{"url":"http://public2.vulnerablecode.io/api/packages/1037222?format=json","purl":"pkg:deb/debian/roundcube@1.1.5%2Bdfsg.1-1~bpo8%2B5","type":"deb","namespace":"debian","name":"roundcube","version":"1.1.5+dfsg.1-1~bpo8+5","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.6.5+dfsg-1+deb12u6","latest_non_vulnerable_version":"1.6.5+dfsg-1+deb12u6","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90974?format=json","vulnerability_id":"VCID-14vp-t71a-4bh1","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-46144","reference_id":"","reference_type":"","scores":[{"value":"0.01055","scoring_system":"epss","scoring_elements":"0.77528","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01055","scoring_system":"epss","scoring_elements":"0.77534","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01055","scoring_system":"epss","scoring_elements":"0.7756","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01055","scoring_system":"epss","scoring_elements":"0.77539","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01055","scoring_system":"epss","scoring_elements":"0.7757","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01055","scoring_system":"epss","scoring_elements":"0.77578","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01055","scoring_system":"epss","scoring_elements":"0.77604","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01055","scoring_system":"epss","scoring_elements":"0.77589","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01055","scoring_system":"epss","scoring_elements":"0.77588","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01055","scoring_system":"epss","scoring_elements":"0.77625","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01055","scoring_system":"epss","scoring_elements":"0.77623","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01055","scoring_system":"epss","scoring_elements":"0.77618","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01055","scoring_system":"epss","scoring_elements":"0.7765","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01055","scoring_system":"epss","scoring_elements":"0.77657","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01055","scoring_system":"epss","scoring_elements":"0.77672","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01055","scoring_system":"epss","scoring_elements":"0.77684","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-46144"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46144","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46144"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003027","reference_id":"1003027","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003027"},{"reference_url":"https://usn.ubuntu.com/USN-5182-1/","reference_id":"USN-USN-5182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037819?format=json","purl":"pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1050285?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-rdb5-bbvn-7fcq"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2021-46144"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-14vp-t71a-4bh1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50016?format=json","vulnerability_id":"VCID-2eyy-k49d-m3af","summary":"Multiple vulnerabilities have been discovered in Roundcube, the worst of which could lead to execution of arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44026","reference_id":"","reference_type":"","scores":[{"value":"0.64041","scoring_system":"epss","scoring_elements":"0.98426","published_at":"2026-04-04T12:55:00Z"},{"value":"0.64041","scoring_system":"epss","scoring_elements":"0.98422","published_at":"2026-04-02T12:55:00Z"},{"value":"0.64041","scoring_system":"epss","scoring_elements":"0.9842","published_at":"2026-04-01T12:55:00Z"},{"value":"0.64041","scoring_system":"epss","scoring_elements":"0.9844","published_at":"2026-04-16T12:55:00Z"},{"value":"0.64041","scoring_system":"epss","scoring_elements":"0.98436","published_at":"2026-04-13T12:55:00Z"},{"value":"0.64041","scoring_system":"epss","scoring_elements":"0.98432","published_at":"2026-04-09T12:55:00Z"},{"value":"0.64041","scoring_system":"epss","scoring_elements":"0.98431","published_at":"2026-04-08T12:55:00Z"},{"value":"0.64041","scoring_system":"epss","scoring_elements":"0.98428","published_at":"2026-04-07T12:55:00Z"},{"value":"0.72527","scoring_system":"epss","scoring_elements":"0.98783","published_at":"2026-05-05T12:55:00Z"},{"value":"0.72527","scoring_system":"epss","scoring_elements":"0.98772","published_at":"2026-04-18T12:55:00Z"},{"value":"0.72527","scoring_system":"epss","scoring_elements":"0.98773","published_at":"2026-04-21T12:55:00Z"},{"value":"0.72527","scoring_system":"epss","scoring_elements":"0.98777","published_at":"2026-04-24T12:55:00Z"},{"value":"0.72527","scoring_system":"epss","scoring_elements":"0.98778","published_at":"2026-04-26T12:55:00Z"},{"value":"0.72527","scoring_system":"epss","scoring_elements":"0.98779","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44026"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44025","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44025"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44026","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44026"},{"reference_url":"https://bugs.debian.org/1000156","reference_id":"1000156","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:33:07Z/"}],"url":"https://bugs.debian.org/1000156"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000156","reference_id":"1000156","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000156"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/c8947ecb762d9e89c2091bda28d49002817263f1","reference_id":"c8947ecb762d9e89c2091bda28d49002817263f1","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:33:07Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/c8947ecb762d9e89c2091bda28d49002817263f1"},{"reference_url":"https://www.debian.org/security/2021/dsa-5013","reference_id":"dsa-5013","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:33:07Z/"}],"url":"https://www.debian.org/security/2021/dsa-5013"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/ee809bde2dcaa04857a919397808a7296681dcfa","reference_id":"ee809bde2dcaa04857a919397808a7296681dcfa","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:33:07Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/ee809bde2dcaa04857a919397808a7296681dcfa"},{"reference_url":"https://security.gentoo.org/glsa/202507-10","reference_id":"GLSA-202507-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202507-10"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/12/msg00004.html","reference_id":"msg00004.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:33:07Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2021/12/msg00004.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDVGIZMQJ5IOM47Y3SAAJRN5VPANKTKO/","reference_id":"NDVGIZMQJ5IOM47Y3SAAJRN5VPANKTKO","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:33:07Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDVGIZMQJ5IOM47Y3SAAJRN5VPANKTKO/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TP3Y5RXTUUOUODNG7HFEKWYNIPIT2NL4/","reference_id":"TP3Y5RXTUUOUODNG7HFEKWYNIPIT2NL4","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:33:07Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TP3Y5RXTUUOUODNG7HFEKWYNIPIT2NL4/"},{"reference_url":"https://usn.ubuntu.com/USN-5182-1/","reference_id":"USN-USN-5182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037819?format=json","purl":"pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1050285?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-rdb5-bbvn-7fcq"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2021-44026"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2eyy-k49d-m3af"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/349549?format=json","vulnerability_id":"VCID-2hap-9mqs-v3b8","summary":"Roundcube Webmail: Incorrect password comparison in the password plugin","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35541","reference_id":"","reference_type":"","scores":[{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09324","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10086","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09983","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10621","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10676","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10695","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10743","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10618","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10604","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10739","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10764","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10796","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10782","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12438","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35541"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35541","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35541"},{"reference_url":"https://github.com/roundcube/roundcubemail","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/roundcube/roundcubemail"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/2e6a99b2a38110907ea8d3be8e59ec3d5802c394","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:00Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/2e6a99b2a38110907ea8d3be8e59ec3d5802c394"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/6a275676a8043083c05c961914d830b79e2490d4","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:00Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/6a275676a8043083c05c961914d830b79e2490d4"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/6fa2bddc59b9c9fd31cad4a9e2954a208d793dce","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:00Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/6fa2bddc59b9c9fd31cad4a9e2954a208d793dce"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.14","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:00Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.14"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.14","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:00Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.14"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:00Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5"},{"reference_url":"https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:00Z/"}],"url":"https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182","reference_id":"1131182","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35541","reference_id":"CVE-2026-35541","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35541"},{"reference_url":"https://github.com/advisories/GHSA-46pv-mj2g-93gh","reference_id":"GHSA-46pv-mj2g-93gh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-46pv-mj2g-93gh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1051746?format=json","purl":"pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6"}],"aliases":["CVE-2026-35541","GHSA-46pv-mj2g-93gh"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2hap-9mqs-v3b8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96173?format=json","vulnerability_id":"VCID-2k4q-26tk-j3gx","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-42010","reference_id":"","reference_type":"","scores":[{"value":"0.14764","scoring_system":"epss","scoring_elements":"0.94524","published_at":"2026-05-05T12:55:00Z"},{"value":"0.14764","scoring_system":"epss","scoring_elements":"0.94476","published_at":"2026-04-07T12:55:00Z"},{"value":"0.14764","scoring_system":"epss","scoring_elements":"0.94486","published_at":"2026-04-08T12:55:00Z"},{"value":"0.14764","scoring_system":"epss","scoring_elements":"0.94489","published_at":"2026-04-09T12:55:00Z"},{"value":"0.14764","scoring_system":"epss","scoring_elements":"0.94493","published_at":"2026-04-11T12:55:00Z"},{"value":"0.14764","scoring_system":"epss","scoring_elements":"0.94495","published_at":"2026-04-13T12:55:00Z"},{"value":"0.14764","scoring_system":"epss","scoring_elements":"0.94509","published_at":"2026-04-16T12:55:00Z"},{"value":"0.14764","scoring_system":"epss","scoring_elements":"0.94513","published_at":"2026-04-18T12:55:00Z"},{"value":"0.14764","scoring_system":"epss","scoring_elements":"0.94518","published_at":"2026-04-29T12:55:00Z"},{"value":"0.14764","scoring_system":"epss","scoring_elements":"0.94519","published_at":"2026-04-24T12:55:00Z"},{"value":"0.14764","scoring_system":"epss","scoring_elements":"0.94517","published_at":"2026-04-26T12:55:00Z"},{"value":"0.14764","scoring_system":"epss","scoring_elements":"0.94467","published_at":"2026-04-02T12:55:00Z"},{"value":"0.14764","scoring_system":"epss","scoring_elements":"0.94474","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-42010"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42008","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42008"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42009","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42009"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42010","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42010"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077969","reference_id":"1077969","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077969"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.8","reference_id":"1.5.8","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-06T14:03:28Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.8"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.8","reference_id":"1.6.8","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-06T14:03:28Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.8"},{"reference_url":"https://sonarsource.com/blog/government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail/","reference_id":"government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-06T14:03:28Z/"}],"url":"https://sonarsource.com/blog/government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail/"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases","reference_id":"releases","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-06T14:03:28Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases"},{"reference_url":"https://roundcube.net/news/2024/08/04/security-updates-1.6.8-and-1.5.8","reference_id":"security-updates-1.6.8-and-1.5.8","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-06T14:03:28Z/"}],"url":"https://roundcube.net/news/2024/08/04/security-updates-1.6.8-and-1.5.8"},{"reference_url":"https://usn.ubuntu.com/8223-1/","reference_id":"USN-8223-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8223-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050285?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-rdb5-bbvn-7fcq"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2024-42010"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2k4q-26tk-j3gx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65869?format=json","vulnerability_id":"VCID-2nb2-9vgp-tqg9","summary":"roundcubemail: Roundcube Webmail: Information Disclosure via HTML Style Sanitizer","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68460.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68460.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-68460","reference_id":"","reference_type":"","scores":[{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14181","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14238","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14053","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14134","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14185","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14136","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14094","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.1404","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.13935","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.13934","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17503","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17412","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17389","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.1732","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17184","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-68460"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68460"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122899","reference_id":"1122899","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122899"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2423487","reference_id":"2423487","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2423487"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1051746?format=json","purl":"pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6"}],"aliases":["CVE-2025-68460"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"4.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2nb2-9vgp-tqg9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96171?format=json","vulnerability_id":"VCID-36et-26h7-pke7","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-42008","reference_id":"","reference_type":"","scores":[{"value":"0.51532","scoring_system":"epss","scoring_elements":"0.97907","published_at":"2026-05-05T12:55:00Z"},{"value":"0.57251","scoring_system":"epss","scoring_elements":"0.98141","published_at":"2026-04-07T12:55:00Z"},{"value":"0.57251","scoring_system":"epss","scoring_elements":"0.98136","published_at":"2026-04-02T12:55:00Z"},{"value":"0.57251","scoring_system":"epss","scoring_elements":"0.98139","published_at":"2026-04-04T12:55:00Z"},{"value":"0.57251","scoring_system":"epss","scoring_elements":"0.98145","published_at":"2026-04-08T12:55:00Z"},{"value":"0.57251","scoring_system":"epss","scoring_elements":"0.98146","published_at":"2026-04-09T12:55:00Z"},{"value":"0.57251","scoring_system":"epss","scoring_elements":"0.98149","published_at":"2026-04-11T12:55:00Z"},{"value":"0.57251","scoring_system":"epss","scoring_elements":"0.9815","published_at":"2026-04-13T12:55:00Z"},{"value":"0.57251","scoring_system":"epss","scoring_elements":"0.98156","published_at":"2026-04-16T12:55:00Z"},{"value":"0.57251","scoring_system":"epss","scoring_elements":"0.98154","published_at":"2026-04-21T12:55:00Z"},{"value":"0.57251","scoring_system":"epss","scoring_elements":"0.98155","published_at":"2026-04-24T12:55:00Z"},{"value":"0.57251","scoring_system":"epss","scoring_elements":"0.98158","published_at":"2026-04-26T12:55:00Z"},{"value":"0.57251","scoring_system":"epss","scoring_elements":"0.98159","published_at":"2026-04-29T12:55:00Z"},{"value":"0.58573","scoring_system":"epss","scoring_elements":"0.98218","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-42008"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42008","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42008"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42009","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42009"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42010","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42010"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077969","reference_id":"1077969","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077969"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.8","reference_id":"1.5.8","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-07T19:56:10Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.8"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.8","reference_id":"1.6.8","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-07T19:56:10Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.8"},{"reference_url":"https://sonarsource.com/blog/government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail/","reference_id":"government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-07T19:56:10Z/"}],"url":"https://sonarsource.com/blog/government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail/"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases","reference_id":"releases","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-07T19:56:10Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases"},{"reference_url":"https://roundcube.net/news/2024/08/04/security-updates-1.6.8-and-1.5.8","reference_id":"security-updates-1.6.8-and-1.5.8","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-07T19:56:10Z/"}],"url":"https://roundcube.net/news/2024/08/04/security-updates-1.6.8-and-1.5.8"},{"reference_url":"https://usn.ubuntu.com/8223-1/","reference_id":"USN-8223-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8223-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050285?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-rdb5-bbvn-7fcq"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2024-42008"],"risk_score":4.2,"exploitability":"0.5","weighted_severity":"8.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-36et-26h7-pke7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30100?format=json","vulnerability_id":"VCID-3kyu-tx4q-p3aq","summary":"Roundcube Webmail Vulnerable to Authenticated RCE via PHP Object Deserialization\nRoundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49113.json","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49113.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49113","reference_id":"","reference_type":"","scores":[{"value":"0.90405","scoring_system":"epss","scoring_elements":"0.99611","published_at":"2026-05-05T12:55:00Z"},{"value":"0.9042","scoring_system":"epss","scoring_elements":"0.99609","published_at":"2026-04-26T12:55:00Z"},{"value":"0.9042","scoring_system":"epss","scoring_elements":"0.9961","published_at":"2026-04-29T12:55:00Z"},{"value":"0.90478","scoring_system":"epss","scoring_elements":"0.99609","published_at":"2026-04-18T12:55:00Z"},{"value":"0.90891","scoring_system":"epss","scoring_elements":"0.99636","published_at":"2026-04-21T12:55:00Z"},{"value":"0.91243","scoring_system":"epss","scoring_elements":"0.99653","published_at":"2026-04-16T12:55:00Z"},{"value":"0.91574","scoring_system":"epss","scoring_elements":"0.9967","published_at":"2026-04-02T12:55:00Z"},{"value":"0.91574","scoring_system":"epss","scoring_elements":"0.99675","published_at":"2026-04-13T12:55:00Z"},{"value":"0.91574","scoring_system":"epss","scoring_elements":"0.99674","published_at":"2026-04-09T12:55:00Z"},{"value":"0.91574","scoring_system":"epss","scoring_elements":"0.99673","published_at":"2026-04-07T12:55:00Z"},{"value":"0.91574","scoring_system":"epss","scoring_elements":"0.99672","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49113"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49113","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49113"},{"reference_url":"https://fearsoff.org/research/roundcube","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-02-20T20:05:40Z/"}],"url":"https://fearsoff.org/research/roundcube"},{"reference_url":"https://github.com/roundcube/roundcubemail","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/roundcube/roundcubemail"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/0376f69e958a8fef7f6f09e352c541b4e7729c4d","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-02-20T20:05:40Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/0376f69e958a8fef7f6f09e352c541b4e7729c4d"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/7408f31379666124a39f9cb1018f62bc5e2dc695","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-02-20T20:05:40Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/7408f31379666124a39f9cb1018f62bc5e2dc695"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/c50a07d88ca38f018a0f4a0b008e9a1deb32637e","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-02-20T20:05:40Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/c50a07d88ca38f018a0f4a0b008e9a1deb32637e"},{"reference_url":"https://github.com/roundcube/roundcubemail/pull/9865","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-02-20T20:05:40Z/"}],"url":"https://github.com/roundcube/roundcubemail/pull/9865"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.10","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-02-20T20:05:40Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.10"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.11","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-02-20T20:05:40Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.11"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/06/msg00008.html","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/06/msg00008.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49113","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49113"},{"reference_url":"https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-02-20T20:05:40Z/"}],"url":"https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-49113","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-49113"},{"reference_url":"https://www.vicarius.io/vsociety/posts/cve-2025-49113-roundcube-mitigation-script","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-02-20T20:05:40Z/"}],"url":"https://www.vicarius.io/vsociety/posts/cve-2025-49113-roundcube-mitigation-script"},{"reference_url":"https://www.vicarius.io/vsociety/posts/cve-2025-49113-roundcube-vulnerability-detection","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-02-20T20:05:40Z/"}],"url":"https://www.vicarius.io/vsociety/posts/cve-2025-49113-roundcube-vulnerability-detection"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/06/02/3","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/06/02/3"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107073","reference_id":"1107073","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107073"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2369696","reference_id":"2369696","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2369696"},{"reference_url":"https://security.archlinux.org/ASA-202506-1","reference_id":"ASA-202506-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202506-1"},{"reference_url":"https://security.archlinux.org/AVG-2891","reference_id":"AVG-2891","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2891"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52324.NA","reference_id":"CVE-2025-49113","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52324.NA"},{"reference_url":"https://github.com/advisories/GHSA-8j8w-wwqc-x596","reference_id":"GHSA-8j8w-wwqc-x596","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8j8w-wwqc-x596"},{"reference_url":"https://usn.ubuntu.com/7584-1/","reference_id":"USN-7584-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7584-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1051746?format=json","purl":"pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6"}],"aliases":["CVE-2025-49113","GHSA-8j8w-wwqc-x596"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3kyu-tx4q-p3aq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97028?format=json","vulnerability_id":"VCID-4yzj-hrqv-vbcp","summary":"Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when \"Block remote images\" is used, does not block SVG feImage.