{"url":"http://public2.vulnerablecode.io/api/packages/1037819?format=json","purl":"pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2","type":"deb","namespace":"debian","name":"roundcube","version":"1.3.17+dfsg.1-1~deb10u2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.6.5+dfsg-1+deb12u6","latest_non_vulnerable_version":"1.6.5+dfsg-1+deb12u6","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90974?format=json","vulnerability_id":"VCID-14vp-t71a-4bh1","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-46144","reference_id":"","reference_type":"","scores":[{"value":"0.01055","scoring_system":"epss","scoring_elements":"0.77528","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01055","scoring_system":"epss","scoring_elements":"0.77534","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01055","scoring_system":"epss","scoring_elements":"0.7756","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01055","scoring_system":"epss","scoring_elements":"0.77539","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01055","scoring_system":"epss","scoring_elements":"0.7757","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01055","scoring_system":"epss","scoring_elements":"0.77578","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01055","scoring_system":"epss","scoring_elements":"0.77604","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01055","scoring_system":"epss","scoring_elements":"0.77589","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01055","scoring_system":"epss","scoring_elements":"0.77588","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01055","scoring_system":"epss","scoring_elements":"0.77625","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01055","scoring_system":"epss","scoring_elements":"0.77623","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01055","scoring_system":"epss","scoring_elements":"0.77618","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01055","scoring_system":"epss","scoring_elements":"0.7765","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01055","scoring_system":"epss","scoring_elements":"0.77657","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01055","scoring_system":"epss","scoring_elements":"0.77672","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01055","scoring_system":"epss","scoring_elements":"0.77684","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-46144"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46144","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46144"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003027","reference_id":"1003027","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003027"},{"reference_url":"https://usn.ubuntu.com/USN-5182-1/","reference_id":"USN-USN-5182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050285?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-rdb5-bbvn-7fcq"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2021-46144"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-14vp-t71a-4bh1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50016?format=json","vulnerability_id":"VCID-2eyy-k49d-m3af","summary":"Multiple vulnerabilities have been discovered in Roundcube, the worst of which could lead to execution of arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44026","reference_id":"","reference_type":"","scores":[{"value":"0.64041","scoring_system":"epss","scoring_elements":"0.98426","published_at":"2026-04-04T12:55:00Z"},{"value":"0.64041","scoring_system":"epss","scoring_elements":"0.98422","published_at":"2026-04-02T12:55:00Z"},{"value":"0.64041","scoring_system":"epss","scoring_elements":"0.9842","published_at":"2026-04-01T12:55:00Z"},{"value":"0.64041","scoring_system":"epss","scoring_elements":"0.9844","published_at":"2026-04-16T12:55:00Z"},{"value":"0.64041","scoring_system":"epss","scoring_elements":"0.98436","published_at":"2026-04-13T12:55:00Z"},{"value":"0.64041","scoring_system":"epss","scoring_elements":"0.98432","published_at":"2026-04-09T12:55:00Z"},{"value":"0.64041","scoring_system":"epss","scoring_elements":"0.98431","published_at":"2026-04-08T12:55:00Z"},{"value":"0.64041","scoring_system":"epss","scoring_elements":"0.98428","published_at":"2026-04-07T12:55:00Z"},{"value":"0.72527","scoring_system":"epss","scoring_elements":"0.98783","published_at":"2026-05-05T12:55:00Z"},{"value":"0.72527","scoring_system":"epss","scoring_elements":"0.98772","published_at":"2026-04-18T12:55:00Z"},{"value":"0.72527","scoring_system":"epss","scoring_elements":"0.98773","published_at":"2026-04-21T12:55:00Z"},{"value":"0.72527","scoring_system":"epss","scoring_elements":"0.98777","published_at":"2026-04-24T12:55:00Z"},{"value":"0.72527","scoring_system":"epss","scoring_elements":"0.98778","published_at":"2026-04-26T12:55:00Z"},{"value":"0.72527","scoring_system":"epss","scoring_elements":"0.98779","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44026"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44025","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44025"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44026","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44026"},{"reference_url":"https://bugs.debian.org/1000156","reference_id":"1000156","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:33:07Z/"}],"url":"https://bugs.debian.org/1000156"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000156","reference_id":"1000156","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000156"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/c8947ecb762d9e89c2091bda28d49002817263f1","reference_id":"c8947ecb762d9e89c2091bda28d49002817263f1","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:33:07Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/c8947ecb762d9e89c2091bda28d49002817263f1"},{"reference_url":"https://www.debian.org/security/2021/dsa-5013","reference_id":"dsa-5013","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:33:07Z/"}],"url":"https://www.debian.org/security/2021/dsa-5013"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/ee809bde2dcaa04857a919397808a7296681dcfa","reference_id":"ee809bde2dcaa04857a919397808a7296681dcfa","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:33:07Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/ee809bde2dcaa04857a919397808a7296681dcfa"},{"reference_url":"https://security.gentoo.org/glsa/202507-10","reference_id":"GLSA-202507-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202507-10"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/12/msg00004.html","reference_id":"msg00004.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:33:07Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2021/12/msg00004.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDVGIZMQJ5IOM47Y3SAAJRN5VPANKTKO/","reference_id":"NDVGIZMQJ5IOM47Y3SAAJRN5VPANKTKO","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:33:07Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDVGIZMQJ5IOM47Y3SAAJRN5VPANKTKO/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TP3Y5RXTUUOUODNG7HFEKWYNIPIT2NL4/","reference_id":"TP3Y5RXTUUOUODNG7HFEKWYNIPIT2NL4","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:33:07Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TP3Y5RXTUUOUODNG7HFEKWYNIPIT2NL4/"},{"reference_url":"https://usn.ubuntu.com/USN-5182-1/","reference_id":"USN-USN-5182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050285?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-rdb5-bbvn-7fcq"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2021-44026"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2eyy-k49d-m3af"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/349549?format=json","vulnerability_id":"VCID-2hap-9mqs-v3b8","summary":"Roundcube Webmail: Incorrect password comparison in the password plugin","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35541","reference_id":"","reference_type":"","scores":[{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09324","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10086","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09983","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10621","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10676","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10695","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10743","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10618","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10604","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10739","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10764","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10796","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10782","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12438","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35541"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35541","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35541"},{"reference_url":"https://github.com/roundcube/roundcubemail","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/roundcube/roundcubemail"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/2e6a99b2a38110907ea8d3be8e59ec3d5802c394","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:00Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/2e6a99b2a38110907ea8d3be8e59ec3d5802c394"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/6a275676a8043083c05c961914d830b79e2490d4","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:00Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/6a275676a8043083c05c961914d830b79e2490d4"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/6fa2bddc59b9c9fd31cad4a9e2954a208d793dce","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:00Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/6fa2bddc59b9c9fd31cad4a9e2954a208d793dce"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.14","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:00Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.14"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.14","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:00Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.14"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:00Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5"},{"reference_url":"https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:00Z/"}],"url":"https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182","reference_id":"1131182","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35541","reference_id":"CVE-2026-35541","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35541"},{"reference_url":"https://github.com/advisories/GHSA-46pv-mj2g-93gh","reference_id":"GHSA-46pv-mj2g-93gh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-46pv-mj2g-93gh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1051746?format=json","purl":"pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6"}],"aliases":["CVE-2026-35541","GHSA-46pv-mj2g-93gh"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2hap-9mqs-v3b8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96173?format=json","vulnerability_id":"VCID-2k4q-26tk-j3gx","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-42010","reference_id":"","reference_type":"","scores":[{"value":"0.14764","scoring_system":"epss","scoring_elements":"0.94524","published_at":"2026-05-05T12:55:00Z"},{"value":"0.14764","scoring_system":"epss","scoring_elements":"0.94476","published_at":"2026-04-07T12:55:00Z"},{"value":"0.14764","scoring_system":"epss","scoring_elements":"0.94486","published_at":"2026-04-08T12:55:00Z"},{"value":"0.14764","scoring_system":"epss","scoring_elements":"0.94489","published_at":"2026-04-09T12:55:00Z"},{"value":"0.14764","scoring_system":"epss","scoring_elements":"0.94493","published_at":"2026-04-11T12:55:00Z"},{"value":"0.14764","scoring_system":"epss","scoring_elements":"0.94495","published_at":"2026-04-13T12:55:00Z"},{"value":"0.14764","scoring_system":"epss","scoring_elements":"0.94509","published_at":"2026-04-16T12:55:00Z"},{"value":"0.14764","scoring_system":"epss","scoring_elements":"0.94513","published_at":"2026-04-18T12:55:00Z"},{"value":"0.14764","scoring_system":"epss","scoring_elements":"0.94518","published_at":"2026-04-29T12:55:00Z"},{"value":"0.14764","scoring_system":"epss","scoring_elements":"0.94519","published_at":"2026-04-24T12:55:00Z"},{"value":"0.14764","scoring_system":"epss","scoring_elements":"0.94517","published_at":"2026-04-26T12:55:00Z"},{"value":"0.14764","scoring_system":"epss","scoring_elements":"0.94467","published_at":"2026-04-02T12:55:00Z"},{"value":"0.14764","scoring_system":"epss","scoring_elements":"0.94474","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-42010"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42008","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42008"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42009","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42009"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42010","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42010"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077969","reference_id":"1077969","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077969"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.8","reference_id":"1.5.8","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-06T14:03:28Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.8"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.8","reference_id":"1.6.8","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-06T14:03:28Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.8"},{"reference_url":"https://sonarsource.com/blog/government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail/","reference_id":"government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-06T14:03:28Z/"}],"url":"https://sonarsource.com/blog/government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail/"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases","reference_id":"releases","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-06T14:03:28Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases"},{"reference_url":"https://roundcube.net/news/2024/08/04/security-updates-1.6.8-and-1.5.8","reference_id":"security-updates-1.6.8-and-1.5.8","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-06T14:03:28Z/"}],"url":"https://roundcube.net/news/2024/08/04/security-updates-1.6.8-and-1.5.8"},{"reference_url":"https://usn.ubuntu.com/8223-1/","reference_id":"USN-8223-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8223-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050285?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-rdb5-bbvn-7fcq"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2024-42010"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2k4q-26tk-j3gx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65869?format=json","vulnerability_id":"VCID-2nb2-9vgp-tqg9","summary":"roundcubemail: Roundcube Webmail: Information Disclosure via HTML Style Sanitizer","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68460.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68460.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-68460","reference_id":"","reference_type":"","scores":[{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14181","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14238","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14053","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14134","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14185","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14136","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14094","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.1404","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.13935","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.13934","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17503","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17412","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17389","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.1732","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17184","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-68460"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68460"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122899","reference_id":"1122899","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122899"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2423487","reference_id":"2423487","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2423487"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1051746?format=json","purl":"pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6"}],"aliases":["CVE-2025-68460"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"4.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2nb2-9vgp-tqg9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96171?format=json","vulnerability_id":"VCID-36et-26h7-pke7","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-42008","reference_id":"","reference_type":"","scores":[{"value":"0.51532","scoring_system":"epss","scoring_elements":"0.97907","published_at":"2026-05-05T12:55:00Z"},{"value":"0.57251","scoring_system":"epss","scoring_elements":"0.98141","published_at":"2026-04-07T12:55:00Z"},{"value":"0.57251","scoring_system":"epss","scoring_elements":"0.98136","published_at":"2026-04-02T12:55:00Z"},{"value":"0.57251","scoring_system":"epss","scoring_elements":"0.98139","published_at":"2026-04-04T12:55:00Z"},{"value":"0.57251","scoring_system":"epss","scoring_elements":"0.98145","published_at":"2026-04-08T12:55:00Z"},{"value":"0.57251","scoring_system":"epss","scoring_elements":"0.98146","published_at":"2026-04-09T12:55:00Z"},{"value":"0.57251","scoring_system":"epss","scoring_elements":"0.98149","published_at":"2026-04-11T12:55:00Z"},{"value":"0.57251","scoring_system":"epss","scoring_elements":"0.9815","published_at":"2026-04-13T12:55:00Z"},{"value":"0.57251","scoring_system":"epss","scoring_elements":"0.98156","published_at":"2026-04-16T12:55:00Z"},{"value":"0.57251","scoring_system":"epss","scoring_elements":"0.98154","published_at":"2026-04-21T12:55:00Z"},{"value":"0.57251","scoring_system":"epss","scoring_elements":"0.98155","published_at":"2026-04-24T12:55:00Z"},{"value":"0.57251","scoring_system":"epss","scoring_elements":"0.98158","published_at":"2026-04-26T12:55:00Z"},{"value":"0.57251","scoring_system":"epss","scoring_elements":"0.98159","published_at":"2026-04-29T12:55:00Z"},{"value":"0.58573","scoring_system":"epss","scoring_elements":"0.98218","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-42008"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42008","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42008"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42009","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42009"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42010","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42010"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077969","reference_id":"1077969","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077969"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.8","reference_id":"1.5.8","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-07T19:56:10Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.8"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.8","reference_id":"1.6.8","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-07T19:56:10Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.8"},{"reference_url":"https://sonarsource.com/blog/government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail/","reference_id":"government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-07T19:56:10Z/"}],"url":"https://sonarsource.com/blog/government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail/"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases","reference_id":"releases","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-07T19:56:10Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases"},{"reference_url":"https://roundcube.net/news/2024/08/04/security-updates-1.6.8-and-1.5.8","reference_id":"security-updates-1.6.8-and-1.5.8","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-07T19:56:10Z/"}],"url":"https://roundcube.net/news/2024/08/04/security-updates-1.6.8-and-1.5.8"},{"reference_url":"https://usn.ubuntu.com/8223-1/","reference_id":"USN-8223-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8223-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050285?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-rdb5-bbvn-7fcq"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2024-42008"],"risk_score":4.2,"exploitability":"0.5","weighted_severity":"8.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-36et-26h7-pke7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30100?format=json","vulnerability_id":"VCID-3kyu-tx4q-p3aq","summary":"Roundcube Webmail Vulnerable to Authenticated RCE via PHP Object Deserialization\nRoundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49113.json","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49113.