Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1050285?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1050285?format=api", "purl": "pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4", "type": "deb", "namespace": "debian", "name": "roundcube", "version": "1.4.15+dfsg.1-1+deb11u4", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.6.5+dfsg-1+deb12u6", "latest_non_vulnerable_version": "1.6.5+dfsg-1+deb12u6", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/349549?format=api", "vulnerability_id": "VCID-2hap-9mqs-v3b8", "summary": "Roundcube Webmail: Incorrect password comparison in the password plugin", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35541", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09324", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10086", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09983", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10621", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10676", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10695", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10743", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10618", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10604", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10739", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10764", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10796", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10782", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12438", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35541" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35541", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35541" }, { "reference_url": "https://github.com/roundcube/roundcubemail", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/roundcube/roundcubemail" }, { "reference_url": "https://github.com/roundcube/roundcubemail/commit/2e6a99b2a38110907ea8d3be8e59ec3d5802c394", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:00Z/" } ], "url": "https://github.com/roundcube/roundcubemail/commit/2e6a99b2a38110907ea8d3be8e59ec3d5802c394" }, { "reference_url": "https://github.com/roundcube/roundcubemail/commit/6a275676a8043083c05c961914d830b79e2490d4", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:00Z/" } ], "url": "https://github.com/roundcube/roundcubemail/commit/6a275676a8043083c05c961914d830b79e2490d4" }, { "reference_url": "https://github.com/roundcube/roundcubemail/commit/6fa2bddc59b9c9fd31cad4a9e2954a208d793dce", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:00Z/" } ], "url": "https://github.com/roundcube/roundcubemail/commit/6fa2bddc59b9c9fd31cad4a9e2954a208d793dce" }, { "reference_url": "https://github.com/roundcube/roundcubemail/releases/tag/1.5.14", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:00Z/" } ], "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.5.14" }, { "reference_url": "https://github.com/roundcube/roundcubemail/releases/tag/1.6.14", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:00Z/" } ], "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.6.14" }, { "reference_url": "https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:00Z/" } ], "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5" }, { "reference_url": "https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:00Z/" } ], "url": "https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182", "reference_id": "1131182", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35541", "reference_id": "CVE-2026-35541", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35541" }, { "reference_url": "https://github.com/advisories/GHSA-46pv-mj2g-93gh", "reference_id": "GHSA-46pv-mj2g-93gh", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-46pv-mj2g-93gh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051746?format=api", "purl": "pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6" } ], "aliases": [ "CVE-2026-35541", "GHSA-46pv-mj2g-93gh" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2hap-9mqs-v3b8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65869?format=api", "vulnerability_id": "VCID-2nb2-9vgp-tqg9", "summary": "roundcubemail: Roundcube Webmail: Information Disclosure via HTML Style Sanitizer", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68460.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68460.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-68460", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14181", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14238", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14053", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14134", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14185", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14136", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14094", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.1404", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.13935", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.13934", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17503", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17412", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17389", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.1732", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17184", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-68460" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68460" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122899", "reference_id": "1122899", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122899" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423487", "reference_id": "2423487", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423487" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051746?format=api", "purl": "pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6" } ], "aliases": [ "CVE-2025-68460" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2nb2-9vgp-tqg9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/30100?format=api", "vulnerability_id": "VCID-3kyu-tx4q-p3aq", "summary": "Roundcube Webmail Vulnerable to Authenticated RCE via PHP Object Deserialization\nRoundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49113.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49113.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49113", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.90405", "scoring_system": "epss", "scoring_elements": "0.99611", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.9042", "scoring_system": "epss", "scoring_elements": "0.99609", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.9042", "scoring_system": "epss", "scoring_elements": "0.9961", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.90478", "scoring_system": "epss", "scoring_elements": "0.99609", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.90891", "scoring_system": "epss", "scoring_elements": "0.99636", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.91243", "scoring_system": "epss", "scoring_elements": "0.99653", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.91574", "scoring_system": "epss", "scoring_elements": "0.9967", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.91574", "scoring_system": "epss", "scoring_elements": "0.99675", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.91574", "scoring_system": "epss", "scoring_elements": "0.99674", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.91574", "scoring_system": "epss", "scoring_elements": "0.99673", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.91574", "scoring_system": "epss", "scoring_elements": "0.99672", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49113" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49113", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49113" }, { "reference_url": "https://fearsoff.org/research/roundcube", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-02-20T20:05:40Z/" } ], "url": "https://fearsoff.org/research/roundcube" }, { "reference_url": "https://github.com/roundcube/roundcubemail", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/roundcube/roundcubemail" }, { "reference_url": "https://github.com/roundcube/roundcubemail/commit/0376f69e958a8fef7f6f09e352c541b4e7729c4d", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-02-20T20:05:40Z/" } ], "url": "https://github.com/roundcube/roundcubemail/commit/0376f69e958a8fef7f6f09e352c541b4e7729c4d" }, { "reference_url": "https://github.com/roundcube/roundcubemail/commit/7408f31379666124a39f9cb1018f62bc5e2dc695", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-02-20T20:05:40Z/" } ], "url": "https://github.com/roundcube/roundcubemail/commit/7408f31379666124a39f9cb1018f62bc5e2dc695" }, { "reference_url": "https://github.com/roundcube/roundcubemail/commit/c50a07d88ca38f018a0f4a0b008e9a1deb32637e", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-02-20T20:05:40Z/" } ], "url": "https://github.com/roundcube/roundcubemail/commit/c50a07d88ca38f018a0f4a0b008e9a1deb32637e" }, { "reference_url": "https://github.com/roundcube/roundcubemail/pull/9865", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-02-20T20:05:40Z/" } ], "url": "https://github.com/roundcube/roundcubemail/pull/9865" }, { "reference_url": "https://github.com/roundcube/roundcubemail/releases/tag/1.5.10", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-02-20T20:05:40Z/" } ], "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.5.10" }, { "reference_url": "https://github.com/roundcube/roundcubemail/releases/tag/1.6.11", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-02-20T20:05:40Z/" } ], "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.6.11" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00008.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00008.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49113", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49113" }, { "reference_url": "https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-02-20T20:05:40Z/" } ], "url": "https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-49113", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-49113" }, { "reference_url": "https://www.vicarius.io/vsociety/posts/cve-2025-49113-roundcube-mitigation-script", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-02-20T20:05:40Z/" } ], "url": "https://www.vicarius.io/vsociety/posts/cve-2025-49113-roundcube-mitigation-script" }, { "reference_url": "https://www.vicarius.io/vsociety/posts/cve-2025-49113-roundcube-vulnerability-detection", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-02-20T20:05:40Z/" } ], "url": "https://www.vicarius.io/vsociety/posts/cve-2025-49113-roundcube-vulnerability-detection" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/06/02/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/06/02/3" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107073", "reference_id": "1107073", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107073" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369696", "reference_id": "2369696", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369696" }, { "reference_url": "https://security.archlinux.org/ASA-202506-1", "reference_id": "ASA-202506-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202506-1" }, { "reference_url": "https://security.archlinux.org/AVG-2891", "reference_id": "AVG-2891", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2891" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52324.NA", "reference_id": "CVE-2025-49113", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52324.NA" }, { "reference_url": "https://github.com/advisories/GHSA-8j8w-wwqc-x596", "reference_id": "GHSA-8j8w-wwqc-x596", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8j8w-wwqc-x596" }, { "reference_url": "https://usn.ubuntu.com/7584-1/", "reference_id": "USN-7584-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7584-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051746?format=api", "purl": "pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6" } ], "aliases": [ "CVE-2025-49113", "GHSA-8j8w-wwqc-x596" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3kyu-tx4q-p3aq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97028?format=api", "vulnerability_id": "VCID-4yzj-hrqv-vbcp", "summary": "Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when \"Block remote images\" is used, does not block SVG feImage.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25916", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09829", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09789", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09906", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09931", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09968", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09956", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09904", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11529", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11641", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11763", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.1173", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11692", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11614", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12448", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12491", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25916" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25916", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25916" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127447", "reference_id": "1127447", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127447" }, { "reference_url": "https://nullcathedral.com/posts/2026-02-08-roundcube-svg-feimage-remote-image-bypass/", "reference_id": "2026-02-08-roundcube-svg-feimage-remote-image-bypass", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-09T14:54:49Z/" } ], "url": "https://nullcathedral.com/posts/2026-02-08-roundcube-svg-feimage-remote-image-bypass/" }, { "reference_url": "https://github.com/roundcube/roundcubemail/commit/26d7677", "reference_id": "26d7677", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-09T14:54:49Z/" } ], "url": "https://github.com/roundcube/roundcubemail/commit/26d7677" }, { "reference_url": "https://news.ycombinator.com/item?id=46937012", "reference_id": "item?id=46937012", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-09T14:54:49Z/" } ], "url": "https://news.ycombinator.com/item?id=46937012" }, { "reference_url": "https://usn.ubuntu.com/8223-1/", "reference_id": "USN-8223-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8223-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051746?format=api", "purl": "pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6" } ], "aliases": [ "CVE-2026-25916" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4yzj-hrqv-vbcp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/349555?format=api", "vulnerability_id": "VCID-5yts-xnha-4bf3", "summary": "Roundcube Webmail: Insufficient HTML attachment sanitization in preview mode", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35539", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10724", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10896", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11324", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12275", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12387", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.1242", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12417", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12306", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12406", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12446", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12484", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12511", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13375", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35539" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35539", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35539" }, { "reference_url": "https://github.com/roundcube/roundcubemail", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/roundcube/roundcubemail" }, { "reference_url": "https://github.com/roundcube/roundcubemail/commit/10a6d1fa8acac85c727b0a6ae4a6642bfa27bea1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:10:48Z/" } ], "url": "https://github.com/roundcube/roundcubemail/commit/10a6d1fa8acac85c727b0a6ae4a6642bfa27bea1" }, { "reference_url": "https://github.com/roundcube/roundcubemail/commit/1b30edf5369668c92fe91dae3d52e477c808aa4f", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:10:48Z/" } ], "url": "https://github.com/roundcube/roundcubemail/commit/1b30edf5369668c92fe91dae3d52e477c808aa4f" }, { "reference_url": "https://github.com/roundcube/roundcubemail/commit/d742954ccbcdee7020f8f2e7c49ce0fca5a0efab", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:10:48Z/" } ], "url": "https://github.com/roundcube/roundcubemail/commit/d742954ccbcdee7020f8f2e7c49ce0fca5a0efab" }, { "reference_url": "https://github.com/roundcube/roundcubemail/releases/tag/1.5.14", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:10:48Z/" } ], "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.5.14" }, { "reference_url": "https://github.com/roundcube/roundcubemail/releases/tag/1.6.14", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:10:48Z/" } ], "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.6.14" }, { "reference_url": "https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:10:48Z/" } ], "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5" }, { "reference_url": "https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:10:48Z/" } ], "url": "https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182", "reference_id": "1131182", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35539", "reference_id": "CVE-2026-35539", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35539" }, { "reference_url": "https://github.com/advisories/GHSA-x4q5-8j5g-hpjc", "reference_id": "GHSA-x4q5-8j5g-hpjc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x4q5-8j5g-hpjc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051746?format=api", "purl": "pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6" } ], "aliases": [ "CVE-2026-35539", "GHSA-x4q5-8j5g-hpjc" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5yts-xnha-4bf3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/349553?format=api", "vulnerability_id": "VCID-8vmm-1hvf-17ap", "summary": "Roundcube: Bypass of remote image blocking via crafted BODY background