Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6
purl pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (14)
Vulnerability Summary Aliases
VCID-2hap-9mqs-v3b8 Roundcube Webmail: Incorrect password comparison in the password plugin CVE-2026-35541
GHSA-46pv-mj2g-93gh
VCID-2nb2-9vgp-tqg9 roundcubemail: Roundcube Webmail: Information Disclosure via HTML Style Sanitizer CVE-2025-68460
VCID-3kyu-tx4q-p3aq Roundcube Webmail Vulnerable to Authenticated RCE via PHP Object Deserialization Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization. CVE-2025-49113
GHSA-8j8w-wwqc-x596
VCID-4yzj-hrqv-vbcp Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when "Block remote images" is used, does not block SVG feImage. CVE-2026-25916
VCID-5yts-xnha-4bf3 Roundcube Webmail: Insufficient HTML attachment sanitization in preview mode CVE-2026-35539
GHSA-x4q5-8j5g-hpjc
VCID-8vmm-1hvf-17ap Roundcube: Bypass of remote image blocking via crafted BODY background attribute CVE-2026-35542
GHSA-5hf6-crg4-fg59
VCID-8xf2-hjfv-hybh Roundcube Webmail: Insufficient CSS sanitization in HTML e-mail messages CVE-2026-35544
GHSA-xpqh-grpw-4xmg
VCID-9uv1-gqq7-3kc9 roundcubemail: Roundcube Webmail: Cross-Site Scripting (XSS) vulnerability via crafted SVG animate tag CVE-2025-68461
VCID-ck88-1urs-2kes Roundcube Webmail: Bypass of remote image blocking via SVG content (with animate attributes) in an e-mail message CVE-2026-35543
GHSA-j2g6-8rvg-7mf6
VCID-ddfq-28qm-2fbn Roundcube Webmail: Remote image blocking feature can be bypassed via SVG content in an e-mail message CVE-2026-35545
GHSA-w846-74jr-76cv
VCID-gh6k-19h8-fqbf Roundcube Webmail: Unsanitized IMAP SEARCH command arguments CVE-2026-35538
GHSA-8jr8-v43g-5c57
VCID-rdb5-bbvn-7fcq Multiple vulnerabilities have been discovered in Roundcube, the worst of which could lead to execution of arbitrary code. CVE-2019-15237
VCID-ub6x-9dku-c7fk Roundcube Webmail: Insufficient CSS sanitization in HTML e-mail messages CVE-2026-35540
GHSA-vxg2-hhgr-37fx
VCID-vtz8-zmp4-xbdh roundcubemail: Roundcube Webmail: Cascading Style Sheets (CSS) injection via mishandled comments CVE-2026-26079

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T10:24:31.827537+00:00 Debian Importer Fixing VCID-rdb5-bbvn-7fcq https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T01:14:45.162394+00:00 Debian Oval Importer Fixing VCID-8xf2-hjfv-hybh https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-16T01:14:35.118390+00:00 Debian Oval Importer Fixing VCID-ck88-1urs-2kes https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-16T01:13:37.821524+00:00 Debian Oval Importer Fixing VCID-gh6k-19h8-fqbf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-16T01:13:34.436868+00:00 Debian Oval Importer Fixing VCID-ub6x-9dku-c7fk https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-16T01:12:47.380760+00:00 Debian Oval Importer Fixing VCID-2hap-9mqs-v3b8 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-16T01:12:42.106699+00:00 Debian Oval Importer Fixing VCID-8vmm-1hvf-17ap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-16T01:12:10.822135+00:00 Debian Oval Importer Fixing VCID-ddfq-28qm-2fbn https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-16T01:11:54.179026+00:00 Debian Oval Importer Fixing VCID-5yts-xnha-4bf3 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T23:12:55.272998+00:00 Debian Oval Importer Fixing VCID-4yzj-hrqv-vbcp https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T21:42:42.858280+00:00 Debian Oval Importer Fixing VCID-2nb2-9vgp-tqg9 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T20:31:47.318398+00:00 Debian Oval Importer Fixing VCID-9uv1-gqq7-3kc9 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T18:58:39.634752+00:00 Debian Oval Importer Fixing VCID-vtz8-zmp4-xbdh https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T16:27:56.849426+00:00 Debian Oval Importer Fixing VCID-3kyu-tx4q-p3aq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-13T07:01:08.335613+00:00 Debian Importer Fixing VCID-rdb5-bbvn-7fcq https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-12T00:46:34.261773+00:00 Debian Oval Importer Fixing VCID-8xf2-hjfv-hybh https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-12T00:46:24.097365+00:00 Debian Oval Importer Fixing VCID-ck88-1urs-2kes https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-12T00:45:26.943795+00:00 Debian Oval Importer Fixing VCID-gh6k-19h8-fqbf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-12T00:45:23.600337+00:00 Debian Oval Importer Fixing VCID-ub6x-9dku-c7fk https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-12T00:44:36.789232+00:00 Debian Oval Importer Fixing VCID-2hap-9mqs-v3b8 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-12T00:44:31.314829+00:00 Debian Oval Importer Fixing VCID-8vmm-1hvf-17ap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-12T00:44:00.501173+00:00 Debian Oval Importer Fixing VCID-ddfq-28qm-2fbn https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-12T00:43:43.999825+00:00 Debian Oval Importer Fixing VCID-5yts-xnha-4bf3 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T22:48:45.820553+00:00 Debian Oval Importer Fixing VCID-4yzj-hrqv-vbcp https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T21:21:27.707332+00:00 Debian Oval Importer Fixing VCID-2nb2-9vgp-tqg9 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T20:13:07.940663+00:00 Debian Oval Importer Fixing VCID-9uv1-gqq7-3kc9 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T18:42:50.070257+00:00 Debian Oval Importer Fixing VCID-vtz8-zmp4-xbdh https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T16:15:07.982217+00:00 Debian Oval Importer Fixing VCID-3kyu-tx4q-p3aq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-09T00:16:18.100682+00:00 Debian Oval Importer Fixing VCID-8xf2-hjfv-hybh https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-09T00:16:08.080828+00:00 Debian Oval Importer Fixing VCID-ck88-1urs-2kes https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-09T00:15:11.286019+00:00 Debian Oval Importer Fixing VCID-gh6k-19h8-fqbf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-09T00:15:07.857244+00:00 Debian Oval Importer Fixing VCID-ub6x-9dku-c7fk https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-09T00:14:20.668845+00:00 Debian Oval Importer Fixing VCID-2hap-9mqs-v3b8 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-09T00:14:15.424334+00:00 Debian Oval Importer Fixing VCID-8vmm-1hvf-17ap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-09T00:13:44.871409+00:00 Debian Oval Importer Fixing VCID-ddfq-28qm-2fbn https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-09T00:13:28.238278+00:00 Debian Oval Importer Fixing VCID-5yts-xnha-4bf3 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T22:23:26.016291+00:00 Debian Oval Importer Fixing VCID-4yzj-hrqv-vbcp https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T21:00:08.929677+00:00 Debian Oval Importer Fixing VCID-2nb2-9vgp-tqg9 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T19:54:17.802136+00:00 Debian Oval Importer Fixing VCID-9uv1-gqq7-3kc9 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T18:39:53.126878+00:00 Debian Importer Fixing VCID-rdb5-bbvn-7fcq https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-08T18:27:54.926358+00:00 Debian Oval Importer Fixing VCID-vtz8-zmp4-xbdh https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T16:07:25.032038+00:00 Debian Oval Importer Fixing VCID-3kyu-tx4q-p3aq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0