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25916","reference_id":"","reference_type":"","scores":[{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09829","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09789","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09906","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09931","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09968","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09956","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09904","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11529","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11641","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11763","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.1173","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11692","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11614","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12448","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12491","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25916"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25916","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25916"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127447","reference_id":"1127447","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127447"},{"reference_url":"https://nullcathedral.com/posts/2026-02-08-roundcube-svg-feimage-remote-image-bypass/","reference_id":"2026-02-08-roundcube-svg-feimage-remote-image-bypass","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-09T14:54:49Z/"}],"url":"https://nullcathedral.com/posts/2026-02-08-roundcube-svg-feimage-remote-image-bypass/"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/26d7677","reference_id":"26d7677","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-09T14:54:49Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/26d7677"},{"reference_url":"https://news.ycombinator.com/item?id=46937012","reference_id":"item?id=46937012","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-09T14:54:49Z/"}],"url":"https://news.ycombinator.com/item?id=46937012"},{"reference_url":"https://usn.ubuntu.com/8223-1/","reference_id":"USN-8223-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8223-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1051746?format=json","purl":"pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6"}],"aliases":["CVE-2026-25916"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4yzj-hrqv-vbcp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/349555?format=json","vulnerability_id":"VCID-5yts-xnha-4bf3","summary":"Roundcube Webmail: Insufficient HTML attachment sanitization in preview mode","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35539","reference_id":"","reference_type":"","scores":[{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10724","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10896","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11324","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12275","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12387","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.1242","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12417","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12306","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12406","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12446","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12484","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12511","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13375","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35539"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35539","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35539"},{"reference_url":"https://github.com/roundcube/roundcubemail","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/roundcube/roundcubemail"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/10a6d1fa8acac85c727b0a6ae4a6642bfa27bea1","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:10:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/10a6d1fa8acac85c727b0a6ae4a6642bfa27bea1"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/1b30edf5369668c92fe91dae3d52e477c808aa4f","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:10:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/1b30edf5369668c92fe91dae3d52e477c808aa4f"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/d742954ccbcdee7020f8f2e7c49ce0fca5a0efab","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:10:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/d742954ccbcdee7020f8f2e7c49ce0fca5a0efab"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.14","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:10:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.14"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.14","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:10:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.14"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:10:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5"},{"reference_url":"https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:10:48Z/"}],"url":"https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182","reference_id":"1131182","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35539","reference_id":"CVE-2026-35539","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35539"},{"reference_url":"https://github.com/advisories/GHSA-x4q5-8j5g-hpjc","reference_id":"GHSA-x4q5-8j5g-hpjc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x4q5-8j5g-hpjc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1051746?format=json","purl":"pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6"}],"aliases":["CVE-2026-35539","GHSA-x4q5-8j5g-hpjc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5yts-xnha-4bf3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62469?format=json","vulnerability_id":"VCID-79me-pjdn-ykgq","summary":"A flaw in Roundcube's handling of configuration files may allow\n    arbitrary code execution, amongst other vulnerabilities.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12640","reference_id":"","reference_type":"","scores":[{"value":"0.22659","scoring_system":"epss","scoring_elements":"0.95822","published_at":"2026-04-01T12:55:00Z"},{"value":"0.22659","scoring_system":"epss","scoring_elements":"0.95831","published_at":"2026-04-02T12:55:00Z"},{"value":"0.22659","scoring_system":"epss","scoring_elements":"0.95839","published_at":"2026-04-04T12:55:00Z"},{"value":"0.22659","scoring_system":"epss","scoring_elements":"0.95842","published_at":"2026-04-07T12:55:00Z"},{"value":"0.22659","scoring_system":"epss","scoring_elements":"0.9585","published_at":"2026-04-08T12:55:00Z"},{"value":"0.22659","scoring_system":"epss","scoring_elements":"0.95854","published_at":"2026-04-09T12:55:00Z"},{"value":"0.22659","scoring_system":"epss","scoring_elements":"0.95857","published_at":"2026-04-11T12:55:00Z"},{"value":"0.22659","scoring_system":"epss","scoring_elements":"0.95856","published_at":"2026-04-12T12:55:00Z"},{"value":"0.22659","scoring_system":"epss","scoring_elements":"0.95858","published_at":"2026-04-13T12:55:00Z"},{"value":"0.22659","scoring_system":"epss","scoring_elements":"0.95869","published_at":"2026-04-16T12:55:00Z"},{"value":"0.22659","scoring_system":"epss","scoring_elements":"0.95875","published_at":"2026-04-18T12:55:00Z"},{"value":"0.22659","scoring_system":"epss","scoring_elements":"0.95877","published_at":"2026-04-21T12:55:00Z"},{"value":"0.22659","scoring_system":"epss","scoring_elements":"0.95879","published_at":"2026-04-29T12:55:00Z"},{"value":"0.22659","scoring_system":"epss","scoring_elements":"0.95891","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12640"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12640","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12640"},{"reference_url":"https://security.gentoo.org/glsa/202007-41","reference_id":"GLSA-202007-41","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202007-41"},{"reference_url":"https://usn.ubuntu.com/USN-5182-1/","reference_id":"USN-USN-5182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050285?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-rdb5-bbvn-7fcq"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2020-12640"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-79me-pjdn-ykgq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79759?format=json","vulnerability_id":"VCID-7nn6-aywu-z7g8","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13964","reference_id":"","reference_type":"","scores":[{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75174","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75177","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75208","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75184","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75219","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75231","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75252","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75229","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75218","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75256","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75263","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75254","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.7529","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75293","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75297","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75306","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13964"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13964","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13964"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13965","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13965"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962123","reference_id":"962123","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962123"},{"reference_url":"https://usn.ubuntu.com/USN-5182-1/","reference_id":"USN-USN-5182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037223?format=json","purl":"pkg:deb/debian/roundcube@1.2.3%2Bdfsg.1-4%2Bdeb9u6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9ktu-55q4-3kau"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-fuh5-bwaq-yyfk"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-j29t-cw2h-mfd8"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-ts1p-pw9v-cbh3"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-ur1a-7tdn-h3hu"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"},{"vulnerability":"VCID-z3kp-p8ch-myhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.2.3%252Bdfsg.1-4%252Bdeb9u6"},{"url":"http://public2.vulnerablecode.io/api/packages/1037819?format=json","purl":"pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1050285?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-rdb5-bbvn-7fcq"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2020-13964"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7nn6-aywu-z7g8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/349553?format=json","vulnerability_id":"VCID-8vmm-1hvf-17ap","summary":"Roundcube: Bypass of remote image blocking via crafted BODY background attribute","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35542","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09403","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10167","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10062","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.12929","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13034","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13066","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13072","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.12975","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.12972","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.1307","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13122","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.1316","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13191","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14115","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35542"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35542","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35542"},{"reference_url":"https://github.com/roundcube/roundcubemail","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/roundcube/roundcubemail"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/e052328e3dc75f13adc2e314eaa4096ac21084ad","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:51:19Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/e052328e3dc75f13adc2e314eaa4096ac21084ad"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/fd0e98178db5c73eaa93d005b561874923f9b0f0","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:51:19Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/fd0e98178db5c73eaa93d005b561874923f9b0f0"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/fde14d01adc9f37893cd82b635883e516ed453f8","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:51:19Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/fde14d01adc9f37893cd82b635883e516ed453f8"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.14","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:51:19Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.14"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.14","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:51:19Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.14"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:51:19Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5"},{"reference_url":"https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:51:19Z/"}],"url":"https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182","reference_id":"1131182","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35542","reference_id":"CVE-2026-35542","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35542"},{"reference_url":"https://github.com/advisories/GHSA-5hf6-crg4-fg59","reference_id":"GHSA-5hf6-crg4-fg59","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5hf6-crg4-fg59"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1051746?format=json","purl":"pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6"}],"aliases":["CVE-2026-35542","GHSA-5hf6-crg4-fg59"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8vmm-1hvf-17ap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/349554?format=json","vulnerability_id":"VCID-8xf2-hjfv-hybh","summary":"Roundcube Webmail: Insufficient CSS sanitization in HTML e-mail messages","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35544","reference_id":"","reference_type":"","scores":[{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10066","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.1017","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.1014","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.12933","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13037","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13069","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13076","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.12978","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.12975","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13074","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13126","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13164","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13195","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14117","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35544"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35544","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35544"},{"reference_url":"https://github.com/roundcube/roundcubemail","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/roundcube/roundcubemail"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/099009b9c8e1d3c636fb9a5af72f7c2596018662","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:06Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/099009b9c8e1d3c636fb9a5af72f7c2596018662"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/226811a1c974271dbedca72672923abaff8191c0","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:06Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/226811a1c974271dbedca72672923abaff8191c0"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/57dec0c127b98e0c8e3b9c26c80049b9c4bcaea7","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:06Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/57dec0c127b98e0c8e3b9c26c80049b9c4bcaea7"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.14","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:06Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.14"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.14","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:06Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.14"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:06Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5"},{"reference_url":"https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:06Z/"}],"url":"https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182","reference_id":"1131182","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35544","reference_id":"CVE-2026-35544","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35544"},{"reference_url":"https://github.com/advisories/GHSA-xpqh-grpw-4xmg","reference_id":"GHSA-xpqh-grpw-4xmg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xpqh-grpw-4xmg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1051746?format=json","purl":"pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6"}],"aliases":["CVE-2026-35544","GHSA-xpqh-grpw-4xmg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8xf2-hjfv-hybh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96172?format=json","vulnerability_id":"VCID-9der-5csu-nbbq","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-42009","reference_id":"","reference_type":"","scores":[{"value":"0.91163","scoring_system":"epss","scoring_elements":"0.99652","published_at":"2026-04-24T12:55:00Z"},{"value":"0.91163","scoring_system":"epss","scoring_elements":"0.99655","published_at":"2026-05-05T12:55:00Z"},{"value":"0.91163","scoring_system":"epss","scoring_elements":"0.99654","published_at":"2026-04-29T12:55:00Z"},{"value":"0.91163","scoring_system":"epss","scoring_elements":"0.99653","published_at":"2026-04-26T12:55:00Z"},{"value":"0.91411","scoring_system":"epss","scoring_elements":"0.99658","published_at":"2026-04-04T12:55:00Z"},{"value":"0.91411","scoring_system":"epss","scoring_elements":"0.99657","published_at":"2026-04-02T12:55:00Z"},{"value":"0.91411","scoring_system":"epss","scoring_elements":"0.9966","published_at":"2026-04-07T12:55:00Z"},{"value":"0.91411","scoring_system":"epss","scoring_elements":"0.99661","published_at":"2026-04-11T12:55:00Z"},{"value":"0.91411","scoring_system":"epss","scoring_elements":"0.99662","published_at":"2026-04-12T12:55:00Z"},{"value":"0.91411","scoring_system":"epss","scoring_elements":"0.99663","published_at":"2026-04-13T12:55:00Z"},{"value":"0.91411","scoring_system":"epss","scoring_elements":"0.99664","published_at":"2026-04-16T12:55:00Z"},{"value":"0.91411","scoring_system":"epss","scoring_elements":"0.99665","published_at":"2026-04-18T12:55:00Z"},{"value":"0.91411","scoring_system":"epss","scoring_elements":"0.99666","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-42009"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42008","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42008"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42009","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42009"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42010","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42010"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077969","reference_id":"1077969","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077969"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.8","reference_id":"1.5.8","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-08-20T03:56:09Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.8"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.8","reference_id":"1.6.8","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-08-20T03:56:09Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.8"},{"reference_url":"https://sonarsource.com/blog/government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail/","reference_id":"government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-08-20T03:56:09Z/"}],"url":"https://sonarsource.com/blog/government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail/"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases","reference_id":"releases","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-08-20T03:56:09Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases"},{"reference_url":"https://roundcube.net/news/2024/08/04/security-updates-1.6.8-and-1.5.8","reference_id":"security-updates-1.6.8-and-1.5.8","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-08-20T03:56:09Z/"}],"url":"https://roundcube.net/news/2024/08/04/security-updates-1.6.8-and-1.5.8"},{"reference_url":"https://usn.ubuntu.com/7636-1/","reference_id":"USN-7636-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7636-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050285?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-rdb5-bbvn-7fcq"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2024-42009"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9der-5csu-nbbq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93634?format=json","vulnerability_id":"VCID-9ktu-55q4-3kau","summary":"Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which makes it easier for attackers to obtain sensitive information, a related issue to CVE-2017-17688. This is associated with plugins/enigma/lib/enigma_driver_gnupg.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19205","reference_id":"","reference_type":"","scores":[{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55201","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.553","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55324","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55306","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55356","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55357","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55368","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55346","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55327","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55364","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55347","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55284","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55305","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55278","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55226","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19205"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19205","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19205"},{"reference_url":"https://usn.ubuntu.com/8132-1/","reference_id":"USN-8132-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8132-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037819?format=json","purl":"pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2"}],"aliases":["CVE-2018-19205"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9ktu-55q4-3kau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65868?format=json","vulnerability_id":"VCID-9uv1-gqq7-3kc9","summary":"roundcubemail: Roundcube Webmail: Cross-Site Scripting (XSS) vulnerability via crafted SVG animate tag","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68461.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68461.