attribute", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35542", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09403", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10167", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10062", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.12929", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13034", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13066", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13072", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.12975", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.12972", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.1307", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13122", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.1316", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13191", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14115", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35542" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35542", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35542" }, { "reference_url": "https://github.com/roundcube/roundcubemail", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/roundcube/roundcubemail" }, { "reference_url": "https://github.com/roundcube/roundcubemail/commit/e052328e3dc75f13adc2e314eaa4096ac21084ad", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:51:19Z/" } ], "url": "https://github.com/roundcube/roundcubemail/commit/e052328e3dc75f13adc2e314eaa4096ac21084ad" }, { "reference_url": "https://github.com/roundcube/roundcubemail/commit/fd0e98178db5c73eaa93d005b561874923f9b0f0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:51:19Z/" } ], "url": "https://github.com/roundcube/roundcubemail/commit/fd0e98178db5c73eaa93d005b561874923f9b0f0" }, { "reference_url": "https://github.com/roundcube/roundcubemail/commit/fde14d01adc9f37893cd82b635883e516ed453f8", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:51:19Z/" } ], "url": "https://github.com/roundcube/roundcubemail/commit/fde14d01adc9f37893cd82b635883e516ed453f8" }, { "reference_url": "https://github.com/roundcube/roundcubemail/releases/tag/1.5.14", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:51:19Z/" } ], "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.5.14" }, { "reference_url": "https://github.com/roundcube/roundcubemail/releases/tag/1.6.14", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:51:19Z/" } ], "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.6.14" }, { "reference_url": "https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:51:19Z/" } ], "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5" }, { "reference_url": "https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:51:19Z/" } ], "url": "https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182", "reference_id": "1131182", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35542", "reference_id": "CVE-2026-35542", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35542" }, { "reference_url": "https://github.com/advisories/GHSA-5hf6-crg4-fg59", "reference_id": "GHSA-5hf6-crg4-fg59", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5hf6-crg4-fg59" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051746?format=api", "purl": "pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6" } ], "aliases": [ "CVE-2026-35542", "GHSA-5hf6-crg4-fg59" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8vmm-1hvf-17ap" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/349554?format=api", "vulnerability_id": "VCID-8xf2-hjfv-hybh", "summary": "Roundcube Webmail: Insufficient CSS sanitization in HTML e-mail messages", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35544", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10066", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.1017", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.1014", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.12933", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13037", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13069", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13076", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.12978", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.12975", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13074", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13126", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13164", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13195", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14117", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35544" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35544", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35544" }, { "reference_url": "https://github.com/roundcube/roundcubemail", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/roundcube/roundcubemail" }, { "reference_url": "https://github.com/roundcube/roundcubemail/commit/099009b9c8e1d3c636fb9a5af72f7c2596018662", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:06Z/" } ], "url": "https://github.com/roundcube/roundcubemail/commit/099009b9c8e1d3c636fb9a5af72f7c2596018662" }, { "reference_url": "https://github.com/roundcube/roundcubemail/commit/226811a1c974271dbedca72672923abaff8191c0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:06Z/" } ], "url": "https://github.com/roundcube/roundcubemail/commit/226811a1c974271dbedca72672923abaff8191c0" }, { "reference_url": "https://github.com/roundcube/roundcubemail/commit/57dec0c127b98e0c8e3b9c26c80049b9c4bcaea7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:06Z/" } ], "url": "https://github.com/roundcube/roundcubemail/commit/57dec0c127b98e0c8e3b9c26c80049b9c4bcaea7" }, { "reference_url": "https://github.com/roundcube/roundcubemail/releases/tag/1.5.14", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:06Z/" } ], "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.5.14" }, { "reference_url": "https://github.com/roundcube/roundcubemail/releases/tag/1.6.14", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:06Z/" } ], "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.6.14" }, { "reference_url": "https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:06Z/" } ], "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5" }, { "reference_url": "https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:06Z/" } ], "url": "https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182", "reference_id": "1131182", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35544", "reference_id": "CVE-2026-35544", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35544" }, { "reference_url": "https://github.com/advisories/GHSA-xpqh-grpw-4xmg", "reference_id": "GHSA-xpqh-grpw-4xmg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xpqh-grpw-4xmg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051746?format=api", "purl": "pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6" } ], "aliases": [ "CVE-2026-35544", "GHSA-xpqh-grpw-4xmg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8xf2-hjfv-hybh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65868?format=api", "vulnerability_id": "VCID-9uv1-gqq7-3kc9", "summary": "roundcubemail: Roundcube Webmail: Cross-Site Scripting (XSS) vulnerability via crafted SVG animate tag", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68461.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68461.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-68461", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06437", "scoring_system": "epss", "scoring_elements": "0.91026", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.06437", "scoring_system": "epss", "scoring_elements": "0.91017", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.06833", "scoring_system": "epss", "scoring_elements": "0.91341", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.06833", "scoring_system": "epss", "scoring_elements": "0.91316", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.06833", "scoring_system": "epss", "scoring_elements": "0.91329", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.06833", "scoring_system": "epss", "scoring_elements": "0.91334", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.06833", "scoring_system": "epss", "scoring_elements": "0.91344", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.06833", "scoring_system": "epss", "scoring_elements": "0.91343", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.06833", "scoring_system": "epss", "scoring_elements": "0.91368", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.06974", "scoring_system": "epss", "scoring_elements": "0.91471", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.08521", "scoring_system": "epss", "scoring_elements": "0.924", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.08521", "scoring_system": "epss", "scoring_elements": "0.92394", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.08521", "scoring_system": "epss", "scoring_elements": "0.92403", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.08521", "scoring_system": "epss", "scoring_elements": "0.92395", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.08521", "scoring_system": "epss", "scoring_elements": "0.92398", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-68461" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68461", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68461" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122899", "reference_id": "1122899", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122899" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423507", "reference_id": "2423507", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423507" }, { "reference_url": "https://github.com/roundcube/roundcubemail/commit/bfa032631c36b900e7444dfa278340b33cbf7cdb", "reference_id": "bfa032631c36b900e7444dfa278340b33cbf7cdb", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2026-02-20T20:07:06Z/" } ], "url": "https://github.com/roundcube/roundcubemail/commit/bfa032631c36b900e7444dfa278340b33cbf7cdb" }, { "reference_url": "https://roundcube.net/news/2025/12/13/security-updates-1.6.12-and-1.5.12", "reference_id": "security-updates-1.6.12-and-1.5.12", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2026-02-20T20:07:06Z/" } ], "url": "https://roundcube.net/news/2025/12/13/security-updates-1.6.12-and-1.5.12" }, { "reference_url": "https://usn.ubuntu.com/8097-1/", "reference_id": "USN-8097-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8097-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051746?format=api", "purl": "pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6" } ], "aliases": [ "CVE-2025-68461" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9uv1-gqq7-3kc9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/349552?format=api", "vulnerability_id": "VCID-ck88-1urs-2kes", "summary": "Roundcube Webmail: Bypass of remote image blocking via SVG content (with animate attributes) in an e-mail message", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35543", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09403", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10167", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10062", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.12929", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13034", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13066", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13072", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.12975", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.12972", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.1307", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13122", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.1316", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13191", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14115", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35543" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35543", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35543" }, { "reference_url": "https://github.com/roundcube/roundcubemail", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/roundcube/roundcubemail" }, { "reference_url": "https://github.com/roundcube/roundcubemail/commit/1a63e01542bff42aaa71c00c4c279a09ef31f20c", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:45Z/" } ], "url": "https://github.com/roundcube/roundcubemail/commit/1a63e01542bff42aaa71c00c4c279a09ef31f20c" }, { "reference_url": "https://github.com/roundcube/roundcubemail/commit/39471343ee081ce1d31696c456a2c163462daae3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:45Z/" } ], "url": "https://github.com/roundcube/roundcubemail/commit/39471343ee081ce1d31696c456a2c163462daae3" }, { "reference_url": "https://github.com/roundcube/roundcubemail/commit/82ab5eca7b332fce7a174b2b987f0957a66377cd", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:45Z/" } ], "url": "https://github.com/roundcube/roundcubemail/commit/82ab5eca7b332fce7a174b2b987f0957a66377cd" }, { "reference_url": "https://github.com/roundcube/roundcubemail/releases/tag/1.5.14", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:45Z/" } ], "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.5.14" }, { "reference_url": "https://github.com/roundcube/roundcubemail/releases/tag/1.6.14", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:45Z/" } ], "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.6.14" }, { "reference_url": "https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:45Z/" } ], "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5" }, { "reference_url": "https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:45Z/" } ], "url": "https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182", "reference_id": "1131182", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35543", "reference_id": "CVE-2026-35543", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35543" }, { "reference_url": "https://github.com/advisories/GHSA-j2g6-8rvg-7mf6", "reference_id": "GHSA-j2g6-8rvg-7mf6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j2g6-8rvg-7mf6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051746?format=api", "purl": "pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6" } ], "aliases": [ "CVE-2026-35543", "GHSA-j2g6-8rvg-7mf6" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ck88-1urs-2kes" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/349551?format=api", "vulnerability_id": "VCID-ddfq-28qm-2fbn", "summary": "Roundcube Webmail: Remote image blocking feature can be bypassed via SVG content in an e-mail message", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35545", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10066", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.1017", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09759", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13334", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.1344", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13468", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13463", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13391", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13393", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13482", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13529", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13567", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13595", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14638", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35545" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35545", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35545" }, { "reference_url": "https://github.com/roundcube/roundcubemail", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/roundcube/roundcubemail" }, { "reference_url": "https://github.com/roundcube/roundcubemail/commit/7ad62de184368bf42c0f522d1aacc030f5ddcc46", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T15:35:57Z/" } ], "url": "https://github.com/roundcube/roundcubemail/commit/7ad62de184368bf42c0f522d1aacc030f5ddcc46" }, { "reference_url": "https://github.com/roundcube/roundcubemail/commit/9d18d524f3cc211003fc99e2e54eed09a2f3da88", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T15:35:57Z/" } ], "url": "https://github.com/roundcube/roundcubemail/commit/9d18d524f3cc211003fc99e2e54eed09a2f3da88" }, { "reference_url": "https://github.com/roundcube/roundcubemail/commit/fe1320b199d3a2f58351bb699c9ed4316e73221b", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T15:35:57Z/" } ], "url": "https://github.com/roundcube/roundcubemail/commit/fe1320b199d3a2f58351bb699c9ed4316e73221b" }, { "reference_url": "https://github.com/roundcube/roundcubemail/releases/tag/1.5.15", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T15:35:57Z/" } ], "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.5.15" }, { "reference_url": "https://github.com/roundcube/roundcubemail/releases/tag/1.6.15", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T15:35:57Z/" } ], "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.6.15" }, { "reference_url": "https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T15:35:57Z/" } ], "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc6" }, { "reference_url": "https://roundcube.net/news/2026/03/29/security-updates-1.7-rc6-1.6.15-1.5.15", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T15:35:57Z/" } ], "url": "https://roundcube.net/news/2026/03/29/security-updates-1.7-rc6-1.6.15-1.5.15" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132268", "reference_id": "1132268", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132268" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35545", "reference_id": "CVE-2026-35545", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35545" }, { "reference_url": "https://github.com/advisories/GHSA-w846-74jr-76cv", "reference_id": "GHSA-w846-74jr-76cv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w846-74jr-76cv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051746?format=api", "purl": "pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6" } ], "aliases": [ "CVE-2026-35545", "GHSA-w846-74jr-76cv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ddfq-28qm-2fbn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/349548?format=api", "vulnerability_id": "VCID-gh6k-19h8-fqbf", "summary": "Roundcube Webmail: Unsanitized IMAP SEARCH command arguments", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35538", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10455", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10593", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11044", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12411", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12526", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12559", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12551", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12436", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12431", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12527", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12566", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12607", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.1264", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.14489", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35538" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35538", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35538" }, { "reference_url": "https://github.com/roundcube/roundcubemail", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/roundcube/roundcubemail" }, { "reference_url": "https://github.com/roundcube/roundcubemail/commit/5fe8a69956a9683a4269f3ad2a68e18deebf8a15", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:11:14Z/" } ], "url": "https://github.com/roundcube/roundcubemail/commit/5fe8a69956a9683a4269f3ad2a68e18deebf8a15" }, { "reference_url": "https://github.com/roundcube/roundcubemail/commit/7daf5aa9c190ccc75bb31672d8fee9938877fd64", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:11:14Z/" } ], "url": "https://github.com/roundcube/roundcubemail/commit/7daf5aa9c190ccc75bb31672d8fee9938877fd64" }, { "reference_url": "https://github.com/roundcube/roundcubemail/commit/b18a8fa8e81571914c0ff55d4e20edb459c6952c", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:11:14Z/" } ], "url": "https://github.com/roundcube/roundcubemail/commit/b18a8fa8e81571914c0ff55d4e20edb459c6952c" }, { "reference_url": "https://github.com/roundcube/roundcubemail/releases/tag/1.5.14", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:11:14Z/" } ], "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.5.14" }, { "reference_url": "https://github.com/roundcube/roundcubemail/releases/tag/1.6.14", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:11:14Z/" } ], "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.6.14" }, { "reference_url": "https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:11:14Z/" } ], "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5" }, { "reference_url": "https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:11:14Z/" } ], "url": "https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182", "reference_id": "1131182", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35538", "reference_id": "CVE-2026-35538", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35538" }, { "reference_url": "https://github.com/advisories/GHSA-8jr8-v43g-5c57", "reference_id": "GHSA-8jr8-v43g-5c57", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8jr8-v43g-5c57" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051746?format=api", "purl": "pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6" } ], "aliases": [ "CVE-2026-35538", "GHSA-8jr8-v43g-5c57" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gh6k-19h8-fqbf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50014?format=api", "vulnerability_id": "VCID-rdb5-bbvn-7fcq", "summary": "Multiple vulnerabilities have been discovered in Roundcube, the worst of which could lead to execution of arbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15237", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33448", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.3365", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33565", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.3382", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34158", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34191", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34051", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34094", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34125", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34123", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.3408", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34057", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34092", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34045", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33672", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15237" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15237", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15237" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/roundcube/roundcubemail/issues/6891", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/roundcube/roundcubemail/issues/6891" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TFFMSO5WKEYSGMTZPZFF4ZADUJ57PRN5/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TFFMSO5WKEYSGMTZPZFF4ZADUJ57PRN5/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949629", "reference_id": "949629", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949629" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15237", "reference_id": "CVE-2019-15237", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15237" }, { "reference_url": "https://security.gentoo.org/glsa/202507-10", "reference_id": "GLSA-202507-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202507-10" }, { "reference_url": "https://usn.ubuntu.com/8223-1/", "reference_id": "USN-8223-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8223-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051746?format=api", "purl": "pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6" } ], "aliases": [ "CVE-2019-15237" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rdb5-bbvn-7fcq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/349556?format=api", "vulnerability_id": "VCID-ub6x-9dku-c7fk", "summary": "Roundcube Webmail: Insufficient CSS sanitization in HTML e-mail messages", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35540", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08833", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08902", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09441", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13135", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13187", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13224", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13255", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.1304", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13038", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.1437", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14426", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14453", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14425", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15738", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-35540" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35540", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35540" }, { "reference_url": "https://github.com/roundcube/roundcubemail", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/roundcube/roundcubemail" }, { "reference_url": "https://github.com/roundcube/roundcubemail/commit/27ec6cc9cb25e1ef8b4d4ef39ce76d619caa6870", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:31Z/" } ], "url": "https://github.com/roundcube/roundcubemail/commit/27ec6cc9cb25e1ef8b4d4ef39ce76d619caa6870" }, { "reference_url": "https://github.com/roundcube/roundcubemail/commit/579b68eff90650a5c782e153debd66c765648942", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:31Z/" } ], "url": "https://github.com/roundcube/roundcubemail/commit/579b68eff90650a5c782e153debd66c765648942" }, { "reference_url": "https://github.com/roundcube/roundcubemail/releases/tag/1.6.14", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:31Z/" } ], "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.6.14" }, { "reference_url": "https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:31Z/" } ], "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5" }, { "reference_url": "https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:31Z/" } ], "url": "https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182", "reference_id": "1131182", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35540", "reference_id": "CVE-2026-35540", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35540" }, { "reference_url": "https://github.com/advisories/GHSA-vxg2-hhgr-37fx", "reference_id": "GHSA-vxg2-hhgr-37fx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vxg2-hhgr-37fx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051746?format=api", "purl": "pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6" } ], "aliases": [ "CVE-2026-35540", "GHSA-vxg2-hhgr-37fx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ub6x-9dku-c7fk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64628?format=api", "vulnerability_id": "VCID-vtz8-zmp4-xbdh", "summary": "roundcubemail: Roundcube Webmail: Cascading Style Sheets (CSS) injection via mishandled comments", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26079.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26079.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-26079", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22382", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22386", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22368", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22423", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22465", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22443", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22307", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22389", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24417", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.2465", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24594", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24582", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24539", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25403", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25439", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-26079" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26079" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127447", "reference_id": "1127447", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127447" }, { "reference_url": "https://github.com/roundcube/roundcubemail/releases/tag/1.5.13", "reference_id": "1.5.13", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T16:05:48Z/" } ], "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.5.13" }, { "reference_url": "https://github.com/roundcube/roundcubemail/releases/tag/1.6.13", "reference_id": "1.6.13", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T16:05:48Z/" } ], "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.6.13" }, { "reference_url": "https://github.com/roundcube/roundcubemail/commit/1f4c3a5af5033747f9685a8a395dbd8228d19816", "reference_id": "1f4c3a5af5033747f9685a8a395dbd8228d19816", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T16:05:48Z/" } ], "url": "https://github.com/roundcube/roundcubemail/commit/1f4c3a5af5033747f9685a8a395dbd8228d19816" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438807", "reference_id": "2438807", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438807" }, { "reference_url": "https://github.com/roundcube/roundcubemail/commit/2b5625f1d2ef7e050fd1ae481b2a52dc35466447", "reference_id": "2b5625f1d2ef7e050fd1ae481b2a52dc35466447", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T16:05:48Z/" } ], "url": "https://github.com/roundcube/roundcubemail/commit/2b5625f1d2ef7e050fd1ae481b2a52dc35466447" }, { "reference_url": "https://github.com/roundcube/roundcubemail/commit/53d75d5dfebef235a344d476b900c20c12d52b01", "reference_id": "53d75d5dfebef235a344d476b900c20c12d52b01", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T16:05:48Z/" } ], "url": "https://github.com/roundcube/roundcubemail/commit/53d75d5dfebef235a344d476b900c20c12d52b01" }, { "reference_url": "https://github.com/roundcube/roundcubemail/commit/5a3315cce587e0be58335d11ff9a5571c90494a5", "reference_id": "5a3315cce587e0be58335d11ff9a5571c90494a5", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T16:05:48Z/" } ], "url": "https://github.com/roundcube/roundcubemail/commit/5a3315cce587e0be58335d11ff9a5571c90494a5" }, { "reference_url": "https://github.com/roundcube/roundcubemail/commit/bf89cbaa5897d8ad62e8057d9a3f6babb90b7954", "reference_id": "bf89cbaa5897d8ad62e8057d9a3f6babb90b7954", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T16:05:48Z/" } ], "url": "https://github.com/roundcube/roundcubemail/commit/bf89cbaa5897d8ad62e8057d9a3f6babb90b7954" }, { "reference_url": "https://github.com/roundcube/roundcubemail/commit/c15f5dbf093a497e19a749b20e7f8fb5a9c24cde", "reference_id": "c15f5dbf093a497e19a749b20e7f8fb5a9c24cde", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T16:05:48Z/" } ], "url": "https://github.com/roundcube/roundcubemail/commit/c15f5dbf093a497e19a749b20e7f8fb5a9c24cde" }, { "reference_url": "https://roundcube.net/news/2026/02/08/security-updates-1.6.13-and-1.5.13", "reference_id": "security-updates-1.6.13-and-1.5.13", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T16:05:48Z/" } ], "url": "https://roundcube.net/news/2026/02/08/security-updates-1.6.13-and-1.5.13" }, { "reference_url": "https://usn.ubuntu.com/8223-1/", "reference_id": "USN-8223-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8223-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051746?format=api", "purl": "pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6" } ], "aliases": [ "CVE-2026-26079" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vtz8-zmp4-xbdh" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90974?format=api", "vulnerability_id": "VCID-14vp-t71a-4bh1", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-46144", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01055", "scoring_system": "epss", "scoring_elements": "0.77528", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01055", "scoring_system": "epss", "scoring_elements": "0.77534", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01055", "scoring_system": "epss", "scoring_elements": "0.7756", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01055", "scoring_system": "epss", "scoring_elements": "0.77539", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01055", "scoring_system": "epss", "scoring_elements": "0.7757", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01055", "scoring_system": "epss", "scoring_elements": "0.77578", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01055", "scoring_system": "epss", "scoring_elements": "0.77604", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01055", "scoring_system": "epss", "scoring_elements": "0.77589", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01055", "scoring_system": "epss", "scoring_elements": "0.77588", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01055", "scoring_system": "epss", "scoring_elements": "0.77625", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01055", "scoring_system": "epss", "scoring_elements": "0.77623", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01055", "scoring_system": "epss", "scoring_elements": "0.77618", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01055", "scoring_system": "epss", "scoring_elements": "0.7765", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01055", "scoring_system": "epss", "scoring_elements": "0.77657", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01055", "scoring_system": "epss", "scoring_elements": "0.77672", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01055", "scoring_system": "epss", "scoring_elements": "0.77684", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-46144" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46144", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46144" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003027", "reference_id": "1003027", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003027" }, { "reference_url": "https://usn.ubuntu.com/USN-5182-1/", "reference_id": "USN-USN-5182-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5182-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037819?format=api", "purl": "pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14vp-t71a-4bh1" }, { "vulnerability": "VCID-2eyy-k49d-m3af" }, { "vulnerability": "VCID-2hap-9mqs-v3b8" }, { "vulnerability": "VCID-2k4q-26tk-j3gx" }, { "vulnerability": "VCID-2nb2-9vgp-tqg9" }, { "vulnerability": "VCID-36et-26h7-pke7" }, { "vulnerability": "VCID-3kyu-tx4q-p3aq" }, { "vulnerability": "VCID-4yzj-hrqv-vbcp" }, { "vulnerability": "VCID-5yts-xnha-4bf3" }, { "vulnerability": "VCID-79me-pjdn-ykgq" }, { "vulnerability": "VCID-7nn6-aywu-z7g8" }, { "vulnerability": "VCID-8vmm-1hvf-17ap" }, { "vulnerability": "VCID-8xf2-hjfv-hybh" }, { "vulnerability": "VCID-9der-5csu-nbbq" }, { "vulnerability": "VCID-9uv1-gqq7-3kc9" }, { "vulnerability": "VCID-cjkd-2jr6-n7as" }, { "vulnerability": "VCID-ck88-1urs-2kes" }, { "vulnerability": "VCID-cnkc-vcp7-6kcw" }, { "vulnerability": "VCID-ddfq-28qm-2fbn" }, { "vulnerability": "VCID-gh6k-19h8-fqbf" }, { "vulnerability": "VCID-hg1a-vx5c-hue3" }, { "vulnerability": "VCID-jck5-xymf-s3bh" }, { "vulnerability": "VCID-jqs5-8ct7-wfgk" }, { "vulnerability": "VCID-kyxz-v3sj-w3cw" }, { "vulnerability": "VCID-m4yc-ms54-zyhv" }, { "vulnerability": "VCID-ncbg-6m11-3qan" }, { "vulnerability": "VCID-qwak-6wgy-wfgs" }, { "vulnerability": "VCID-rc91-j3kf-zfch" }, { "vulnerability": "VCID-s6p1-rf35-euhy" }, { "vulnerability": "VCID-u8a4-4pe2-9kcb" }, { "vulnerability": "VCID-ub6x-9dku-c7fk" }, { "vulnerability": "VCID-vehj-ytsm-kqgz" }, { "vulnerability": "VCID-vtz8-zmp4-xbdh" }, { "vulnerability": "VCID-x9j7-98zt-6ygt" }, { "vulnerability": "VCID-xssa-fwbx-kybq" }, { "vulnerability": "VCID-ybv7-hqmj-nbgr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1050285?format=api", "purl": "pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2hap-9mqs-v3b8" }, { "vulnerability": "VCID-2nb2-9vgp-tqg9" }, { "vulnerability": "VCID-3kyu-tx4q-p3aq" }, { "vulnerability": "VCID-4yzj-hrqv-vbcp" }, { "vulnerability": "VCID-5yts-xnha-4bf3" }, { "vulnerability": "VCID-8vmm-1hvf-17ap" }, { "vulnerability": "VCID-8xf2-hjfv-hybh" }, { "vulnerability": "VCID-9uv1-gqq7-3kc9" }, { "vulnerability": "VCID-ck88-1urs-2kes" }, { "vulnerability": "VCID-ddfq-28qm-2fbn" }, { "vulnerability": "VCID-gh6k-19h8-fqbf" }, { "vulnerability": "VCID-rdb5-bbvn-7fcq" }, { "vulnerability": "VCID-ub6x-9dku-c7fk" }, { "vulnerability": "VCID-vtz8-zmp4-xbdh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4" } ], "aliases": [ "CVE-2021-46144" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-14vp-t71a-4bh1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50016?format=api", "vulnerability_id": "VCID-2eyy-k49d-m3af", "summary": "Multiple vulnerabilities have been discovered in Roundcube, the worst of which could lead to execution of arbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44026", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.64041", "scoring_system": "epss", "scoring_elements": "0.98426", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.64041", "scoring_system": "epss", "scoring_elements": "0.98422", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.64041", "scoring_system": "epss", "scoring_elements": "0.9842", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.64041", "scoring_system": "epss", "scoring_elements": "0.9844", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.64041", "scoring_system": "epss", "scoring_elements": "0.98436", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.64041", "scoring_system": "epss", "scoring_elements": "0.98432", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.64041", "scoring_system": "epss", "scoring_elements": "0.98431", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.64041", "scoring_system": "epss", "scoring_elements": "0.98428", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.72527", "scoring_system": "epss", "scoring_elements": "0.98783", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.72527", "scoring_system": "epss", "scoring_elements": "0.98772", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.72527", "scoring_system": "epss", "scoring_elements": "0.98773", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.72527", "scoring_system": "epss", "scoring_elements": "0.98777", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.72527", "scoring_system": "epss", "scoring_elements": "0.98778", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.72527", "scoring_system": "epss", "scoring_elements": "0.98779", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44026" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44025", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44025" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44026", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44026" }, { "reference_url": "https://bugs.debian.org/1000156", "reference_id": "1000156", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:33:07Z/" } ], "url": "https://bugs.debian.org/1000156" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000156", "reference_id": "1000156", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000156" }, { "reference_url": "https://github.com/roundcube/roundcubemail/commit/c8947ecb762d9e89c2091bda28d49002817263f1", "reference_id": "c8947ecb762d9e89c2091bda28d49002817263f1", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:33:07Z/" } ], "url": "https://github.com/roundcube/roundcubemail/commit/c8947ecb762d9e89c2091bda28d49002817263f1" }, { "reference_url": "https://www.debian.org/security/2021/dsa-5013", "reference_id": "dsa-5013", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:33:07Z/" } ], "url": "https://www.debian.org/security/2021/dsa-5013" }, { "reference_url": "https://github.com/roundcube/roundcubemail/commit/ee809bde2dcaa04857a919397808a7296681dcfa", "reference_id": "ee809bde2dcaa04857a919397808a7296681dcfa", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:33:07Z/" } ], "url": "https://github.com/roundcube/roundcubemail/commit/ee809bde2dcaa04857a919397808a7296681dcfa" }, { "reference_url": "https://security.gentoo.org/glsa/202507-10", "reference_id": "GLSA-202507-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202507-10" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00004.html", "reference_id": "msg00004.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:33:07Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00004.