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49113","reference_id":"","reference_type":"","scores":[{"value":"0.90405","scoring_system":"epss","scoring_elements":"0.99611","published_at":"2026-05-05T12:55:00Z"},{"value":"0.9042","scoring_system":"epss","scoring_elements":"0.99609","published_at":"2026-04-26T12:55:00Z"},{"value":"0.9042","scoring_system":"epss","scoring_elements":"0.9961","published_at":"2026-04-29T12:55:00Z"},{"value":"0.90478","scoring_system":"epss","scoring_elements":"0.99609","published_at":"2026-04-18T12:55:00Z"},{"value":"0.90891","scoring_system":"epss","scoring_elements":"0.99636","published_at":"2026-04-21T12:55:00Z"},{"value":"0.91243","scoring_system":"epss","scoring_elements":"0.99653","published_at":"2026-04-16T12:55:00Z"},{"value":"0.91574","scoring_system":"epss","scoring_elements":"0.9967","published_at":"2026-04-02T12:55:00Z"},{"value":"0.91574","scoring_system":"epss","scoring_elements":"0.99675","published_at":"2026-04-13T12:55:00Z"},{"value":"0.91574","scoring_system":"epss","scoring_elements":"0.99674","published_at":"2026-04-09T12:55:00Z"},{"value":"0.91574","scoring_system":"epss","scoring_elements":"0.99673","published_at":"2026-04-07T12:55:00Z"},{"value":"0.91574","scoring_system":"epss","scoring_elements":"0.99672","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49113"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49113","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49113"},{"reference_url":"https://fearsoff.org/research/roundcube","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-02-20T20:05:40Z/"}],"url":"https://fearsoff.org/research/roundcube"},{"reference_url":"https://github.com/roundcube/roundcubemail","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/roundcube/roundcubemail"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/0376f69e958a8fef7f6f09e352c541b4e7729c4d","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-02-20T20:05:40Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/0376f69e958a8fef7f6f09e352c541b4e7729c4d"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/7408f31379666124a39f9cb1018f62bc5e2dc695","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-02-20T20:05:40Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/7408f31379666124a39f9cb1018f62bc5e2dc695"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/c50a07d88ca38f018a0f4a0b008e9a1deb32637e","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-02-20T20:05:40Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/c50a07d88ca38f018a0f4a0b008e9a1deb32637e"},{"reference_url":"https://github.com/roundcube/roundcubemail/pull/9865","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-02-20T20:05:40Z/"}],"url":"https://github.com/roundcube/roundcubemail/pull/9865"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.10","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-02-20T20:05:40Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.10"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.11","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-02-20T20:05:40Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.11"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/06/msg00008.html","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/06/msg00008.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49113","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49113"},{"reference_url":"https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-02-20T20:05:40Z/"}],"url":"https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-49113","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-49113"},{"reference_url":"https://www.vicarius.io/vsociety/posts/cve-2025-49113-roundcube-mitigation-script","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-02-20T20:05:40Z/"}],"url":"https://www.vicarius.io/vsociety/posts/cve-2025-49113-roundcube-mitigation-script"},{"reference_url":"https://www.vicarius.io/vsociety/posts/cve-2025-49113-roundcube-vulnerability-detection","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-02-20T20:05:40Z/"}],"url":"https://www.vicarius.io/vsociety/posts/cve-2025-49113-roundcube-vulnerability-detection"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/06/02/3","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/06/02/3"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107073","reference_id":"1107073","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107073"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2369696","reference_id":"2369696","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2369696"},{"reference_url":"https://security.archlinux.org/ASA-202506-1","reference_id":"ASA-202506-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202506-1"},{"reference_url":"https://security.archlinux.org/AVG-2891","reference_id":"AVG-2891","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2891"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52324.NA","reference_id":"CVE-2025-49113","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52324.NA"},{"reference_url":"https://github.com/advisories/GHSA-8j8w-wwqc-x596","reference_id":"GHSA-8j8w-wwqc-x596","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8j8w-wwqc-x596"},{"reference_url":"https://usn.ubuntu.com/7584-1/","reference_id":"USN-7584-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7584-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1051746?format=json","purl":"pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6"}],"aliases":["CVE-2025-49113","GHSA-8j8w-wwqc-x596"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3kyu-tx4q-p3aq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97028?format=json","vulnerability_id":"VCID-4yzj-hrqv-vbcp","summary":"Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when \"Block remote images\" is used, does not block SVG feImage.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25916","reference_id":"","reference_type":"","scores":[{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09829","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09789","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09906","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09931","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09968","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09956","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09904","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11529","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11641","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11763","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.1173","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11692","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11614","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12448","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12491","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25916"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25916","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25916"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127447","reference_id":"1127447","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127447"},{"reference_url":"https://nullcathedral.com/posts/2026-02-08-roundcube-svg-feimage-remote-image-bypass/","reference_id":"2026-02-08-roundcube-svg-feimage-remote-image-bypass","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-09T14:54:49Z/"}],"url":"https://nullcathedral.com/posts/2026-02-08-roundcube-svg-feimage-remote-image-bypass/"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/26d7677","reference_id":"26d7677","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-09T14:54:49Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/26d7677"},{"reference_url":"https://news.ycombinator.com/item?id=46937012","reference_id":"item?id=46937012","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-09T14:54:49Z/"}],"url":"https://news.ycombinator.com/item?id=46937012"},{"reference_url":"https://usn.ubuntu.com/8223-1/","reference_id":"USN-8223-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8223-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1051746?format=json","purl":"pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6"}],"aliases":["CVE-2026-25916"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4yzj-hrqv-vbcp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/349555?format=json","vulnerability_id":"VCID-5yts-xnha-4bf3","summary":"Roundcube Webmail: Insufficient HTML attachment sanitization in preview mode","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35539","reference_id":"","reference_type":"","scores":[{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10724","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10896","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11324","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12275","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12387","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.1242","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12417","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12306","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12406","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12446","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12484","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12511","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13375","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35539"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35539","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35539"},{"reference_url":"https://github.com/roundcube/roundcubemail","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/roundcube/roundcubemail"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/10a6d1fa8acac85c727b0a6ae4a6642bfa27bea1","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:10:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/10a6d1fa8acac85c727b0a6ae4a6642bfa27bea1"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/1b30edf5369668c92fe91dae3d52e477c808aa4f","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:10:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/1b30edf5369668c92fe91dae3d52e477c808aa4f"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/d742954ccbcdee7020f8f2e7c49ce0fca5a0efab","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:10:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/d742954ccbcdee7020f8f2e7c49ce0fca5a0efab"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.14","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:10:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.14"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.14","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:10:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.14"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:10:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5"},{"reference_url":"https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:10:48Z/"}],"url":"https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182","reference_id":"1131182","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35539","reference_id":"CVE-2026-35539","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35539"},{"reference_url":"https://github.com/advisories/GHSA-x4q5-8j5g-hpjc","reference_id":"GHSA-x4q5-8j5g-hpjc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x4q5-8j5g-hpjc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1051746?format=json","purl":"pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6"}],"aliases":["CVE-2026-35539","GHSA-x4q5-8j5g-hpjc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5yts-xnha-4bf3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62469?format=json","vulnerability_id":"VCID-79me-pjdn-ykgq","summary":"A flaw in Roundcube's handling of configuration files may allow\n    arbitrary code execution, amongst other vulnerabilities.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12640","reference_id":"","reference_type":"","scores":[{"value":"0.22659","scoring_system":"epss","scoring_elements":"0.95822","published_at":"2026-04-01T12:55:00Z"},{"value":"0.22659","scoring_system":"epss","scoring_elements":"0.95831","published_at":"2026-04-02T12:55:00Z"},{"value":"0.22659","scoring_system":"epss","scoring_elements":"0.95839","published_at":"2026-04-04T12:55:00Z"},{"value":"0.22659","scoring_system":"epss","scoring_elements":"0.95842","published_at":"2026-04-07T12:55:00Z"},{"value":"0.22659","scoring_system":"epss","scoring_elements":"0.9585","published_at":"2026-04-08T12:55:00Z"},{"value":"0.22659","scoring_system":"epss","scoring_elements":"0.95854","published_at":"2026-04-09T12:55:00Z"},{"value":"0.22659","scoring_system":"epss","scoring_elements":"0.95857","published_at":"2026-04-11T12:55:00Z"},{"value":"0.22659","scoring_system":"epss","scoring_elements":"0.95856","published_at":"2026-04-12T12:55:00Z"},{"value":"0.22659","scoring_system":"epss","scoring_elements":"0.95858","published_at":"2026-04-13T12:55:00Z"},{"value":"0.22659","scoring_system":"epss","scoring_elements":"0.95869","published_at":"2026-04-16T12:55:00Z"},{"value":"0.22659","scoring_system":"epss","scoring_elements":"0.95875","published_at":"2026-04-18T12:55:00Z"},{"value":"0.22659","scoring_system":"epss","scoring_elements":"0.95877","published_at":"2026-04-21T12:55:00Z"},{"value":"0.22659","scoring_system":"epss","scoring_elements":"0.95879","published_at":"2026-04-29T12:55:00Z"},{"value":"0.22659","scoring_system":"epss","scoring_elements":"0.95891","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12640"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12640","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12640"},{"reference_url":"https://security.gentoo.org/glsa/202007-41","reference_id":"GLSA-202007-41","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202007-41"},{"reference_url":"https://usn.ubuntu.com/USN-5182-1/","reference_id":"USN-USN-5182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050285?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-rdb5-bbvn-7fcq"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2020-12640"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-79me-pjdn-ykgq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79759?format=json","vulnerability_id":"VCID-7nn6-aywu-z7g8","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13964","reference_id":"","reference_type":"","scores":[{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75174","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75177","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75208","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75184","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75219","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75231","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75252","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75229","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75218","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75256","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75263","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75254","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.7529","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75293","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75297","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75306","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13964"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13964","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13964"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13965","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13965"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962123","reference_id":"962123","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962123"},{"reference_url":"https://usn.ubuntu.com/USN-5182-1/","reference_id":"USN-USN-5182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050285?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-rdb5-bbvn-7fcq"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2020-13964"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7nn6-aywu-z7g8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/349553?format=json","vulnerability_id":"VCID-8vmm-1hvf-17ap","summary":"Roundcube: Bypass of remote image blocking via crafted BODY background attribute","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35542","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09403","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10167","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10062","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.12929","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13034","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13066","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13072","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.12975","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.12972","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.1307","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13122","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.1316","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13191","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14115","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35542"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35542","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35542"},{"reference_url":"https://github.com/roundcube/roundcubemail","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/roundcube/roundcubemail"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/e052328e3dc75f13adc2e314eaa4096ac21084ad","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:51:19Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/e052328e3dc75f13adc2e314eaa4096ac21084ad"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/fd0e98178db5c73eaa93d005b561874923f9b0f0","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:51:19Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/fd0e98178db5c73eaa93d005b561874923f9b0f0"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/fde14d01adc9f37893cd82b635883e516ed453f8","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:51:19Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/fde14d01adc9f37893cd82b635883e516ed453f8"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.14","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:51:19Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.14"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.14","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:51:19Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.14"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:51:19Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5"},{"reference_url":"https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:51:19Z/"}],"url":"https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182","reference_id":"1131182","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35542","reference_id":"CVE-2026-35542","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35542"},{"reference_url":"https://github.com/advisories/GHSA-5hf6-crg4-fg59","reference_id":"GHSA-5hf6-crg4-fg59","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5hf6-crg4-fg59"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1051746?format=json","purl":"pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6"}],"aliases":["CVE-2026-35542","GHSA-5hf6-crg4-fg59"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8vmm-1hvf-17ap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/349554?format=json","vulnerability_id":"VCID-8xf2-hjfv-hybh","summary":"Roundcube Webmail: Insufficient CSS sanitization in HTML e-mail