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-68461","reference_id":"","reference_type":"","scores":[{"value":"0.06437","scoring_system":"epss","scoring_elements":"0.91026","published_at":"2026-04-04T12:55:00Z"},{"value":"0.06437","scoring_system":"epss","scoring_elements":"0.91017","published_at":"2026-04-02T12:55:00Z"},{"value":"0.06833","scoring_system":"epss","scoring_elements":"0.91341","published_at":"2026-04-11T12:55:00Z"},{"value":"0.06833","scoring_system":"epss","scoring_elements":"0.91316","published_at":"2026-04-07T12:55:00Z"},{"value":"0.06833","scoring_system":"epss","scoring_elements":"0.91329","published_at":"2026-04-08T12:55:00Z"},{"value":"0.06833","scoring_system":"epss","scoring_elements":"0.91334","published_at":"2026-04-09T12:55:00Z"},{"value":"0.06833","scoring_system":"epss","scoring_elements":"0.91344","published_at":"2026-04-12T12:55:00Z"},{"value":"0.06833","scoring_system":"epss","scoring_elements":"0.91343","published_at":"2026-04-13T12:55:00Z"},{"value":"0.06833","scoring_system":"epss","scoring_elements":"0.91368","published_at":"2026-04-16T12:55:00Z"},{"value":"0.06974","scoring_system":"epss","scoring_elements":"0.91471","published_at":"2026-04-18T12:55:00Z"},{"value":"0.08521","scoring_system":"epss","scoring_elements":"0.924","published_at":"2026-04-26T12:55:00Z"},{"value":"0.08521","scoring_system":"epss","scoring_elements":"0.92394","published_at":"2026-04-29T12:55:00Z"},{"value":"0.08521","scoring_system":"epss","scoring_elements":"0.92403","published_at":"2026-05-05T12:55:00Z"},{"value":"0.08521","scoring_system":"epss","scoring_elements":"0.92395","published_at":"2026-04-21T12:55:00Z"},{"value":"0.08521","scoring_system":"epss","scoring_elements":"0.92398","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-68461"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68461","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68461"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122899","reference_id":"1122899","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122899"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2423507","reference_id":"2423507","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2423507"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/bfa032631c36b900e7444dfa278340b33cbf7cdb","reference_id":"bfa032631c36b900e7444dfa278340b33cbf7cdb","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2026-02-20T20:07:06Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/bfa032631c36b900e7444dfa278340b33cbf7cdb"},{"reference_url":"https://roundcube.net/news/2025/12/13/security-updates-1.6.12-and-1.5.12","reference_id":"security-updates-1.6.12-and-1.5.12","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2026-02-20T20:07:06Z/"}],"url":"https://roundcube.net/news/2025/12/13/security-updates-1.6.12-and-1.5.12"},{"reference_url":"https://usn.ubuntu.com/8097-1/","reference_id":"USN-8097-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8097-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1051746?format=json","purl":"pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6"}],"aliases":["CVE-2025-68461"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9uv1-gqq7-3kc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92897?format=json","vulnerability_id":"VCID-brmp-djyb-q3b7","summary":"Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail before 1.1.5 allows remote attackers to hijack the authentication of users for requests that download attachments and cause a denial of service (disk consumption) via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4069","reference_id":"","reference_type":"","scores":[{"value":"0.01131","scoring_system":"epss","scoring_elements":"0.78273","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01131","scoring_system":"epss","scoring_elements":"0.7828","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01131","scoring_system":"epss","scoring_elements":"0.78312","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01131","scoring_system":"epss","scoring_elements":"0.78293","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01131","scoring_system":"epss","scoring_elements":"0.7832","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01131","scoring_system":"epss","scoring_elements":"0.78326","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01131","scoring_system":"epss","scoring_elements":"0.78352","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01131","scoring_system":"epss","scoring_elements":"0.78335","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01131","scoring_system":"epss","scoring_elements":"0.78328","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01131","scoring_system":"epss","scoring_elements":"0.78357","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01131","scoring_system":"epss","scoring_elements":"0.78355","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01131","scoring_system":"epss","scoring_elements":"0.78353","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01131","scoring_system":"epss","scoring_elements":"0.78386","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01131","scoring_system":"epss","scoring_elements":"0.78393","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01131","scoring_system":"epss","scoring_elements":"0.78409","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01131","scoring_system":"epss","scoring_elements":"0.78422","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4069"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4069","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4069"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=822333","reference_id":"822333","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=822333"},{"reference_url":"https://usn.ubuntu.com/8132-1/","reference_id":"USN-8132-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8132-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037223?format=json","purl":"pkg:deb/debian/roundcube@1.2.3%2Bdfsg.1-4%2Bdeb9u6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9ktu-55q4-3kau"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-fuh5-bwaq-yyfk"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-j29t-cw2h-mfd8"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-ts1p-pw9v-cbh3"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-ur1a-7tdn-h3hu"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"},{"vulnerability":"VCID-z3kp-p8ch-myhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.2.3%252Bdfsg.1-4%252Bdeb9u6"}],"aliases":["CVE-2016-4069"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-brmp-djyb-q3b7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57273?format=json","vulnerability_id":"VCID-c4ys-1wzp-vqej","summary":"A vulnerability in RoundCube may allow authenticated users to\n    bypass security restrictions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-8114","reference_id":"","reference_type":"","scores":[{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.70388","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.70416","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.70261","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.70274","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.70291","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.70267","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.70313","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.70328","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.70351","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.70336","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.70323","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.70366","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.70375","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.70357","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.70408","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00632","scoring_system":"epss","scoring_elements":"0.70417","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-8114"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8114","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8114"},{"reference_url":"https://github.com/ilsani/rd/tree/master/security-advisories/web/roundcube/cve-2017-8114","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ilsani/rd/tree/master/security-advisories/web/roundcube/cve-2017-8114"},{"reference_url":"https://roundcube.net/news/2017/04/28/security-updates-1.2.5-1.1.9-and-1.0.11","reference_id":"","reference_type":"","scores":[],"url":"https://roundcube.net/news/2017/04/28/security-updates-1.2.5-1.1.9-and-1.0.11"},{"reference_url":"http://www.securityfocus.com/bid/98445","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/98445"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861388","reference_id":"861388","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861388"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-8114","reference_id":"CVE-2017-8114","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-8114"},{"reference_url":"https://security.gentoo.org/glsa/201707-11","reference_id":"GLSA-201707-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201707-11"},{"reference_url":"https://usn.ubuntu.com/8132-1/","reference_id":"USN-8132-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8132-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037223?format=json","purl":"pkg:deb/debian/roundcube@1.2.3%2Bdfsg.1-4%2Bdeb9u6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9ktu-55q4-3kau"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-fuh5-bwaq-yyfk"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-j29t-cw2h-mfd8"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-ts1p-pw9v-cbh3"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-ur1a-7tdn-h3hu"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"},{"vulnerability":"VCID-z3kp-p8ch-myhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.2.3%252Bdfsg.1-4%252Bdeb9u6"}],"aliases":["CVE-2017-8114"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c4ys-1wzp-vqej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75373?format=json","vulnerability_id":"VCID-cjkd-2jr6-n7as","summary":"roundcubemail: allows XSS via SVG animate attributes","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-37383.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-37383.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-37383","reference_id":"","reference_type":"","scores":[{"value":"0.64028","scoring_system":"epss","scoring_elements":"0.98431","published_at":"2026-04-09T12:55:00Z"},{"value":"0.64028","scoring_system":"epss","scoring_elements":"0.98446","published_at":"2026-05-05T12:55:00Z"},{"value":"0.64028","scoring_system":"epss","scoring_elements":"0.98442","published_at":"2026-04-26T12:55:00Z"},{"value":"0.64028","scoring_system":"epss","scoring_elements":"0.98441","published_at":"2026-04-29T12:55:00Z"},{"value":"0.64028","scoring_system":"epss","scoring_elements":"0.98438","published_at":"2026-04-21T12:55:00Z"},{"value":"0.64028","scoring_system":"epss","scoring_elements":"0.98439","published_at":"2026-04-16T12:55:00Z"},{"value":"0.64028","scoring_system":"epss","scoring_elements":"0.98435","published_at":"2026-04-13T12:55:00Z"},{"value":"0.64519","scoring_system":"epss","scoring_elements":"0.98444","published_at":"2026-04-04T12:55:00Z"},{"value":"0.64519","scoring_system":"epss","scoring_elements":"0.98441","published_at":"2026-04-02T12:55:00Z"},{"value":"0.64519","scoring_system":"epss","scoring_elements":"0.98446","published_at":"2026-04-07T12:55:00Z"},{"value":"0.64519","scoring_system":"epss","scoring_elements":"0.9845","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-37383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37384","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37384"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071474","reference_id":"1071474","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071474"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.7","reference_id":"1.5.7","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-25T18:32:17Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.7"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.7","reference_id":"1.6.7","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-25T18:32:17Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.7"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2290826","reference_id":"2290826","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2290826"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/43aaaa528646877789ec028d87924ba1accf5242","reference_id":"43aaaa528646877789ec028d87924ba1accf5242","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-25T18:32:17Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/43aaaa528646877789ec028d87924ba1accf5242"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52173.txt","reference_id":"CVE-2024-37383","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52173.txt"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00008.html","reference_id":"msg00008.html","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-25T18:32:17Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00008.html"},{"reference_url":"https://usn.ubuntu.com/6848-1/","reference_id":"USN-6848-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6848-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050285?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-rdb5-bbvn-7fcq"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2024-37383"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cjkd-2jr6-n7as"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/349552?format=json","vulnerability_id":"VCID-ck88-1urs-2kes","summary":"Roundcube Webmail: Bypass of remote image blocking via SVG content (with animate attributes) in an e-mail message","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35543","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09403","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10167","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10062","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.12929","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13034","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13066","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13072","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.12975","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.12972","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.1307","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13122","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.1316","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13191","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14115","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35543"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35543","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35543"},{"reference_url":"https://github.com/roundcube/roundcubemail","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/roundcube/roundcubemail"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/1a63e01542bff42aaa71c00c4c279a09ef31f20c","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:45Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/1a63e01542bff42aaa71c00c4c279a09ef31f20c"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/39471343ee081ce1d31696c456a2c163462daae3","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:45Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/39471343ee081ce1d31696c456a2c163462daae3"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/82ab5eca7b332fce7a174b2b987f0957a66377cd","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:45Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/82ab5eca7b332fce7a174b2b987f0957a66377cd"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.14","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:45Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.14"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.14","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:45Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.14"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:45Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5"},{"reference_url":"https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:45Z/"}],"url":"https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182","reference_id":"1131182","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35543","reference_id":"CVE-2026-35543","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35543"},{"reference_url":"https://github.com/advisories/GHSA-j2g6-8rvg-7mf6","reference_id":"GHSA-j2g6-8rvg-7mf6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j2g6-8rvg-7mf6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1051746?format=json","purl":"pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6"}],"aliases":["CVE-2026-35543","GHSA-j2g6-8rvg-7mf6"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ck88-1urs-2kes"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62468?format=json","vulnerability_id":"VCID-cnkc-vcp7-6kcw","summary":"A flaw in Roundcube's handling of configuration files may allow\n    arbitrary code execution, amongst other vulnerabilities.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12626","reference_id":"","reference_type":"","scores":[{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.79589","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.79596","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.79618","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.79605","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.79634","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.79642","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.79662","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.79647","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.79639","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.7967","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.79669","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.79673","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.79704","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.79711","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.79726","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.79741","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12626"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12625","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12625"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12626","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12626"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959142","reference_id":"959142","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959142"},{"reference_url":"https://security.gentoo.org/glsa/202007-41","reference_id":"GLSA-202007-41","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202007-41"},{"reference_url":"https://usn.ubuntu.com/USN-5182-1/","reference_id":"USN-USN-5182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037223?format=json","purl":"pkg:deb/debian/roundcube@1.2.3%2Bdfsg.1-4%2Bdeb9u6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9ktu-55q4-3kau"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-fuh5-bwaq-yyfk"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-j29t-cw2h-mfd8"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-ts1p-pw9v-cbh3"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-ur1a-7tdn-h3hu"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"},{"vulnerability":"VCID-z3kp-p8ch-myhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.2.3%252Bdfsg.1-4%252Bdeb9u6"},{"url":"http://public2.vulnerablecode.io/api/packages/1037819?format=json","purl":"pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1050285?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-rdb5-bbvn-7fcq"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2020-12626"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cnkc-vcp7-6kcw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/349551?format=json","vulnerability_id":"VCID-ddfq-28qm-2fbn","summary":"Roundcube Webmail: Remote image blocking feature can be bypassed via SVG content in an e-mail message","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35545","reference_id":"","reference_type":"","scores":[{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10066","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.1017","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09759","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13334","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.1344","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13468","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13463","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13391","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13393","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13482","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13529","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13567","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13595","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14638","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35545"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35545","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35545"},{"reference_url":"https://github.com/roundcube/roundcubemail","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/roundcube/roundcubemail"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/7ad62de184368bf42c0f522d1aacc030f5ddcc46","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T15:35:57Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/7ad62de184368bf42c0f522d1aacc030f5ddcc46"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/9d18d524f3cc211003fc99e2e54eed09a2f3da88","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T15:35:57Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/9d18d524f3cc211003fc99e2e54eed09a2f3da88"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/fe1320b199d3a2f58351bb699c9ed4316e73221b","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T15:35:57Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/fe1320b199d3a2f58351bb699c9ed4316e73221b"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.15","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T15:35:57Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.15"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.15","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T15:35:57Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.15"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc6","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T15:35:57Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc6"},{"reference_url":"https://roundcube.net/news/2026/03/29/security-updates-1.7-rc6-1.6.15-1.5.15","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T15:35:57Z/"}],"url":"https://roundcube.net/news/2026/03/29/security-updates-1.7-rc6-1.6.15-1.5.15"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132268","reference_id":"1132268","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132268"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35545","reference_id":"CVE-2026-35545","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35545"},{"reference_url":"https://github.com/advisories/GHSA-w846-74jr-76cv","reference_id":"GHSA-w846-74jr-76cv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w846-74jr-76cv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1051746?format=json","purl":"pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6"}],"aliases":["CVE-2026-35545","GHSA-w846-74jr-76cv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ddfq-28qm-2fbn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47145?format=json","vulnerability_id":"VCID-ekhg-mmjb-v3c3","summary":"A vulnerability in Roundcube could potentially lead to arbitrary\n    code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9920","reference_id":"","reference_type":"","scores":[{"value":"0.38304","scoring_system":"epss","scoring_elements":"0.97202","published_at":"2026-04-01T12:55:00Z"},{"value":"0.38304","scoring_system":"epss","scoring_elements":"0.97208","published_at":"2026-04-02T12:55:00Z"},{"value":"0.38304","scoring_system":"epss","scoring_elements":"0.97213","published_at":"2026-04-04T12:55:00Z"},{"value":"0.38304","scoring_system":"epss","scoring_elements":"0.97214","published_at":"2026-04-07T12:55:00Z"},{"value":"0.38304","scoring_system":"epss","scoring_elements":"0.97224","published_at":"2026-04-08T12:55:00Z"},{"value":"0.38304","scoring_system":"epss","scoring_elements":"0.97225","published_at":"2026-04-09T12:55:00Z"},{"value":"0.38304","scoring_system":"epss","scoring_elements":"0.97228","published_at":"2026-04-11T12:55:00Z"},{"value":"0.38304","scoring_system":"epss","scoring_elements":"0.97229","published_at":"2026-04-12T12:55:00Z"},{"value":"0.38304","scoring_system":"epss","scoring_elements":"0.9723","published_at":"2026-04-13T12:55:00Z"},{"value":"0.38304","scoring_system":"epss","scoring_elements":"0.97238","published_at":"2026-04-16T12:55:00Z"},{"value":"0.38304","scoring_system":"epss","scoring_elements":"0.9724","published_at":"2026-04-18T12:55:00Z"},{"value":"0.38304","scoring_system":"epss","scoring_elements":"0.97243","published_at":"2026-04-26T12:55:00Z"},{"value":"0.38304","scoring_system":"epss","scoring_elements":"0.97245","published_at":"2026-04-29T12:55:00Z"},{"value":"0.38304","scoring_system":"epss","scoring_elements":"0.97251","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9920"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9920","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9920"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847287","reference_id":"847287","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847287"},{"reference_url":"https://security.gentoo.org/glsa/201612-44","reference_id":"GLSA-201612-44","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201612-44"},{"reference_url":"https://usn.ubuntu.com/8132-1/","reference_id":"USN-8132-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8132-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037223?format=json","purl":"pkg:deb/debian/roundcube@1.2.3%2Bdfsg.1-4%2Bdeb9u6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9ktu-55q4-3kau"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-fuh5-bwaq-yyfk"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-j29t-cw2h-mfd8"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-ts1p-pw9v-cbh3"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-ur1a-7tdn-h3hu"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"},{"vulnerability":"VCID-z3kp-p8ch-myhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.2.3%252Bdfsg.1-4%252Bdeb9u6"}],"aliases":["CVE-2016-9920"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ekhg-mmjb-v3c3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70217?format=json","vulnerability_id":"VCID-fuh5-bwaq-yyfk","summary":"security update","references":[{"reference_url":"http://packetstormsecurity.com/files/161226/Roundcube-Webmail-1.2-File-Disclosure.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T20:56:39Z/"}],"url":"http://packetstormsecurity.com/files/161226/Roundcube-Webmail-1.2-File-Disclosure.