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDVGIZMQJ5IOM47Y3SAAJRN5VPANKTKO/", "reference_id": "NDVGIZMQJ5IOM47Y3SAAJRN5VPANKTKO", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:33:07Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDVGIZMQJ5IOM47Y3SAAJRN5VPANKTKO/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TP3Y5RXTUUOUODNG7HFEKWYNIPIT2NL4/", "reference_id": "TP3Y5RXTUUOUODNG7HFEKWYNIPIT2NL4", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:33:07Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TP3Y5RXTUUOUODNG7HFEKWYNIPIT2NL4/" }, { "reference_url": "https://usn.ubuntu.com/USN-5182-1/", "reference_id": "USN-USN-5182-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5182-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037819?format=api", "purl": "pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14vp-t71a-4bh1" }, { "vulnerability": "VCID-2eyy-k49d-m3af" }, { "vulnerability": "VCID-2hap-9mqs-v3b8" }, { "vulnerability": "VCID-2k4q-26tk-j3gx" }, { "vulnerability": "VCID-2nb2-9vgp-tqg9" }, { "vulnerability": "VCID-36et-26h7-pke7" }, { "vulnerability": "VCID-3kyu-tx4q-p3aq" }, { "vulnerability": "VCID-4yzj-hrqv-vbcp" }, { "vulnerability": "VCID-5yts-xnha-4bf3" }, { "vulnerability": "VCID-79me-pjdn-ykgq" }, { "vulnerability": "VCID-7nn6-aywu-z7g8" }, { "vulnerability": "VCID-8vmm-1hvf-17ap" }, { "vulnerability": "VCID-8xf2-hjfv-hybh" }, { "vulnerability": "VCID-9der-5csu-nbbq" }, { "vulnerability": "VCID-9uv1-gqq7-3kc9" }, { "vulnerability": "VCID-cjkd-2jr6-n7as" }, { "vulnerability": "VCID-ck88-1urs-2kes" }, { "vulnerability": "VCID-cnkc-vcp7-6kcw" }, { "vulnerability": "VCID-ddfq-28qm-2fbn" }, { "vulnerability": "VCID-gh6k-19h8-fqbf" }, { "vulnerability": "VCID-hg1a-vx5c-hue3" }, { "vulnerability": "VCID-jck5-xymf-s3bh" }, { "vulnerability": "VCID-jqs5-8ct7-wfgk" }, { "vulnerability": "VCID-kyxz-v3sj-w3cw" }, { "vulnerability": "VCID-m4yc-ms54-zyhv" }, { "vulnerability": "VCID-ncbg-6m11-3qan" }, { "vulnerability": "VCID-qwak-6wgy-wfgs" }, { "vulnerability": "VCID-rc91-j3kf-zfch" }, { "vulnerability": "VCID-s6p1-rf35-euhy" }, { "vulnerability": "VCID-u8a4-4pe2-9kcb" }, { "vulnerability": "VCID-ub6x-9dku-c7fk" }, { "vulnerability": "VCID-vehj-ytsm-kqgz" }, { "vulnerability": "VCID-vtz8-zmp4-xbdh" }, { "vulnerability": "VCID-x9j7-98zt-6ygt" }, { "vulnerability": "VCID-xssa-fwbx-kybq" }, { "vulnerability": "VCID-ybv7-hqmj-nbgr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1050285?format=api", "purl": "pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2hap-9mqs-v3b8" }, { "vulnerability": "VCID-2nb2-9vgp-tqg9" }, { "vulnerability": "VCID-3kyu-tx4q-p3aq" }, { "vulnerability": "VCID-4yzj-hrqv-vbcp" }, { "vulnerability": "VCID-5yts-xnha-4bf3" }, { "vulnerability": "VCID-8vmm-1hvf-17ap" }, { "vulnerability": "VCID-8xf2-hjfv-hybh" }, { "vulnerability": "VCID-9uv1-gqq7-3kc9" }, { "vulnerability": "VCID-ck88-1urs-2kes" }, { "vulnerability": "VCID-ddfq-28qm-2fbn" }, { "vulnerability": "VCID-gh6k-19h8-fqbf" }, { "vulnerability": "VCID-rdb5-bbvn-7fcq" }, { "vulnerability": "VCID-ub6x-9dku-c7fk" }, { "vulnerability": "VCID-vtz8-zmp4-xbdh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4" } ], "aliases": [ "CVE-2021-44026" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2eyy-k49d-m3af" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96173?format=api", "vulnerability_id": "VCID-2k4q-26tk-j3gx", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-42010", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.14764", "scoring_system": "epss", "scoring_elements": "0.94524", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.14764", "scoring_system": "epss", "scoring_elements": "0.94476", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.14764", "scoring_system": "epss", "scoring_elements": "0.94486", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.14764", "scoring_system": "epss", "scoring_elements": "0.94489", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.14764", "scoring_system": "epss", "scoring_elements": "0.94493", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.14764", "scoring_system": "epss", "scoring_elements": "0.94495", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.14764", "scoring_system": "epss", "scoring_elements": "0.94509", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.14764", "scoring_system": "epss", "scoring_elements": "0.94513", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.14764", "scoring_system": "epss", "scoring_elements": "0.94518", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.14764", "scoring_system": "epss", "scoring_elements": "0.94519", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.14764", "scoring_system": "epss", "scoring_elements": "0.94517", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.14764", "scoring_system": "epss", "scoring_elements": "0.94467", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.14764", "scoring_system": "epss", "scoring_elements": "0.94474", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-42010" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42008", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42008" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42009", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42009" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42010", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42010" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077969", "reference_id": "1077969", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077969" }, { "reference_url": "https://github.com/roundcube/roundcubemail/releases/tag/1.5.8", "reference_id": "1.5.8", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-06T14:03:28Z/" } ], "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.5.8" }, { "reference_url": "https://github.com/roundcube/roundcubemail/releases/tag/1.6.8", "reference_id": "1.6.8", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-06T14:03:28Z/" } ], "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.6.8" }, { "reference_url": "https://sonarsource.com/blog/government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail/", "reference_id": "government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-06T14:03:28Z/" } ], "url": "https://sonarsource.com/blog/government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail/" }, { "reference_url": "https://github.com/roundcube/roundcubemail/releases", "reference_id": "releases", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-06T14:03:28Z/" } ], "url": "https://github.com/roundcube/roundcubemail/releases" }, { "reference_url": "https://roundcube.net/news/2024/08/04/security-updates-1.6.8-and-1.5.8", "reference_id": "security-updates-1.6.8-and-1.5.8", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-06T14:03:28Z/" } ], "url": "https://roundcube.net/news/2024/08/04/security-updates-1.6.8-and-1.5.8" }, { "reference_url": "https://usn.ubuntu.com/8223-1/", "reference_id": "USN-8223-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8223-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050285?format=api", "purl": "pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2hap-9mqs-v3b8" }, { "vulnerability": "VCID-2nb2-9vgp-tqg9" }, { "vulnerability": "VCID-3kyu-tx4q-p3aq" }, { "vulnerability": "VCID-4yzj-hrqv-vbcp" }, { "vulnerability": "VCID-5yts-xnha-4bf3" }, { "vulnerability": "VCID-8vmm-1hvf-17ap" }, { "vulnerability": "VCID-8xf2-hjfv-hybh" }, { "vulnerability": "VCID-9uv1-gqq7-3kc9" }, { "vulnerability": "VCID-ck88-1urs-2kes" }, { "vulnerability": "VCID-ddfq-28qm-2fbn" }, { "vulnerability": "VCID-gh6k-19h8-fqbf" }, { "vulnerability": "VCID-rdb5-bbvn-7fcq" }, { "vulnerability": "VCID-ub6x-9dku-c7fk" }, { "vulnerability": "VCID-vtz8-zmp4-xbdh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4" } ], "aliases": [ "CVE-2024-42010" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2k4q-26tk-j3gx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96171?format=api", "vulnerability_id": "VCID-36et-26h7-pke7", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-42008", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.51532", "scoring_system": "epss", "scoring_elements": "0.97907", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.57251", "scoring_system": "epss", "scoring_elements": "0.98141", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.57251", "scoring_system": "epss", "scoring_elements": "0.98136", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.57251", "scoring_system": "epss", "scoring_elements": "0.98139", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.57251", "scoring_system": "epss", "scoring_elements": "0.98145", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.57251", "scoring_system": "epss", "scoring_elements": "0.98146", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.57251", "scoring_system": "epss", "scoring_elements": "0.98149", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.57251", "scoring_system": "epss", "scoring_elements": "0.9815", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.57251", "scoring_system": "epss", "scoring_elements": "0.98156", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.57251", "scoring_system": "epss", "scoring_elements": "0.98154", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.57251", "scoring_system": "epss", "scoring_elements": "0.98155", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.57251", "scoring_system": "epss", "scoring_elements": "0.98158", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.57251", "scoring_system": "epss", "scoring_elements": "0.98159", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.58573", "scoring_system": "epss", "scoring_elements": "0.98218", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-42008" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42008", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42008" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42009", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42009" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42010", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42010" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077969", "reference_id": "1077969", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077969" }, { "reference_url": "https://github.com/roundcube/roundcubemail/releases/tag/1.5.8", "reference_id": "1.5.8", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-07T19:56:10Z/" } ], "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.5.8" }, { "reference_url": "https://github.com/roundcube/roundcubemail/releases/tag/1.6.8", "reference_id": "1.6.8", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-07T19:56:10Z/" } ], "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.6.8" }, { "reference_url": "https://sonarsource.com/blog/government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail/", "reference_id": "government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-07T19:56:10Z/" } ], "url": "https://sonarsource.com/blog/government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail/" }, { "reference_url": "https://github.com/roundcube/roundcubemail/releases", "reference_id": "releases", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-07T19:56:10Z/" } ], "url": "https://github.com/roundcube/roundcubemail/releases" }, { "reference_url": "https://roundcube.net/news/2024/08/04/security-updates-1.6.8-and-1.5.8", "reference_id": "security-updates-1.6.8-and-1.5.8", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-07T19:56:10Z/" } ], "url": "https://roundcube.net/news/2024/08/04/security-updates-1.6.8-and-1.5.8" }, { "reference_url": "https://usn.ubuntu.com/8223-1/", "reference_id": "USN-8223-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8223-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050285?format=api", "purl": "pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2hap-9mqs-v3b8" }, { "vulnerability": "VCID-2nb2-9vgp-tqg9" }, { "vulnerability": "VCID-3kyu-tx4q-p3aq" }, { "vulnerability": "VCID-4yzj-hrqv-vbcp" }, { "vulnerability": "VCID-5yts-xnha-4bf3" }, { "vulnerability": "VCID-8vmm-1hvf-17ap" }, { "vulnerability": "VCID-8xf2-hjfv-hybh" }, { "vulnerability": "VCID-9uv1-gqq7-3kc9" }, { "vulnerability": "VCID-ck88-1urs-2kes" }, { "vulnerability": "VCID-ddfq-28qm-2fbn" }, { "vulnerability": "VCID-gh6k-19h8-fqbf" }, { "vulnerability": "VCID-rdb5-bbvn-7fcq" }, { "vulnerability": "VCID-ub6x-9dku-c7fk" }, { "vulnerability": "VCID-vtz8-zmp4-xbdh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4" } ], "aliases": [ "CVE-2024-42008" ], "risk_score": 4.2, "exploitability": "0.5", "weighted_severity": "8.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-36et-26h7-pke7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62469?format=api", "vulnerability_id": "VCID-79me-pjdn-ykgq", "summary": "A flaw in Roundcube's handling of configuration files may allow\n arbitrary code execution, amongst other vulnerabilities.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12640", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.22659", "scoring_system": "epss", "scoring_elements": "0.95822", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.22659", "scoring_system": "epss", "scoring_elements": "0.95831", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.22659", "scoring_system": "epss", "scoring_elements": "0.95839", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.22659", "scoring_system": "epss", "scoring_elements": "0.95842", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.22659", "scoring_system": "epss", "scoring_elements": "0.9585", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.22659", "scoring_system": "epss", "scoring_elements": "0.95854", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.22659", "scoring_system": "epss", "scoring_elements": "0.95857", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.22659", "scoring_system": "epss", "scoring_elements": "0.95856", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.22659", "scoring_system": "epss", "scoring_elements": "0.95858", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.22659", "scoring_system": "epss", "scoring_elements": "0.95869", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.22659", "scoring_system": "epss", "scoring_elements": "0.95875", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.22659", "scoring_system": "epss", "scoring_elements": "0.95877", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.22659", "scoring_system": "epss", "scoring_elements": "0.95879", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.22659", "scoring_system": "epss", "scoring_elements": "0.95891", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12640" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12640", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12640" }, { "reference_url": "https://security.gentoo.org/glsa/202007-41", "reference_id": "GLSA-202007-41", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202007-41" }, { "reference_url": "https://usn.ubuntu.com/USN-5182-1/", "reference_id": "USN-USN-5182-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5182-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050285?format=api", "purl": "pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2hap-9mqs-v3b8" }, { "vulnerability": "VCID-2nb2-9vgp-tqg9" }, { "vulnerability": "VCID-3kyu-tx4q-p3aq" }, { "vulnerability": "VCID-4yzj-hrqv-vbcp" }, { "vulnerability": "VCID-5yts-xnha-4bf3" }, { "vulnerability": "VCID-8vmm-1hvf-17ap" }, { "vulnerability": "VCID-8xf2-hjfv-hybh" }, { "vulnerability": "VCID-9uv1-gqq7-3kc9" }, { "vulnerability": "VCID-ck88-1urs-2kes" }, { "vulnerability": "VCID-ddfq-28qm-2fbn" }, { "vulnerability": "VCID-gh6k-19h8-fqbf" }, { "vulnerability": "VCID-rdb5-bbvn-7fcq" }, { "vulnerability": "VCID-ub6x-9dku-c7fk" }, { "vulnerability": "VCID-vtz8-zmp4-xbdh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4" } ], "aliases": [ "CVE-2020-12640" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-79me-pjdn-ykgq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79759?format=api", "vulnerability_id": "VCID-7nn6-aywu-z7g8", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13964", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00872", "scoring_system": "epss", "scoring_elements": "0.75174", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00872", "scoring_system": "epss", "scoring_elements": "0.75177", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00872", "scoring_system": "epss", "scoring_elements": "0.75208", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00872", "scoring_system": "epss", "scoring_elements": "0.75184", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00872", "scoring_system": "epss", "scoring_elements": "0.75219", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00872", "scoring_system": "epss", "scoring_elements": "0.75231", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00872", "scoring_system": "epss", "scoring_elements": "0.75252", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00872", "scoring_system": "epss", "scoring_elements": "0.75229", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00872", "scoring_system": "epss", "scoring_elements": "0.75218", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00872", "scoring_system": "epss", "scoring_elements": "0.75256", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00872", "scoring_system": "epss", "scoring_elements": "0.75263", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00872", "scoring_system": "epss", "scoring_elements": "0.75254", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00872", "scoring_system": "epss", "scoring_elements": "0.7529", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00872", "scoring_system": "epss", "scoring_elements": "0.75293", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00872", "scoring_system": "epss", "scoring_elements": "0.75297", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00872", "scoring_system": "epss", "scoring_elements": "0.75306", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13964" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13964", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13964" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13965", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13965" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962123", "reference_id": "962123", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962123" }, { "reference_url": "https://usn.ubuntu.com/USN-5182-1/", "reference_id": "USN-USN-5182-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5182-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037223?format=api", "purl": "pkg:deb/debian/roundcube@1.2.3%2Bdfsg.1-4%2Bdeb9u6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14vp-t71a-4bh1" }, { "vulnerability": "VCID-2eyy-k49d-m3af" }, { "vulnerability": "VCID-2hap-9mqs-v3b8" }, { "vulnerability": "VCID-2k4q-26tk-j3gx" }, { "vulnerability": "VCID-2nb2-9vgp-tqg9" }, { "vulnerability": "VCID-36et-26h7-pke7" }, { "vulnerability": "VCID-3kyu-tx4q-p3aq" }, { "vulnerability": "VCID-4yzj-hrqv-vbcp" }, { "vulnerability": "VCID-5yts-xnha-4bf3" }, { "vulnerability": "VCID-79me-pjdn-ykgq" }, { "vulnerability": "VCID-7nn6-aywu-z7g8" }, { "vulnerability": "VCID-8vmm-1hvf-17ap" }, { "vulnerability": "VCID-8xf2-hjfv-hybh" }, { "vulnerability": "VCID-9der-5csu-nbbq" }, { "vulnerability": "VCID-9ktu-55q4-3kau" }, { "vulnerability": "VCID-9uv1-gqq7-3kc9" }, { "vulnerability": "VCID-cjkd-2jr6-n7as" }, { "vulnerability": "VCID-ck88-1urs-2kes" }, { "vulnerability": "VCID-cnkc-vcp7-6kcw" }, { "vulnerability": "VCID-ddfq-28qm-2fbn" }, { "vulnerability": "VCID-fuh5-bwaq-yyfk" }, { "vulnerability": "VCID-gh6k-19h8-fqbf" }, { "vulnerability": "VCID-hg1a-vx5c-hue3" }, { "vulnerability": "VCID-j29t-cw2h-mfd8" }, { "vulnerability": "VCID-jck5-xymf-s3bh" }, { "vulnerability": "VCID-jqs5-8ct7-wfgk" }, { "vulnerability": "VCID-kyxz-v3sj-w3cw" }, { "vulnerability": "VCID-m4yc-ms54-zyhv" }, { "vulnerability": "VCID-ncbg-6m11-3qan" }, { "vulnerability": "VCID-qwak-6wgy-wfgs" }, { "vulnerability": "VCID-rc91-j3kf-zfch" }, { "vulnerability": "VCID-s6p1-rf35-euhy" }, { "vulnerability": "VCID-ts1p-pw9v-cbh3" }, { "vulnerability": "VCID-u8a4-4pe2-9kcb" }, { "vulnerability": "VCID-ub6x-9dku-c7fk" }, { "vulnerability": "VCID-ur1a-7tdn-h3hu" }, { "vulnerability": "VCID-vehj-ytsm-kqgz" }, { "vulnerability": "VCID-vtz8-zmp4-xbdh" }, { "vulnerability": "VCID-x9j7-98zt-6ygt" }, { "vulnerability": "VCID-xssa-fwbx-kybq" }, { "vulnerability": "VCID-ybv7-hqmj-nbgr" }, { "vulnerability": "VCID-z3kp-p8ch-myhz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.2.3%252Bdfsg.1-4%252Bdeb9u6" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037819?format=api", "purl": "pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14vp-t71a-4bh1" }, { "vulnerability": "VCID-2eyy-k49d-m3af" }, { "vulnerability": "VCID-2hap-9mqs-v3b8" }, { "vulnerability": "VCID-2k4q-26tk-j3gx" }, { "vulnerability": "VCID-2nb2-9vgp-tqg9" }, { "vulnerability": "VCID-36et-26h7-pke7" }, { "vulnerability": "VCID-3kyu-tx4q-p3aq" }, { "vulnerability": "VCID-4yzj-hrqv-vbcp" }, { "vulnerability": "VCID-5yts-xnha-4bf3" }, { "vulnerability": "VCID-79me-pjdn-ykgq" }, { "vulnerability": "VCID-7nn6-aywu-z7g8" }, { "vulnerability": "VCID-8vmm-1hvf-17ap" }, { "vulnerability": "VCID-8xf2-hjfv-hybh" }, { "vulnerability": "VCID-9der-5csu-nbbq" }, { "vulnerability": "VCID-9uv1-gqq7-3kc9" }, { "vulnerability": "VCID-cjkd-2jr6-n7as" }, { "vulnerability": "VCID-ck88-1urs-2kes" }, { "vulnerability": "VCID-cnkc-vcp7-6kcw" }, { "vulnerability": "VCID-ddfq-28qm-2fbn" }, { "vulnerability": "VCID-gh6k-19h8-fqbf" }, { "vulnerability": "VCID-hg1a-vx5c-hue3" }, { "vulnerability": "VCID-jck5-xymf-s3bh" }, { "vulnerability": "VCID-jqs5-8ct7-wfgk" }, { "vulnerability": "VCID-kyxz-v3sj-w3cw" }, { "vulnerability": "VCID-m4yc-ms54-zyhv" }, { "vulnerability": "VCID-ncbg-6m11-3qan" }, { "vulnerability": "VCID-qwak-6wgy-wfgs" }, { "vulnerability": "VCID-rc91-j3kf-zfch" }, { "vulnerability": "VCID-s6p1-rf35-euhy" }, { "vulnerability": "VCID-u8a4-4pe2-9kcb" }, { "vulnerability": "VCID-ub6x-9dku-c7fk" }, { "vulnerability": "VCID-vehj-ytsm-kqgz" }, { "vulnerability": "VCID-vtz8-zmp4-xbdh" }, { "vulnerability": "VCID-x9j7-98zt-6ygt" }, { "vulnerability": "VCID-xssa-fwbx-kybq" }, { "vulnerability": "VCID-ybv7-hqmj-nbgr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1050285?format=api", "purl": "pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2hap-9mqs-v3b8" }, { "vulnerability": "VCID-2nb2-9vgp-tqg9" }, { "vulnerability": "VCID-3kyu-tx4q-p3aq" }, { "vulnerability": "VCID-4yzj-hrqv-vbcp" }, { "vulnerability": "VCID-5yts-xnha-4bf3" }, { "vulnerability": "VCID-8vmm-1hvf-17ap" }, { "vulnerability": "VCID-8xf2-hjfv-hybh" }, { "vulnerability": "VCID-9uv1-gqq7-3kc9" }, { "vulnerability": "VCID-ck88-1urs-2kes" }, { "vulnerability": "VCID-ddfq-28qm-2fbn" }, { "vulnerability": "VCID-gh6k-19h8-fqbf" }, { "vulnerability": "VCID-rdb5-bbvn-7fcq" }, { "vulnerability": "VCID-ub6x-9dku-c7fk" }, { "vulnerability": "VCID-vtz8-zmp4-xbdh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4" } ], "aliases": [ "CVE-2020-13964" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7nn6-aywu-z7g8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96172?format=api", "vulnerability_id": "VCID-9der-5csu-nbbq", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-42009", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.91163", "scoring_system": "epss", "scoring_elements": "0.99652", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.91163", "scoring_system": "epss", "scoring_elements": "0.99655", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.91163", "scoring_system": "epss", "scoring_elements": "0.99654", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.91163", "scoring_system": "epss", "scoring_elements": "0.99653", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.91411", "scoring_system": "epss", "scoring_elements": "0.99658", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.91411", "scoring_system": "epss", "scoring_elements": "0.99657", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.91411", "scoring_system": "epss", "scoring_elements": "0.9966", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.91411", "scoring_system": "epss", "scoring_elements": "0.99661", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.91411", "scoring_system": "epss", "scoring_elements": "0.99662", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.91411", "scoring_system": "epss", "scoring_elements": "0.99663", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.91411", "scoring_system": "epss", "scoring_elements": "0.99664", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.91411", "scoring_system": "epss", "scoring_elements": "0.99665", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.91411", "scoring_system": "epss", "scoring_elements": "0.99666", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-42009" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42008", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42008" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42009", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42009" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42010", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42010" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077969", "reference_id": "1077969", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077969" }, { "reference_url": "https://github.com/roundcube/roundcubemail/releases/tag/1.5.8", "reference_id": "1.5.8", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-08-20T03:56:09Z/" } ], "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.5.8" }, { "reference_url": "https://github.com/roundcube/roundcubemail/releases/tag/1.6.8", "reference_id": "1.6.8", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-08-20T03:56:09Z/" } ], "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.6.8" }, { "reference_url": "https://sonarsource.com/blog/government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail/", "reference_id": "government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-08-20T03:56:09Z/" } ], "url": "https://sonarsource.com/blog/government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail/" }, { "reference_url": "https://github.com/roundcube/roundcubemail/releases", "reference_id": "releases", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-08-20T03:56:09Z/" } ], "url": "https://github.com/roundcube/roundcubemail/releases" }, { "reference_url": "https://roundcube.net/news/2024/08/04/security-updates-1.6.8-and-1.5.8", "reference_id": "security-updates-1.6.8-and-1.5.8", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-08-20T03:56:09Z/" } ], "url": "https://roundcube.net/news/2024/08/04/security-updates-1.6.8-and-1.5.8" }, { "reference_url": "https://usn.ubuntu.com/7636-1/", "reference_id": "USN-7636-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7636-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050285?format=api", "purl": "pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2hap-9mqs-v3b8" }, { "vulnerability": "VCID-2nb2-9vgp-tqg9" }, { "vulnerability": "VCID-3kyu-tx4q-p3aq" }, { "vulnerability": "VCID-4yzj-hrqv-vbcp" }, { "vulnerability": "VCID-5yts-xnha-4bf3" }, { "vulnerability": "VCID-8vmm-1hvf-17ap" }, { "vulnerability": "VCID-8xf2-hjfv-hybh" }, { "vulnerability": "VCID-9uv1-gqq7-3kc9" }, { "vulnerability": "VCID-ck88-1urs-2kes" }, { "vulnerability": "VCID-ddfq-28qm-2fbn" }, { "vulnerability": "VCID-gh6k-19h8-fqbf" }, { "vulnerability": "VCID-rdb5-bbvn-7fcq" }, { "vulnerability": "VCID-ub6x-9dku-c7fk" }, { "vulnerability": "VCID-vtz8-zmp4-xbdh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4" } ], "aliases": [ "CVE-2024-42009" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9der-5csu-nbbq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75373?format=api", "vulnerability_id": "VCID-cjkd-2jr6-n7as", "summary": "roundcubemail: allows XSS via SVG animate attributes", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-37383.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-37383.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-37383", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.64028", "scoring_system": "epss", "scoring_elements": "0.98431", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.64028", "scoring_system": "epss", "scoring_elements": "0.98446", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.64028", "scoring_system": "epss", "scoring_elements": "0.98442", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.64028", "scoring_system": "epss", "scoring_elements": "0.98441", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.64028", "scoring_system": "epss", "scoring_elements": "0.98438", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.64028", "scoring_system": "epss", "scoring_elements": "0.98439", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.64028", "scoring_system": "epss", "scoring_elements": "0.98435", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.64519", "scoring_system": "epss", "scoring_elements": "0.98444", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.64519", "scoring_system": "epss", "scoring_elements": "0.98441", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.64519", "scoring_system": "epss", "scoring_elements": "0.98446", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.64519", "scoring_system": "epss", "scoring_elements": "0.9845", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-37383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37384", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37384" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071474", "reference_id": "1071474", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071474" }, { "reference_url": "https://github.com/roundcube/roundcubemail/releases/tag/1.5.7", "reference_id": "1.5.7", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-25T18:32:17Z/" } ], "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.5.7" }, { "reference_url": "https://github.com/roundcube/roundcubemail/releases/tag/1.6.7", "reference_id": "1.6.7", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-25T18:32:17Z/" } ], "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.6.7" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2290826", "reference_id": "2290826", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2290826" }, { "reference_url": "https://github.com/roundcube/roundcubemail/commit/43aaaa528646877789ec028d87924ba1accf5242", "reference_id": "43aaaa528646877789ec028d87924ba1accf5242", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-25T18:32:17Z/" } ], "url": "https://github.com/roundcube/roundcubemail/commit/43aaaa528646877789ec028d87924ba1accf5242" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52173.txt", "reference_id": "CVE-2024-37383", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52173.txt" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00008.html", "reference_id": "msg00008.html", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-25T18:32:17Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00008.html" }, { "reference_url": "https://usn.ubuntu.com/6848-1/", "reference_id": "USN-6848-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6848-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050285?format=api", "purl": "pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2hap-9mqs-v3b8" }, { "vulnerability": "VCID-2nb2-9vgp-tqg9" }, { "vulnerability": "VCID-3kyu-tx4q-p3aq" }, { "vulnerability": "VCID-4yzj-hrqv-vbcp" }, { "vulnerability": "VCID-5yts-xnha-4bf3" }, { "vulnerability": "VCID-8vmm-1hvf-17ap" }, { "vulnerability": "VCID-8xf2-hjfv-hybh" }, { "vulnerability": "VCID-9uv1-gqq7-3kc9" }, { "vulnerability": "VCID-ck88-1urs-2kes" }, { "vulnerability": "VCID-ddfq-28qm-2fbn" }, { "vulnerability": "VCID-gh6k-19h8-fqbf" }, { "vulnerability": "VCID-rdb5-bbvn-7fcq" }, { "vulnerability": "VCID-ub6x-9dku-c7fk" }, { "vulnerability": "VCID-vtz8-zmp4-xbdh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4" } ], "aliases": [ "CVE-2024-37383" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cjkd-2jr6-n7as" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62468?format=api", "vulnerability_id": "VCID-cnkc-vcp7-6kcw", "summary": "A flaw in Roundcube's handling of configuration files may allow\n arbitrary code execution, amongst other vulnerabilities.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12626", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01288", "scoring_system": "epss", "scoring_elements": "0.79589", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01288", "scoring_system": "epss", "scoring_elements": "0.79596", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01288", "scoring_system": "epss", "scoring_elements": "0.79618", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01288", "scoring_system": "epss", "scoring_elements": "0.79605", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01288", "scoring_system": "epss", "scoring_elements": "0.79634", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01288", "scoring_system": "epss", "scoring_elements": "0.79642", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01288", "scoring_system": "epss", "scoring_elements": "0.79662", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01288", "scoring_system": "epss", "scoring_elements": "0.79647", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01288", "scoring_system": "epss", "scoring_elements": "0.79639", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01288", "scoring_system": "epss", "scoring_elements": "0.7967", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01288", "scoring_system": "epss", "scoring_elements": "0.79669", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01288", "scoring_system": "epss", "scoring_elements": "0.79673", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01288", "scoring_system": "epss", "scoring_elements": "0.79704", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01288", "scoring_system": "epss", "scoring_elements": "0.79711", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01288", "scoring_system": "epss", "scoring_elements": "0.79726", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01288", "scoring_system": "epss", "scoring_elements": "0.79741", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12626" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12625", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12625" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12626", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12626" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959142", "reference_id": "959142", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959142" }, { "reference_url": "https://security.gentoo.org/glsa/202007-41", "reference_id": "GLSA-202007-41", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202007-41" }, { "reference_url": "https://usn.ubuntu.com/USN-5182-1/", "reference_id": "USN-USN-5182-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5182-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037223?format=api", "purl": "pkg:deb/debian/roundcube@1.2.3%2Bdfsg.1-4%2Bdeb9u6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14vp-t71a-4bh1" }, { "vulnerability": "VCID-2eyy-k49d-m3af" }, { "vulnerability": "VCID-2hap-9mqs-v3b8" }, { "vulnerability": "VCID-2k4q-26tk-j3gx" }, { "vulnerability": "VCID-2nb2-9vgp-tqg9" }, { "vulnerability": "VCID-36et-26h7-pke7" }, { "vulnerability": "VCID-3kyu-tx4q-p3aq" }, { "vulnerability": "VCID-4yzj-hrqv-vbcp" }, { "vulnerability": "VCID-5yts-xnha-4bf3" }, { "vulnerability": "VCID-79me-pjdn-ykgq" }, { "vulnerability": "VCID-7nn6-aywu-z7g8" }, { "vulnerability": "VCID-8vmm-1hvf-17ap" }, { "vulnerability": "VCID-8xf2-hjfv-hybh" }, { "vulnerability": "VCID-9der-5csu-nbbq" }, { "vulnerability": "VCID-9ktu-55q4-3kau" }, { "vulnerability": "VCID-9uv1-gqq7-3kc9" }, { "vulnerability": "VCID-cjkd-2jr6-n7as" }, { "vulnerability": "VCID-ck88-1urs-2kes" }, { "vulnerability": "VCID-cnkc-vcp7-6kcw" }, { "vulnerability": "VCID-ddfq-28qm-2fbn" }, { "vulnerability": "VCID-fuh5-bwaq-yyfk" }, { "vulnerability": "VCID-gh6k-19h8-fqbf" }, { "vulnerability": "VCID-hg1a-vx5c-hue3" }, { "vulnerability": "VCID-j29t-cw2h-mfd8" }, { "vulnerability": "VCID-jck5-xymf-s3bh" }, { "vulnerability": "VCID-jqs5-8ct7-wfgk" }, { "vulnerability": "VCID-kyxz-v3sj-w3cw" }, { "vulnerability": "VCID-m4yc-ms54-zyhv" }, { "vulnerability": "VCID-ncbg-6m11-3qan" }, { "vulnerability": "VCID-qwak-6wgy-wfgs" }, { "vulnerability": "VCID-rc91-j3kf-zfch" }, { "vulnerability": "VCID-s6p1-rf35-euhy" }, { "vulnerability": "VCID-ts1p-pw9v-cbh3" }, { "vulnerability": "VCID-u8a4-4pe2-9kcb" }, { "vulnerability": "VCID-ub6x-9dku-c7fk" }, { "vulnerability": "VCID-ur1a-7tdn-h3hu" }, { "vulnerability": "VCID-vehj-ytsm-kqgz" }, { "vulnerability": "VCID-vtz8-zmp4-xbdh" }, { "vulnerability": "VCID-x9j7-98zt-6ygt" }, { "vulnerability": "VCID-xssa-fwbx-kybq" }, { "vulnerability": "VCID-ybv7-hqmj-nbgr" }, { "vulnerability": "VCID-z3kp-p8ch-myhz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.2.3%252Bdfsg.1-4%252Bdeb9u6" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037819?format=api", "purl": "pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14vp-t71a-4bh1" }, { "vulnerability": "VCID-2eyy-k49d-m3af" }, { "vulnerability": "VCID-2hap-9mqs-v3b8" }, { "vulnerability": "VCID-2k4q-26tk-j3gx" }, { "vulnerability": "VCID-2nb2-9vgp-tqg9" }, { "vulnerability": "VCID-36et-26h7-pke7" }, { "vulnerability": "VCID-3kyu-tx4q-p3aq" }, { "vulnerability": "VCID-4yzj-hrqv-vbcp" }, { "vulnerability": "VCID-5yts-xnha-4bf3" }, { "vulnerability": "VCID-79me-pjdn-ykgq" }, { "vulnerability": "VCID-7nn6-aywu-z7g8" }, { "vulnerability": "VCID-8vmm-1hvf-17ap" }, { "vulnerability": "VCID-8xf2-hjfv-hybh" }, { "vulnerability": "VCID-9der-5csu-nbbq" }, { "vulnerability": "VCID-9uv1-gqq7-3kc9" }, { "vulnerability": "VCID-cjkd-2jr6-n7as" }, { "vulnerability": "VCID-ck88-1urs-2kes" }, { "vulnerability": "VCID-cnkc-vcp7-6kcw" }, { "vulnerability": "VCID-ddfq-28qm-2fbn" }, { "vulnerability": "VCID-gh6k-19h8-fqbf" }, { "vulnerability": "VCID-hg1a-vx5c-hue3" }, { "vulnerability": "VCID-jck5-xymf-s3bh" }, { "vulnerability": "VCID-jqs5-8ct7-wfgk" }, { "vulnerability": "VCID-kyxz-v3sj-w3cw" }, { "vulnerability": "VCID-m4yc-ms54-zyhv" }, { "vulnerability": "VCID-ncbg-6m11-3qan" }, { "vulnerability": "VCID-qwak-6wgy-wfgs" }, { "vulnerability": "VCID-rc91-j3kf-zfch" }, { "vulnerability": "VCID-s6p1-rf35-euhy" }, { "vulnerability": "VCID-u8a4-4pe2-9kcb" }, { "vulnerability": "VCID-ub6x-9dku-c7fk" }, { "vulnerability": "VCID-vehj-ytsm-kqgz" }, { "vulnerability": "VCID-vtz8-zmp4-xbdh" }, { "vulnerability": "VCID-x9j7-98zt-6ygt" }, { "vulnerability": "VCID-xssa-fwbx-kybq" }, { "vulnerability": "VCID-ybv7-hqmj-nbgr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1050285?format=api", "purl": "pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2hap-9mqs-v3b8" }, { "vulnerability": "VCID-2nb2-9vgp-tqg9" }, { "vulnerability": "VCID-3kyu-tx4q-p3aq" }, { "vulnerability": "VCID-4yzj-hrqv-vbcp" }, { "vulnerability": "VCID-5yts-xnha-4bf3" }, { "vulnerability": "VCID-8vmm-1hvf-17ap" }, { "vulnerability": "VCID-8xf2-hjfv-hybh" }, { "vulnerability": "VCID-9uv1-gqq7-3kc9" }, { "vulnerability": "VCID-ck88-1urs-2kes" }, { "vulnerability": "VCID-ddfq-28qm-2fbn" }, { "vulnerability": "VCID-gh6k-19h8-fqbf" }, { "vulnerability": "VCID-rdb5-bbvn-7fcq" }, { "vulnerability": "VCID-ub6x-9dku-c7fk" }, { "vulnerability": "VCID-vtz8-zmp4-xbdh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4" } ], "aliases": [ "CVE-2020-12626" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cnkc-vcp7-6kcw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62470?format=api", "vulnerability_id": "VCID-hg1a-vx5c-hue3", "summary": "A flaw in Roundcube's handling of configuration files may allow\n arbitrary code execution, amongst other vulnerabilities.