messages","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35544","reference_id":"","reference_type":"","scores":[{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10066","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.1017","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.1014","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.12933","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13037","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13069","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13076","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.12978","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.12975","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13074","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13126","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13164","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13195","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14117","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35544"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35544","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35544"},{"reference_url":"https://github.com/roundcube/roundcubemail","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/roundcube/roundcubemail"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/099009b9c8e1d3c636fb9a5af72f7c2596018662","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:06Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/099009b9c8e1d3c636fb9a5af72f7c2596018662"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/226811a1c974271dbedca72672923abaff8191c0","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:06Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/226811a1c974271dbedca72672923abaff8191c0"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/57dec0c127b98e0c8e3b9c26c80049b9c4bcaea7","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:06Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/57dec0c127b98e0c8e3b9c26c80049b9c4bcaea7"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.14","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:06Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.14"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.14","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:06Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.14"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:06Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5"},{"reference_url":"https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:06Z/"}],"url":"https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182","reference_id":"1131182","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35544","reference_id":"CVE-2026-35544","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35544"},{"reference_url":"https://github.com/advisories/GHSA-xpqh-grpw-4xmg","reference_id":"GHSA-xpqh-grpw-4xmg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xpqh-grpw-4xmg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1051746?format=json","purl":"pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6"}],"aliases":["CVE-2026-35544","GHSA-xpqh-grpw-4xmg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8xf2-hjfv-hybh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96172?format=json","vulnerability_id":"VCID-9der-5csu-nbbq","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-42009","reference_id":"","reference_type":"","scores":[{"value":"0.91163","scoring_system":"epss","scoring_elements":"0.99652","published_at":"2026-04-24T12:55:00Z"},{"value":"0.91163","scoring_system":"epss","scoring_elements":"0.99655","published_at":"2026-05-05T12:55:00Z"},{"value":"0.91163","scoring_system":"epss","scoring_elements":"0.99654","published_at":"2026-04-29T12:55:00Z"},{"value":"0.91163","scoring_system":"epss","scoring_elements":"0.99653","published_at":"2026-04-26T12:55:00Z"},{"value":"0.91411","scoring_system":"epss","scoring_elements":"0.99658","published_at":"2026-04-04T12:55:00Z"},{"value":"0.91411","scoring_system":"epss","scoring_elements":"0.99657","published_at":"2026-04-02T12:55:00Z"},{"value":"0.91411","scoring_system":"epss","scoring_elements":"0.9966","published_at":"2026-04-07T12:55:00Z"},{"value":"0.91411","scoring_system":"epss","scoring_elements":"0.99661","published_at":"2026-04-11T12:55:00Z"},{"value":"0.91411","scoring_system":"epss","scoring_elements":"0.99662","published_at":"2026-04-12T12:55:00Z"},{"value":"0.91411","scoring_system":"epss","scoring_elements":"0.99663","published_at":"2026-04-13T12:55:00Z"},{"value":"0.91411","scoring_system":"epss","scoring_elements":"0.99664","published_at":"2026-04-16T12:55:00Z"},{"value":"0.91411","scoring_system":"epss","scoring_elements":"0.99665","published_at":"2026-04-18T12:55:00Z"},{"value":"0.91411","scoring_system":"epss","scoring_elements":"0.99666","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-42009"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42008","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42008"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42009","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42009"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42010","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42010"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077969","reference_id":"1077969","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077969"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.8","reference_id":"1.5.8","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-08-20T03:56:09Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.8"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.8","reference_id":"1.6.8","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-08-20T03:56:09Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.8"},{"reference_url":"https://sonarsource.com/blog/government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail/","reference_id":"government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-08-20T03:56:09Z/"}],"url":"https://sonarsource.com/blog/government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail/"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases","reference_id":"releases","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-08-20T03:56:09Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases"},{"reference_url":"https://roundcube.net/news/2024/08/04/security-updates-1.6.8-and-1.5.8","reference_id":"security-updates-1.6.8-and-1.5.8","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-08-20T03:56:09Z/"}],"url":"https://roundcube.net/news/2024/08/04/security-updates-1.6.8-and-1.5.8"},{"reference_url":"https://usn.ubuntu.com/7636-1/","reference_id":"USN-7636-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7636-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050285?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-rdb5-bbvn-7fcq"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2024-42009"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9der-5csu-nbbq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65868?format=json","vulnerability_id":"VCID-9uv1-gqq7-3kc9","summary":"roundcubemail: Roundcube Webmail: Cross-Site Scripting (XSS) vulnerability via crafted SVG animate tag","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68461.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68461.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-68461","reference_id":"","reference_type":"","scores":[{"value":"0.06437","scoring_system":"epss","scoring_elements":"0.91026","published_at":"2026-04-04T12:55:00Z"},{"value":"0.06437","scoring_system":"epss","scoring_elements":"0.91017","published_at":"2026-04-02T12:55:00Z"},{"value":"0.06833","scoring_system":"epss","scoring_elements":"0.91341","published_at":"2026-04-11T12:55:00Z"},{"value":"0.06833","scoring_system":"epss","scoring_elements":"0.91316","published_at":"2026-04-07T12:55:00Z"},{"value":"0.06833","scoring_system":"epss","scoring_elements":"0.91329","published_at":"2026-04-08T12:55:00Z"},{"value":"0.06833","scoring_system":"epss","scoring_elements":"0.91334","published_at":"2026-04-09T12:55:00Z"},{"value":"0.06833","scoring_system":"epss","scoring_elements":"0.91344","published_at":"2026-04-12T12:55:00Z"},{"value":"0.06833","scoring_system":"epss","scoring_elements":"0.91343","published_at":"2026-04-13T12:55:00Z"},{"value":"0.06833","scoring_system":"epss","scoring_elements":"0.91368","published_at":"2026-04-16T12:55:00Z"},{"value":"0.06974","scoring_system":"epss","scoring_elements":"0.91471","published_at":"2026-04-18T12:55:00Z"},{"value":"0.08521","scoring_system":"epss","scoring_elements":"0.924","published_at":"2026-04-26T12:55:00Z"},{"value":"0.08521","scoring_system":"epss","scoring_elements":"0.92394","published_at":"2026-04-29T12:55:00Z"},{"value":"0.08521","scoring_system":"epss","scoring_elements":"0.92403","published_at":"2026-05-05T12:55:00Z"},{"value":"0.08521","scoring_system":"epss","scoring_elements":"0.92395","published_at":"2026-04-21T12:55:00Z"},{"value":"0.08521","scoring_system":"epss","scoring_elements":"0.92398","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-68461"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68461","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68461"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122899","reference_id":"1122899","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122899"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2423507","reference_id":"2423507","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2423507"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/bfa032631c36b900e7444dfa278340b33cbf7cdb","reference_id":"bfa032631c36b900e7444dfa278340b33cbf7cdb","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2026-02-20T20:07:06Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/bfa032631c36b900e7444dfa278340b33cbf7cdb"},{"reference_url":"https://roundcube.net/news/2025/12/13/security-updates-1.6.12-and-1.5.12","reference_id":"security-updates-1.6.12-and-1.5.12","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2026-02-20T20:07:06Z/"}],"url":"https://roundcube.net/news/2025/12/13/security-updates-1.6.12-and-1.5.12"},{"reference_url":"https://usn.ubuntu.com/8097-1/","reference_id":"USN-8097-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8097-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1051746?format=json","purl":"pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6"}],"aliases":["CVE-2025-68461"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9uv1-gqq7-3kc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75373?format=json","vulnerability_id":"VCID-cjkd-2jr6-n7as","summary":"roundcubemail: allows XSS via SVG animate attributes","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-37383.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-37383.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-37383","reference_id":"","reference_type":"","scores":[{"value":"0.64028","scoring_system":"epss","scoring_elements":"0.98431","published_at":"2026-04-09T12:55:00Z"},{"value":"0.64028","scoring_system":"epss","scoring_elements":"0.98446","published_at":"2026-05-05T12:55:00Z"},{"value":"0.64028","scoring_system":"epss","scoring_elements":"0.98442","published_at":"2026-04-26T12:55:00Z"},{"value":"0.64028","scoring_system":"epss","scoring_elements":"0.98441","published_at":"2026-04-29T12:55:00Z"},{"value":"0.64028","scoring_system":"epss","scoring_elements":"0.98438","published_at":"2026-04-21T12:55:00Z"},{"value":"0.64028","scoring_system":"epss","scoring_elements":"0.98439","published_at":"2026-04-16T12:55:00Z"},{"value":"0.64028","scoring_system":"epss","scoring_elements":"0.98435","published_at":"2026-04-13T12:55:00Z"},{"value":"0.64519","scoring_system":"epss","scoring_elements":"0.98444","published_at":"2026-04-04T12:55:00Z"},{"value":"0.64519","scoring_system":"epss","scoring_elements":"0.98441","published_at":"2026-04-02T12:55:00Z"},{"value":"0.64519","scoring_system":"epss","scoring_elements":"0.98446","published_at":"2026-04-07T12:55:00Z"},{"value":"0.64519","scoring_system":"epss","scoring_elements":"0.9845","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-37383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37384","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37384"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071474","reference_id":"1071474","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071474"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.7","reference_id":"1.5.7","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-25T18:32:17Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.7"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.7","reference_id":"1.6.7","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-25T18:32:17Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.7"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2290826","reference_id":"2290826","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2290826"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/43aaaa528646877789ec028d87924ba1accf5242","reference_id":"43aaaa528646877789ec028d87924ba1accf5242","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-25T18:32:17Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/43aaaa528646877789ec028d87924ba1accf5242"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52173.txt","reference_id":"CVE-2024-37383","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52173.txt"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00008.html","reference_id":"msg00008.html","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-25T18:32:17Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00008.html"},{"reference_url":"https://usn.ubuntu.com/6848-1/","reference_id":"USN-6848-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6848-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050285?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-rdb5-bbvn-7fcq"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2024-37383"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cjkd-2jr6-n7as"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/349552?format=json","vulnerability_id":"VCID-ck88-1urs-2kes","summary":"Roundcube Webmail: Bypass of remote image blocking via SVG content (with animate attributes) in an e-mail message","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35543","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09403","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10167","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10062","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.12929","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13034","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13066","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13072","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.12975","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.12972","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.1307","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13122","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.1316","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13191","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14115","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35543"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35543","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35543"},{"reference_url":"https://github.com/roundcube/roundcubemail","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/roundcube/roundcubemail"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/1a63e01542bff42aaa71c00c4c279a09ef31f20c","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:45Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/1a63e01542bff42aaa71c00c4c279a09ef31f20c"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/39471343ee081ce1d31696c456a2c163462daae3","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:45Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/39471343ee081ce1d31696c456a2c163462daae3"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/82ab5eca7b332fce7a174b2b987f0957a66377cd","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:45Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/82ab5eca7b332fce7a174b2b987f0957a66377cd"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.14","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:45Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.14"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.14","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:45Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.14"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:45Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5"},{"reference_url":"https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:45Z/"}],"url":"https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182","reference_id":"1131182","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35543","reference_id":"CVE-2026-35543","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35543"},{"reference_url":"https://github.com/advisories/GHSA-j2g6-8rvg-7mf6","reference_id":"GHSA-j2g6-8rvg-7mf6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j2g6-8rvg-7mf6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1051746?format=json","purl":"pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6"}],"aliases":["CVE-2026-35543","GHSA-j2g6-8rvg-7mf6"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ck88-1urs-2kes"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62468?format=json","vulnerability_id":"VCID-cnkc-vcp7-6kcw","summary":"A flaw in Roundcube's handling of configuration files may allow\n    arbitrary code execution, amongst other vulnerabilities.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12626","reference_id":"","reference_type":"","scores":[{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.79589","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.79596","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.79618","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.79605","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.79634","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.79642","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.79662","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.79647","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.79639","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.7967","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.79669","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.79673","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.79704","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.79711","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.79726","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.79741","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12626"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12625","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12625"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12626","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12626"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959142","reference_id":"959142","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959142"},{"reference_url":"https://security.gentoo.org/glsa/202007-41","reference_id":"GLSA-202007-41","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202007-41"},{"reference_url":"https://usn.ubuntu.com/USN-5182-1/","reference_id":"USN-USN-5182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050285?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-rdb5-bbvn-7fcq"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2020-12626"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cnkc-vcp7-6kcw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/349551?format=json","vulnerability_id":"VCID-ddfq-28qm-2fbn","summary":"Roundcube Webmail: Remote image blocking feature can be bypassed via SVG content in an e-mail message","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35545","reference_id":"","reference_type":"","scores":[{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10066","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.1017","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09759","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13334","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.1344","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13468","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13463","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13391","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13393","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13482","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13529","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13567","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13595","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14638","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35545"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35545","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35545"},{"reference_url":"https://github.com/roundcube/roundcubemail","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/roundcube/roundcubemail"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/7ad62de184368bf42c0f522d1aacc030f5ddcc46","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T15:35:57Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/7ad62de184368bf42c0f522d1aacc030f5ddcc46"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/9d18d524f3cc211003fc99e2e54eed09a2f3da88","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T15:35:57Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/9d18d524f3cc211003fc99e2e54eed09a2f3da88"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/fe1320b199d3a2f58351bb699c9ed4316e73221b","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T15:35:57Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/fe1320b199d3a2f58351bb699c9ed4316e73221b"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.15","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T15:35:57Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.15"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.15","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T15:35:57Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.15"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc6","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T15:35:57Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc6"},{"reference_url":"https://roundcube.net/news/2026/03/29/security-updates-1.7-rc6-1.6.15-1.5.15","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T15:35:57Z/"}],"url":"https://roundcube.net/news/2026/03/29/security-updates-1.7-rc6-1.6.15-1.5.15"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132268","reference_id":"1132268","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132268"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35545","reference_id":"CVE-2026-35545","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35545"},{"reference_url":"https://github.com/advisories/GHSA-w846-74jr-76cv","reference_id":"GHSA-w846-74jr-76cv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w846-74jr-76cv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1051746?format=json","purl":"pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6"}],"aliases":["CVE-2026-35545","GHSA-w846-74jr-76cv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ddfq-28qm-2fbn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/349548?format=json","vulnerability_id":"VCID-gh6k-19h8-fqbf","summary":"Roundcube