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16651","reference_id":"","reference_type":"","scores":[{"value":"0.33307","scoring_system":"epss","scoring_elements":"0.9693","published_at":"2026-04-21T12:55:00Z"},{"value":"0.33307","scoring_system":"epss","scoring_elements":"0.96927","published_at":"2026-04-18T12:55:00Z"},{"value":"0.33307","scoring_system":"epss","scoring_elements":"0.969","published_at":"2026-04-07T12:55:00Z"},{"value":"0.33307","scoring_system":"epss","scoring_elements":"0.96896","published_at":"2026-04-04T12:55:00Z"},{"value":"0.33307","scoring_system":"epss","scoring_elements":"0.96923","published_at":"2026-04-16T12:55:00Z"},{"value":"0.33307","scoring_system":"epss","scoring_elements":"0.96916","published_at":"2026-04-13T12:55:00Z"},{"value":"0.33307","scoring_system":"epss","scoring_elements":"0.96915","published_at":"2026-04-12T12:55:00Z"},{"value":"0.33307","scoring_system":"epss","scoring_elements":"0.96913","published_at":"2026-04-11T12:55:00Z"},{"value":"0.33307","scoring_system":"epss","scoring_elements":"0.9691","published_at":"2026-04-09T12:55:00Z"},{"value":"0.33307","scoring_system":"epss","scoring_elements":"0.96909","published_at":"2026-04-08T12:55:00Z"},{"value":"0.35232","scoring_system":"epss","scoring_elements":"0.97018","published_at":"2026-04-02T12:55:00Z"},{"value":"0.35232","scoring_system":"epss","scoring_elements":"0.9701","published_at":"2026-04-01T12:55:00Z"},{"value":"0.37271","scoring_system":"epss","scoring_elements":"0.97192","published_at":"2026-05-05T12:55:00Z"},{"value":"0.37271","scoring_system":"epss","scoring_elements":"0.97185","published_at":"2026-04-24T12:55:00Z"},{"value":"0.37271","scoring_system":"epss","scoring_elements":"0.97186","published_at":"2026-04-26T12:55:00Z"},{"value":"0.37271","scoring_system":"epss","scoring_elements":"0.97188","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16651"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16651"},{"reference_url":"https://github.com/roundcube/roundcubemail/issues/6026","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T20:56:39Z/"}],"url":"https://github.com/roundcube/roundcubemail/issues/6026"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.1.10","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T20:56:39Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.1.10"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.2.7","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T20:56:39Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.2.7"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.3.3","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T20:56:39Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.3.3"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00039.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T20:56:39Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00039.html"},{"reference_url":"https://roundcube.net/news/2017/11/08/security-updates-1.3.3-1.2.7-and-1.1.10","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T20:56:39Z/"}],"url":"https://roundcube.net/news/2017/11/08/security-updates-1.3.3-1.2.7-and-1.1.10"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-16651","reference_id":"","reference_type":"","scores":[],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-16651"},{"reference_url":"https://www.debian.org/security/2017/dsa-4030","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T20:56:39Z/"}],"url":"https://www.debian.org/security/2017/dsa-4030"},{"reference_url":"http://www.securityfocus.com/bid/101793","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T20:56:39Z/"}],"url":"http://www.securityfocus.com/bid/101793"},{"reference_url":"https://security.archlinux.org/ASA-201711-27","reference_id":"ASA-201711-27","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-27"},{"reference_url":"https://security.archlinux.org/AVG-506","reference_id":"AVG-506","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-506"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:roundcube:webmail:1.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:roundcube:webmail:1.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.2.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:roundcube:webmail:1.2.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.2.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.2.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:roundcube:webmail:1.2.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.2.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.2.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:roundcube:webmail:1.2.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.2.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.2.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:roundcube:webmail:1.2.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.2.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.2.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:roundcube:webmail:1.2.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.2.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:roundcube:webmail:1.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:roundcube:webmail:1.3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:roundcube:webmail:1.3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.3.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16651","reference_id":"CVE-2017-16651","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:P/A:P"},{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16651"},{"reference_url":"https://usn.ubuntu.com/7200-1/","reference_id":"USN-7200-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7200-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037223?format=json","purl":"pkg:deb/debian/roundcube@1.2.3%2Bdfsg.1-4%2Bdeb9u6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9ktu-55q4-3kau"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-fuh5-bwaq-yyfk"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-j29t-cw2h-mfd8"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-ts1p-pw9v-cbh3"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-ur1a-7tdn-h3hu"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"},{"vulnerability":"VCID-z3kp-p8ch-myhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.2.3%252Bdfsg.1-4%252Bdeb9u6"},{"url":"http://public2.vulnerablecode.io/api/packages/1037819?format=json","purl":"pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2"}],"aliases":["CVE-2017-16651"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fuh5-bwaq-yyfk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/349548?format=json","vulnerability_id":"VCID-gh6k-19h8-fqbf","summary":"Roundcube Webmail: Unsanitized IMAP SEARCH command arguments","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35538","reference_id":"","reference_type":"","scores":[{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10455","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10593","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11044","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12411","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12526","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12559","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12551","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12436","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12431","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12527","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12566","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12607","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.1264","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14489","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35538"},{"reference_url":"https://github.com/roundcube/roundcubemail","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/roundcube/roundcubemail"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/5fe8a69956a9683a4269f3ad2a68e18deebf8a15","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:11:14Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/5fe8a69956a9683a4269f3ad2a68e18deebf8a15"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/7daf5aa9c190ccc75bb31672d8fee9938877fd64","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:11:14Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/7daf5aa9c190ccc75bb31672d8fee9938877fd64"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/b18a8fa8e81571914c0ff55d4e20edb459c6952c","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:11:14Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/b18a8fa8e81571914c0ff55d4e20edb459c6952c"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.14","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:11:14Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.14"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.14","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:11:14Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.14"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:11:14Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5"},{"reference_url":"https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:11:14Z/"}],"url":"https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182","reference_id":"1131182","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35538","reference_id":"CVE-2026-35538","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35538"},{"reference_url":"https://github.com/advisories/GHSA-8jr8-v43g-5c57","reference_id":"GHSA-8jr8-v43g-5c57","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8jr8-v43g-5c57"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1051746?format=json","purl":"pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6"}],"aliases":["CVE-2026-35538","GHSA-8jr8-v43g-5c57"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gh6k-19h8-fqbf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62470?format=json","vulnerability_id":"VCID-hg1a-vx5c-hue3","summary":"A flaw in Roundcube's handling of configuration files may allow\n    arbitrary code execution, amongst other vulnerabilities.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12641","reference_id":"","reference_type":"","scores":[{"value":"0.93133","scoring_system":"epss","scoring_elements":"0.99793","published_at":"2026-04-02T12:55:00Z"},{"value":"0.93133","scoring_system":"epss","scoring_elements":"0.99794","published_at":"2026-04-04T12:55:00Z"},{"value":"0.93133","scoring_system":"epss","scoring_elements":"0.99795","published_at":"2026-04-09T12:55:00Z"},{"value":"0.93133","scoring_system":"epss","scoring_elements":"0.99796","published_at":"2026-04-13T12:55:00Z"},{"value":"0.93133","scoring_system":"epss","scoring_elements":"0.99797","published_at":"2026-04-16T12:55:00Z"},{"value":"0.93133","scoring_system":"epss","scoring_elements":"0.99798","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12641"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12641","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12641"},{"reference_url":"https://github.com/roundcube/roundcubemail/compare/1.4.3...1.4.4","reference_id":"1.4.3...1.4.4","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:53:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/compare/1.4.3...1.4.4"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.4.4","reference_id":"1.4.4","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:53:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.4.4"},{"reference_url":"https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-12641-Command%20Injection-Roundcube","reference_id":"CVE-2020-12641-Command%20Injection-Roundcube","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:53:48Z/"}],"url":"https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-12641-Command%20Injection-Roundcube"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/fcfb099477f353373c34c8a65c9035b06b364db3","reference_id":"fcfb099477f353373c34c8a65c9035b06b364db3","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:53:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/fcfb099477f353373c34c8a65c9035b06b364db3"},{"reference_url":"https://security.gentoo.org/glsa/202007-41","reference_id":"GLSA-202007-41","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:53:48Z/"}],"url":"https://security.gentoo.org/glsa/202007-41"},{"reference_url":"https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1.3.11-and-1.2.10","reference_id":"security-updates-1.4.4-1.3.11-and-1.2.10","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:53:48Z/"}],"url":"https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1.3.11-and-1.2.10"},{"reference_url":"https://usn.ubuntu.com/USN-5182-1/","reference_id":"USN-USN-5182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050285?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-rdb5-bbvn-7fcq"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2020-12641"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hg1a-vx5c-hue3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93420?format=json","vulnerability_id":"VCID-j29t-cw2h-mfd8","summary":"roundcube version 1.3.4 and earlier contains an Insecure Permissions vulnerability in enigma plugin that can result in exfiltration of gpg private key. This attack appear to be exploitable via network connectivity.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000071","reference_id":"","reference_type":"","scores":[{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52412","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52458","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52485","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52452","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52504","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52498","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52549","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52532","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52516","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52556","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52561","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52545","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52493","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52502","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52464","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52407","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000071"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000071","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000071"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897014","reference_id":"897014","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897014"},{"reference_url":"https://usn.ubuntu.com/8132-1/","reference_id":"USN-8132-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8132-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037819?format=json","purl":"pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2"}],"aliases":["CVE-2018-1000071"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j29t-cw2h-mfd8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90864?format=json","vulnerability_id":"VCID-jck5-xymf-s3bh","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-16145","reference_id":"","reference_type":"","scores":[{"value":"0.00704","scoring_system":"epss","scoring_elements":"0.72041","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00704","scoring_system":"epss","scoring_elements":"0.72047","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00704","scoring_system":"epss","scoring_elements":"0.72068","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00704","scoring_system":"epss","scoring_elements":"0.72044","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00704","scoring_system":"epss","scoring_elements":"0.72081","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00704","scoring_system":"epss","scoring_elements":"0.72093","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00704","scoring_system":"epss","scoring_elements":"0.72116","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00704","scoring_system":"epss","scoring_elements":"0.72101","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00704","scoring_system":"epss","scoring_elements":"0.72086","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00704","scoring_system":"epss","scoring_elements":"0.72127","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00704","scoring_system":"epss","scoring_elements":"0.72135","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00704","scoring_system":"epss","scoring_elements":"0.7212","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00704","scoring_system":"epss","scoring_elements":"0.72164","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00704","scoring_system":"epss","scoring_elements":"0.72173","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00704","scoring_system":"epss","scoring_elements":"0.72167","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00704","scoring_system":"epss","scoring_elements":"0.72159","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-16145"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16145","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16145"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968216","reference_id":"968216","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968216"},{"reference_url":"https://usn.ubuntu.com/USN-5182-1/","reference_id":"USN-USN-5182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037819?format=json","purl":"pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1050285?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-rdb5-bbvn-7fcq"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2020-16145"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jck5-xymf-s3bh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94681?format=json","vulnerability_id":"VCID-jqs5-8ct7-wfgk","summary":"Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26925","reference_id":"","reference_type":"","scores":[{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49171","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49227","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49258","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49286","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49238","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49293","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49289","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49307","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49281","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49287","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49334","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49331","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.493","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49298","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49256","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26925"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26925","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26925"},{"reference_url":"https://security.archlinux.org/ASA-202102-27","reference_id":"ASA-202102-27","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202102-27"},{"reference_url":"https://security.archlinux.org/AVG-1551","reference_id":"AVG-1551","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1551"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050285?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-rdb5-bbvn-7fcq"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2021-26925"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jqs5-8ct7-wfgk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94415?format=json","vulnerability_id":"VCID-kyxz-v3sj-w3cw","summary":"Cross Site Scripting (XSS) vulnerability in Roundcube Mail <=1.4.4 via smtp config in /installer/test.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-18671","reference_id":"","reference_type":"","scores":[{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.59664","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.59737","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.59762","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.59732","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.59784","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.59797","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.59817","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.59801","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.59783","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.5982","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.59827","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.5981","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.59781","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.59799","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.59785","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.59748","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-18671"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-18671","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-18671"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050285?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-rdb5-bbvn-7fcq"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2020-18671"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kyxz-v3sj-w3cw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79760?format=json","vulnerability_id":"VCID-m4yc-ms54-zyhv","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13965.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13965.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13965","reference_id":"","reference_type":"","scores":[{"value":"0.71819","scoring_system":"epss","scoring_elements":"0.98728","published_at":"2026-04-02T12:55:00Z"},{"value":"0.71819","scoring_system":"epss","scoring_elements":"0.98753","published_at":"2026-05-05T12:55:00Z"},{"value":"0.71819","scoring_system":"epss","scoring_elements":"0.98732","published_at":"2026-04-04T12:55:00Z"},{"value":"0.71819","scoring_system":"epss","scoring_elements":"0.98735","published_at":"2026-04-09T12:55:00Z"},{"value":"0.71819","scoring_system":"epss","scoring_elements":"0.98736","published_at":"2026-04-08T12:55:00Z"},{"value":"0.71819","scoring_system":"epss","scoring_elements":"0.98738","published_at":"2026-04-12T12:55:00Z"},{"value":"0.71819","scoring_system":"epss","scoring_elements":"0.98739","published_at":"2026-04-13T12:55:00Z"},{"value":"0.71819","scoring_system":"epss","scoring_elements":"0.98742","published_at":"2026-04-21T12:55:00Z"},{"value":"0.71819","scoring_system":"epss","scoring_elements":"0.98746","published_at":"2026-04-24T12:55:00Z"},{"value":"0.71819","scoring_system":"epss","scoring_elements":"0.98747","published_at":"2026-04-26T12:55:00Z"},{"value":"0.71819","scoring_system":"epss","scoring_elements":"0.98749","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13965"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13964","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13964"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13965","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13965"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.3.12","reference_id":"1.3.12","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.3.12"},{"reference_url":"https://github.com/roundcube/roundcubemail/compare/1.4.4...1.4.5","reference_id":"1.4.4...1.4.5","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/"}],"url":"https://github.com/roundcube/roundcubemail/compare/1.4.4...1.4.5"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.4.5","reference_id":"1.4.5","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.4.5"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1848338","reference_id":"1848338","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1848338"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/884eb611627ef2bd5a2e20e02009ebb1eceecdc3","reference_id":"884eb611627ef2bd5a2e20e02009ebb1eceecdc3","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/884eb611627ef2bd5a2e20e02009ebb1eceecdc3"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962124","reference_id":"962124","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962124"},{"reference_url":"https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-13965-Cross%20Site-Scripting%20via%20Malicious%20XML%20Attachment-Roundcube","reference_id":"CVE-2020-13965-Cross%20Site-Scripting%20via%20Malicious%20XML%20Attachment-Roundcube","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/"}],"url":"https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-13965-Cross%20Site-Scripting%20via%20Malicious%20XML%20Attachment-Roundcube"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLESQ4LPJGMSWHQ4TBRTVQRDG7IXAZCW/","reference_id":"DLESQ4LPJGMSWHQ4TBRTVQRDG7IXAZCW","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLESQ4LPJGMSWHQ4TBRTVQRDG7IXAZCW/"},{"reference_url":"https://www.debian.org/security/2020/dsa-4700","reference_id":"dsa-4700","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/"}],"url":"https://www.debian.org/security/2020/dsa-4700"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ODPJXBHZ32QSP4MYT2OBCALYXSUJ47SK/","reference_id":"ODPJXBHZ32QSP4MYT2OBCALYXSUJ47SK","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ODPJXBHZ32QSP4MYT2OBCALYXSUJ47SK/"},{"reference_url":"https://roundcube.net/news/2020/06/02/security-updates-1.4.5-and-1.3.12","reference_id":"security-updates-1.4.5-and-1.3.12","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/"}],"url":"https://roundcube.net/news/2020/06/02/security-updates-1.4.5-and-1.3.12"},{"reference_url":"https://usn.ubuntu.com/USN-5182-1/","reference_id":"USN-USN-5182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037223?format=json","purl":"pkg:deb/debian/roundcube@1.2.3%2Bdfsg.1-4%2Bdeb9u6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9ktu-55q4-3kau"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-fuh5-bwaq-yyfk"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-j29t-cw2h-mfd8"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-ts1p-pw9v-cbh3"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-ur1a-7tdn-h3hu"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"},{"vulnerability":"VCID-z3kp-p8ch-myhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.2.3%252Bdfsg.1-4%252Bdeb9u6"},{"url":"http://public2.vulnerablecode.io/api/packages/1037819?format=json","purl":"pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1050285?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-rdb5-bbvn-7fcq"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2020-13965"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"5.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m4yc-ms54-zyhv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95789?format=json","vulnerability_id":"VCID-ncbg-6m11-3qan","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-47272","reference_id":"","reference_type":"","scores":[{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.65845","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.65875","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.6584","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.65892","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.65904","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.65922","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.65909","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.65879","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.65914","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.65929","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.65918","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.65928","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.65939","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.65937","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.65912","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-47272"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47272","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47272"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055421","reference_id":"1055421","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055421"},{"reference_url":"https://usn.ubuntu.com/6848-1/","reference_id":"USN-6848-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6848-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050285?