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12641", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.93133", "scoring_system": "epss", "scoring_elements": "0.99793", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.93133", "scoring_system": "epss", "scoring_elements": "0.99794", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.93133", "scoring_system": "epss", "scoring_elements": "0.99795", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.93133", "scoring_system": "epss", "scoring_elements": "0.99796", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.93133", "scoring_system": "epss", "scoring_elements": "0.99797", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.93133", "scoring_system": "epss", "scoring_elements": "0.99798", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12641" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12641", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12641" }, { "reference_url": "https://github.com/roundcube/roundcubemail/compare/1.4.3...1.4.4", "reference_id": "1.4.3...1.4.4", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:53:48Z/" } ], "url": "https://github.com/roundcube/roundcubemail/compare/1.4.3...1.4.4" }, { "reference_url": "https://github.com/roundcube/roundcubemail/releases/tag/1.4.4", "reference_id": "1.4.4", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:53:48Z/" } ], "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.4.4" }, { "reference_url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-12641-Command%20Injection-Roundcube", "reference_id": "CVE-2020-12641-Command%20Injection-Roundcube", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:53:48Z/" } ], "url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-12641-Command%20Injection-Roundcube" }, { "reference_url": "https://github.com/roundcube/roundcubemail/commit/fcfb099477f353373c34c8a65c9035b06b364db3", "reference_id": "fcfb099477f353373c34c8a65c9035b06b364db3", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:53:48Z/" } ], "url": "https://github.com/roundcube/roundcubemail/commit/fcfb099477f353373c34c8a65c9035b06b364db3" }, { "reference_url": "https://security.gentoo.org/glsa/202007-41", "reference_id": "GLSA-202007-41", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:53:48Z/" } ], "url": "https://security.gentoo.org/glsa/202007-41" }, { "reference_url": "https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1.3.11-and-1.2.10", "reference_id": "security-updates-1.4.4-1.3.11-and-1.2.10", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:53:48Z/" } ], "url": "https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1.3.11-and-1.2.10" }, { "reference_url": "https://usn.ubuntu.com/USN-5182-1/", "reference_id": "USN-USN-5182-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5182-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050285?format=api", "purl": "pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2hap-9mqs-v3b8" }, { "vulnerability": "VCID-2nb2-9vgp-tqg9" }, { "vulnerability": "VCID-3kyu-tx4q-p3aq" }, { "vulnerability": "VCID-4yzj-hrqv-vbcp" }, { "vulnerability": "VCID-5yts-xnha-4bf3" }, { "vulnerability": "VCID-8vmm-1hvf-17ap" }, { "vulnerability": "VCID-8xf2-hjfv-hybh" }, { "vulnerability": "VCID-9uv1-gqq7-3kc9" }, { "vulnerability": "VCID-ck88-1urs-2kes" }, { "vulnerability": "VCID-ddfq-28qm-2fbn" }, { "vulnerability": "VCID-gh6k-19h8-fqbf" }, { "vulnerability": "VCID-rdb5-bbvn-7fcq" }, { "vulnerability": "VCID-ub6x-9dku-c7fk" }, { "vulnerability": "VCID-vtz8-zmp4-xbdh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4" } ], "aliases": [ "CVE-2020-12641" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hg1a-vx5c-hue3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90864?format=api", "vulnerability_id": "VCID-jck5-xymf-s3bh", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-16145", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00704", "scoring_system": "epss", "scoring_elements": "0.72041", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00704", "scoring_system": "epss", "scoring_elements": "0.72047", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00704", "scoring_system": "epss", "scoring_elements": "0.72068", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00704", "scoring_system": "epss", "scoring_elements": "0.72044", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00704", "scoring_system": "epss", "scoring_elements": "0.72081", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00704", "scoring_system": "epss", "scoring_elements": "0.72093", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00704", "scoring_system": "epss", "scoring_elements": "0.72116", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00704", "scoring_system": "epss", "scoring_elements": "0.72101", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00704", "scoring_system": "epss", "scoring_elements": "0.72086", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00704", "scoring_system": "epss", "scoring_elements": "0.72127", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00704", "scoring_system": "epss", "scoring_elements": "0.72135", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00704", "scoring_system": "epss", "scoring_elements": "0.7212", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00704", "scoring_system": "epss", "scoring_elements": "0.72164", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00704", "scoring_system": "epss", "scoring_elements": "0.72173", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00704", "scoring_system": "epss", "scoring_elements": "0.72167", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00704", "scoring_system": "epss", "scoring_elements": "0.72159", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-16145" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16145", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16145" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968216", "reference_id": "968216", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968216" }, { "reference_url": "https://usn.ubuntu.com/USN-5182-1/", "reference_id": "USN-USN-5182-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5182-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037819?format=api", "purl": "pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14vp-t71a-4bh1" }, { "vulnerability": "VCID-2eyy-k49d-m3af" }, { "vulnerability": "VCID-2hap-9mqs-v3b8" }, { "vulnerability": "VCID-2k4q-26tk-j3gx" }, { "vulnerability": "VCID-2nb2-9vgp-tqg9" }, { "vulnerability": "VCID-36et-26h7-pke7" }, { "vulnerability": "VCID-3kyu-tx4q-p3aq" }, { "vulnerability": "VCID-4yzj-hrqv-vbcp" }, { "vulnerability": "VCID-5yts-xnha-4bf3" }, { "vulnerability": "VCID-79me-pjdn-ykgq" }, { "vulnerability": "VCID-7nn6-aywu-z7g8" }, { "vulnerability": "VCID-8vmm-1hvf-17ap" }, { "vulnerability": "VCID-8xf2-hjfv-hybh" }, { "vulnerability": "VCID-9der-5csu-nbbq" }, { "vulnerability": "VCID-9uv1-gqq7-3kc9" }, { "vulnerability": "VCID-cjkd-2jr6-n7as" }, { "vulnerability": "VCID-ck88-1urs-2kes" }, { "vulnerability": "VCID-cnkc-vcp7-6kcw" }, { "vulnerability": "VCID-ddfq-28qm-2fbn" }, { "vulnerability": "VCID-gh6k-19h8-fqbf" }, { "vulnerability": "VCID-hg1a-vx5c-hue3" }, { "vulnerability": "VCID-jck5-xymf-s3bh" }, { "vulnerability": "VCID-jqs5-8ct7-wfgk" }, { "vulnerability": "VCID-kyxz-v3sj-w3cw" }, { "vulnerability": "VCID-m4yc-ms54-zyhv" }, { "vulnerability": "VCID-ncbg-6m11-3qan" }, { "vulnerability": "VCID-qwak-6wgy-wfgs" }, { "vulnerability": "VCID-rc91-j3kf-zfch" }, { "vulnerability": "VCID-s6p1-rf35-euhy" }, { "vulnerability": "VCID-u8a4-4pe2-9kcb" }, { "vulnerability": "VCID-ub6x-9dku-c7fk" }, { "vulnerability": "VCID-vehj-ytsm-kqgz" }, { "vulnerability": "VCID-vtz8-zmp4-xbdh" }, { "vulnerability": "VCID-x9j7-98zt-6ygt" }, { "vulnerability": "VCID-xssa-fwbx-kybq" }, { "vulnerability": "VCID-ybv7-hqmj-nbgr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1050285?format=api", "purl": "pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2hap-9mqs-v3b8" }, { "vulnerability": "VCID-2nb2-9vgp-tqg9" }, { "vulnerability": "VCID-3kyu-tx4q-p3aq" }, { "vulnerability": "VCID-4yzj-hrqv-vbcp" }, { "vulnerability": "VCID-5yts-xnha-4bf3" }, { "vulnerability": "VCID-8vmm-1hvf-17ap" }, { "vulnerability": "VCID-8xf2-hjfv-hybh" }, { "vulnerability": "VCID-9uv1-gqq7-3kc9" }, { "vulnerability": "VCID-ck88-1urs-2kes" }, { "vulnerability": "VCID-ddfq-28qm-2fbn" }, { "vulnerability": "VCID-gh6k-19h8-fqbf" }, { "vulnerability": "VCID-rdb5-bbvn-7fcq" }, { "vulnerability": "VCID-ub6x-9dku-c7fk" }, { "vulnerability": "VCID-vtz8-zmp4-xbdh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4" } ], "aliases": [ "CVE-2020-16145" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jck5-xymf-s3bh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94681?format=api", "vulnerability_id": "VCID-jqs5-8ct7-wfgk", "summary": "Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-26925", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49171", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49227", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49258", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49286", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49238", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49293", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49289", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49307", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49281", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49287", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49334", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49331", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.493", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49298", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49256", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-26925" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26925", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26925" }, { "reference_url": "https://security.archlinux.org/ASA-202102-27", "reference_id": "ASA-202102-27", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202102-27" }, { "reference_url": "https://security.archlinux.org/AVG-1551", "reference_id": "AVG-1551", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1551" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050285?format=api", "purl": "pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2hap-9mqs-v3b8" }, { "vulnerability": "VCID-2nb2-9vgp-tqg9" }, { "vulnerability": "VCID-3kyu-tx4q-p3aq" }, { "vulnerability": "VCID-4yzj-hrqv-vbcp" }, { "vulnerability": "VCID-5yts-xnha-4bf3" }, { "vulnerability": "VCID-8vmm-1hvf-17ap" }, { "vulnerability": "VCID-8xf2-hjfv-hybh" }, { "vulnerability": "VCID-9uv1-gqq7-3kc9" }, { "vulnerability": "VCID-ck88-1urs-2kes" }, { "vulnerability": "VCID-ddfq-28qm-2fbn" }, { "vulnerability": "VCID-gh6k-19h8-fqbf" }, { "vulnerability": "VCID-rdb5-bbvn-7fcq" }, { "vulnerability": "VCID-ub6x-9dku-c7fk" }, { "vulnerability": "VCID-vtz8-zmp4-xbdh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4" } ], "aliases": [ "CVE-2021-26925" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jqs5-8ct7-wfgk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94415?format=api", "vulnerability_id": "VCID-kyxz-v3sj-w3cw", "summary": "Cross Site Scripting (XSS) vulnerability in Roundcube Mail <=1.4.4 via smtp config in /installer/test.php.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-18671", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00386", "scoring_system": "epss", "scoring_elements": "0.59664", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00386", "scoring_system": "epss", "scoring_elements": "0.59737", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00386", "scoring_system": "epss", "scoring_elements": "0.59762", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00386", "scoring_system": "epss", "scoring_elements": "0.59732", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00386", "scoring_system": "epss", "scoring_elements": "0.59784", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00386", "scoring_system": "epss", "scoring_elements": "0.59797", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00386", "scoring_system": "epss", "scoring_elements": "0.59817", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00386", "scoring_system": "epss", "scoring_elements": "0.59801", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00386", "scoring_system": "epss", "scoring_elements": "0.59783", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00386", "scoring_system": "epss", "scoring_elements": "0.5982", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00386", "scoring_system": "epss", "scoring_elements": "0.59827", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00386", "scoring_system": "epss", "scoring_elements": "0.5981", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00386", "scoring_system": "epss", "scoring_elements": "0.59781", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00386", "scoring_system": "epss", "scoring_elements": "0.59799", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00386", "scoring_system": "epss", "scoring_elements": "0.59785", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00386", "scoring_system": "epss", "scoring_elements": "0.59748", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-18671" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-18671", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-18671" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050285?format=api", "purl": "pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2hap-9mqs-v3b8" }, { "vulnerability": "VCID-2nb2-9vgp-tqg9" }, { "vulnerability": "VCID-3kyu-tx4q-p3aq" }, { "vulnerability": "VCID-4yzj-hrqv-vbcp" }, { "vulnerability": "VCID-5yts-xnha-4bf3" }, { "vulnerability": "VCID-8vmm-1hvf-17ap" }, { "vulnerability": "VCID-8xf2-hjfv-hybh" }, { "vulnerability": "VCID-9uv1-gqq7-3kc9" }, { "vulnerability": "VCID-ck88-1urs-2kes" }, { "vulnerability": "VCID-ddfq-28qm-2fbn" }, { "vulnerability": "VCID-gh6k-19h8-fqbf" }, { "vulnerability": "VCID-rdb5-bbvn-7fcq" }, { "vulnerability": "VCID-ub6x-9dku-c7fk" }, { "vulnerability": "VCID-vtz8-zmp4-xbdh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4" } ], "aliases": [ "CVE-2020-18671" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kyxz-v3sj-w3cw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79760?format=api", "vulnerability_id": "VCID-m4yc-ms54-zyhv", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13965.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13965.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13965", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.71819", "scoring_system": "epss", "scoring_elements": "0.98728", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.71819", "scoring_system": "epss", "scoring_elements": "0.98753", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.71819", "scoring_system": "epss", "scoring_elements": "0.98732", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.71819", "scoring_system": "epss", "scoring_elements": "0.98735", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.71819", "scoring_system": "epss", "scoring_elements": "0.98736", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.71819", "scoring_system": "epss", "scoring_elements": "0.98738", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.71819", "scoring_system": "epss", "scoring_elements": "0.98739", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.71819", "scoring_system": "epss", "scoring_elements": "0.98742", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.71819", "scoring_system": "epss", "scoring_elements": "0.98746", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.71819", "scoring_system": "epss", "scoring_elements": "0.98747", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.71819", "scoring_system": "epss", "scoring_elements": "0.98749", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13965" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13964", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13964" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13965", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13965" }, { "reference_url": "https://github.com/roundcube/roundcubemail/releases/tag/1.3.12", "reference_id": "1.3.12", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/" } ], "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.3.12" }, { "reference_url": "https://github.com/roundcube/roundcubemail/compare/1.4.4...1.4.5", "reference_id": "1.4.4...1.4.5", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/" } ], "url": "https://github.com/roundcube/roundcubemail/compare/1.4.4...1.4.5" }, { "reference_url": "https://github.com/roundcube/roundcubemail/releases/tag/1.4.5", "reference_id": "1.4.5", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/" } ], "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.4.5" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848338", "reference_id": "1848338", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848338" }, { "reference_url": "https://github.com/roundcube/roundcubemail/commit/884eb611627ef2bd5a2e20e02009ebb1eceecdc3", "reference_id": "884eb611627ef2bd5a2e20e02009ebb1eceecdc3", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/" } ], "url": "https://github.com/roundcube/roundcubemail/commit/884eb611627ef2bd5a2e20e02009ebb1eceecdc3" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962124", "reference_id": "962124", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962124" }, { "reference_url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-13965-Cross%20Site-Scripting%20via%20Malicious%20XML%20Attachment-Roundcube", "reference_id": "CVE-2020-13965-Cross%20Site-Scripting%20via%20Malicious%20XML%20Attachment-Roundcube", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/" } ], "url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-13965-Cross%20Site-Scripting%20via%20Malicious%20XML%20Attachment-Roundcube" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLESQ4LPJGMSWHQ4TBRTVQRDG7IXAZCW/", "reference_id": "DLESQ4LPJGMSWHQ4TBRTVQRDG7IXAZCW", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLESQ4LPJGMSWHQ4TBRTVQRDG7IXAZCW/" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4700", "reference_id": "dsa-4700", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/" } ], "url": "https://www.debian.org/security/2020/dsa-4700" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ODPJXBHZ32QSP4MYT2OBCALYXSUJ47SK/", "reference_id": "ODPJXBHZ32QSP4MYT2OBCALYXSUJ47SK", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ODPJXBHZ32QSP4MYT2OBCALYXSUJ47SK/" }, { "reference_url": "https://roundcube.net/news/2020/06/02/security-updates-1.4.5-and-1.3.12", "reference_id": "security-updates-1.4.5-and-1.3.12", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/" } ], "url": "https://roundcube.net/news/2020/06/02/security-updates-1.4.5-and-1.3.12" }, { "reference_url": "https://usn.ubuntu.com/USN-5182-1/", "reference_id": "USN-USN-5182-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5182-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037223?format=api", "purl": "pkg:deb/debian/roundcube@1.2.3%2Bdfsg.1-4%2Bdeb9u6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14vp-t71a-4bh1" }, { "vulnerability": "VCID-2eyy-k49d-m3af" }, { "vulnerability": "VCID-2hap-9mqs-v3b8" }, { "vulnerability": "VCID-2k4q-26tk-j3gx" }, { "vulnerability": "VCID-2nb2-9vgp-tqg9" }, { "vulnerability": "VCID-36et-26h7-pke7" }, { "vulnerability": "VCID-3kyu-tx4q-p3aq" }, { "vulnerability": "VCID-4yzj-hrqv-vbcp" }, { "vulnerability": "VCID-5yts-xnha-4bf3" }, { "vulnerability": "VCID-79me-pjdn-ykgq" }, { "vulnerability": "VCID-7nn6-aywu-z7g8" }, { "vulnerability": "VCID-8vmm-1hvf-17ap" }, { "vulnerability": "VCID-8xf2-hjfv-hybh" }, { "vulnerability": "VCID-9der-5csu-nbbq" }, { "vulnerability": "VCID-9ktu-55q4-3kau" }, { "vulnerability": "VCID-9uv1-gqq7-3kc9" }, { "vulnerability": "VCID-cjkd-2jr6-n7as" }, { "vulnerability": "VCID-ck88-1urs-2kes" }, { "vulnerability": "VCID-cnkc-vcp7-6kcw" }, { "vulnerability": "VCID-ddfq-28qm-2fbn" }, { "vulnerability": "VCID-fuh5-bwaq-yyfk" }, { "vulnerability": "VCID-gh6k-19h8-fqbf" }, { "vulnerability": "VCID-hg1a-vx5c-hue3" }, { "vulnerability": "VCID-j29t-cw2h-mfd8" }, { "vulnerability": "VCID-jck5-xymf-s3bh" }, { "vulnerability": "VCID-jqs5-8ct7-wfgk" }, { "vulnerability": "VCID-kyxz-v3sj-w3cw" }, { "vulnerability": "VCID-m4yc-ms54-zyhv" }, { "vulnerability": "VCID-ncbg-6m11-3qan" }, { "vulnerability": "VCID-qwak-6wgy-wfgs" }, { "vulnerability": "VCID-rc91-j3kf-zfch" }, { "vulnerability": "VCID-s6p1-rf35-euhy" }, { "vulnerability": "VCID-ts1p-pw9v-cbh3" }, { "vulnerability": "VCID-u8a4-4pe2-9kcb" }, { "vulnerability": "VCID-ub6x-9dku-c7fk" }, { "vulnerability": "VCID-ur1a-7tdn-h3hu" }, { "vulnerability": "VCID-vehj-ytsm-kqgz" }, { "vulnerability": "VCID-vtz8-zmp4-xbdh" }, { "vulnerability": "VCID-x9j7-98zt-6ygt" }, { "vulnerability": "VCID-xssa-fwbx-kybq" }, { "vulnerability": "VCID-ybv7-hqmj-nbgr" }, { "vulnerability": "VCID-z3kp-p8ch-myhz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.2.3%252Bdfsg.1-4%252Bdeb9u6" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037819?format=api", "purl": "pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14vp-t71a-4bh1" }, { "vulnerability": "VCID-2eyy-k49d-m3af" }, { "vulnerability": "VCID-2hap-9mqs-v3b8" }, { "vulnerability": "VCID-2k4q-26tk-j3gx" }, { "vulnerability": "VCID-2nb2-9vgp-tqg9" }, { "vulnerability": "VCID-36et-26h7-pke7" }, { "vulnerability": "VCID-3kyu-tx4q-p3aq" }, { "vulnerability": "VCID-4yzj-hrqv-vbcp" }, { "vulnerability": "VCID-5yts-xnha-4bf3" }, { "vulnerability": "VCID-79me-pjdn-ykgq" }, { "vulnerability": "VCID-7nn6-aywu-z7g8" }, { "vulnerability": "VCID-8vmm-1hvf-17ap" }, { "vulnerability": "VCID-8xf2-hjfv-hybh" }, { "vulnerability": "VCID-9der-5csu-nbbq" }, { "vulnerability": "VCID-9uv1-gqq7-3kc9" }, { "vulnerability": "VCID-cjkd-2jr6-n7as" }, { "vulnerability": "VCID-ck88-1urs-2kes" }, { "vulnerability": "VCID-cnkc-vcp7-6kcw" }, { "vulnerability": "VCID-ddfq-28qm-2fbn" }, { "vulnerability": "VCID-gh6k-19h8-fqbf" }, { "vulnerability": "VCID-hg1a-vx5c-hue3" }, { "vulnerability": "VCID-jck5-xymf-s3bh" }, { "vulnerability": "VCID-jqs5-8ct7-wfgk" }, { "vulnerability": "VCID-kyxz-v3sj-w3cw" }, { "vulnerability": "VCID-m4yc-ms54-zyhv" }, { "vulnerability": "VCID-ncbg-6m11-3qan" }, { "vulnerability": "VCID-qwak-6wgy-wfgs" }, { "vulnerability": "VCID-rc91-j3kf-zfch" }, { "vulnerability": "VCID-s6p1-rf35-euhy" }, { "vulnerability": "VCID-u8a4-4pe2-9kcb" }, { "vulnerability": "VCID-ub6x-9dku-c7fk" }, { "vulnerability": "VCID-vehj-ytsm-kqgz" }, { "vulnerability": "VCID-vtz8-zmp4-xbdh" }, { "vulnerability": "VCID-x9j7-98zt-6ygt" }, { "vulnerability": "VCID-xssa-fwbx-kybq" }, { "vulnerability": "VCID-ybv7-hqmj-nbgr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1050285?format=api", "purl": "pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2hap-9mqs-v3b8" }, { "vulnerability": "VCID-2nb2-9vgp-tqg9" }, { "vulnerability": "VCID-3kyu-tx4q-p3aq" }, { "vulnerability": "VCID-4yzj-hrqv-vbcp" }, { "vulnerability": "VCID-5yts-xnha-4bf3" }, { "vulnerability": "VCID-8vmm-1hvf-17ap" }, { "vulnerability": "VCID-8xf2-hjfv-hybh" }, { "vulnerability": "VCID-9uv1-gqq7-3kc9" }, { "vulnerability": "VCID-ck88-1urs-2kes" }, { "vulnerability": "VCID-ddfq-28qm-2fbn" }, { "vulnerability": "VCID-gh6k-19h8-fqbf" }, { "vulnerability": "VCID-rdb5-bbvn-7fcq" }, { "vulnerability": "VCID-ub6x-9dku-c7fk" }, { "vulnerability": "VCID-vtz8-zmp4-xbdh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4" } ], "aliases": [ "CVE-2020-13965" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "5.