Webmail: Unsanitized IMAP SEARCH command arguments","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35538","reference_id":"","reference_type":"","scores":[{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10455","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10593","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11044","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12411","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12526","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12559","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12551","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12436","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12431","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12527","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12566","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12607","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.1264","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14489","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35538"},{"reference_url":"https://github.com/roundcube/roundcubemail","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/roundcube/roundcubemail"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/5fe8a69956a9683a4269f3ad2a68e18deebf8a15","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:11:14Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/5fe8a69956a9683a4269f3ad2a68e18deebf8a15"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/7daf5aa9c190ccc75bb31672d8fee9938877fd64","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:11:14Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/7daf5aa9c190ccc75bb31672d8fee9938877fd64"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/b18a8fa8e81571914c0ff55d4e20edb459c6952c","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:11:14Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/b18a8fa8e81571914c0ff55d4e20edb459c6952c"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.14","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:11:14Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.14"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.14","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:11:14Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.14"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:11:14Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5"},{"reference_url":"https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:11:14Z/"}],"url":"https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182","reference_id":"1131182","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35538","reference_id":"CVE-2026-35538","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35538"},{"reference_url":"https://github.com/advisories/GHSA-8jr8-v43g-5c57","reference_id":"GHSA-8jr8-v43g-5c57","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8jr8-v43g-5c57"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1051746?format=json","purl":"pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6"}],"aliases":["CVE-2026-35538","GHSA-8jr8-v43g-5c57"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gh6k-19h8-fqbf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62470?format=json","vulnerability_id":"VCID-hg1a-vx5c-hue3","summary":"A flaw in Roundcube's handling of configuration files may allow\n    arbitrary code execution, amongst other vulnerabilities.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12641","reference_id":"","reference_type":"","scores":[{"value":"0.93133","scoring_system":"epss","scoring_elements":"0.99793","published_at":"2026-04-02T12:55:00Z"},{"value":"0.93133","scoring_system":"epss","scoring_elements":"0.99794","published_at":"2026-04-04T12:55:00Z"},{"value":"0.93133","scoring_system":"epss","scoring_elements":"0.99795","published_at":"2026-04-09T12:55:00Z"},{"value":"0.93133","scoring_system":"epss","scoring_elements":"0.99796","published_at":"2026-04-13T12:55:00Z"},{"value":"0.93133","scoring_system":"epss","scoring_elements":"0.99797","published_at":"2026-04-16T12:55:00Z"},{"value":"0.93133","scoring_system":"epss","scoring_elements":"0.99798","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12641"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12641","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12641"},{"reference_url":"https://github.com/roundcube/roundcubemail/compare/1.4.3...1.4.4","reference_id":"1.4.3...1.4.4","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:53:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/compare/1.4.3...1.4.4"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.4.4","reference_id":"1.4.4","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:53:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.4.4"},{"reference_url":"https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-12641-Command%20Injection-Roundcube","reference_id":"CVE-2020-12641-Command%20Injection-Roundcube","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:53:48Z/"}],"url":"https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-12641-Command%20Injection-Roundcube"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/fcfb099477f353373c34c8a65c9035b06b364db3","reference_id":"fcfb099477f353373c34c8a65c9035b06b364db3","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:53:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/fcfb099477f353373c34c8a65c9035b06b364db3"},{"reference_url":"https://security.gentoo.org/glsa/202007-41","reference_id":"GLSA-202007-41","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:53:48Z/"}],"url":"https://security.gentoo.org/glsa/202007-41"},{"reference_url":"https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1.3.11-and-1.2.10","reference_id":"security-updates-1.4.4-1.3.11-and-1.2.10","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:53:48Z/"}],"url":"https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1.3.11-and-1.2.10"},{"reference_url":"https://usn.ubuntu.com/USN-5182-1/","reference_id":"USN-USN-5182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050285?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-rdb5-bbvn-7fcq"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2020-12641"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hg1a-vx5c-hue3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90864?format=json","vulnerability_id":"VCID-jck5-xymf-s3bh","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-16145","reference_id":"","reference_type":"","scores":[{"value":"0.00704","scoring_system":"epss","scoring_elements":"0.72041","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00704","scoring_system":"epss","scoring_elements":"0.72047","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00704","scoring_system":"epss","scoring_elements":"0.72068","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00704","scoring_system":"epss","scoring_elements":"0.72044","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00704","scoring_system":"epss","scoring_elements":"0.72081","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00704","scoring_system":"epss","scoring_elements":"0.72093","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00704","scoring_system":"epss","scoring_elements":"0.72116","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00704","scoring_system":"epss","scoring_elements":"0.72101","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00704","scoring_system":"epss","scoring_elements":"0.72086","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00704","scoring_system":"epss","scoring_elements":"0.72127","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00704","scoring_system":"epss","scoring_elements":"0.72135","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00704","scoring_system":"epss","scoring_elements":"0.7212","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00704","scoring_system":"epss","scoring_elements":"0.72164","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00704","scoring_system":"epss","scoring_elements":"0.72173","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00704","scoring_system":"epss","scoring_elements":"0.72167","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00704","scoring_system":"epss","scoring_elements":"0.72159","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-16145"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16145","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16145"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968216","reference_id":"968216","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968216"},{"reference_url":"https://usn.ubuntu.com/USN-5182-1/","reference_id":"USN-USN-5182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050285?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-rdb5-bbvn-7fcq"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2020-16145"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jck5-xymf-s3bh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94681?format=json","vulnerability_id":"VCID-jqs5-8ct7-wfgk","summary":"Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26925","reference_id":"","reference_type":"","scores":[{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49171","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49227","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49258","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49286","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49238","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49293","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49289","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49307","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49281","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49287","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49334","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49331","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.493","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49298","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49256","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26925"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26925","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26925"},{"reference_url":"https://security.archlinux.org/ASA-202102-27","reference_id":"ASA-202102-27","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202102-27"},{"reference_url":"https://security.archlinux.org/AVG-1551","reference_id":"AVG-1551","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1551"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050285?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-rdb5-bbvn-7fcq"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2021-26925"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jqs5-8ct7-wfgk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94415?format=json","vulnerability_id":"VCID-kyxz-v3sj-w3cw","summary":"Cross Site Scripting (XSS) vulnerability in Roundcube Mail <=1.4.4 via smtp config in /installer/test.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-18671","reference_id":"","reference_type":"","scores":[{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.59664","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.59737","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.59762","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.59732","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.59784","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.59797","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.59817","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.59801","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.59783","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.5982","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.59827","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.5981","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.59781","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.59799","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.59785","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.59748","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-18671"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-18671","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-18671"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050285?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-rdb5-bbvn-7fcq"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2020-18671"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kyxz-v3sj-w3cw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79760?format=json","vulnerability_id":"VCID-m4yc-ms54-zyhv","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13965.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13965.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13965","reference_id":"","reference_type":"","scores":[{"value":"0.71819","scoring_system":"epss","scoring_elements":"0.98728","published_at":"2026-04-02T12:55:00Z"},{"value":"0.71819","scoring_system":"epss","scoring_elements":"0.98753","published_at":"2026-05-05T12:55:00Z"},{"value":"0.71819","scoring_system":"epss","scoring_elements":"0.98732","published_at":"2026-04-04T12:55:00Z"},{"value":"0.71819","scoring_system":"epss","scoring_elements":"0.98735","published_at":"2026-04-09T12:55:00Z"},{"value":"0.71819","scoring_system":"epss","scoring_elements":"0.98736","published_at":"2026-04-08T12:55:00Z"},{"value":"0.71819","scoring_system":"epss","scoring_elements":"0.98738","published_at":"2026-04-12T12:55:00Z"},{"value":"0.71819","scoring_system":"epss","scoring_elements":"0.98739","published_at":"2026-04-13T12:55:00Z"},{"value":"0.71819","scoring_system":"epss","scoring_elements":"0.98742","published_at":"2026-04-21T12:55:00Z"},{"value":"0.71819","scoring_system":"epss","scoring_elements":"0.98746","published_at":"2026-04-24T12:55:00Z"},{"value":"0.71819","scoring_system":"epss","scoring_elements":"0.98747","published_at":"2026-04-26T12:55:00Z"},{"value":"0.71819","scoring_system":"epss","scoring_elements":"0.98749","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13965"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13964","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13964"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13965","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13965"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.3.12","reference_id":"1.3.12","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.3.12"},{"reference_url":"https://github.com/roundcube/roundcubemail/compare/1.4.4...1.4.5","reference_id":"1.4.4...1.4.5","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/"}],"url":"https://github.com/roundcube/roundcubemail/compare/1.4.4...1.4.5"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.4.5","reference_id":"1.4.5","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.4.5"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1848338","reference_id":"1848338","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1848338"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/884eb611627ef2bd5a2e20e02009ebb1eceecdc3","reference_id":"884eb611627ef2bd5a2e20e02009ebb1eceecdc3","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/884eb611627ef2bd5a2e20e02009ebb1eceecdc3"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962124","reference_id":"962124","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962124"},{"reference_url":"https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-13965-Cross%20Site-Scripting%20via%20Malicious%20XML%20Attachment-Roundcube","reference_id":"CVE-2020-13965-Cross%20Site-Scripting%20via%20Malicious%20XML%20Attachment-Roundcube","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/"}],"url":"https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-13965-Cross%20Site-Scripting%20via%20Malicious%20XML%20Attachment-Roundcube"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLESQ4LPJGMSWHQ4TBRTVQRDG7IXAZCW/","reference_id":"DLESQ4LPJGMSWHQ4TBRTVQRDG7IXAZCW","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLESQ4LPJGMSWHQ4TBRTVQRDG7IXAZCW/"},{"reference_url":"https://www.debian.org/security/2020/dsa-4700","reference_id":"dsa-4700","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/"}],"url":"https://www.debian.org/security/2020/dsa-4700"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ODPJXBHZ32QSP4MYT2OBCALYXSUJ47SK/","reference_id":"ODPJXBHZ32QSP4MYT2OBCALYXSUJ47SK","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ODPJXBHZ32QSP4MYT2OBCALYXSUJ47SK/"},{"reference_url":"https://roundcube.net/news/2020/06/02/security-updates-1.4.5-and-1.3.12","reference_id":"security-updates-1.4.5-and-1.3.12","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/"}],"url":"https://roundcube.net/news/2020/06/02/security-updates-1.4.5-and-1.3.12"},{"reference_url":"https://usn.ubuntu.com/USN-5182-1/","reference_id":"USN-USN-5182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050285?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-rdb5-bbvn-7fcq"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2020-13965"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"5.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m4yc-ms54-zyhv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95789?format=json","vulnerability_id":"VCID-ncbg-6m11-3qan","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-47272","reference_id":"","reference_type":"","scores":[{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.65845","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.65875","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.6584","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.65892","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.65904","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.65922","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.65909","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.65879","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.65914","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.65929","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.65918","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.65928","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.65939","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.65937","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.65912","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-47272"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47272","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47272"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055421","reference_id":"1055421","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055421"},{"reference_url":"https://usn.ubuntu.com/6848-1/","reference_id":"USN-6848-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6848-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050285?