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-rdb5-bbvn-7fcq"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2023-47272"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ncbg-6m11-3qan"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96129?format=json","vulnerability_id":"VCID-qwak-6wgy-wfgs","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-37384","reference_id":"","reference_type":"","scores":[{"value":"0.00437","scoring_system":"epss","scoring_elements":"0.63008","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00437","scoring_system":"epss","scoring_elements":"0.63099","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00437","scoring_system":"epss","scoring_elements":"0.63091","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00437","scoring_system":"epss","scoring_elements":"0.63056","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00437","scoring_system":"epss","scoring_elements":"0.63078","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00437","scoring_system":"epss","scoring_elements":"0.63092","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00437","scoring_system":"epss","scoring_elements":"0.63074","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00437","scoring_system":"epss","scoring_elements":"0.63058","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00437","scoring_system":"epss","scoring_elements":"0.63014","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00437","scoring_system":"epss","scoring_elements":"0.63043","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00525","scoring_system":"epss","scoring_elements":"0.67028","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00525","scoring_system":"epss","scoring_elements":"0.67022","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00525","scoring_system":"epss","scoring_elements":"0.67043","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00525","scoring_system":"epss","scoring_elements":"0.67057","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00525","scoring_system":"epss","scoring_elements":"0.67056","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-37384"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37384","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37384"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071474","reference_id":"1071474","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071474"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.7","reference_id":"1.5.7","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-17T17:48:19Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.7"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.7","reference_id":"1.6.7","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-17T17:48:19Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.7"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/cde4522c5c95f13c6aeeb1600ab17e5067a536f7","reference_id":"cde4522c5c95f13c6aeeb1600ab17e5067a536f7","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-17T17:48:19Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/cde4522c5c95f13c6aeeb1600ab17e5067a536f7"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00008.html","reference_id":"msg00008.html","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-17T17:48:19Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00008.html"},{"reference_url":"https://usn.ubuntu.com/6848-1/","reference_id":"USN-6848-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6848-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050285?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-rdb5-bbvn-7fcq"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2024-37384"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qwak-6wgy-wfgs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90812?format=json","vulnerability_id":"VCID-rc91-j3kf-zfch","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15562","reference_id":"","reference_type":"","scores":[{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75004","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75007","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75036","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75012","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75046","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75058","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.7508","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75059","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75048","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75086","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75093","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75083","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75122","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75126","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.7513","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75138","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15562"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15562","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15562"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964355","reference_id":"964355","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964355"},{"reference_url":"https://usn.ubuntu.com/USN-5182-1/","reference_id":"USN-USN-5182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037819?format=json","purl":"pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1050285?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-rdb5-bbvn-7fcq"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2020-15562"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rc91-j3kf-zfch"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92896?format=json","vulnerability_id":"VCID-rthq-fqk2-yydk","summary":"Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2015-8864.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-08/msg00078.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2016-08/msg00078.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-08/msg00079.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2016-08/msg00079.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-08/msg00095.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2016-08/msg00095.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4068","reference_id":"","reference_type":"","scores":[{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57635","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57657","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58314","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61405","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61562","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61549","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61564","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61558","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61509","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62248","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62227","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62272","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62279","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.6224","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62259","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62223","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4068"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4068","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4068"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/40d7342dd9c9bd2a1d613edc848ed95a4d71aa18#commitcomment-15294218","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/roundcube/roundcubemail/commit/40d7342dd9c9bd2a1d613edc848ed95a4d71aa18#commitcomment-15294218"},{"reference_url":"https://github.com/roundcube/roundcubemail/issues/4949","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/roundcube/roundcubemail/issues/4949"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.0.9","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.0.9"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.1.5","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.1.5"},{"reference_url":"https://github.com/roundcube/roundcubemail/wiki/Changelog#release-115","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/roundcube/roundcubemail/wiki/Changelog#release-115"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:roundcube_webmail:1.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:roundcube:roundcube_webmail:1.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:roundcube_webmail:1.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:roundcube_webmail:1.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:roundcube:roundcube_webmail:1.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:roundcube_webmail:1.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:roundcube_webmail:1.1.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:roundcube:roundcube_webmail:1.1.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:roundcube_webmail:1.1.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:roundcube:webmail:1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.1.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:roundcube:webmail:1.1.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.1.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.1:beta:*:*:*:*:*:*","reference_id":"cpe:2.3:a:roundcube:webmail:1.1:beta:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.1:beta:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.1:rc:*:*:*:*:*:*","reference_id":"cpe:2.3:a:roundcube:webmail:1.1:rc:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.1:rc:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4068","reference_id":"CVE-2016-4068","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4068"},{"reference_url":"https://usn.ubuntu.com/8132-1/","reference_id":"USN-8132-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8132-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037223?format=json","purl":"pkg:deb/debian/roundcube@1.2.3%2Bdfsg.1-4%2Bdeb9u6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9ktu-55q4-3kau"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-fuh5-bwaq-yyfk"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-j29t-cw2h-mfd8"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-ts1p-pw9v-cbh3"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-ur1a-7tdn-h3hu"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"},{"vulnerability":"VCID-z3kp-p8ch-myhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.2.3%252Bdfsg.1-4%252Bdeb9u6"}],"aliases":["CVE-2016-4068"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rthq-fqk2-yydk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95717?format=json","vulnerability_id":"VCID-s6p1-rf35-euhy","summary":"Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43770","reference_id":"","reference_type":"","scores":[{"value":"0.80389","scoring_system":"epss","scoring_elements":"0.99124","published_at":"2026-04-13T12:55:00Z"},{"value":"0.80389","scoring_system":"epss","scoring_elements":"0.99129","published_at":"2026-04-21T12:55:00Z"},{"value":"0.80389","scoring_system":"epss","scoring_elements":"0.99127","published_at":"2026-04-18T12:55:00Z"},{"value":"0.80389","scoring_system":"epss","scoring_elements":"0.99126","published_at":"2026-04-16T12:55:00Z"},{"value":"0.80389","scoring_system":"epss","scoring_elements":"0.99125","published_at":"2026-04-12T12:55:00Z"},{"value":"0.80653","scoring_system":"epss","scoring_elements":"0.99149","published_at":"2026-05-05T12:55:00Z"},{"value":"0.80653","scoring_system":"epss","scoring_elements":"0.99134","published_at":"2026-04-04T12:55:00Z"},{"value":"0.80653","scoring_system":"epss","scoring_elements":"0.99137","published_at":"2026-04-07T12:55:00Z"},{"value":"0.80653","scoring_system":"epss","scoring_elements":"0.99139","published_at":"2026-04-08T12:55:00Z"},{"value":"0.80653","scoring_system":"epss","scoring_elements":"0.99146","published_at":"2026-04-24T12:55:00Z"},{"value":"0.80653","scoring_system":"epss","scoring_elements":"0.99147","published_at":"2026-04-29T12:55:00Z"},{"value":"0.80653","scoring_system":"epss","scoring_elements":"0.99131","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43770"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43770","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43770"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052059","reference_id":"1052059","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052059"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/e92ec206a886461245e1672d8530cc93c618a49b","reference_id":"e92ec206a886461245e1672d8530cc93c618a49b","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-01T18:43:07Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/e92ec206a886461245e1672d8530cc93c618a49b"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00024.html","reference_id":"msg00024.html","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-01T18:43:07Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00024.html"},{"reference_url":"https://roundcube.net/news/2023/09/15/security-update-1.6.3-released","reference_id":"security-update-1.6.3-released","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-01T18:43:07Z/"}],"url":"https://roundcube.net/news/2023/09/15/security-update-1.6.3-released"},{"reference_url":"https://usn.ubuntu.com/6654-1/","reference_id":"USN-6654-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6654-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050285?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-rdb5-bbvn-7fcq"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2023-43770"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s6p1-rf35-euhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92803?format=json","vulnerability_id":"VCID-spk8-q616-rkda","summary":"Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2016-4068.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-08/msg00078.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2016-08/msg00078.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-08/msg00079.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2016-08/msg00079.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-08/msg00095.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2016-08/msg00095.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8864","reference_id":"","reference_type":"","scores":[{"value":"0.00482","scoring_system":"epss","scoring_elements":"0.65198","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00482","scoring_system":"epss","scoring_elements":"0.652","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00482","scoring_system":"epss","scoring_elements":"0.65059","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00482","scoring_system":"epss","scoring_elements":"0.65109","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00482","scoring_system":"epss","scoring_elements":"0.65136","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00482","scoring_system":"epss","scoring_elements":"0.65102","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00482","scoring_system":"epss","scoring_elements":"0.65151","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00482","scoring_system":"epss","scoring_elements":"0.65164","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00482","scoring_system":"epss","scoring_elements":"0.65183","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00482","scoring_system":"epss","scoring_elements":"0.6517","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00482","scoring_system":"epss","scoring_elements":"0.65143","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00482","scoring_system":"epss","scoring_elements":"0.65179","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00482","scoring_system":"epss","scoring_elements":"0.65188","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00482","scoring_system":"epss","scoring_elements":"0.65173","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00482","scoring_system":"epss","scoring_elements":"0.65186","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8864"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8864","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8864"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/40d7342dd9c9bd2a1d613edc848ed95a4d71aa18","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/roundcube/roundcubemail/commit/40d7342dd9c9bd2a1d613edc848ed95a4d71aa18"},{"reference_url":"https://github.com/roundcube/roundcubemail/issues/4949","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/roundcube/roundcubemail/issues/4949"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.0.9","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.0.9"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.1.5","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.1.5"},{"reference_url":"https://github.com/roundcube/roundcubemail/wiki/Changelog#release-115","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/roundcube/roundcubemail/wiki/Changelog#release-115"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=822333","reference_id":"822333","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=822333"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:roundcube_webmail:1.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:roundcube:roundcube_webmail:1.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:roundcube_webmail:1.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:roundcube_webmail:1.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:roundcube:roundcube_webmail:1.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:roundcube_webmail:1.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:roundcube_webmail:1.1.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:roundcube:roundcube_webmail:1.1.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:roundcube_webmail:1.1.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:roundcube:webmail:1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.1.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:roundcube:webmail:1.1.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.1.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.1:beta:*:*:*:*:*:*","reference_id":"cpe:2.3:a:roundcube:webmail:1.1:beta:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.1:beta:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.1:rc:*:*:*:*:*:*","reference_id":"cpe:2.3:a:roundcube:webmail:1.1:rc:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.1:rc:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8864","reference_id":"CVE-2015-8864","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8864"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037223?format=json","purl":"pkg:deb/debian/roundcube@1.2.3%2Bdfsg.1-4%2Bdeb9u6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9ktu-55q4-3kau"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-fuh5-bwaq-yyfk"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-j29t-cw2h-mfd8"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-ts1p-pw9v-cbh3"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-ur1a-7tdn-h3hu"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"},{"vulnerability":"VCID-z3kp-p8ch-myhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.2.3%252Bdfsg.1-4%252Bdeb9u6"}],"aliases":["CVE-2015-8864"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-spk8-q616-rkda"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92902?format=json","vulnerability_id":"VCID-tmch-gj6d-tyfq","summary":"Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the href attribute in an area tag in an e-mail message.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4552","reference_id":"","reference_type":"","scores":[{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.5094","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.50994","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51019","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.50976","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51033","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.5103","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51073","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51051","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51034","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51072","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51078","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51055","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51003","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51011","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.50971","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.50901","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4552"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4552","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4552"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037223?format=json","purl":"pkg:deb/debian/roundcube@1.2.3%2Bdfsg.1-4%2Bdeb9u6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9ktu-55q4-3kau"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-fuh5-bwaq-yyfk"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-j29t-cw2h-mfd8"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-ts1p-pw9v-cbh3"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-ur1a-7tdn-h3hu"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"},{"vulnerability":"VCID-z3kp-p8ch-myhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.2.3%252Bdfsg.1-4%252Bdeb9u6"}],"aliases":["CVE-2016-4552"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tmch-gj6d-tyfq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76083?format=json","vulnerability_id":"VCID-ts1p-pw9v-cbh3","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19206","reference_id":"","reference_type":"","scores":[{"value":"0.02357","scoring_system":"epss","scoring_elements":"0.8484","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02357","scoring_system":"epss","scoring_elements":"0.84856","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02357","scoring_system":"epss","scoring_elements":"0.84874","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02357","scoring_system":"epss","scoring_elements":"0.84876","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02357","scoring_system":"epss","scoring_elements":"0.84899","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02357","scoring_system":"epss","scoring_elements":"0.84906","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02357","scoring_system":"epss","scoring_elements":"0.84924","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02357","scoring_system":"epss","scoring_elements":"0.84923","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02357","scoring_system":"epss","scoring_elements":"0.84917","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02357","scoring_system":"epss","scoring_elements":"0.84939","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02357","scoring_system":"epss","scoring_elements":"0.84936","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02357","scoring_system":"epss","scoring_elements":"0.84962","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02357","scoring_system":"epss","scoring_elements":"0.8497","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02357","scoring_system":"epss","scoring_elements":"0.84969","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02357","scoring_system":"epss","scoring_elements":"0.84986","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19206"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19206","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19206"},{"reference_url":"https://usn.ubuntu.com/8132-1/","reference_id":"USN-8132-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8132-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037223?format=json","purl":"pkg:deb/debian/roundcube@1.2.3%2Bdfsg.1-4%2Bdeb9u6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9ktu-55q4-3kau"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-fuh5-bwaq-yyfk"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-j29t-cw2h-mfd8"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-ts1p-pw9v-cbh3"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-ur1a-7tdn-h3hu"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"},{"vulnerability":"VCID-z3kp-p8ch-myhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.2.3%252Bdfsg.1-4%252Bdeb9u6"},{"url":"http://public2.vulnerablecode.io/api/packages/1037819?format=json","purl":"pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2"}],"aliases":["CVE-2018-19206"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ts1p-pw9v-cbh3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90934?format=json","vulnerability_id":"VCID-u8a4-4pe2-9kcb","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35730","reference_id":"","reference_type":"","scores":[{"value":"0.64813","scoring_system":"epss","scoring_elements":"0.98451","published_at":"2026-04-01T12:55:00Z"},{"value":"0.64813","scoring_system":"epss","scoring_elements":"0.98453","published_at":"2026-04-02T12:55:00Z"},{"value":"0.64813","scoring_system":"epss","scoring_elements":"0.98456","published_at":"2026-04-04T12:55:00Z"},{"value":"0.64813","scoring_system":"epss","scoring_elements":"0.98458","published_at":"2026-04-07T12:55:00Z"},{"value":"0.64813","scoring_system":"epss","scoring_elements":"0.98461","published_at":"2026-04-08T12:55:00Z"},{"value":"0.64813","scoring_system":"epss","scoring_elements":"0.98462","published_at":"2026-04-09T12:55:00Z"},{"value":"0.64813","scoring_system":"epss","scoring_elements":"0.98465","published_at":"2026-04-13T12:55:00Z"},{"value":"0.64813","scoring_system":"epss","scoring_elements":"0.9847","published_at":"2026-04-18T12:55:00Z"},{"value":"0.64813","scoring_system":"epss","scoring_elements":"0.98472","published_at":"2026-04-21T12:55:00Z"},{"value":"0.64813","scoring_system":"epss","scoring_elements":"0.98476","published_at":"2026-04-26T12:55:00Z"},{"value":"0.64813","scoring_system":"epss","scoring_elements":"0.98475","published_at":"2026-04-29T12:55:00Z"},{"value":"0.64813","scoring_system":"epss","scoring_elements":"0.9848","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35730"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35730","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35730"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.2.13","reference_id":"1.2.13","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:21:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.2.13"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.3.16","reference_id":"1.3.16","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:21:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.3.16"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.4.10","reference_id":"1.4.10","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:21:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.4.10"},{"reference_url":"https://github.com/roundcube/roundcubemail/compare/1.4.9...1.4.10","reference_id":"1.4.9...1.4.10","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:21:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/compare/1.4.9...1.4.10"},{"reference_url":"https://security.archlinux.org/ASA-202101-2","reference_id":"ASA-202101-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-2"},{"reference_url":"https://security.archlinux.org/AVG-1388","reference_id":"AVG-1388","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1388"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978491","reference_id":"bugreport.cgi?bug=978491","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:21:48Z/"}],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978491"},{"reference_url":"https://roundcube.net/download/","reference_id":"download","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:21:48Z/"}],"url":"https://roundcube.net/download/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HCEU4BM5WGIDJWP6Z4PCH62ZMH57QYM2/","reference_id":"HCEU4BM5WGIDJWP6Z4PCH62ZMH57QYM2","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:21:48Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HCEU4BM5WGIDJWP6Z4PCH62ZMH57QYM2/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HMLIZWKMTRCLU7KZLEQHELS4INXJ7X5Q/","reference_id":"HMLIZWKMTRCLU7KZLEQHELS4INXJ7X5Q","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:21:48Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HMLIZWKMTRCLU7KZLEQHELS4INXJ7X5Q/"},{"reference_url":"https://www.alexbirnberg.com/roundcube-xss.html","reference_id":"roundcube-xss.html","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:21:48Z/"}],"url":"https://www.alexbirnberg.com/roundcube-xss.html"},{"reference_url":"https://usn.ubuntu.com/USN-5182-1/","reference_id":"USN-USN-5182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037819?format=json","purl":"pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1050285?