCID-8xf2-hjfv-hybh	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:45:49.858725+00:00	Debian Importer	Fixing	VCID-8vmm-1hvf-17ap	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:44:45.749210+00:00	Debian Importer	Fixing	VCID-ck88-1urs-2kes	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:19:49.406545+00:00	Debian Importer	Fixing	VCID-ub6x-9dku-c7fk	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:50:45.927388+00:00	Debian Importer	Fixing	VCID-ddfq-28qm-2fbn	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:37:40.202156+00:00	Debian Importer	Fixing	VCID-5yts-xnha-4bf3	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:15:52.140367+00:00	Debian Importer	Fixing	VCID-gh6k-19h8-fqbf	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:13:52.798197+00:00	Debian Importer	Fixing	VCID-2hap-9mqs-v3b8	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-06T03:06:30.445633+00:00	Debian Importer	Fixing	VCID-ddfq-28qm-2fbn	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-06T03:06:30.373724+00:00	Debian Importer	Fixing	VCID-8xf2-hjfv-hybh	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-06T03:06:30.304482+00:00	Debian Importer	Fixing	VCID-ck88-1urs-2kes	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-06T03:06:30.234600+00:00	Debian Importer	Fixing	VCID-8vmm-1hvf-17ap	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-06T03:06:30.165164+00:00	Debian Importer	Fixing	VCID-2hap-9mqs-v3b8	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-06T03:06:30.094200+00:00	Debian Importer	Fixing	VCID-ub6x-9dku-c7fk	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-06T03:06:30.024695+00:00	Debian Importer	Fixing	VCID-5yts-xnha-4bf3	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-06T03:06:29.955271+00:00	Debian Importer	Fixing	VCID-gh6k-19h8-fqbf	https://security-tracker.debian.org/tracker/data/json	38.1.0