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-rdb5-bbvn-7fcq"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2023-47272"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ncbg-6m11-3qan"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96129?format=json","vulnerability_id":"VCID-qwak-6wgy-wfgs","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-37384","reference_id":"","reference_type":"","scores":[{"value":"0.00437","scoring_system":"epss","scoring_elements":"0.63008","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00437","scoring_system":"epss","scoring_elements":"0.63099","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00437","scoring_system":"epss","scoring_elements":"0.63091","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00437","scoring_system":"epss","scoring_elements":"0.63056","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00437","scoring_system":"epss","scoring_elements":"0.63078","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00437","scoring_system":"epss","scoring_elements":"0.63092","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00437","scoring_system":"epss","scoring_elements":"0.63074","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00437","scoring_system":"epss","scoring_elements":"0.63058","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00437","scoring_system":"epss","scoring_elements":"0.63014","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00437","scoring_system":"epss","scoring_elements":"0.63043","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00525","scoring_system":"epss","scoring_elements":"0.67028","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00525","scoring_system":"epss","scoring_elements":"0.67022","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00525","scoring_system":"epss","scoring_elements":"0.67043","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00525","scoring_system":"epss","scoring_elements":"0.67057","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00525","scoring_system":"epss","scoring_elements":"0.67056","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-37384"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37384","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37384"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071474","reference_id":"1071474","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071474"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.7","reference_id":"1.5.7","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-17T17:48:19Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.7"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.7","reference_id":"1.6.7","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-17T17:48:19Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.7"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/cde4522c5c95f13c6aeeb1600ab17e5067a536f7","reference_id":"cde4522c5c95f13c6aeeb1600ab17e5067a536f7","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-17T17:48:19Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/cde4522c5c95f13c6aeeb1600ab17e5067a536f7"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00008.html","reference_id":"msg00008.html","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-17T17:48:19Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00008.html"},{"reference_url":"https://usn.ubuntu.com/6848-1/","reference_id":"USN-6848-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6848-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050285?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-rdb5-bbvn-7fcq"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2024-37384"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qwak-6wgy-wfgs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90812?format=json","vulnerability_id":"VCID-rc91-j3kf-zfch","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15562","reference_id":"","reference_type":"","scores":[{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75004","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75007","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75036","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75012","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75046","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75058","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.7508","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75059","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75048","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75086","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75093","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75083","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75122","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75126","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.7513","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75138","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15562"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15562","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15562"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964355","reference_id":"964355","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964355"},{"reference_url":"https://usn.ubuntu.com/USN-5182-1/","reference_id":"USN-USN-5182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050285?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-rdb5-bbvn-7fcq"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2020-15562"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rc91-j3kf-zfch"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95717?format=json","vulnerability_id":"VCID-s6p1-rf35-euhy","summary":"Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43770","reference_id":"","reference_type":"","scores":[{"value":"0.80389","scoring_system":"epss","scoring_elements":"0.99124","published_at":"2026-04-13T12:55:00Z"},{"value":"0.80389","scoring_system":"epss","scoring_elements":"0.99129","published_at":"2026-04-21T12:55:00Z"},{"value":"0.80389","scoring_system":"epss","scoring_elements":"0.99127","published_at":"2026-04-18T12:55:00Z"},{"value":"0.80389","scoring_system":"epss","scoring_elements":"0.99126","published_at":"2026-04-16T12:55:00Z"},{"value":"0.80389","scoring_system":"epss","scoring_elements":"0.99125","published_at":"2026-04-12T12:55:00Z"},{"value":"0.80653","scoring_system":"epss","scoring_elements":"0.99149","published_at":"2026-05-05T12:55:00Z"},{"value":"0.80653","scoring_system":"epss","scoring_elements":"0.99134","published_at":"2026-04-04T12:55:00Z"},{"value":"0.80653","scoring_system":"epss","scoring_elements":"0.99137","published_at":"2026-04-07T12:55:00Z"},{"value":"0.80653","scoring_system":"epss","scoring_elements":"0.99139","published_at":"2026-04-08T12:55:00Z"},{"value":"0.80653","scoring_system":"epss","scoring_elements":"0.99146","published_at":"2026-04-24T12:55:00Z"},{"value":"0.80653","scoring_system":"epss","scoring_elements":"0.99147","published_at":"2026-04-29T12:55:00Z"},{"value":"0.80653","scoring_system":"epss","scoring_elements":"0.99131","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43770"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43770","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43770"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052059","reference_id":"1052059","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052059"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/e92ec206a886461245e1672d8530cc93c618a49b","reference_id":"e92ec206a886461245e1672d8530cc93c618a49b","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-01T18:43:07Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/e92ec206a886461245e1672d8530cc93c618a49b"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00024.html","reference_id":"msg00024.html","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-01T18:43:07Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00024.html"},{"reference_url":"https://roundcube.net/news/2023/09/15/security-update-1.6.3-released","reference_id":"security-update-1.6.3-released","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-01T18:43:07Z/"}],"url":"https://roundcube.net/news/2023/09/15/security-update-1.6.3-released"},{"reference_url":"https://usn.ubuntu.com/6654-1/","reference_id":"USN-6654-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6654-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050285?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-rdb5-bbvn-7fcq"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2023-43770"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s6p1-rf35-euhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90934?format=json","vulnerability_id":"VCID-u8a4-4pe2-9kcb","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35730","reference_id":"","reference_type":"","scores":[{"value":"0.64813","scoring_system":"epss","scoring_elements":"0.98451","published_at":"2026-04-01T12:55:00Z"},{"value":"0.64813","scoring_system":"epss","scoring_elements":"0.98453","published_at":"2026-04-02T12:55:00Z"},{"value":"0.64813","scoring_system":"epss","scoring_elements":"0.98456","published_at":"2026-04-04T12:55:00Z"},{"value":"0.64813","scoring_system":"epss","scoring_elements":"0.98458","published_at":"2026-04-07T12:55:00Z"},{"value":"0.64813","scoring_system":"epss","scoring_elements":"0.98461","published_at":"2026-04-08T12:55:00Z"},{"value":"0.64813","scoring_system":"epss","scoring_elements":"0.98462","published_at":"2026-04-09T12:55:00Z"},{"value":"0.64813","scoring_system":"epss","scoring_elements":"0.98465","published_at":"2026-04-13T12:55:00Z"},{"value":"0.64813","scoring_system":"epss","scoring_elements":"0.9847","published_at":"2026-04-18T12:55:00Z"},{"value":"0.64813","scoring_system":"epss","scoring_elements":"0.98472","published_at":"2026-04-21T12:55:00Z"},{"value":"0.64813","scoring_system":"epss","scoring_elements":"0.98476","published_at":"2026-04-26T12:55:00Z"},{"value":"0.64813","scoring_system":"epss","scoring_elements":"0.98475","published_at":"2026-04-29T12:55:00Z"},{"value":"0.64813","scoring_system":"epss","scoring_elements":"0.9848","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35730"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35730","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35730"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.2.13","reference_id":"1.2.13","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:21:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.2.13"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.3.16","reference_id":"1.3.16","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:21:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.3.16"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.4.10","reference_id":"1.4.10","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:21:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.4.10"},{"reference_url":"https://github.com/roundcube/roundcubemail/compare/1.4.9...1.4.10","reference_id":"1.4.9...1.4.10","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:21:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/compare/1.4.9...1.4.10"},{"reference_url":"https://security.archlinux.org/ASA-202101-2","reference_id":"ASA-202101-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-2"},{"reference_url":"https://security.archlinux.org/AVG-1388","reference_id":"AVG-1388","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1388"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978491","reference_id":"bugreport.cgi?bug=978491","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:21:48Z/"}],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978491"},{"reference_url":"https://roundcube.net/download/","reference_id":"download","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:21:48Z/"}],"url":"https://roundcube.net/download/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HCEU4BM5WGIDJWP6Z4PCH62ZMH57QYM2/","reference_id":"HCEU4BM5WGIDJWP6Z4PCH62ZMH57QYM2","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:21:48Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HCEU4BM5WGIDJWP6Z4PCH62ZMH57QYM2/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HMLIZWKMTRCLU7KZLEQHELS4INXJ7X5Q/","reference_id":"HMLIZWKMTRCLU7KZLEQHELS4INXJ7X5Q","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:21:48Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HMLIZWKMTRCLU7KZLEQHELS4INXJ7X5Q/"},{"reference_url":"https://www.alexbirnberg.com/roundcube-xss.html","reference_id":"roundcube-xss.html","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:21:48Z/"}],"url":"https://www.alexbirnberg.com/roundcube-xss.html"},{"reference_url":"https://usn.ubuntu.com/USN-5182-1/","reference_id":"USN-USN-5182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050285?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-rdb5-bbvn-7fcq"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2020-35730"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u8a4-4pe2-9kcb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/349556?format=json","vulnerability_id":"VCID-ub6x-9dku-c7fk","summary":"Roundcube Webmail: Insufficient CSS sanitization in HTML e-mail messages","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35540","reference_id":"","reference_type":"","scores":[{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08833","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08902","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09441","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13135","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13187","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13224","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13255","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.1304","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13038","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.1437","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14426","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14453","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14425","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15738","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35540"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35540","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35540"},{"reference_url":"https://github.com/roundcube/roundcubemail","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/roundcube/roundcubemail"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/27ec6cc9cb25e1ef8b4d4ef39ce76d619caa6870","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:31Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/27ec6cc9cb25e1ef8b4d4ef39ce76d619caa6870"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/579b68eff90650a5c782e153debd66c765648942","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:31Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/579b68eff90650a5c782e153debd66c765648942"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.14","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:31Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.14"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:31Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5"},{"reference_url":"https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:31Z/"}],"url":"https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182","reference_id":"1131182","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35540","reference_id":"CVE-2026-35540","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35540"},{"reference_url":"https://github.com/advisories/GHSA-vxg2-hhgr-37fx","reference_id":"GHSA-vxg2-hhgr-37fx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vxg2-hhgr-37fx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1051746?format=json","purl":"pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6"}],"aliases":["CVE-2026-35540","GHSA-vxg2-hhgr-37fx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ub6x-9dku-c7fk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95883?format=json","vulnerability_id":"VCID-vehj-ytsm-kqgz","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5631","reference_id":"","reference_type":"","scores":[{"value":"0.83338","scoring_system":"epss","scoring_elements":"0.99269","published_at":"2026-04-04T12:55:00Z"},{"value":"0.83338","scoring_system":"epss","scoring_elements":"0.99266","published_at":"2026-04-02T12:55:00Z"},{"value":"0.83433","scoring_system":"epss","scoring_elements":"0.99279","published_at":"2026-04-13T12:55:00Z"},{"value":"0.83433","scoring_system":"epss","scoring_elements":"0.99277","published_at":"2026-04-08T12:55:00Z"},{"value":"0.83433","scoring_system":"epss","scoring_elements":"0.99281","published_at":"2026-04-18T12:55:00Z"},{"value":"0.83433","scoring_system":"epss","scoring_elements":"0.9928","published_at":"2026-04-12T12:55:00Z"},{"value":"0.83433","scoring_system":"epss","scoring_elements":"0.99278","published_at":"2026-04-09T12:55:00Z"},{"value":"0.84427","scoring_system":"epss","scoring_elements":"0.99329","published_at":"2026-04-29T12:55:00Z"},{"value":"0.84427","scoring_system":"epss","scoring_elements":"0.99331","published_at":"2026-05-05T12:55:00Z"},{"value":"0.84427","scoring_system":"epss","scoring_elements":"0.9933","published_at":"2026-04-24T12:55:00Z"},{"value":"0.85084","scoring_system":"epss","scoring_elements":"0.99356","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5631"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5631","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5631"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/11/01/1","reference_id":"1","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/11/01/1"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.4.15","reference_id":"1.4.15","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.4.15"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.5","reference_id":"1.5.5","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.5"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.4","reference_id":"1.6.4","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.4"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/11/17/2","reference_id":"2","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/11/17/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/11/01/3","reference_id":"3","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/11/01/3"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/41756cc3331b495cc0b71886984474dc529dd31d","reference_id":"41756cc3331b495cc0b71886984474dc529dd31d","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/41756cc3331b495cc0b71886984474dc529dd31d"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/6ee6e7ae301e165e2b2cb703edf75552e5376613","reference_id":"6ee6e7ae301e165e2b2cb703edf75552e5376613","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/6ee6e7ae301e165e2b2cb703edf75552e5376613"},{"reference_url":"https://github.com/roundcube/roundcubemail/issues/9168","reference_id":"9168","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/"}],"url":"https://github.com/roundcube/roundcubemail/issues/9168"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054079","reference_id":"bugreport.cgi?bug=1054079","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/"}],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054079"},{"reference_url":"https://www.debian.org/security/2023/dsa-5531","reference_id":"dsa-5531","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/"}],"url":"https://www.debian.org/security/2023/dsa-5531"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LK67Q46OIEGJCRQUBHKLH3IIJTBNGGX4/","reference_id":"LK67Q46OIEGJCRQUBHKLH3IIJTBNGGX4","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LK67Q46OIEGJCRQUBHKLH3IIJTBNGGX4/"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00035.html","reference_id":"msg00035.html","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00035.html"},{"reference_url":"https://roundcube.net/news/2023/10/16/security-update-1.6.4-released","reference_id":"security-update-1.6.4-released","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/"}],"url":"https://roundcube.net/news/2023/10/16/security-update-1.6.4-released"},{"reference_url":"https://roundcube.net/news/2023/10/16/security-updates-1.5.5-and-1.4.15","reference_id":"security-updates-1.5.5-and-1.4.15","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/"}],"url":"https://roundcube.net/news/2023/10/16/security-updates-1.5.5-and-1.4.15"},{"reference_url":"https://usn.ubuntu.com/6848-1/","reference_id":"USN-6848-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6848-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050285?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-rdb5-bbvn-7fcq"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2023-5631"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vehj-ytsm-kqgz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64628?format=json","vulnerability_id":"VCID-vtz8-zmp4-xbdh","summary":"roundcubemail: Roundcube Webmail: Cascading Style Sheets (CSS) injection via mishandled comments","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26079.json","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26079.