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-rdb5-bbvn-7fcq"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2020-35730"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u8a4-4pe2-9kcb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/349556?format=json","vulnerability_id":"VCID-ub6x-9dku-c7fk","summary":"Roundcube Webmail: Insufficient CSS sanitization in HTML e-mail messages","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35540","reference_id":"","reference_type":"","scores":[{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08833","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08902","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09441","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13135","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13187","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13224","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13255","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.1304","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13038","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.1437","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14426","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14453","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14425","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15738","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35540"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35540","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35540"},{"reference_url":"https://github.com/roundcube/roundcubemail","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/roundcube/roundcubemail"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/27ec6cc9cb25e1ef8b4d4ef39ce76d619caa6870","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:31Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/27ec6cc9cb25e1ef8b4d4ef39ce76d619caa6870"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/579b68eff90650a5c782e153debd66c765648942","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:31Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/579b68eff90650a5c782e153debd66c765648942"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.14","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:31Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.14"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:31Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5"},{"reference_url":"https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:31Z/"}],"url":"https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182","reference_id":"1131182","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35540","reference_id":"CVE-2026-35540","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35540"},{"reference_url":"https://github.com/advisories/GHSA-vxg2-hhgr-37fx","reference_id":"GHSA-vxg2-hhgr-37fx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vxg2-hhgr-37fx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1051746?format=json","purl":"pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6"}],"aliases":["CVE-2026-35540","GHSA-vxg2-hhgr-37fx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ub6x-9dku-c7fk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93870?format=json","vulnerability_id":"VCID-ur1a-7tdn-h3hu","summary":"In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00083.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00083.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10740","reference_id":"","reference_type":"","scores":[{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38299","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38419","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38656","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38785","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38806","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38735","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38796","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38808","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38772","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38744","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.3879","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38768","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38688","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38532","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38507","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10740"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10740","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10740"},{"reference_url":"https://github.com/roundcube/roundcubemail/issues/6638","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/roundcube/roundcubemail/issues/6638"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.3.10","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.3.10"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TFFMSO5WKEYSGMTZPZFF4ZADUJ57PRN5/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TFFMSO5WKEYSGMTZPZFF4ZADUJ57PRN5/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927713","reference_id":"927713","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927713"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:sp2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:opensuse:backports_sle:15.0:sp2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:sp2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10740","reference_id":"CVE-2019-10740","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10740"},{"reference_url":"https://usn.ubuntu.com/8132-1/","reference_id":"USN-8132-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8132-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037819?format=json","purl":"pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2"}],"aliases":["CVE-2019-10740"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ur1a-7tdn-h3hu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95883?format=json","vulnerability_id":"VCID-vehj-ytsm-kqgz","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5631","reference_id":"","reference_type":"","scores":[{"value":"0.83338","scoring_system":"epss","scoring_elements":"0.99269","published_at":"2026-04-04T12:55:00Z"},{"value":"0.83338","scoring_system":"epss","scoring_elements":"0.99266","published_at":"2026-04-02T12:55:00Z"},{"value":"0.83433","scoring_system":"epss","scoring_elements":"0.99279","published_at":"2026-04-13T12:55:00Z"},{"value":"0.83433","scoring_system":"epss","scoring_elements":"0.99277","published_at":"2026-04-08T12:55:00Z"},{"value":"0.83433","scoring_system":"epss","scoring_elements":"0.99281","published_at":"2026-04-18T12:55:00Z"},{"value":"0.83433","scoring_system":"epss","scoring_elements":"0.9928","published_at":"2026-04-12T12:55:00Z"},{"value":"0.83433","scoring_system":"epss","scoring_elements":"0.99278","published_at":"2026-04-09T12:55:00Z"},{"value":"0.84427","scoring_system":"epss","scoring_elements":"0.99329","published_at":"2026-04-29T12:55:00Z"},{"value":"0.84427","scoring_system":"epss","scoring_elements":"0.99331","published_at":"2026-05-05T12:55:00Z"},{"value":"0.84427","scoring_system":"epss","scoring_elements":"0.9933","published_at":"2026-04-24T12:55:00Z"},{"value":"0.85084","scoring_system":"epss","scoring_elements":"0.99356","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5631"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5631","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5631"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/11/01/1","reference_id":"1","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/11/01/1"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.4.15","reference_id":"1.4.15","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.4.15"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.5","reference_id":"1.5.5","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.5"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.4","reference_id":"1.6.4","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.4"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/11/17/2","reference_id":"2","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/11/17/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/11/01/3","reference_id":"3","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/11/01/3"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/41756cc3331b495cc0b71886984474dc529dd31d","reference_id":"41756cc3331b495cc0b71886984474dc529dd31d","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/41756cc3331b495cc0b71886984474dc529dd31d"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/6ee6e7ae301e165e2b2cb703edf75552e5376613","reference_id":"6ee6e7ae301e165e2b2cb703edf75552e5376613","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/6ee6e7ae301e165e2b2cb703edf75552e5376613"},{"reference_url":"https://github.com/roundcube/roundcubemail/issues/9168","reference_id":"9168","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/"}],"url":"https://github.com/roundcube/roundcubemail/issues/9168"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054079","reference_id":"bugreport.cgi?bug=1054079","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/"}],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054079"},{"reference_url":"https://www.debian.org/security/2023/dsa-5531","reference_id":"dsa-5531","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/"}],"url":"https://www.debian.org/security/2023/dsa-5531"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LK67Q46OIEGJCRQUBHKLH3IIJTBNGGX4/","reference_id":"LK67Q46OIEGJCRQUBHKLH3IIJTBNGGX4","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LK67Q46OIEGJCRQUBHKLH3IIJTBNGGX4/"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00035.html","reference_id":"msg00035.html","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00035.html"},{"reference_url":"https://roundcube.net/news/2023/10/16/security-update-1.6.4-released","reference_id":"security-update-1.6.4-released","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/"}],"url":"https://roundcube.net/news/2023/10/16/security-update-1.6.4-released"},{"reference_url":"https://roundcube.net/news/2023/10/16/security-updates-1.5.5-and-1.4.15","reference_id":"security-updates-1.5.5-and-1.4.15","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/"}],"url":"https://roundcube.net/news/2023/10/16/security-updates-1.5.5-and-1.4.15"},{"reference_url":"https://usn.ubuntu.com/6848-1/","reference_id":"USN-6848-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6848-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050285?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-rdb5-bbvn-7fcq"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2023-5631"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vehj-ytsm-kqgz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64628?format=json","vulnerability_id":"VCID-vtz8-zmp4-xbdh","summary":"roundcubemail: Roundcube Webmail: Cascading Style Sheets (CSS) injection via mishandled comments","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26079.json","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26079.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26079","reference_id":"","reference_type":"","scores":[{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22382","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22386","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22368","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22423","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22465","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22443","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22307","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22389","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24417","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.2465","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24594","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24582","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24539","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25403","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25439","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26079"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26079"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127447","reference_id":"1127447","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127447"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.13","reference_id":"1.5.13","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T16:05:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.13"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.13","reference_id":"1.6.13","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T16:05:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.13"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/1f4c3a5af5033747f9685a8a395dbd8228d19816","reference_id":"1f4c3a5af5033747f9685a8a395dbd8228d19816","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T16:05:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/1f4c3a5af5033747f9685a8a395dbd8228d19816"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2438807","reference_id":"2438807","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2438807"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/2b5625f1d2ef7e050fd1ae481b2a52dc35466447","reference_id":"2b5625f1d2ef7e050fd1ae481b2a52dc35466447","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T16:05:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/2b5625f1d2ef7e050fd1ae481b2a52dc35466447"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/53d75d5dfebef235a344d476b900c20c12d52b01","reference_id":"53d75d5dfebef235a344d476b900c20c12d52b01","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T16:05:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/53d75d5dfebef235a344d476b900c20c12d52b01"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/5a3315cce587e0be58335d11ff9a5571c90494a5","reference_id":"5a3315cce587e0be58335d11ff9a5571c90494a5","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T16:05:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/5a3315cce587e0be58335d11ff9a5571c90494a5"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/bf89cbaa5897d8ad62e8057d9a3f6babb90b7954","reference_id":"bf89cbaa5897d8ad62e8057d9a3f6babb90b7954","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T16:05:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/bf89cbaa5897d8ad62e8057d9a3f6babb90b7954"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/c15f5dbf093a497e19a749b20e7f8fb5a9c24cde","reference_id":"c15f5dbf093a497e19a749b20e7f8fb5a9c24cde","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T16:05:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/c15f5dbf093a497e19a749b20e7f8fb5a9c24cde"},{"reference_url":"https://roundcube.net/news/2026/02/08/security-updates-1.6.13-and-1.5.13","reference_id":"security-updates-1.6.13-and-1.5.13","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T16:05:48Z/"}],"url":"https://roundcube.net/news/2026/02/08/security-updates-1.6.13-and-1.5.13"},{"reference_url":"https://usn.ubuntu.com/8223-1/","reference_id":"USN-8223-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8223-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1051746?format=json","purl":"pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6"}],"aliases":["CVE-2026-26079"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vtz8-zmp4-xbdh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62467?format=json","vulnerability_id":"VCID-x9j7-98zt-6ygt","summary":"A flaw in Roundcube's handling of configuration files may allow\n    arbitrary code execution, amongst other vulnerabilities.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12625","reference_id":"","reference_type":"","scores":[{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84692","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84707","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84727","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84729","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84751","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84758","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84775","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84771","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84766","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84787","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84788","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84786","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84813","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84823","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84822","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84838","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12625"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12625","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12625"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12626","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12626"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959140","reference_id":"959140","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959140"},{"reference_url":"https://security.gentoo.org/glsa/202007-41","reference_id":"GLSA-202007-41","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202007-41"},{"reference_url":"https://usn.ubuntu.com/USN-5182-1/","reference_id":"USN-USN-5182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037223?format=json","purl":"pkg:deb/debian/roundcube@1.2.3%2Bdfsg.1-4%2Bdeb9u6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9ktu-55q4-3kau"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-fuh5-bwaq-yyfk"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-j29t-cw2h-mfd8"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-ts1p-pw9v-cbh3"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-ur1a-7tdn-h3hu"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"},{"vulnerability":"VCID-z3kp-p8ch-myhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.2.3%252Bdfsg.1-4%252Bdeb9u6"},{"url":"http://public2.vulnerablecode.io/api/packages/1037819?format=json","purl":"pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1050285?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-rdb5-bbvn-7fcq"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2020-12625"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x9j7-98zt-6ygt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94414?format=json","vulnerability_id":"VCID-xssa-fwbx-kybq","summary":"Cross Site Scripting (XSS) vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-18670","reference_id":"","reference_type":"","scores":[{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61508","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61583","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61612","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61632","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61646","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61668","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61656","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61637","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61679","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61684","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61669","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61662","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61678","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61672","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61618","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-18670"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-18670","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-18670"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050285?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-rdb5-bbvn-7fcq"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2020-18670"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xssa-fwbx-kybq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50015?format=json","vulnerability_id":"VCID-ybv7-hqmj-nbgr","summary":"Multiple vulnerabilities have been discovered in Roundcube, the worst of which could lead to execution of arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44025","reference_id":"","reference_type":"","scores":[{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.7019","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70202","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70219","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70196","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70242","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70257","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.7028","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70266","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70253","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70294","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70304","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70285","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70338","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70347","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70344","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70317","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44025"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44025","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44025"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44026","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44026"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000156","reference_id":"1000156","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000156"},{"reference_url":"https://security.gentoo.org/glsa/202507-10","reference_id":"GLSA-202507-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202507-10"},{"reference_url":"https://usn.ubuntu.com/USN-5182-1/","reference_id":"USN-USN-5182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037819?format=json","purl":"pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1050285?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-rdb5-bbvn-7fcq"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2021-44025"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ybv7-hqmj-nbgr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93255?format=json","vulnerability_id":"VCID-yerh-ssat-abah","summary":"rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted Cascading Style Sheets (CSS) token sequence within an SVG element.