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26079","reference_id":"","reference_type":"","scores":[{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22382","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22386","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22368","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22423","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22465","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22443","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22307","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22389","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24417","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.2465","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24594","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24582","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24539","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25403","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25439","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26079"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26079"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127447","reference_id":"1127447","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127447"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.13","reference_id":"1.5.13","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T16:05:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.13"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.13","reference_id":"1.6.13","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T16:05:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.13"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/1f4c3a5af5033747f9685a8a395dbd8228d19816","reference_id":"1f4c3a5af5033747f9685a8a395dbd8228d19816","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T16:05:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/1f4c3a5af5033747f9685a8a395dbd8228d19816"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2438807","reference_id":"2438807","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2438807"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/2b5625f1d2ef7e050fd1ae481b2a52dc35466447","reference_id":"2b5625f1d2ef7e050fd1ae481b2a52dc35466447","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T16:05:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/2b5625f1d2ef7e050fd1ae481b2a52dc35466447"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/53d75d5dfebef235a344d476b900c20c12d52b01","reference_id":"53d75d5dfebef235a344d476b900c20c12d52b01","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T16:05:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/53d75d5dfebef235a344d476b900c20c12d52b01"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/5a3315cce587e0be58335d11ff9a5571c90494a5","reference_id":"5a3315cce587e0be58335d11ff9a5571c90494a5","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T16:05:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/5a3315cce587e0be58335d11ff9a5571c90494a5"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/bf89cbaa5897d8ad62e8057d9a3f6babb90b7954","reference_id":"bf89cbaa5897d8ad62e8057d9a3f6babb90b7954","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T16:05:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/bf89cbaa5897d8ad62e8057d9a3f6babb90b7954"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/c15f5dbf093a497e19a749b20e7f8fb5a9c24cde","reference_id":"c15f5dbf093a497e19a749b20e7f8fb5a9c24cde","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T16:05:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/c15f5dbf093a497e19a749b20e7f8fb5a9c24cde"},{"reference_url":"https://roundcube.net/news/2026/02/08/security-updates-1.6.13-and-1.5.13","reference_id":"security-updates-1.6.13-and-1.5.13","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T16:05:48Z/"}],"url":"https://roundcube.net/news/2026/02/08/security-updates-1.6.13-and-1.5.13"},{"reference_url":"https://usn.ubuntu.com/8223-1/","reference_id":"USN-8223-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8223-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1051746?format=json","purl":"pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6"}],"aliases":["CVE-2026-26079"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vtz8-zmp4-xbdh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62467?format=json","vulnerability_id":"VCID-x9j7-98zt-6ygt","summary":"A flaw in Roundcube's handling of configuration files may allow\n    arbitrary code execution, amongst other vulnerabilities.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12625","reference_id":"","reference_type":"","scores":[{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84692","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84707","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84727","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84729","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84751","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84758","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84775","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84771","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84766","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84787","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84788","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84786","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84813","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84823","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84822","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84838","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12625"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12625","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12625"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12626","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12626"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959140","reference_id":"959140","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959140"},{"reference_url":"https://security.gentoo.org/glsa/202007-41","reference_id":"GLSA-202007-41","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202007-41"},{"reference_url":"https://usn.ubuntu.com/USN-5182-1/","reference_id":"USN-USN-5182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050285?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-rdb5-bbvn-7fcq"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2020-12625"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x9j7-98zt-6ygt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94414?format=json","vulnerability_id":"VCID-xssa-fwbx-kybq","summary":"Cross Site Scripting (XSS) vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-18670","reference_id":"","reference_type":"","scores":[{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61508","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61583","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61612","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61632","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61646","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61668","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61656","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61637","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61679","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61684","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61669","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61662","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61678","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61672","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61618","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-18670"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-18670","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-18670"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050285?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-rdb5-bbvn-7fcq"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2020-18670"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xssa-fwbx-kybq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50015?format=json","vulnerability_id":"VCID-ybv7-hqmj-nbgr","summary":"Multiple vulnerabilities have been discovered in Roundcube, the worst of which could lead to execution of arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44025","reference_id":"","reference_type":"","scores":[{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.7019","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70202","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70219","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70196","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70242","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70257","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.7028","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70266","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70253","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70294","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70304","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70285","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70338","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70347","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70344","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70317","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44025"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44025","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44025"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44026","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44026"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000156","reference_id":"1000156","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000156"},{"reference_url":"https://security.gentoo.org/glsa/202507-10","reference_id":"GLSA-202507-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202507-10"},{"reference_url":"https://usn.ubuntu.com/USN-5182-1/","reference_id":"USN-USN-5182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050285?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-rdb5-bbvn-7fcq"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2021-44025"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ybv7-hqmj-nbgr"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90974?format=json","vulnerability_id":"VCID-14vp-t71a-4bh1","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-46144","reference_id":"","reference_type":"","scores":[{"value":"0.01055","scoring_system":"epss","scoring_elements":"0.77528","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01055","scoring_system":"epss","scoring_elements":"0.77534","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01055","scoring_system":"epss","scoring_elements":"0.7756","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01055","scoring_system":"epss","scoring_elements":"0.77539","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01055","scoring_system":"epss","scoring_elements":"0.7757","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01055","scoring_system":"epss","scoring_elements":"0.77578","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01055","scoring_system":"epss","scoring_elements":"0.77604","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01055","scoring_system":"epss","scoring_elements":"0.77589","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01055","scoring_system":"epss","scoring_elements":"0.77588","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01055","scoring_system":"epss","scoring_elements":"0.77625","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01055","scoring_system":"epss","scoring_elements":"0.77623","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01055","scoring_system":"epss","scoring_elements":"0.77618","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01055","scoring_system":"epss","scoring_elements":"0.7765","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01055","scoring_system":"epss","scoring_elements":"0.77657","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01055","scoring_system":"epss","scoring_elements":"0.77672","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01055","scoring_system":"epss","scoring_elements":"0.77684","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-46144"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46144","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46144"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003027","reference_id":"1003027","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003027"},{"reference_url":"https://usn.ubuntu.com/USN-5182-1/","reference_id":"USN-USN-5182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037819?format=json","purl":"pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1050285?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-rdb5-bbvn-7fcq"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2021-46144"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-14vp-t71a-4bh1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50016?format=json","vulnerability_id":"VCID-2eyy-k49d-m3af","summary":"Multiple vulnerabilities have been discovered in Roundcube, the worst of which could lead to execution of arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44026","reference_id":"","reference_type":"","scores":[{"value":"0.64041","scoring_system":"epss","scoring_elements":"0.98426","published_at":"2026-04-04T12:55:00Z"},{"value":"0.64041","scoring_system":"epss","scoring_elements":"0.98422","published_at":"2026-04-02T12:55:00Z"},{"value":"0.64041","scoring_system":"epss","scoring_elements":"0.9842","published_at":"2026-04-01T12:55:00Z"},{"value":"0.64041","scoring_system":"epss","scoring_elements":"0.9844","published_at":"2026-04-16T12:55:00Z"},{"value":"0.64041","scoring_system":"epss","scoring_elements":"0.98436","published_at":"2026-04-13T12:55:00Z"},{"value":"0.64041","scoring_system":"epss","scoring_elements":"0.98432","published_at":"2026-04-09T12:55:00Z"},{"value":"0.64041","scoring_system":"epss","scoring_elements":"0.98431","published_at":"2026-04-08T12:55:00Z"},{"value":"0.64041","scoring_system":"epss","scoring_elements":"0.98428","published_at":"2026-04-07T12:55:00Z"},{"value":"0.72527","scoring_system":"epss","scoring_elements":"0.98783","published_at":"2026-05-05T12:55:00Z"},{"value":"0.72527","scoring_system":"epss","scoring_elements":"0.98772","published_at":"2026-04-18T12:55:00Z"},{"value":"0.72527","scoring_system":"epss","scoring_elements":"0.98773","published_at":"2026-04-21T12:55:00Z"},{"value":"0.72527","scoring_system":"epss","scoring_elements":"0.98777","published_at":"2026-04-24T12:55:00Z"},{"value":"0.72527","scoring_system":"epss","scoring_elements":"0.98778","published_at":"2026-04-26T12:55:00Z"},{"value":"0.72527","scoring_system":"epss","scoring_elements":"0.98779","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44026"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44025","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44025"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44026","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44026"},{"reference_url":"https://bugs.debian.org/1000156","reference_id":"1000156","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:33:07Z/"}],"url":"https://bugs.debian.org/1000156"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000156","reference_id":"1000156","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000156"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/c8947ecb762d9e89c2091bda28d49002817263f1","reference_id":"c8947ecb762d9e89c2091bda28d49002817263f1","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:33:07Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/c8947ecb762d9e89c2091bda28d49002817263f1"},{"reference_url":"https://www.debian.org/security/2021/dsa-5013","reference_id":"dsa-5013","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:33:07Z/"}],"url":"https://www.debian.org/security/2021/dsa-5013"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/ee809bde2dcaa04857a919397808a7296681dcfa","reference_id":"ee809bde2dcaa04857a919397808a7296681dcfa","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:33:07Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/ee809bde2dcaa04857a919397808a7296681dcfa"},{"reference_url":"https://security.gentoo.org/glsa/202507-10","reference_id":"GLSA-202507-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202507-10"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/12/msg00004.html","reference_id":"msg00004.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:33:07Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2021/12/msg00004.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDVGIZMQJ5IOM47Y3SAAJRN5VPANKTKO/","reference_id":"NDVGIZMQJ5IOM47Y3SAAJRN5VPANKTKO","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:33:07Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDVGIZMQJ5IOM47Y3SAAJRN5VPANKTKO/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TP3Y5RXTUUOUODNG7HFEKWYNIPIT2NL4/","reference_id":"TP3Y5RXTUUOUODNG7HFEKWYNIPIT2NL4","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:33:07Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TP3Y5RXTUUOUODNG7HFEKWYNIPIT2NL4/"},{"reference_url":"https://usn.ubuntu.com/USN-5182-1/","reference_id":"USN-USN-5182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037819?format=json","purl":"pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1050285?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-rdb5-bbvn-7fcq"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2021-44026"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2eyy-k49d-m3af"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79759?format=json","vulnerability_id":"VCID-7nn6-aywu-z7g8","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13964","reference_id":"","reference_type":"","scores":[{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75174","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75177","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75208","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75184","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75219","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75231","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75252","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75229","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75218","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75256","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75263","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75254","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.7529","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75293","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75297","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75306","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13964"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13964","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13964"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13965","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13965"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962123","reference_id":"962123","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962123"},{"reference_url":"https://usn.ubuntu.com/USN-5182-1/","reference_id":"USN-USN-5182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037223?format=json","purl":"pkg:deb/debian/roundcube@1.2.3%2Bdfsg.1-4%2Bdeb9u6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9ktu-55q4-3kau"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-fuh5-bwaq-yyfk"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-j29t-cw2h-mfd8"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-ts1p-pw9v-cbh3"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-ur1a-7tdn-h3hu"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"},{"vulnerability":"VCID-z3kp-p8ch-myhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.2.3%252Bdfsg.1-4%252Bdeb9u6"},{"url":"http://public2.vulnerablecode.io/api/packages/1037819?format=json","purl":"pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1050285?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-rdb5-bbvn-7fcq"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2020-13964"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7nn6-aywu-z7g8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93634?format=json","vulnerability_id":"VCID-9ktu-55q4-3kau","summary":"Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which makes it easier for attackers to obtain sensitive information, a related issue to CVE-2017-17688. This is associated with plugins/enigma/lib/enigma_driver_gnupg.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19205","reference_id":"","reference_type":"","scores":[{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55201","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.553","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55324","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55306","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55356","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55357","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55368","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55346","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55327","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55364","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55347","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55284","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55305","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55278","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55226","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19205"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19205","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19205"},{"reference_url":"https://usn.ubuntu.com/8132-1/","reference_id":"USN-8132-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8132-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037819?format=json","purl":"pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2"}],"aliases":["CVE-2018-19205"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9ktu-55q4-3kau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62468?format=json","vulnerability_id":"VCID-cnkc-vcp7-6kcw","summary":"A flaw in Roundcube's handling of configuration files may allow\n    arbitrary code execution, amongst other vulnerabilities.