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6820","reference_id":"","reference_type":"","scores":[{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68204","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68078","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.681","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68119","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68096","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68147","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68162","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68187","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68173","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.6814","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68177","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.6819","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68172","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68214","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68223","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.68228","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6820"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6820","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6820"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857473","reference_id":"857473","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857473"},{"reference_url":"https://security.archlinux.org/ASA-201703-10","reference_id":"ASA-201703-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201703-10"},{"reference_url":"https://security.archlinux.org/AVG-199","reference_id":"AVG-199","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-199"},{"reference_url":"https://usn.ubuntu.com/8132-1/","reference_id":"USN-8132-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8132-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037223?format=json","purl":"pkg:deb/debian/roundcube@1.2.3%2Bdfsg.1-4%2Bdeb9u6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9ktu-55q4-3kau"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-fuh5-bwaq-yyfk"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-j29t-cw2h-mfd8"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-ts1p-pw9v-cbh3"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-ur1a-7tdn-h3hu"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"},{"vulnerability":"VCID-z3kp-p8ch-myhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.2.3%252Bdfsg.1-4%252Bdeb9u6"}],"aliases":["CVE-2017-6820"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yerh-ssat-abah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79026?format=json","vulnerability_id":"VCID-z3kp-p8ch-myhz","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-9846","reference_id":"","reference_type":"","scores":[{"value":"0.00852","scoring_system":"epss","scoring_elements":"0.74869","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00852","scoring_system":"epss","scoring_elements":"0.7487","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00852","scoring_system":"epss","scoring_elements":"0.74899","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00852","scoring_system":"epss","scoring_elements":"0.74947","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00852","scoring_system":"epss","scoring_elements":"0.74983","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00852","scoring_system":"epss","scoring_elements":"0.74989","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00852","scoring_system":"epss","scoring_elements":"0.74993","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00852","scoring_system":"epss","scoring_elements":"0.75","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00876","scoring_system":"epss","scoring_elements":"0.75331","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00876","scoring_system":"epss","scoring_elements":"0.75298","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00876","scoring_system":"epss","scoring_elements":"0.75309","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00876","scoring_system":"epss","scoring_elements":"0.75337","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00876","scoring_system":"epss","scoring_elements":"0.75344","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00876","scoring_system":"epss","scoring_elements":"0.75256","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00876","scoring_system":"epss","scoring_elements":"0.75299","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00876","scoring_system":"epss","scoring_elements":"0.7531","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-9846"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9846","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9846"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895184","reference_id":"895184","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895184"},{"reference_url":"https://security.archlinux.org/ASA-201804-8","reference_id":"ASA-201804-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201804-8"},{"reference_url":"https://security.archlinux.org/AVG-670","reference_id":"AVG-670","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-670"},{"reference_url":"https://usn.ubuntu.com/8132-1/","reference_id":"USN-8132-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8132-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037223?format=json","purl":"pkg:deb/debian/roundcube@1.2.3%2Bdfsg.1-4%2Bdeb9u6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9ktu-55q4-3kau"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-fuh5-bwaq-yyfk"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-j29t-cw2h-mfd8"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-ts1p-pw9v-cbh3"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-ur1a-7tdn-h3hu"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"},{"vulnerability":"VCID-z3kp-p8ch-myhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.2.3%252Bdfsg.1-4%252Bdeb9u6"},{"url":"http://public2.vulnerablecode.io/api/packages/1037819?format=json","purl":"pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2"}],"aliases":["CVE-2018-9846"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z3kp-p8ch-myhz"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92734?format=json","vulnerability_id":"VCID-23v8-vzqs-j3f6","summary":"program/steps/addressbook/photo.inc in Roundcube Webmail before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via the _alt parameter when uploading a vCard.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5382","reference_id":"","reference_type":"","scores":[{"value":"0.01037","scoring_system":"epss","scoring_elements":"0.77347","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01037","scoring_system":"epss","scoring_elements":"0.77354","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01037","scoring_system":"epss","scoring_elements":"0.77381","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01037","scoring_system":"epss","scoring_elements":"0.77361","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01037","scoring_system":"epss","scoring_elements":"0.77391","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01037","scoring_system":"epss","scoring_elements":"0.774","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01037","scoring_system":"epss","scoring_elements":"0.77427","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01037","scoring_system":"epss","scoring_elements":"0.77406","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01037","scoring_system":"epss","scoring_elements":"0.77403","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01037","scoring_system":"epss","scoring_elements":"0.77442","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01037","scoring_system":"epss","scoring_elements":"0.77441","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01037","scoring_system":"epss","scoring_elements":"0.77433","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01037","scoring_system":"epss","scoring_elements":"0.77467","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01037","scoring_system":"epss","scoring_elements":"0.77474","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01037","scoring_system":"epss","scoring_elements":"0.77486","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01037","scoring_system":"epss","scoring_elements":"0.77494","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5382"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5382","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5382"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=791643","reference_id":"791643","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=791643"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037222?format=json","purl":"pkg:deb/debian/roundcube@1.1.5%2Bdfsg.1-1~bpo8%2B5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9ktu-55q4-3kau"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-brmp-djyb-q3b7"},{"vulnerability":"VCID-c4ys-1wzp-vqej"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-ekhg-mmjb-v3c3"},{"vulnerability":"VCID-fuh5-bwaq-yyfk"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-j29t-cw2h-mfd8"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-rthq-fqk2-yydk"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-spk8-q616-rkda"},{"vulnerability":"VCID-tmch-gj6d-tyfq"},{"vulnerability":"VCID-ts1p-pw9v-cbh3"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-ur1a-7tdn-h3hu"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"},{"vulnerability":"VCID-yerh-ssat-abah"},{"vulnerability":"VCID-z3kp-p8ch-myhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.1.5%252Bdfsg.1-1~bpo8%252B5"}],"aliases":["CVE-2015-5382"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-23v8-vzqs-j3f6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92706?format=json","vulnerability_id":"VCID-489e-j7sj-5kgv","summary":"The DBMail driver in the Password plugin in Roundcube before 1.1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the password.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2180","reference_id":"","reference_type":"","scores":[{"value":"0.02743","scoring_system":"epss","scoring_elements":"0.8592","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02743","scoring_system":"epss","scoring_elements":"0.85932","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02743","scoring_system":"epss","scoring_elements":"0.85948","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02743","scoring_system":"epss","scoring_elements":"0.8595","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02743","scoring_system":"epss","scoring_elements":"0.85969","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02743","scoring_system":"epss","scoring_elements":"0.85979","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02743","scoring_system":"epss","scoring_elements":"0.85993","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02743","scoring_system":"epss","scoring_elements":"0.85991","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02743","scoring_system":"epss","scoring_elements":"0.85986","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02743","scoring_system":"epss","scoring_elements":"0.86005","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02743","scoring_system":"epss","scoring_elements":"0.8601","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02743","scoring_system":"epss","scoring_elements":"0.86","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02743","scoring_system":"epss","scoring_elements":"0.8602","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02743","scoring_system":"epss","scoring_elements":"0.8603","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02743","scoring_system":"epss","scoring_elements":"0.86047","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2180"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2180","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2180"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037222?format=json","purl":"pkg:deb/debian/roundcube@1.1.5%2Bdfsg.1-1~bpo8%2B5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9ktu-55q4-3kau"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-brmp-djyb-q3b7"},{"vulnerability":"VCID-c4ys-1wzp-vqej"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-ekhg-mmjb-v3c3"},{"vulnerability":"VCID-fuh5-bwaq-yyfk"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-j29t-cw2h-mfd8"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-rthq-fqk2-yydk"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-spk8-q616-rkda"},{"vulnerability":"VCID-tmch-gj6d-tyfq"},{"vulnerability":"VCID-ts1p-pw9v-cbh3"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-ur1a-7tdn-h3hu"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"},{"vulnerability":"VCID-yerh-ssat-abah"},{"vulnerability":"VCID-z3kp-p8ch-myhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.1.5%252Bdfsg.1-1~bpo8%252B5"}],"aliases":["CVE-2015-2180"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-489e-j7sj-5kgv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92733?format=json","vulnerability_id":"VCID-76t7-q4pa-gkct","summary":"Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter to the default URI.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5381","reference_id":"","reference_type":"","scores":[{"value":"0.01182","scoring_system":"epss","scoring_elements":"0.78708","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01182","scoring_system":"epss","scoring_elements":"0.78714","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01182","scoring_system":"epss","scoring_elements":"0.78745","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01182","scoring_system":"epss","scoring_elements":"0.78727","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01182","scoring_system":"epss","scoring_elements":"0.78753","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01182","scoring_system":"epss","scoring_elements":"0.7876","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01182","scoring_system":"epss","scoring_elements":"0.78784","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01182","scoring_system":"epss","scoring_elements":"0.78766","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01182","scoring_system":"epss","scoring_elements":"0.78758","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01182","scoring_system":"epss","scoring_elements":"0.78786","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01182","scoring_system":"epss","scoring_elements":"0.7878","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01182","scoring_system":"epss","scoring_elements":"0.78808","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01182","scoring_system":"epss","scoring_elements":"0.78815","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01182","scoring_system":"epss","scoring_elements":"0.78832","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01182","scoring_system":"epss","scoring_elements":"0.78851","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5381"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5381","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5381"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=791643","reference_id":"791643","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=791643"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037222?format=json","purl":"pkg:deb/debian/roundcube@1.1.5%2Bdfsg.1-1~bpo8%2B5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9ktu-55q4-3kau"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-brmp-djyb-q3b7"},{"vulnerability":"VCID-c4ys-1wzp-vqej"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-ekhg-mmjb-v3c3"},{"vulnerability":"VCID-fuh5-bwaq-yyfk"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-j29t-cw2h-mfd8"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-rthq-fqk2-yydk"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-spk8-q616-rkda"},{"vulnerability":"VCID-tmch-gj6d-tyfq"},{"vulnerability":"VCID-ts1p-pw9v-cbh3"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-ur1a-7tdn-h3hu"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"},{"vulnerability":"VCID-yerh-ssat-abah"},{"vulnerability":"VCID-z3kp-p8ch-myhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.1.5%252Bdfsg.1-1~bpo8%252B5"}],"aliases":["CVE-2015-5381"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-76t7-q4pa-gkct"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92707?format=json","vulnerability_id":"VCID-9uqr-ph81-gfef","summary":"Multiple buffer overflows in the DBMail driver in the Password plugin in Roundcube before 1.1.0 allow remote attackers to have unspecified impact via the (1) password or (2) username.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2181","reference_id":"","reference_type":"","scores":[{"value":"0.00764","scoring_system":"epss","scoring_elements":"0.73379","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00764","scoring_system":"epss","scoring_elements":"0.73388","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00764","scoring_system":"epss","scoring_elements":"0.7341","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00764","scoring_system":"epss","scoring_elements":"0.73382","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00764","scoring_system":"epss","scoring_elements":"0.73419","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00764","scoring_system":"epss","scoring_elements":"0.73433","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00764","scoring_system":"epss","scoring_elements":"0.73456","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00764","scoring_system":"epss","scoring_elements":"0.73436","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00764","scoring_system":"epss","scoring_elements":"0.73429","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00764","scoring_system":"epss","scoring_elements":"0.73472","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00764","scoring_system":"epss","scoring_elements":"0.7348","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00764","scoring_system":"epss","scoring_elements":"0.73474","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00764","scoring_system":"epss","scoring_elements":"0.73507","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00764","scoring_system":"epss","scoring_elements":"0.73519","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00764","scoring_system":"epss","scoring_elements":"0.73515","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00764","scoring_system":"epss","scoring_elements":"0.73509","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2181"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2181","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2181"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037222?format=json","purl":"pkg:deb/debian/roundcube@1.1.5%2Bdfsg.1-1~bpo8%2B5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9ktu-55q4-3kau"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-brmp-djyb-q3b7"},{"vulnerability":"VCID-c4ys-1wzp-vqej"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-ekhg-mmjb-v3c3"},{"vulnerability":"VCID-fuh5-bwaq-yyfk"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-j29t-cw2h-mfd8"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-rthq-fqk2-yydk"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-spk8-q616-rkda"},{"vulnerability":"VCID-tmch-gj6d-tyfq"},{"vulnerability":"VCID-ts1p-pw9v-cbh3"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-ur1a-7tdn-h3hu"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"},{"vulnerability":"VCID-yerh-ssat-abah"},{"vulnerability":"VCID-z3kp-p8ch-myhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.1.5%252Bdfsg.1-1~bpo8%252B5"}],"aliases":["CVE-2015-2181"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9uqr-ph81-gfef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92693?format=json","vulnerability_id":"VCID-dzu5-531f-qqgy","summary":"program/lib/Roundcube/rcube_washtml.php in Roundcube before 1.0.5 does not properly quote strings, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the style attribute in an email.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1433","reference_id":"","reference_type":"","scores":[{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71508","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71514","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71531","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71504","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71544","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71556","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71579","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71563","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71545","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71591","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71597","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71576","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71627","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71632","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71636","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71621","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1433"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1433","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1433"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776700","reference_id":"776700","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776700"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037222?format=json","purl":"pkg:deb/debian/roundcube@1.1.5%2Bdfsg.1-1~bpo8%2B5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9ktu-55q4-3kau"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-brmp-djyb-q3b7"},{"vulnerability":"VCID-c4ys-1wzp-vqej"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-ekhg-mmjb-v3c3"},{"vulnerability":"VCID-fuh5-bwaq-yyfk"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-j29t-cw2h-mfd8"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-rthq-fqk2-yydk"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-spk8-q616-rkda"},{"vulnerability":"VCID-tmch-gj6d-tyfq"},{"vulnerability":"VCID-ts1p-pw9v-cbh3"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-ur1a-7tdn-h3hu"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"},{"vulnerability":"VCID-yerh-ssat-abah"},{"vulnerability":"VCID-z3kp-p8ch-myhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.1.5%252Bdfsg.1-1~bpo8%252B5"}],"aliases":["CVE-2015-1433"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dzu5-531f-qqgy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62464?format=json","vulnerability_id":"VCID-g7dn-kxs3-p7bx","summary":"Multiple vulnerabilities have been found in Roundcube allowing\n    remote authenticated users to execute arbitrary code, inject arbitrary web\n    scripts, and perform cross-site scripting (XSS).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00028.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00028.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00029.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00029.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00030.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00030.html"},{"reference_url":"http://packetstormsecurity.com/files/135274/Roundcube-1.1.3-Path-Traversal.html","reference_id":"","reference_type":"","scores":[],"url":"http://packetstormsecurity.com/files/135274/Roundcube-1.1.3-Path-Traversal.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8770","reference_id":"","reference_type":"","scores":[{"value":"0.28303","scoring_system":"epss","scoring_elements":"0.96529","published_at":"2026-05-05T12:55:00Z"},{"value":"0.28303","scoring_system":"epss","scoring_elements":"0.96522","published_at":"2026-04-29T12:55:00Z"},{"value":"0.28303","scoring_system":"epss","scoring_elements":"0.96474","published_at":"2026-04-01T12:55:00Z"},{"value":"0.28303","scoring_system":"epss","scoring_elements":"0.96483","published_at":"2026-04-02T12:55:00Z"},{"value":"0.28303","scoring_system":"epss","scoring_elements":"0.96487","published_at":"2026-04-04T12:55:00Z"},{"value":"0.28303","scoring_system":"epss","scoring_elements":"0.96491","published_at":"2026-04-07T12:55:00Z"},{"value":"0.28303","scoring_system":"epss","scoring_elements":"0.965","published_at":"2026-04-08T12:55:00Z"},{"value":"0.28303","scoring_system":"epss","scoring_elements":"0.96502","published_at":"2026-04-09T12:55:00Z"},{"value":"0.28303","scoring_system":"epss","scoring_elements":"0.96506","published_at":"2026-04-12T12:55:00Z"},{"value":"0.28303","scoring_system":"epss","scoring_elements":"0.96509","published_at":"2026-04-13T12:55:00Z"},{"value":"0.28303","scoring_system":"epss","scoring_elements":"0.96515","published_at":"2026-04-16T12:55:00Z"},{"value":"0.28303","scoring_system":"epss","scoring_elements":"0.9652","published_at":"2026-04-26T12:55:00Z"},{"value":"0.28303","scoring_system":"epss","scoring_elements":"0.96521","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8770"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8770","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8770"},{"reference_url":"https://roundcube.net/news/2015/12/26/updates-1.1.4-and-1.0.8-released/","reference_id":"","reference_type":"","scores":[],"url":"https://roundcube.net/news/2015/12/26/updates-1.1.4-and-1.0.8-released/"},{"reference_url":"https://www.exploit-db.com/exploits/39245/","reference_id":"","reference_type":"","scores":[],"url":"https://www.exploit-db.com/exploits/39245/"},{"reference_url":"http://trac.roundcube.net/changeset/10e5192a2b/github","reference_id":"","reference_type":"","scores":[],"url":"http://trac.roundcube.net/changeset/10e5192a2b/github"},{"reference_url":"http://trac.roundcube.net/ticket/1490620","reference_id":"","reference_type":"","scores":[],"url":"http://trac.roundcube.net/ticket/1490620"},{"reference_url":"http://www.debian.org/security/2016/dsa-3541","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2016/dsa-3541"},{"reference_url":"http://www.securityfocus.com/archive/1/537304/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/537304/100/0/threaded"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:roundcube_webmail:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:roundcube:roundcube_webmail:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:roundcube_webmail:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:roundcube_webmail:1.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:roundcube:roundcube_webmail:1.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:roundcube_webmail:1.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:roundcube_webmail:1.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:roundcube:roundcube_webmail:1.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:roundcube_webmail:1.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:roundcube_webmail:1.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:roundcube:roundcube_webmail:1.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:roundcube_webmail:1.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:roundcube_webmail:1.1.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:roundcube:roundcube_webmail:1.1.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:roundcube_webmail:1.1.