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12626","reference_id":"","reference_type":"","scores":[{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.79589","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.79596","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.79618","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.79605","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.79634","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.79642","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.79662","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.79647","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.79639","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.7967","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.79669","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.79673","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.79704","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.79711","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.79726","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.79741","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12626"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12625","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12625"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12626","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12626"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959142","reference_id":"959142","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959142"},{"reference_url":"https://security.gentoo.org/glsa/202007-41","reference_id":"GLSA-202007-41","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202007-41"},{"reference_url":"https://usn.ubuntu.com/USN-5182-1/","reference_id":"USN-USN-5182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037223?format=json","purl":"pkg:deb/debian/roundcube@1.2.3%2Bdfsg.1-4%2Bdeb9u6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9ktu-55q4-3kau"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-fuh5-bwaq-yyfk"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-j29t-cw2h-mfd8"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-ts1p-pw9v-cbh3"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-ur1a-7tdn-h3hu"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"},{"vulnerability":"VCID-z3kp-p8ch-myhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.2.3%252Bdfsg.1-4%252Bdeb9u6"},{"url":"http://public2.vulnerablecode.io/api/packages/1037819?format=json","purl":"pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1050285?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-rdb5-bbvn-7fcq"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2020-12626"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cnkc-vcp7-6kcw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70217?format=json","vulnerability_id":"VCID-fuh5-bwaq-yyfk","summary":"security update","references":[{"reference_url":"http://packetstormsecurity.com/files/161226/Roundcube-Webmail-1.2-File-Disclosure.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T20:56:39Z/"}],"url":"http://packetstormsecurity.com/files/161226/Roundcube-Webmail-1.2-File-Disclosure.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16651","reference_id":"","reference_type":"","scores":[{"value":"0.33307","scoring_system":"epss","scoring_elements":"0.9693","published_at":"2026-04-21T12:55:00Z"},{"value":"0.33307","scoring_system":"epss","scoring_elements":"0.96927","published_at":"2026-04-18T12:55:00Z"},{"value":"0.33307","scoring_system":"epss","scoring_elements":"0.969","published_at":"2026-04-07T12:55:00Z"},{"value":"0.33307","scoring_system":"epss","scoring_elements":"0.96896","published_at":"2026-04-04T12:55:00Z"},{"value":"0.33307","scoring_system":"epss","scoring_elements":"0.96923","published_at":"2026-04-16T12:55:00Z"},{"value":"0.33307","scoring_system":"epss","scoring_elements":"0.96916","published_at":"2026-04-13T12:55:00Z"},{"value":"0.33307","scoring_system":"epss","scoring_elements":"0.96915","published_at":"2026-04-12T12:55:00Z"},{"value":"0.33307","scoring_system":"epss","scoring_elements":"0.96913","published_at":"2026-04-11T12:55:00Z"},{"value":"0.33307","scoring_system":"epss","scoring_elements":"0.9691","published_at":"2026-04-09T12:55:00Z"},{"value":"0.33307","scoring_system":"epss","scoring_elements":"0.96909","published_at":"2026-04-08T12:55:00Z"},{"value":"0.35232","scoring_system":"epss","scoring_elements":"0.97018","published_at":"2026-04-02T12:55:00Z"},{"value":"0.35232","scoring_system":"epss","scoring_elements":"0.9701","published_at":"2026-04-01T12:55:00Z"},{"value":"0.37271","scoring_system":"epss","scoring_elements":"0.97192","published_at":"2026-05-05T12:55:00Z"},{"value":"0.37271","scoring_system":"epss","scoring_elements":"0.97185","published_at":"2026-04-24T12:55:00Z"},{"value":"0.37271","scoring_system":"epss","scoring_elements":"0.97186","published_at":"2026-04-26T12:55:00Z"},{"value":"0.37271","scoring_system":"epss","scoring_elements":"0.97188","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16651"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16651"},{"reference_url":"https://github.com/roundcube/roundcubemail/issues/6026","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T20:56:39Z/"}],"url":"https://github.com/roundcube/roundcubemail/issues/6026"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.1.10","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T20:56:39Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.1.10"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.2.7","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T20:56:39Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.2.7"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.3.3","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T20:56:39Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.3.3"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00039.html","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T20:56:39Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00039.html"},{"reference_url":"https://roundcube.net/news/2017/11/08/security-updates-1.3.3-1.2.7-and-1.1.10","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T20:56:39Z/"}],"url":"https://roundcube.net/news/2017/11/08/security-updates-1.3.3-1.2.7-and-1.1.10"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-16651","reference_id":"","reference_type":"","scores":[],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-16651"},{"reference_url":"https://www.debian.org/security/2017/dsa-4030","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T20:56:39Z/"}],"url":"https://www.debian.org/security/2017/dsa-4030"},{"reference_url":"http://www.securityfocus.com/bid/101793","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T20:56:39Z/"}],"url":"http://www.securityfocus.com/bid/101793"},{"reference_url":"https://security.archlinux.org/ASA-201711-27","reference_id":"ASA-201711-27","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-27"},{"reference_url":"https://security.archlinux.org/AVG-506","reference_id":"AVG-506","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-506"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:roundcube:webmail:1.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:roundcube:webmail:1.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.2.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:roundcube:webmail:1.2.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.2.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.2.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:roundcube:webmail:1.2.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.2.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.2.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:roundcube:webmail:1.2.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.2.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.2.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:roundcube:webmail:1.2.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.2.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.2.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:roundcube:webmail:1.2.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.2.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:roundcube:webmail:1.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:roundcube:webmail:1.3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:roundcube:webmail:1.3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:1.3.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16651","reference_id":"CVE-2017-16651","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:P/A:P"},{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16651"},{"reference_url":"https://usn.ubuntu.com/7200-1/","reference_id":"USN-7200-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7200-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037223?format=json","purl":"pkg:deb/debian/roundcube@1.2.3%2Bdfsg.1-4%2Bdeb9u6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9ktu-55q4-3kau"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-fuh5-bwaq-yyfk"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-j29t-cw2h-mfd8"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-ts1p-pw9v-cbh3"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-ur1a-7tdn-h3hu"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"},{"vulnerability":"VCID-z3kp-p8ch-myhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.2.3%252Bdfsg.1-4%252Bdeb9u6"},{"url":"http://public2.vulnerablecode.io/api/packages/1037819?format=json","purl":"pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2"}],"aliases":["CVE-2017-16651"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fuh5-bwaq-yyfk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93420?format=json","vulnerability_id":"VCID-j29t-cw2h-mfd8","summary":"roundcube version 1.3.4 and earlier contains an Insecure Permissions vulnerability in enigma plugin that can result in exfiltration of gpg private key. This attack appear to be exploitable via network connectivity.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000071","reference_id":"","reference_type":"","scores":[{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52412","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52458","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52485","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52452","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52504","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52498","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52549","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52532","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52516","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52556","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52561","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52545","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52493","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52502","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52464","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52407","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000071"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000071","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000071"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897014","reference_id":"897014","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897014"},{"reference_url":"https://usn.ubuntu.com/8132-1/","reference_id":"USN-8132-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8132-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037819?format=json","purl":"pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2"}],"aliases":["CVE-2018-1000071"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j29t-cw2h-mfd8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90864?format=json","vulnerability_id":"VCID-jck5-xymf-s3bh","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-16145","reference_id":"","reference_type":"","scores":[{"value":"0.00704","scoring_system":"epss","scoring_elements":"0.72041","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00704","scoring_system":"epss","scoring_elements":"0.72047","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00704","scoring_system":"epss","scoring_elements":"0.72068","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00704","scoring_system":"epss","scoring_elements":"0.72044","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00704","scoring_system":"epss","scoring_elements":"0.72081","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00704","scoring_system":"epss","scoring_elements":"0.72093","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00704","scoring_system":"epss","scoring_elements":"0.72116","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00704","scoring_system":"epss","scoring_elements":"0.72101","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00704","scoring_system":"epss","scoring_elements":"0.72086","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00704","scoring_system":"epss","scoring_elements":"0.72127","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00704","scoring_system":"epss","scoring_elements":"0.72135","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00704","scoring_system":"epss","scoring_elements":"0.7212","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00704","scoring_system":"epss","scoring_elements":"0.72164","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00704","scoring_system":"epss","scoring_elements":"0.72173","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00704","scoring_system":"epss","scoring_elements":"0.72167","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00704","scoring_system":"epss","scoring_elements":"0.72159","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-16145"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16145","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16145"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968216","reference_id":"968216","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968216"},{"reference_url":"https://usn.ubuntu.com/USN-5182-1/","reference_id":"USN-USN-5182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037819?format=json","purl":"pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1050285?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-rdb5-bbvn-7fcq"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2020-16145"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jck5-xymf-s3bh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79760?format=json","vulnerability_id":"VCID-m4yc-ms54-zyhv","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13965.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13965.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13965","reference_id":"","reference_type":"","scores":[{"value":"0.71819","scoring_system":"epss","scoring_elements":"0.98728","published_at":"2026-04-02T12:55:00Z"},{"value":"0.71819","scoring_system":"epss","scoring_elements":"0.98753","published_at":"2026-05-05T12:55:00Z"},{"value":"0.71819","scoring_system":"epss","scoring_elements":"0.98732","published_at":"2026-04-04T12:55:00Z"},{"value":"0.71819","scoring_system":"epss","scoring_elements":"0.98735","published_at":"2026-04-09T12:55:00Z"},{"value":"0.71819","scoring_system":"epss","scoring_elements":"0.98736","published_at":"2026-04-08T12:55:00Z"},{"value":"0.71819","scoring_system":"epss","scoring_elements":"0.98738","published_at":"2026-04-12T12:55:00Z"},{"value":"0.71819","scoring_system":"epss","scoring_elements":"0.98739","published_at":"2026-04-13T12:55:00Z"},{"value":"0.71819","scoring_system":"epss","scoring_elements":"0.98742","published_at":"2026-04-21T12:55:00Z"},{"value":"0.71819","scoring_system":"epss","scoring_elements":"0.98746","published_at":"2026-04-24T12:55:00Z"},{"value":"0.71819","scoring_system":"epss","scoring_elements":"0.98747","published_at":"2026-04-26T12:55:00Z"},{"value":"0.71819","scoring_system":"epss","scoring_elements":"0.98749","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13965"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13964","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13964"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13965","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13965"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.3.12","reference_id":"1.3.12","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.3.12"},{"reference_url":"https://github.com/roundcube/roundcubemail/compare/1.4.4...1.4.5","reference_id":"1.4.4...1.4.5","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/"}],"url":"https://github.com/roundcube/roundcubemail/compare/1.4.4...1.4.5"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.4.5","reference_id":"1.4.5","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.4.5"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1848338","reference_id":"1848338","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1848338"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/884eb611627ef2bd5a2e20e02009ebb1eceecdc3","reference_id":"884eb611627ef2bd5a2e20e02009ebb1eceecdc3","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/884eb611627ef2bd5a2e20e02009ebb1eceecdc3"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962124","reference_id":"962124","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962124"},{"reference_url":"https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-13965-Cross%20Site-Scripting%20via%20Malicious%20XML%20Attachment-Roundcube","reference_id":"CVE-2020-13965-Cross%20Site-Scripting%20via%20Malicious%20XML%20Attachment-Roundcube","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/"}],"url":"https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-13965-Cross%20Site-Scripting%20via%20Malicious%20XML%20Attachment-Roundcube"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLESQ4LPJGMSWHQ4TBRTVQRDG7IXAZCW/","reference_id":"DLESQ4LPJGMSWHQ4TBRTVQRDG7IXAZCW","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLESQ4LPJGMSWHQ4TBRTVQRDG7IXAZCW/"},{"reference_url":"https://www.debian.org/security/2020/dsa-4700","reference_id":"dsa-4700","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/"}],"url":"https://www.debian.org/security/2020/dsa-4700"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ODPJXBHZ32QSP4MYT2OBCALYXSUJ47SK/","reference_id":"ODPJXBHZ32QSP4MYT2OBCALYXSUJ47SK","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ODPJXBHZ32QSP4MYT2OBCALYXSUJ47SK/"},{"reference_url":"https://roundcube.net/news/2020/06/02/security-updates-1.4.5-and-1.3.12","reference_id":"security-updates-1.4.5-and-1.3.12","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/"}],"url":"https://roundcube.net/news/2020/06/02/security-updates-1.4.5-and-1.3.12"},{"reference_url":"https://usn.ubuntu.com/USN-5182-1/","reference_id":"USN-USN-5182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037223?format=json","purl":"pkg:deb/debian/roundcube@1.2.3%2Bdfsg.1-4%2Bdeb9u6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9ktu-55q4-3kau"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-fuh5-bwaq-yyfk"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-j29t-cw2h-mfd8"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-ts1p-pw9v-cbh3"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-ur1a-7tdn-h3hu"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"},{"vulnerability":"VCID-z3kp-p8ch-myhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.2.3%252Bdfsg.1-4%252Bdeb9u6"},{"url":"http://public2.vulnerablecode.io/api/packages/1037819?format=json","purl":"pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1050285?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-rdb5-bbvn-7fcq"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2020-13965"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"5.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m4yc-ms54-zyhv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90812?format=json","vulnerability_id":"VCID-rc91-j3kf-zfch","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15562","reference_id":"","reference_type":"","scores":[{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75004","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75007","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75036","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75012","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75046","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75058","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.7508","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75059","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75048","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75086","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75093","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75083","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75122","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75126","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.7513","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75138","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15562"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15562","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15562"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964355","reference_id":"964355","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964355"},{"reference_url":"https://usn.ubuntu.com/USN-5182-1/","reference_id":"USN-USN-5182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037819?format=json","purl":"pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1050285?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-rdb5-bbvn-7fcq"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2020-15562"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rc91-j3kf-zfch"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76083?format=json","vulnerability_id":"VCID-ts1p-pw9v-cbh3","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19206","reference_id":"","reference_type":"","scores":[{"value":"0.02357","scoring_system":"epss","scoring_elements":"0.8484","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02357","scoring_system":"epss","scoring_elements":"0.84856","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02357","scoring_system":"epss","scoring_elements":"0.84874","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02357","scoring_system":"epss","scoring_elements":"0.84876","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02357","scoring_system":"epss","scoring_elements":"0.84899","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02357","scoring_system":"epss","scoring_elements":"0.84906","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02357","scoring_system":"epss","scoring_elements":"0.84924","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02357","scoring_system":"epss","scoring_elements":"0.84923","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02357","scoring_system":"epss","scoring_elements":"0.84917","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02357","scoring_system":"epss","scoring_elements":"0.84939","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02357","scoring_system":"epss","scoring_elements":"0.84936","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02357","scoring_system":"epss","scoring_elements":"0.84962","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02357","scoring_system":"epss","scoring_elements":"0.8497","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02357","scoring_system":"epss","scoring_elements":"0.84969","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02357","scoring_system":"epss","scoring_elements":"0.84986","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19206"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19206","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19206"},{"reference_url":"https://usn.ubuntu.com/8132-1/","reference_id":"USN-8132-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8132-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037223?format=json","purl":"pkg:deb/debian/roundcube@1.2.3%2Bdfsg.1-4%2Bdeb9u6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9ktu-55q4-3kau"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-fuh5-bwaq-yyfk"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-j29t-cw2h-mfd8"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-ts1p-pw9v-cbh3"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-ur1a-7tdn-h3hu"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"},{"vulnerability":"VCID-z3kp-p8ch-myhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.2.3%252Bdfsg.1-4%252Bdeb9u6"},{"url":"http://public2.vulnerablecode.io/api/packages/1037819?format=json","purl":"pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2"}],"aliases":["CVE-2018-19206"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ts1p-pw9v-cbh3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90934?format=json","vulnerability_id":"VCID-u8a4-4pe2-9kcb","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35730","reference_id":"","reference_type":"","scores":[{"value":"0.64813","scoring_system":"epss","scoring_elements":"0.98451","published_at":"2026-04-01T12:55:00Z"},{"value":"0.64813","scoring_system":"epss","scoring_elements":"0.98453","published_at":"2026-04-02T12:55:00Z"},{"value":"0.64813","scoring_system":"epss","scoring_elements":"0.98456","published_at":"2026-04-04T12:55:00Z"},{"value":"0.64813","scoring_system":"epss","scoring_elements":"0.98458","published_at":"2026-04-07T12:55:00Z"},{"value":"0.64813","scoring_system":"epss","scoring_elements":"0.98461","published_at":"2026-04-08T12:55:00Z"},{"value":"0.64813","scoring_system":"epss","scoring_elements":"0.98462","published_at":"2026-04-09T12:55:00Z"},{"value":"0.64813","scoring_system":"epss","scoring_elements":"0.98465","published_at":"2026-04-13T12:55:00Z"},{"value":"0.64813","scoring_system":"epss","scoring_elements":"0.9847","published_at":"2026-04-18T12:55:00Z"},{"value":"0.64813","scoring_system":"epss","scoring_elements":"0.98472","published_at":"2026-04-21T12:55:00Z"},{"value":"0.64813","scoring_system":"epss","scoring_elements":"0.98476","published_at":"2026-04-26T12:55:00Z"},{"value":"0.64813","scoring_system":"epss","scoring_elements":"0.98475","published_at":"2026-04-29T12:55:00Z"},{"value":"0.64813","scoring_system":"epss","scoring_elements":"0.9848","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35730"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35730","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35730"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.2.13","reference_id":"1.2.13","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:21:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.2.13"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.3.16","reference_id":"1.3.16","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:21:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.3.16"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.4.10","reference_id":"1.4.10","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:21:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.4.10"},{"reference_url":"https://github.com/roundcube/roundcubemail/compare/1.4.9...1.4.10","reference_id":"1.4.9...1.4.10","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:21:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/compare/1.4.9...1.4.10"},{"reference_url":"https://security.archlinux.org/ASA-202101-2","reference_id":"ASA-202101-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-2"},{"reference_url":"https://security.archlinux.org/AVG-1388","reference_id":"AVG-1388","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1388"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978491","reference_id":"bugreport.cgi?bug=978491","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:21:48Z/"}],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978491"},{"reference_url":"https://roundcube.net/download/","reference_id":"download","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:21:48Z/"}],"url":"https://roundcube.net/download/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HCEU4BM5WGIDJWP6Z4PCH62ZMH57QYM2/","reference_id":"HCEU4BM5WGIDJWP6Z4PCH62ZMH57QYM2","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:21:48Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HCEU4BM5WGIDJWP6Z4PCH62ZMH57QYM2/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HMLIZWKMTRCLU7KZLEQHELS4INXJ7X5Q/","reference_id":"HMLIZWKMTRCLU7KZLEQHELS4INXJ7X5Q","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:21:48Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HMLIZWKMTRCLU7KZLEQHELS4INXJ7X5Q/"},{"reference_url":"https://www.alexbirnberg.com/roundcube-xss.html","reference_id":"roundcube-xss.html","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:21:48Z/"}],"url":"https://www.alexbirnberg.com/roundcube-xss.html"},{"reference_url":"https://usn.ubuntu.com/USN-5182-1/","reference_id":"USN-USN-5182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037819?format=json","purl":"pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1050285?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-rdb5-bbvn-7fcq"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2020-35730"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u8a4-4pe2-9kcb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93870?format=json","vulnerability_id":"VCID-ur1a-7tdn-h3hu","summary":"In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00083.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00083.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10740","reference_id":"","reference_type":"","scores":[{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38299","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38419","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38656","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38785","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38806","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38735","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38796","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38808","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38772","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38744","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.3879","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38768","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38688","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38532","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38507","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10740"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10740","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10740"},{"reference_url":"https://github.com/roundcube/roundcubemail/issues/6638","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/roundcube/roundcubemail/issues/6638"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.3.10","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.3.10"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TFFMSO5WKEYSGMTZPZFF4ZADUJ57PRN5/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TFFMSO5WKEYSGMTZPZFF4ZADUJ57PRN5/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927713","reference_id":"927713","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927713"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:sp2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:opensuse:backports_sle:15.0:sp2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:sp2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10740","reference_id":"CVE-2019-10740","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10740"},{"reference_url":"https://usn.ubuntu.com/8132-1/","reference_id":"USN-8132-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8132-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037819?format=json","purl":"pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2"}],"aliases":["CVE-2019-10740"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ur1a-7tdn-h3hu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62467?format=json","vulnerability_id":"VCID-x9j7-98zt-6ygt","summary":"A flaw in Roundcube's handling of configuration files may allow\n    arbitrary code execution, amongst other vulnerabilities.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12625","reference_id":"","reference_type":"","scores":[{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84692","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84707","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84727","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84729","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84751","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84758","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84775","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84771","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84766","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84787","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84788","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84786","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84813","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84823","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84822","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84838","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12625"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12625","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12625"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12626","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12626"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959140","reference_id":"959140","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959140"},{"reference_url":"https://security.gentoo.org/glsa/202007-41","reference_id":"GLSA-202007-41","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202007-41"},{"reference_url":"https://usn.ubuntu.com/USN-5182-1/","reference_id":"USN-USN-5182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037223?format=json","purl":"pkg:deb/debian/roundcube@1.2.3%2Bdfsg.1-4%2Bdeb9u6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9ktu-55q4-3kau"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-fuh5-bwaq-yyfk"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-j29t-cw2h-mfd8"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-ts1p-pw9v-cbh3"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-ur1a-7tdn-h3hu"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"},{"vulnerability":"VCID-z3kp-p8ch-myhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.2.3%252Bdfsg.1-4%252Bdeb9u6"},{"url":"http://public2.vulnerablecode.io/api/packages/1037819?format=json","purl":"pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1050285?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-rdb5-bbvn-7fcq"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2020-12625"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x9j7-98zt-6ygt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50015?format=json","vulnerability_id":"VCID-ybv7-hqmj-nbgr","summary":"Multiple vulnerabilities have been discovered in Roundcube, the worst of which could lead to execution of arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44025","reference_id":"","reference_type":"","scores":[{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.7019","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70202","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70219","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70196","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70242","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70257","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.7028","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70266","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70253","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70294","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70304","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70285","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70338","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70347","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70344","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70317","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44025"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44025","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44025"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44026","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44026"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000156","reference_id":"1000156","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000156"},{"reference_url":"https://security.gentoo.org/glsa/202507-10","reference_id":"GLSA-202507-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202507-10"},{"reference_url":"https://usn.ubuntu.com/USN-5182-1/","reference_id":"USN-USN-5182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037819?format=json","purl":"pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1050285?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-rdb5-bbvn-7fcq"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2021-44025"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ybv7-hqmj-nbgr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79026?format=json","vulnerability_id":"VCID-z3kp-p8ch-myhz","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-9846","reference_id":"","reference_type":"","scores":[{"value":"0.00852","scoring_system":"epss","scoring_elements":"0.74869","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00852","scoring_system":"epss","scoring_elements":"0.7487","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00852","scoring_system":"epss","scoring_elements":"0.74899","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00852","scoring_system":"epss","scoring_elements":"0.74947","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00852","scoring_system":"epss","scoring_elements":"0.74983","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00852","scoring_system":"epss","scoring_elements":"0.74989","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00852","scoring_system":"epss","scoring_elements":"0.74993","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00852","scoring_system":"epss","scoring_elements":"0.75","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00876","scoring_system":"epss","scoring_elements":"0.75331","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00876","scoring_system":"epss","scoring_elements":"0.75298","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00876","scoring_system":"epss","scoring_elements":"0.75309","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00876","scoring_system":"epss","scoring_elements":"0.75337","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00876","scoring_system":"epss","scoring_elements":"0.75344","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00876","scoring_system":"epss","scoring_elements":"0.75256","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00876","scoring_system":"epss","scoring_elements":"0.75299","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00876","scoring_system":"epss","scoring_elements":"0.7531","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-9846"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9846","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9846"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895184","reference_id":"895184","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895184"},{"reference_url":"https://security.archlinux.org/ASA-201804-8","reference_id":"ASA-201804-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201804-8"},{"reference_url":"https://security.archlinux.org/AVG-670","reference_id":"AVG-670","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-670"},{"reference_url":"https://usn.ubuntu.com/8132-1/","reference_id":"USN-8132-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8132-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037223?format=json","purl":"pkg:deb/debian/roundcube@1.2.3%2Bdfsg.1-4%2Bdeb9u6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9ktu-55q4-3kau"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-fuh5-bwaq-yyfk"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-j29t-cw2h-mfd8"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-ts1p-pw9v-cbh3"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-ur1a-7tdn-h3hu"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"},{"vulnerability":"VCID-z3kp-p8ch-myhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.2.3%252Bdfsg.1-4%252Bdeb9u6"},{"url":"http://public2.vulnerablecode.io/api/packages/1037819?format=json","purl":"pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vp-t71a-4bh1"},{"vulnerability":"VCID-2eyy-k49d-m3af"},{"vulnerability":"VCID-2hap-9mqs-v3b8"},{"vulnerability":"VCID-2k4q-26tk-j3gx"},{"vulnerability":"VCID-2nb2-9vgp-tqg9"},{"vulnerability":"VCID-36et-26h7-pke7"},{"vulnerability":"VCID-3kyu-tx4q-p3aq"},{"vulnerability":"VCID-4yzj-hrqv-vbcp"},{"vulnerability":"VCID-5yts-xnha-4bf3"},{"vulnerability":"VCID-79me-pjdn-ykgq"},{"vulnerability":"VCID-7nn6-aywu-z7g8"},{"vulnerability":"VCID-8vmm-1hvf-17ap"},{"vulnerability":"VCID-8xf2-hjfv-hybh"},{"vulnerability":"VCID-9der-5csu-nbbq"},{"vulnerability":"VCID-9uv1-gqq7-3kc9"},{"vulnerability":"VCID-cjkd-2jr6-n7as"},{"vulnerability":"VCID-ck88-1urs-2kes"},{"vulnerability":"VCID-cnkc-vcp7-6kcw"},{"vulnerability":"VCID-ddfq-28qm-2fbn"},{"vulnerability":"VCID-gh6k-19h8-fqbf"},{"vulnerability":"VCID-hg1a-vx5c-hue3"},{"vulnerability":"VCID-jck5-xymf-s3bh"},{"vulnerability":"VCID-jqs5-8ct7-wfgk"},{"vulnerability":"VCID-kyxz-v3sj-w3cw"},{"vulnerability":"VCID-m4yc-ms54-zyhv"},{"vulnerability":"VCID-ncbg-6m11-3qan"},{"vulnerability":"VCID-qwak-6wgy-wfgs"},{"vulnerability":"VCID-rc91-j3kf-zfch"},{"vulnerability":"VCID-s6p1-rf35-euhy"},{"vulnerability":"VCID-u8a4-4pe2-9kcb"},{"vulnerability":"VCID-ub6x-9dku-c7fk"},{"vulnerability":"VCID-vehj-ytsm-kqgz"},{"vulnerability":"VCID-vtz8-zmp4-xbdh"},{"vulnerability":"VCID-x9j7-98zt-6ygt"},{"vulnerability":"VCID-xssa-fwbx-kybq"},{"vulnerability":"VCID-ybv7-hqmj-nbgr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2"}],"aliases":["CVE-2018-9846"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z3kp-p8ch-myhz"}],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2"}