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8770","reference_id":"CVE-2015-8770","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:P/I:P/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8770"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/39245.txt","reference_id":"CVE-2015-8770;OSVDB-132194","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/39245.txt"},{"reference_url":"https://www.htbridge.com/advisory/HTB23283","reference_id":"CVE-2015-8770;OSVDB-132194","reference_type":"exploit","scores":[],"url":"https://www.htbridge.com/advisory/HTB23283"},{"reference_url":"https://security.gentoo.org/glsa/201603-03","reference_id":"GLSA-201603-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201603-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/572128?format=json","purl":"pkg:deb/debian/roundcube@0.7.2-9%2Bdeb7u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-23v8-vzqs-j3f6"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-489e-j7sj-5kgv"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-76t7-q4pa-gkct"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9ktu-55q4-3kau"},{"vulnerability":"VCID-9uqr-ph81-gfef"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-brmp-djyb-q3b7"},{"vulnerability":"VCID-c4ys-1wzp-vqej"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-dzu5-531f-qqgy"},{"vulnerability":"VCID-ekhg-mmjb-v3c3"},{"vulnerability":"VCID-fuh5-bwaq-yyfk"},{"vulnerability":"VCID-g7dn-kxs3-p7bx"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-j29t-cw2h-mfd8"},{"vulnerability":"VCID-ja7n-zgpp-dfh4"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kf54-x29g-63fb"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qr2m-f4yw-qqa5"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-r1hb-f5nm-ykhk"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-rthq-fqk2-yydk"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-spk8-q616-rkda"},{"vulnerability":"VCID-tmch-gj6d-tyfq"},{"vulnerability":"VCID-ts1p-pw9v-cbh3"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-ur1a-7tdn-h3hu"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"},{"vulnerability":"VCID-yerh-ssat-abah"},{"vulnerability":"VCID-yv5x-shsw-57cv"},{"vulnerability":"VCID-z3kp-p8ch-myhz"},{"vulnerability":"VCID-z7fn-ubfx-g3em"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@0.7.2-9%252Bdeb7u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1037222?format=json","purl":"pkg:deb/debian/roundcube@1.1.5%2Bdfsg.1-1~bpo8%2B5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9ktu-55q4-3kau"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-brmp-djyb-q3b7"},{"vulnerability":"VCID-c4ys-1wzp-vqej"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-ekhg-mmjb-v3c3"},{"vulnerability":"VCID-fuh5-bwaq-yyfk"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-j29t-cw2h-mfd8"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-rthq-fqk2-yydk"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-spk8-q616-rkda"},{"vulnerability":"VCID-tmch-gj6d-tyfq"},{"vulnerability":"VCID-ts1p-pw9v-cbh3"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-ur1a-7tdn-h3hu"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"},{"vulnerability":"VCID-yerh-ssat-abah"},{"vulnerability":"VCID-z3kp-p8ch-myhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.1.5%252Bdfsg.1-1~bpo8%252B5"}],"aliases":["CVE-2015-8770"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g7dn-kxs3-p7bx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48656?format=json","vulnerability_id":"VCID-ja7n-zgpp-dfh4","summary":"A vulnerability in Roundcube could result in arbitrary code\n    execution, SQL injection, or reading of arbitrary files.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6172","reference_id":"","reference_type":"","scores":[{"value":"0.01114","scoring_system":"epss","scoring_elements":"0.78114","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01114","scoring_system":"epss","scoring_elements":"0.78123","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01114","scoring_system":"epss","scoring_elements":"0.78153","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01114","scoring_system":"epss","scoring_elements":"0.78135","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01114","scoring_system":"epss","scoring_elements":"0.78162","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01114","scoring_system":"epss","scoring_elements":"0.78168","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01114","scoring_system":"epss","scoring_elements":"0.78193","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01114","scoring_system":"epss","scoring_elements":"0.78176","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01114","scoring_system":"epss","scoring_elements":"0.78172","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01114","scoring_system":"epss","scoring_elements":"0.78205","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01114","scoring_system":"epss","scoring_elements":"0.78203","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01114","scoring_system":"epss","scoring_elements":"0.78198","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01114","scoring_system":"epss","scoring_elements":"0.7823","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01114","scoring_system":"epss","scoring_elements":"0.78236","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01114","scoring_system":"epss","scoring_elements":"0.78249","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01114","scoring_system":"epss","scoring_elements":"0.78263","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6172"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6172","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6172"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=727668","reference_id":"727668","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=727668"},{"reference_url":"https://security.gentoo.org/glsa/201402-15","reference_id":"GLSA-201402-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201402-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/572128?format=json","purl":"pkg:deb/debian/roundcube@0.7.2-9%2Bdeb7u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-23v8-vzqs-j3f6"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-489e-j7sj-5kgv"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-76t7-q4pa-gkct"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9ktu-55q4-3kau"},{"vulnerability":"VCID-9uqr-ph81-gfef"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-brmp-djyb-q3b7"},{"vulnerability":"VCID-c4ys-1wzp-vqej"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-dzu5-531f-qqgy"},{"vulnerability":"VCID-ekhg-mmjb-v3c3"},{"vulnerability":"VCID-fuh5-bwaq-yyfk"},{"vulnerability":"VCID-g7dn-kxs3-p7bx"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-j29t-cw2h-mfd8"},{"vulnerability":"VCID-ja7n-zgpp-dfh4"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kf54-x29g-63fb"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qr2m-f4yw-qqa5"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-r1hb-f5nm-ykhk"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-rthq-fqk2-yydk"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-spk8-q616-rkda"},{"vulnerability":"VCID-tmch-gj6d-tyfq"},{"vulnerability":"VCID-ts1p-pw9v-cbh3"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-ur1a-7tdn-h3hu"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"},{"vulnerability":"VCID-yerh-ssat-abah"},{"vulnerability":"VCID-yv5x-shsw-57cv"},{"vulnerability":"VCID-z3kp-p8ch-myhz"},{"vulnerability":"VCID-z7fn-ubfx-g3em"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@0.7.2-9%252Bdeb7u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1037222?format=json","purl":"pkg:deb/debian/roundcube@1.1.5%2Bdfsg.1-1~bpo8%2B5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9ktu-55q4-3kau"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-brmp-djyb-q3b7"},{"vulnerability":"VCID-c4ys-1wzp-vqej"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-ekhg-mmjb-v3c3"},{"vulnerability":"VCID-fuh5-bwaq-yyfk"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-j29t-cw2h-mfd8"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-rthq-fqk2-yydk"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-spk8-q616-rkda"},{"vulnerability":"VCID-tmch-gj6d-tyfq"},{"vulnerability":"VCID-ts1p-pw9v-cbh3"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-ur1a-7tdn-h3hu"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"},{"vulnerability":"VCID-yerh-ssat-abah"},{"vulnerability":"VCID-z3kp-p8ch-myhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.1.5%252Bdfsg.1-1~bpo8%252B5"}],"aliases":["CVE-2013-6172"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ja7n-zgpp-dfh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92802?format=json","vulnerability_id":"VCID-kf54-x29g-63fb","summary":"Absolute path traversal vulnerability in program/steps/addressbook/photo.inc in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via a full pathname in the _alt parameter, related to contact photo handling.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8794","reference_id":"","reference_type":"","scores":[{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52195","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52286","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52208","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52251","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52278","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.5224","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52292","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52288","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52338","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52322","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52308","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52346","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52349","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52333","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52279","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8794"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8794","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8794"},{"reference_url":"https://roundcube.net/news/2015/06/05/updates-1.1.2-and-1.0.6-released/","reference_id":"","reference_type":"","scores":[],"url":"https://roundcube.net/news/2015/06/05/updates-1.1.2-and-1.0.6-released/"},{"reference_url":"http://trac.roundcube.net/changeset/6ccd4c54b/github","reference_id":"","reference_type":"","scores":[],"url":"http://trac.roundcube.net/changeset/6ccd4c54b/github"},{"reference_url":"http://trac.roundcube.net/changeset/e84fafcec/github","reference_id":"","reference_type":"","scores":[],"url":"http://trac.roundcube.net/changeset/e84fafcec/github"},{"reference_url":"http://trac.roundcube.net/ticket/1490379","reference_id":"","reference_type":"","scores":[],"url":"http://trac.roundcube.net/ticket/1490379"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:roundcube_webmail:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:roundcube:roundcube_webmail:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:roundcube_webmail:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:roundcube_webmail:1.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:roundcube:roundcube_webmail:1.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:roundcube_webmail:1.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:roundcube_webmail:1.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:roundcube:roundcube_webmail:1.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:roundcube_webmail:1.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8794","reference_id":"CVE-2015-8794","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:N/A:N"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8794"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037222?format=json","purl":"pkg:deb/debian/roundcube@1.1.5%2Bdfsg.1-1~bpo8%2B5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9ktu-55q4-3kau"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-brmp-djyb-q3b7"},{"vulnerability":"VCID-c4ys-1wzp-vqej"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-ekhg-mmjb-v3c3"},{"vulnerability":"VCID-fuh5-bwaq-yyfk"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-j29t-cw2h-mfd8"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-rthq-fqk2-yydk"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-spk8-q616-rkda"},{"vulnerability":"VCID-tmch-gj6d-tyfq"},{"vulnerability":"VCID-ts1p-pw9v-cbh3"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-ur1a-7tdn-h3hu"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"},{"vulnerability":"VCID-yerh-ssat-abah"},{"vulnerability":"VCID-z3kp-p8ch-myhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.1.5%252Bdfsg.1-1~bpo8%252B5"}],"aliases":["CVE-2015-8794"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kf54-x29g-63fb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92523?format=json","vulnerability_id":"VCID-qr2m-f4yw-qqa5","summary":"Multiple cross-site scripting (XSS) vulnerabilities in Roundcube webmail before 0.9.3 allow user-assisted remote attackers to inject arbitrary web script or HTML via the body of a message visited in (1) new or (2) draft mode, related to compose.inc; and (3) might allow remote authenticated users to inject arbitrary web script or HTML via an HTML signature, related to save_identity.inc.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-5645","reference_id":"","reference_type":"","scores":[{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.53668","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.53688","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.53715","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.5374","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.53738","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.53787","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.5377","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.53754","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.53792","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.53796","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.53778","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.53744","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.53755","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.53722","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.53672","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-5645"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5645","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5645"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721592","reference_id":"721592","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721592"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037222?format=json","purl":"pkg:deb/debian/roundcube@1.1.5%2Bdfsg.1-1~bpo8%2B5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9ktu-55q4-3kau"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-brmp-djyb-q3b7"},{"vulnerability":"VCID-c4ys-1wzp-vqej"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-ekhg-mmjb-v3c3"},{"vulnerability":"VCID-fuh5-bwaq-yyfk"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-j29t-cw2h-mfd8"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-rthq-fqk2-yydk"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-spk8-q616-rkda"},{"vulnerability":"VCID-tmch-gj6d-tyfq"},{"vulnerability":"VCID-ts1p-pw9v-cbh3"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-ur1a-7tdn-h3hu"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"},{"vulnerability":"VCID-yerh-ssat-abah"},{"vulnerability":"VCID-z3kp-p8ch-myhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.1.5%252Bdfsg.1-1~bpo8%252B5"}],"aliases":["CVE-2013-5645"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qr2m-f4yw-qqa5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62463?format=json","vulnerability_id":"VCID-r1hb-f5nm-ykhk","summary":"Multiple vulnerabilities have been found in Roundcube allowing\n    remote authenticated users to execute arbitrary code, inject arbitrary web\n    scripts, and perform cross-site scripting (XSS).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2015-11/msg00030.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2015-11/msg00030.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8105","reference_id":"","reference_type":"","scores":[{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39128","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39478","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39627","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.3965","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39566","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39621","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39636","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39645","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39609","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39593","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39644","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39614","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39531","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39351","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39336","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39254","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8105"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8105","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8105"},{"reference_url":"http://trac.roundcube.net/changeset/dd7db2179/github","reference_id":"","reference_type":"","scores":[],"url":"http://trac.roundcube.net/changeset/dd7db2179/github"},{"reference_url":"http://trac.roundcube.net/ticket/1490530","reference_id":"","reference_type":"","scores":[],"url":"http://trac.roundcube.net/ticket/1490530"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:roundcube:webmail:1.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:roundcube:webmail:1.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:roundcube:webmail:1.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8105","reference_id":"CVE-2015-8105","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:N/I:P/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8105"},{"reference_url":"https://security.gentoo.org/glsa/201603-03","reference_id":"GLSA-201603-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201603-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037222?format=json","purl":"pkg:deb/debian/roundcube@1.1.5%2Bdfsg.1-1~bpo8%2B5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9ktu-55q4-3kau"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-brmp-djyb-q3b7"},{"vulnerability":"VCID-c4ys-1wzp-vqej"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-ekhg-mmjb-v3c3"},{"vulnerability":"VCID-fuh5-bwaq-yyfk"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-j29t-cw2h-mfd8"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-rthq-fqk2-yydk"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-spk8-q616-rkda"},{"vulnerability":"VCID-tmch-gj6d-tyfq"},{"vulnerability":"VCID-ts1p-pw9v-cbh3"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-ur1a-7tdn-h3hu"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"},{"vulnerability":"VCID-yerh-ssat-abah"},{"vulnerability":"VCID-z3kp-p8ch-myhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.1.5%252Bdfsg.1-1~bpo8%252B5"}],"aliases":["CVE-2015-8105"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r1hb-f5nm-ykhk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92657?format=json","vulnerability_id":"VCID-yv5x-shsw-57cv","summary":"Multiple cross-site request forgery (CSRF) vulnerabilities in Roundcube Webmail before 1.0.4 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, related to (1) address book operations or the (2) ACL or (3) Managesieve plugins.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9587","reference_id":"","reference_type":"","scores":[{"value":"0.03651","scoring_system":"epss","scoring_elements":"0.87814","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03651","scoring_system":"epss","scoring_elements":"0.87825","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03651","scoring_system":"epss","scoring_elements":"0.87836","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03651","scoring_system":"epss","scoring_elements":"0.87839","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03651","scoring_system":"epss","scoring_elements":"0.87861","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03651","scoring_system":"epss","scoring_elements":"0.87867","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03651","scoring_system":"epss","scoring_elements":"0.87878","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03651","scoring_system":"epss","scoring_elements":"0.87871","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03651","scoring_system":"epss","scoring_elements":"0.8787","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03651","scoring_system":"epss","scoring_elements":"0.87885","published_at":"2026-04-16T12:55:00Z"},{"value":"0.03651","scoring_system":"epss","scoring_elements":"0.87883","published_at":"2026-04-18T12:55:00Z"},{"value":"0.03651","scoring_system":"epss","scoring_elements":"0.87882","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03651","scoring_system":"epss","scoring_elements":"0.87898","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03651","scoring_system":"epss","scoring_elements":"0.87904","published_at":"2026-04-26T12:55:00Z"},{"value":"0.03651","scoring_system":"epss","scoring_elements":"0.87902","published_at":"2026-04-29T12:55:00Z"},{"value":"0.03651","scoring_system":"epss","scoring_elements":"0.87914","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9587"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9587","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9587"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775576","reference_id":"775576","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775576"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037222?format=json","purl":"pkg:deb/debian/roundcube@1.1.5%2Bdfsg.1-1~bpo8%2B5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9ktu-55q4-3kau"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-brmp-djyb-q3b7"},{"vulnerability":"VCID-c4ys-1wzp-vqej"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-ekhg-mmjb-v3c3"},{"vulnerability":"VCID-fuh5-bwaq-yyfk"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-j29t-cw2h-mfd8"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-rthq-fqk2-yydk"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-spk8-q616-rkda"},{"vulnerability":"VCID-tmch-gj6d-tyfq"},{"vulnerability":"VCID-ts1p-pw9v-cbh3"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-ur1a-7tdn-h3hu"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"},{"vulnerability":"VCID-yerh-ssat-abah"},{"vulnerability":"VCID-z3kp-p8ch-myhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.1.5%252Bdfsg.1-1~bpo8%252B5"}],"aliases":["CVE-2014-9587"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yv5x-shsw-57cv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92801?format=json","vulnerability_id":"VCID-z7fn-ubfx-g3em","summary":"Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter in a mail task to the default URL, a different vulnerability than CVE-2011-2937.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8793","reference_id":"","reference_type":"","scores":[{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.50901","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.50971","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.5094","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.50994","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51019","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.50976","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51033","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.5103","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51073","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51051","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51034","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51072","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51078","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51055","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51003","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51011","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8793"},{"reference_url":"https://roundcube.net/news/2015/06/05/updates-1.1.2-and-1.0.6-released/","reference_id":"","reference_type":"","scores":[],"url":"https://roundcube.net/news/2015/06/05/updates-1.1.2-and-1.0.6-released/"},{"reference_url":"http://trac.roundcube.net/ticket/1490417","reference_id":"","reference_type":"","scores":[],"url":"http://trac.roundcube.net/ticket/1490417"},{"reference_url":"http://trac.roundcube.net/wiki/Changelog#RELEASE1.1.2","reference_id":"","reference_type":"","scores":[],"url":"http://trac.roundcube.net/wiki/Changelog#RELEASE1.1.2"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:roundcube:webmail:1.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:roundcube:webmail:1.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8793","reference_id":"CVE-2015-8793","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8793"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037222?format=json","purl":"pkg:deb/debian/roundcube@1.1.5%2Bdfsg.1-1~bpo8%2B5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9ktu-55q4-3kau"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-brmp-djyb-q3b7"},{"vulnerability":"VCID-c4ys-1wzp-vqej"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-ekhg-mmjb-v3c3"},{"vulnerability":"VCID-fuh5-bwaq-yyfk"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-j29t-cw2h-mfd8"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-rthq-fqk2-yydk"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-spk8-q616-rkda"},{"vulnerability":"VCID-tmch-gj6d-tyfq"},{"vulnerability":"VCID-ts1p-pw9v-cbh3"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-ur1a-7tdn-h3hu"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"},{"vulnerability":"VCID-yerh-ssat-abah"},{"vulnerability":"VCID-z3kp-p8ch-myhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.1.5%252Bdfsg.1-1~bpo8%252B5"}],"aliases":["CVE-2015-8793"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z7fn-ubfx-g3em"}],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.1.5%252Bdfsg.1-1~bpo8%252B5"}