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m4yc-ms54-zyhv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95789?format=api", "vulnerability_id": "VCID-ncbg-6m11-3qan", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-47272", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.65845", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.65875", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.6584", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.65892", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.65904", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.65922", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.65909", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.65879", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.65914", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.65929", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.65918", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.65928", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.65939", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.65937", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.65912", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-47272" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47272", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47272" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055421", "reference_id": "1055421", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055421" }, { "reference_url": "https://usn.ubuntu.com/6848-1/", "reference_id": "USN-6848-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6848-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050285?format=api", "purl": "pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2hap-9mqs-v3b8" }, { "vulnerability": "VCID-2nb2-9vgp-tqg9" }, { "vulnerability": "VCID-3kyu-tx4q-p3aq" }, { "vulnerability": "VCID-4yzj-hrqv-vbcp" }, { "vulnerability": "VCID-5yts-xnha-4bf3" }, { "vulnerability": "VCID-8vmm-1hvf-17ap" }, { "vulnerability": "VCID-8xf2-hjfv-hybh" }, { "vulnerability": "VCID-9uv1-gqq7-3kc9" }, { "vulnerability": "VCID-ck88-1urs-2kes" }, { "vulnerability": "VCID-ddfq-28qm-2fbn" }, { "vulnerability": "VCID-gh6k-19h8-fqbf" }, { "vulnerability": "VCID-rdb5-bbvn-7fcq" }, { "vulnerability": "VCID-ub6x-9dku-c7fk" }, { "vulnerability": "VCID-vtz8-zmp4-xbdh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4" } ], "aliases": [ "CVE-2023-47272" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ncbg-6m11-3qan" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96129?format=api", "vulnerability_id": "VCID-qwak-6wgy-wfgs", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-37384", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00437", "scoring_system": "epss", "scoring_elements": "0.63008", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00437", "scoring_system": "epss", "scoring_elements": "0.63099", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00437", "scoring_system": "epss", "scoring_elements": "0.63091", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00437", "scoring_system": "epss", "scoring_elements": "0.63056", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00437", "scoring_system": "epss", "scoring_elements": "0.63078", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00437", "scoring_system": "epss", "scoring_elements": "0.63092", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00437", "scoring_system": "epss", "scoring_elements": "0.63074", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00437", "scoring_system": "epss", "scoring_elements": "0.63058", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00437", "scoring_system": "epss", "scoring_elements": "0.63014", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00437", "scoring_system": "epss", "scoring_elements": "0.63043", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00525", "scoring_system": "epss", "scoring_elements": "0.67028", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00525", "scoring_system": "epss", "scoring_elements": "0.67022", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00525", "scoring_system": "epss", "scoring_elements": "0.67043", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00525", "scoring_system": "epss", "scoring_elements": "0.67057", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00525", "scoring_system": "epss", "scoring_elements": "0.67056", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-37384" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37384", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37384" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071474", "reference_id": "1071474", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071474" }, { "reference_url": "https://github.com/roundcube/roundcubemail/releases/tag/1.5.7", "reference_id": "1.5.7", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-17T17:48:19Z/" } ], "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.5.7" }, { "reference_url": "https://github.com/roundcube/roundcubemail/releases/tag/1.6.7", "reference_id": "1.6.7", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-17T17:48:19Z/" } ], "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.6.7" }, { "reference_url": "https://github.com/roundcube/roundcubemail/commit/cde4522c5c95f13c6aeeb1600ab17e5067a536f7", "reference_id": "cde4522c5c95f13c6aeeb1600ab17e5067a536f7", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-17T17:48:19Z/" } ], "url": "https://github.com/roundcube/roundcubemail/commit/cde4522c5c95f13c6aeeb1600ab17e5067a536f7" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00008.html", "reference_id": "msg00008.html", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-17T17:48:19Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00008.html" }, { "reference_url": "https://usn.ubuntu.com/6848-1/", "reference_id": "USN-6848-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6848-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050285?format=api", "purl": "pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2hap-9mqs-v3b8" }, { "vulnerability": "VCID-2nb2-9vgp-tqg9" }, { "vulnerability": "VCID-3kyu-tx4q-p3aq" }, { "vulnerability": "VCID-4yzj-hrqv-vbcp" }, { "vulnerability": "VCID-5yts-xnha-4bf3" }, { "vulnerability": "VCID-8vmm-1hvf-17ap" }, { "vulnerability": "VCID-8xf2-hjfv-hybh" }, { "vulnerability": "VCID-9uv1-gqq7-3kc9" }, { "vulnerability": "VCID-ck88-1urs-2kes" }, { "vulnerability": "VCID-ddfq-28qm-2fbn" }, { "vulnerability": "VCID-gh6k-19h8-fqbf" }, { "vulnerability": "VCID-rdb5-bbvn-7fcq" }, { "vulnerability": "VCID-ub6x-9dku-c7fk" }, { "vulnerability": "VCID-vtz8-zmp4-xbdh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4" } ], "aliases": [ "CVE-2024-37384" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qwak-6wgy-wfgs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90812?format=api", "vulnerability_id": "VCID-rc91-j3kf-zfch", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15562", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00861", "scoring_system": "epss", "scoring_elements": "0.75004", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00861", "scoring_system": "epss", "scoring_elements": "0.75007", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00861", "scoring_system": "epss", "scoring_elements": "0.75036", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00861", "scoring_system": "epss", "scoring_elements": "0.75012", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00861", "scoring_system": "epss", "scoring_elements": "0.75046", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00861", "scoring_system": "epss", "scoring_elements": "0.75058", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00861", "scoring_system": "epss", "scoring_elements": "0.7508", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00861", "scoring_system": "epss", "scoring_elements": "0.75059", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00861", "scoring_system": "epss", "scoring_elements": "0.75048", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00861", "scoring_system": "epss", "scoring_elements": "0.75086", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00861", "scoring_system": "epss", "scoring_elements": "0.75093", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00861", "scoring_system": "epss", "scoring_elements": "0.75083", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00861", "scoring_system": "epss", "scoring_elements": "0.75122", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00861", "scoring_system": "epss", "scoring_elements": "0.75126", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00861", "scoring_system": "epss", "scoring_elements": "0.7513", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00861", "scoring_system": "epss", "scoring_elements": "0.75138", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15562" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15562", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15562" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964355", "reference_id": "964355", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964355" }, { "reference_url": "https://usn.ubuntu.com/USN-5182-1/", "reference_id": "USN-USN-5182-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5182-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037819?format=api", "purl": "pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14vp-t71a-4bh1" }, { "vulnerability": "VCID-2eyy-k49d-m3af" }, { "vulnerability": "VCID-2hap-9mqs-v3b8" }, { "vulnerability": "VCID-2k4q-26tk-j3gx" }, { "vulnerability": "VCID-2nb2-9vgp-tqg9" }, { "vulnerability": "VCID-36et-26h7-pke7" }, { "vulnerability": "VCID-3kyu-tx4q-p3aq" }, { "vulnerability": "VCID-4yzj-hrqv-vbcp" }, { "vulnerability": "VCID-5yts-xnha-4bf3" }, { "vulnerability": "VCID-79me-pjdn-ykgq" }, { "vulnerability": "VCID-7nn6-aywu-z7g8" }, { "vulnerability": "VCID-8vmm-1hvf-17ap" }, { "vulnerability": "VCID-8xf2-hjfv-hybh" }, { "vulnerability": "VCID-9der-5csu-nbbq" }, { "vulnerability": "VCID-9uv1-gqq7-3kc9" }, { "vulnerability": "VCID-cjkd-2jr6-n7as" }, { "vulnerability": "VCID-ck88-1urs-2kes" }, { "vulnerability": "VCID-cnkc-vcp7-6kcw" }, { "vulnerability": "VCID-ddfq-28qm-2fbn" }, { "vulnerability": "VCID-gh6k-19h8-fqbf" }, { "vulnerability": "VCID-hg1a-vx5c-hue3" }, { "vulnerability": "VCID-jck5-xymf-s3bh" }, { "vulnerability": "VCID-jqs5-8ct7-wfgk" }, { "vulnerability": "VCID-kyxz-v3sj-w3cw" }, { "vulnerability": "VCID-m4yc-ms54-zyhv" }, { "vulnerability": "VCID-ncbg-6m11-3qan" }, { "vulnerability": "VCID-qwak-6wgy-wfgs" }, { "vulnerability": "VCID-rc91-j3kf-zfch" }, { "vulnerability": "VCID-s6p1-rf35-euhy" }, { "vulnerability": "VCID-u8a4-4pe2-9kcb" }, { "vulnerability": "VCID-ub6x-9dku-c7fk" }, { "vulnerability": "VCID-vehj-ytsm-kqgz" }, { "vulnerability": "VCID-vtz8-zmp4-xbdh" }, { "vulnerability": "VCID-x9j7-98zt-6ygt" }, { "vulnerability": "VCID-xssa-fwbx-kybq" }, { "vulnerability": "VCID-ybv7-hqmj-nbgr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1050285?format=api", "purl": "pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2hap-9mqs-v3b8" }, { "vulnerability": "VCID-2nb2-9vgp-tqg9" }, { "vulnerability": "VCID-3kyu-tx4q-p3aq" }, { "vulnerability": "VCID-4yzj-hrqv-vbcp" }, { "vulnerability": "VCID-5yts-xnha-4bf3" }, { "vulnerability": "VCID-8vmm-1hvf-17ap" }, { "vulnerability": "VCID-8xf2-hjfv-hybh" }, { "vulnerability": "VCID-9uv1-gqq7-3kc9" }, { "vulnerability": "VCID-ck88-1urs-2kes" }, { "vulnerability": "VCID-ddfq-28qm-2fbn" }, { "vulnerability": "VCID-gh6k-19h8-fqbf" }, { "vulnerability": "VCID-rdb5-bbvn-7fcq" }, { "vulnerability": "VCID-ub6x-9dku-c7fk" }, { "vulnerability": "VCID-vtz8-zmp4-xbdh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4" } ], "aliases": [ "CVE-2020-15562" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rc91-j3kf-zfch" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95717?format=api", "vulnerability_id": "VCID-s6p1-rf35-euhy", "summary": "Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-43770", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.80389", "scoring_system": "epss", "scoring_elements": "0.99124", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.80389", "scoring_system": "epss", "scoring_elements": "0.99129", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.80389", "scoring_system": "epss", "scoring_elements": "0.99127", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.80389", "scoring_system": "epss", "scoring_elements": "0.99126", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.80389", "scoring_system": "epss", "scoring_elements": "0.99125", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.80653", "scoring_system": "epss", "scoring_elements": "0.99149", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.80653", "scoring_system": "epss", "scoring_elements": "0.99134", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.80653", "scoring_system": "epss", "scoring_elements": "0.99137", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.80653", "scoring_system": "epss", "scoring_elements": "0.99139", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.80653", "scoring_system": "epss", "scoring_elements": "0.99146", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.80653", "scoring_system": "epss", "scoring_elements": "0.99147", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.80653", "scoring_system": "epss", "scoring_elements": "0.99131", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-43770" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43770", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43770" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052059", "reference_id": "1052059", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052059" }, { "reference_url": "https://github.com/roundcube/roundcubemail/commit/e92ec206a886461245e1672d8530cc93c618a49b", "reference_id": "e92ec206a886461245e1672d8530cc93c618a49b", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-01T18:43:07Z/" } ], "url": "https://github.com/roundcube/roundcubemail/commit/e92ec206a886461245e1672d8530cc93c618a49b" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00024.html", "reference_id": "msg00024.html", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-01T18:43:07Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00024.html" }, { "reference_url": "https://roundcube.net/news/2023/09/15/security-update-1.6.3-released", "reference_id": "security-update-1.6.3-released", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-01T18:43:07Z/" } ], "url": "https://roundcube.net/news/2023/09/15/security-update-1.6.3-released" }, { "reference_url": "https://usn.ubuntu.com/6654-1/", "reference_id": "USN-6654-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6654-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050285?format=api", "purl": "pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2hap-9mqs-v3b8" }, { "vulnerability": "VCID-2nb2-9vgp-tqg9" }, { "vulnerability": "VCID-3kyu-tx4q-p3aq" }, { "vulnerability": "VCID-4yzj-hrqv-vbcp" }, { "vulnerability": "VCID-5yts-xnha-4bf3" }, { "vulnerability": "VCID-8vmm-1hvf-17ap" }, { "vulnerability": "VCID-8xf2-hjfv-hybh" }, { "vulnerability": "VCID-9uv1-gqq7-3kc9" }, { "vulnerability": "VCID-ck88-1urs-2kes" }, { "vulnerability": "VCID-ddfq-28qm-2fbn" }, { "vulnerability": "VCID-gh6k-19h8-fqbf" }, { "vulnerability": "VCID-rdb5-bbvn-7fcq" }, { "vulnerability": "VCID-ub6x-9dku-c7fk" }, { "vulnerability": "VCID-vtz8-zmp4-xbdh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4" } ], "aliases": [ "CVE-2023-43770" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s6p1-rf35-euhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90934?format=api", "vulnerability_id": "VCID-u8a4-4pe2-9kcb", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35730", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.64813", "scoring_system": "epss", "scoring_elements": "0.98451", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.64813", "scoring_system": "epss", "scoring_elements": "0.98453", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.64813", "scoring_system": "epss", "scoring_elements": "0.98456", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.64813", "scoring_system": "epss", "scoring_elements": "0.98458", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.64813", "scoring_system": "epss", "scoring_elements": "0.98461", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.64813", "scoring_system": "epss", "scoring_elements": "0.98462", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.64813", "scoring_system": "epss", "scoring_elements": "0.98465", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.64813", "scoring_system": "epss", "scoring_elements": "0.9847", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.64813", "scoring_system": "epss", "scoring_elements": "0.98472", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.64813", "scoring_system": "epss", "scoring_elements": "0.98476", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.64813", "scoring_system": "epss", "scoring_elements": "0.98475", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.64813", "scoring_system": "epss", "scoring_elements": "0.9848", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35730" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35730", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35730" }, { "reference_url": "https://github.com/roundcube/roundcubemail/releases/tag/1.2.13", "reference_id": "1.2.13", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:21:48Z/" } ], "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.2.13" }, { "reference_url": "https://github.com/roundcube/roundcubemail/releases/tag/1.3.16", "reference_id": "1.3.16", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:21:48Z/" } ], "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.3.16" }, { "reference_url": "https://github.com/roundcube/roundcubemail/releases/tag/1.4.10", "reference_id": "1.4.10", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:21:48Z/" } ], "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.4.10" }, { "reference_url": "https://github.com/roundcube/roundcubemail/compare/1.4.9...1.4.10", "reference_id": "1.4.9...1.4.10", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:21:48Z/" } ], "url": "https://github.com/roundcube/roundcubemail/compare/1.4.9...1.4.10" }, { "reference_url": "https://security.archlinux.org/ASA-202101-2", "reference_id": "ASA-202101-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202101-2" }, { "reference_url": "https://security.archlinux.org/AVG-1388", "reference_id": "AVG-1388", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1388" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978491", "reference_id": "bugreport.cgi?bug=978491", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:21:48Z/" } ], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978491" }, { "reference_url": "https://roundcube.net/download/", "reference_id": "download", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:21:48Z/" } ], "url": "https://roundcube.net/download/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HCEU4BM5WGIDJWP6Z4PCH62ZMH57QYM2/", "reference_id": "HCEU4BM5WGIDJWP6Z4PCH62ZMH57QYM2", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:21:48Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HCEU4BM5WGIDJWP6Z4PCH62ZMH57QYM2/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HMLIZWKMTRCLU7KZLEQHELS4INXJ7X5Q/", "reference_id": "HMLIZWKMTRCLU7KZLEQHELS4INXJ7X5Q", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:21:48Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HMLIZWKMTRCLU7KZLEQHELS4INXJ7X5Q/" }, { "reference_url": "https://www.alexbirnberg.com/roundcube-xss.html", "reference_id": "roundcube-xss.html", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:21:48Z/" } ], "url": "https://www.alexbirnberg.com/roundcube-xss.html" }, { "reference_url": "https://usn.ubuntu.com/USN-5182-1/", "reference_id": "USN-USN-5182-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5182-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037819?format=api", "purl": "pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14vp-t71a-4bh1" }, { "vulnerability": "VCID-2eyy-k49d-m3af" }, { "vulnerability": "VCID-2hap-9mqs-v3b8" }, { "vulnerability": "VCID-2k4q-26tk-j3gx" }, { "vulnerability": "VCID-2nb2-9vgp-tqg9" }, { "vulnerability": "VCID-36et-26h7-pke7" }, { "vulnerability": "VCID-3kyu-tx4q-p3aq" }, { "vulnerability": "VCID-4yzj-hrqv-vbcp" }, { "vulnerability": "VCID-5yts-xnha-4bf3" }, { "vulnerability": "VCID-79me-pjdn-ykgq" }, { "vulnerability": "VCID-7nn6-aywu-z7g8" }, { "vulnerability": "VCID-8vmm-1hvf-17ap" }, { "vulnerability": "VCID-8xf2-hjfv-hybh" }, { "vulnerability": "VCID-9der-5csu-nbbq" }, { "vulnerability": "VCID-9uv1-gqq7-3kc9" }, { "vulnerability": "VCID-cjkd-2jr6-n7as" }, { "vulnerability": "VCID-ck88-1urs-2kes" }, { "vulnerability": "VCID-cnkc-vcp7-6kcw" }, { "vulnerability": "VCID-ddfq-28qm-2fbn" }, { "vulnerability": "VCID-gh6k-19h8-fqbf" }, { "vulnerability": "VCID-hg1a-vx5c-hue3" }, { "vulnerability": "VCID-jck5-xymf-s3bh" }, { "vulnerability": "VCID-jqs5-8ct7-wfgk" }, { "vulnerability": "VCID-kyxz-v3sj-w3cw" }, { "vulnerability": "VCID-m4yc-ms54-zyhv" }, { "vulnerability": "VCID-ncbg-6m11-3qan" }, { "vulnerability": "VCID-qwak-6wgy-wfgs" }, { "vulnerability": "VCID-rc91-j3kf-zfch" }, { "vulnerability": "VCID-s6p1-rf35-euhy" }, { "vulnerability": "VCID-u8a4-4pe2-9kcb" }, { "vulnerability": "VCID-ub6x-9dku-c7fk" }, { "vulnerability": "VCID-vehj-ytsm-kqgz" }, { "vulnerability": "VCID-vtz8-zmp4-xbdh" }, { "vulnerability": "VCID-x9j7-98zt-6ygt" }, { "vulnerability": "VCID-xssa-fwbx-kybq" }, { "vulnerability": "VCID-ybv7-hqmj-nbgr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1050285?format=api", "purl": "pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2hap-9mqs-v3b8" }, { "vulnerability": "VCID-2nb2-9vgp-tqg9" }, { "vulnerability": "VCID-3kyu-tx4q-p3aq" }, { "vulnerability": "VCID-4yzj-hrqv-vbcp" }, { "vulnerability": "VCID-5yts-xnha-4bf3" }, { "vulnerability": "VCID-8vmm-1hvf-17ap" }, { "vulnerability": "VCID-8xf2-hjfv-hybh" }, { "vulnerability": "VCID-9uv1-gqq7-3kc9" }, { "vulnerability": "VCID-ck88-1urs-2kes" }, { "vulnerability": "VCID-ddfq-28qm-2fbn" }, { "vulnerability": "VCID-gh6k-19h8-fqbf" }, { "vulnerability": "VCID-rdb5-bbvn-7fcq" }, { "vulnerability": "VCID-ub6x-9dku-c7fk" }, { "vulnerability": "VCID-vtz8-zmp4-xbdh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4" } ], "aliases": [ "CVE-2020-35730" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u8a4-4pe2-9kcb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95883?format=api", "vulnerability_id": "VCID-vehj-ytsm-kqgz", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5631", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.83338", "scoring_system": "epss", "scoring_elements": "0.99269", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.83338", "scoring_system": "epss", "scoring_elements": "0.99266", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.83433", "scoring_system": "epss", "scoring_elements": "0.99279", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.83433", "scoring_system": "epss", "scoring_elements": "0.99277", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.83433", "scoring_system": "epss", "scoring_elements": "0.99281", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.83433", "scoring_system": "epss", "scoring_elements": "0.9928", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.83433", "scoring_system": "epss", "scoring_elements": "0.99278", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.84427", "scoring_system": "epss", "scoring_elements": "0.99329", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.84427", "scoring_system": "epss", "scoring_elements": "0.99331", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.84427", "scoring_system": "epss", "scoring_elements": "0.9933", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.85084", "scoring_system": "epss", "scoring_elements": "0.99356", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5631" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5631", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5631" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/11/01/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/11/01/1" }, { "reference_url": "https://github.com/roundcube/roundcubemail/releases/tag/1.4.15", "reference_id": "1.4.15", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/" } ], "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.4.15" }, { "reference_url": "https://github.com/roundcube/roundcubemail/releases/tag/1.5.5", "reference_id": "1.5.5", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/" } ], "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.5.5" }, { "reference_url": "https://github.com/roundcube/roundcubemail/releases/tag/1.6.4", "reference_id": "1.6.4", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/" } ], "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.6.4" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/11/17/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/11/17/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/11/01/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/11/01/3" }, { "reference_url": "https://github.com/roundcube/roundcubemail/commit/41756cc3331b495cc0b71886984474dc529dd31d", "reference_id": "41756cc3331b495cc0b71886984474dc529dd31d", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/" } ], "url": "https://github.com/roundcube/roundcubemail/commit/41756cc3331b495cc0b71886984474dc529dd31d" }, { "reference_url": "https://github.com/roundcube/roundcubemail/commit/6ee6e7ae301e165e2b2cb703edf75552e5376613", "reference_id": "6ee6e7ae301e165e2b2cb703edf75552e5376613", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/" } ], "url": "https://github.com/roundcube/roundcubemail/commit/6ee6e7ae301e165e2b2cb703edf75552e5376613" }, { "reference_url": "https://github.com/roundcube/roundcubemail/issues/9168", "reference_id": "9168", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/" } ], "url": "https://github.com/roundcube/roundcubemail/issues/9168" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054079", "reference_id": "bugreport.cgi?bug=1054079", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/" } ], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054079" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5531", "reference_id": "dsa-5531", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5531" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LK67Q46OIEGJCRQUBHKLH3IIJTBNGGX4/", "reference_id": "LK67Q46OIEGJCRQUBHKLH3IIJTBNGGX4", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LK67Q46OIEGJCRQUBHKLH3IIJTBNGGX4/" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00035.html", "reference_id": "msg00035.html", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00035.html" }, { "reference_url": "https://roundcube.net/news/2023/10/16/security-update-1.6.4-released", "reference_id": "security-update-1.6.4-released", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/" } ], "url": "https://roundcube.net/news/2023/10/16/security-update-1.6.4-released" }, { "reference_url": "https://roundcube.net/news/2023/10/16/security-updates-1.5.5-and-1.4.15", "reference_id": "security-updates-1.5.5-and-1.4.15", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/" } ], "url": "https://roundcube.net/news/2023/10/16/security-updates-1.5.5-and-1.4.15" }, { "reference_url": "https://usn.ubuntu.com/6848-1/", "reference_id": "USN-6848-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6848-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050285?format=api", "purl": "pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2hap-9mqs-v3b8" }, { "vulnerability": "VCID-2nb2-9vgp-tqg9" }, { "vulnerability": "VCID-3kyu-tx4q-p3aq" }, { "vulnerability": "VCID-4yzj-hrqv-vbcp" }, { "vulnerability": "VCID-5yts-xnha-4bf3" }, { "vulnerability": "VCID-8vmm-1hvf-17ap" }, { "vulnerability": "VCID-8xf2-hjfv-hybh" }, { "vulnerability": "VCID-9uv1-gqq7-3kc9" }, { "vulnerability": "VCID-ck88-1urs-2kes" }, { "vulnerability": "VCID-ddfq-28qm-2fbn" }, { "vulnerability": "VCID-gh6k-19h8-fqbf" }, { "vulnerability": "VCID-rdb5-bbvn-7fcq" }, { "vulnerability": "VCID-ub6x-9dku-c7fk" }, { "vulnerability": "VCID-vtz8-zmp4-xbdh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4" } ], "aliases": [ "CVE-2023-5631" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vehj-ytsm-kqgz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62467?format=api", "vulnerability_id": "VCID-x9j7-98zt-6ygt", "summary": "A flaw in Roundcube's handling of configuration files may allow\n arbitrary code execution, amongst other vulnerabilities.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12625", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0231", "scoring_system": "epss", "scoring_elements": "0.84692", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0231", "scoring_system": "epss", "scoring_elements": "0.84707", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0231", "scoring_system": "epss", "scoring_elements": "0.84727", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0231", "scoring_system": "epss", "scoring_elements": "0.84729", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0231", "scoring_system": "epss", "scoring_elements": "0.84751", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0231", "scoring_system": "epss", "scoring_elements": "0.84758", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0231", "scoring_system": "epss", "scoring_elements": "0.84775", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0231", "scoring_system": "epss", "scoring_elements": "0.84771", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0231", "scoring_system": "epss", "scoring_elements": "0.84766", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0231", "scoring_system": "epss", "scoring_elements": "0.84787", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0231", "scoring_system": "epss", "scoring_elements": "0.84788", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0231", "scoring_system": "epss", "scoring_elements": "0.84786", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0231", "scoring_system": "epss", "scoring_elements": "0.84813", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0231", "scoring_system": "epss", "scoring_elements": "0.84823", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0231", "scoring_system": "epss", "scoring_elements": "0.84822", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0231", "scoring_system": "epss", "scoring_elements": "0.84838", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12625" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12625", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12625" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12626", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12626" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959140", "reference_id": "959140", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959140" }, { "reference_url": "https://security.gentoo.org/glsa/202007-41", "reference_id": "GLSA-202007-41", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202007-41" }, { "reference_url": "https://usn.ubuntu.com/USN-5182-1/", "reference_id": "USN-USN-5182-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5182-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037223?format=api", "purl": "pkg:deb/debian/roundcube@1.2.3%2Bdfsg.1-4%2Bdeb9u6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14vp-t71a-4bh1" }, { "vulnerability": "VCID-2eyy-k49d-m3af" }, { "vulnerability": "VCID-2hap-9mqs-v3b8" }, { "vulnerability": "VCID-2k4q-26tk-j3gx" }, { "vulnerability": "VCID-2nb2-9vgp-tqg9" }, { "vulnerability": "VCID-36et-26h7-pke7" }, { "vulnerability": "VCID-3kyu-tx4q-p3aq" }, { "vulnerability": "VCID-4yzj-hrqv-vbcp" }, { "vulnerability": "VCID-5yts-xnha-4bf3" }, { "vulnerability": "VCID-79me-pjdn-ykgq" }, { "vulnerability": "VCID-7nn6-aywu-z7g8" }, { "vulnerability": "VCID-8vmm-1hvf-17ap" }, { "vulnerability": "VCID-8xf2-hjfv-hybh" }, { "vulnerability": "VCID-9der-5csu-nbbq" }, { "vulnerability": "VCID-9ktu-55q4-3kau" }, { "vulnerability": "VCID-9uv1-gqq7-3kc9" }, { "vulnerability": "VCID-cjkd-2jr6-n7as" }, { "vulnerability": "VCID-ck88-1urs-2kes" }, { "vulnerability": "VCID-cnkc-vcp7-6kcw" }, { "vulnerability": "VCID-ddfq-28qm-2fbn" }, { "vulnerability": "VCID-fuh5-bwaq-yyfk" }, { "vulnerability": "VCID-gh6k-19h8-fqbf" }, { "vulnerability": "VCID-hg1a-vx5c-hue3" }, { "vulnerability": "VCID-j29t-cw2h-mfd8" }, { "vulnerability": "VCID-jck5-xymf-s3bh" }, { "vulnerability": "VCID-jqs5-8ct7-wfgk" }, { "vulnerability": "VCID-kyxz-v3sj-w3cw" }, { "vulnerability": "VCID-m4yc-ms54-zyhv" }, { "vulnerability": "VCID-ncbg-6m11-3qan" }, { "vulnerability": "VCID-qwak-6wgy-wfgs" }, { "vulnerability": "VCID-rc91-j3kf-zfch" }, { "vulnerability": "VCID-s6p1-rf35-euhy" }, { "vulnerability": "VCID-ts1p-pw9v-cbh3" }, { "vulnerability": "VCID-u8a4-4pe2-9kcb" }, { "vulnerability": "VCID-ub6x-9dku-c7fk" }, { "vulnerability": "VCID-ur1a-7tdn-h3hu" }, { "vulnerability": "VCID-vehj-ytsm-kqgz" }, { "vulnerability": "VCID-vtz8-zmp4-xbdh" }, { "vulnerability": "VCID-x9j7-98zt-6ygt" }, { "vulnerability": "VCID-xssa-fwbx-kybq" }, { "vulnerability": "VCID-ybv7-hqmj-nbgr" }, { "vulnerability": "VCID-z3kp-p8ch-myhz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.2.3%252Bdfsg.1-4%252Bdeb9u6" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037819?format=api", "purl": "pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14vp-t71a-4bh1" }, { "vulnerability": "VCID-2eyy-k49d-m3af" }, { "vulnerability": "VCID-2hap-9mqs-v3b8" }, { "vulnerability": "VCID-2k4q-26tk-j3gx" }, { "vulnerability": "VCID-2nb2-9vgp-tqg9" }, { "vulnerability": "VCID-36et-26h7-pke7" }, { "vulnerability": "VCID-3kyu-tx4q-p3aq" }, { "vulnerability": "VCID-4yzj-hrqv-vbcp" }, { "vulnerability": "VCID-5yts-xnha-4bf3" }, { "vulnerability": "VCID-79me-pjdn-ykgq" }, { "vulnerability": "VCID-7nn6-aywu-z7g8" }, { "vulnerability": "VCID-8vmm-1hvf-17ap" }, { "vulnerability": "VCID-8xf2-hjfv-hybh" }, { "vulnerability": "VCID-9der-5csu-nbbq" }, { "vulnerability": "VCID-9uv1-gqq7-3kc9" }, { "vulnerability": "VCID-cjkd-2jr6-n7as" }, { "vulnerability": "VCID-ck88-1urs-2kes" }, { "vulnerability": "VCID-cnkc-vcp7-6kcw" }, { "vulnerability": "VCID-ddfq-28qm-2fbn" }, { "vulnerability": "VCID-gh6k-19h8-fqbf" }, { "vulnerability": "VCID-hg1a-vx5c-hue3" }, { "vulnerability": "VCID-jck5-xymf-s3bh" }, { "vulnerability": "VCID-jqs5-8ct7-wfgk" }, { "vulnerability": "VCID-kyxz-v3sj-w3cw" }, { "vulnerability": "VCID-m4yc-ms54-zyhv" }, { "vulnerability": "VCID-ncbg-6m11-3qan" }, { "vulnerability": "VCID-qwak-6wgy-wfgs" }, { "vulnerability": "VCID-rc91-j3kf-zfch" }, { "vulnerability": "VCID-s6p1-rf35-euhy" }, { "vulnerability": "VCID-u8a4-4pe2-9kcb" }, { "vulnerability": "VCID-ub6x-9dku-c7fk" }, { "vulnerability": "VCID-vehj-ytsm-kqgz" }, { "vulnerability": "VCID-vtz8-zmp4-xbdh" }, { "vulnerability": "VCID-x9j7-98zt-6ygt" }, { "vulnerability": "VCID-xssa-fwbx-kybq" }, { "vulnerability": "VCID-ybv7-hqmj-nbgr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1050285?format=api", "purl": "pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2hap-9mqs-v3b8" }, { "vulnerability": "VCID-2nb2-9vgp-tqg9" }, { "vulnerability": "VCID-3kyu-tx4q-p3aq" }, { "vulnerability": "VCID-4yzj-hrqv-vbcp" }, { "vulnerability": "VCID-5yts-xnha-4bf3" }, { "vulnerability": "VCID-8vmm-1hvf-17ap" }, { "vulnerability": "VCID-8xf2-hjfv-hybh" }, { "vulnerability": "VCID-9uv1-gqq7-3kc9" }, { "vulnerability": "VCID-ck88-1urs-2kes" }, { "vulnerability": "VCID-ddfq-28qm-2fbn" }, { "vulnerability": "VCID-gh6k-19h8-fqbf" }, { "vulnerability": "VCID-rdb5-bbvn-7fcq" }, { "vulnerability": "VCID-ub6x-9dku-c7fk" }, { "vulnerability": "VCID-vtz8-zmp4-xbdh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4" } ], "aliases": [ "CVE-2020-12625" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x9j7-98zt-6ygt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94414?format=api", "vulnerability_id": "VCID-xssa-fwbx-kybq", "summary": "Cross Site Scripting (XSS) vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-18670", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61508", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61583", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61612", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61632", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61646", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61668", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61656", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61637", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61679", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61684", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61669", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61662", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61678", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61672", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.61618", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-18670" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-18670", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-18670" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050285?format=api", "purl": "pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2hap-9mqs-v3b8" }, { "vulnerability": "VCID-2nb2-9vgp-tqg9" }, { "vulnerability": "VCID-3kyu-tx4q-p3aq" }, { "vulnerability": "VCID-4yzj-hrqv-vbcp" }, { "vulnerability": "VCID-5yts-xnha-4bf3" }, { "vulnerability": "VCID-8vmm-1hvf-17ap" }, { "vulnerability": "VCID-8xf2-hjfv-hybh" }, { "vulnerability": "VCID-9uv1-gqq7-3kc9" }, { "vulnerability": "VCID-ck88-1urs-2kes" }, { "vulnerability": "VCID-ddfq-28qm-2fbn" }, { "vulnerability": "VCID-gh6k-19h8-fqbf" }, { "vulnerability": "VCID-rdb5-bbvn-7fcq" }, { "vulnerability": "VCID-ub6x-9dku-c7fk" }, { "vulnerability": "VCID-vtz8-zmp4-xbdh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4" } ], "aliases": [ "CVE-2020-18670" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xssa-fwbx-kybq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50015?format=api", "vulnerability_id": "VCID-ybv7-hqmj-nbgr", "summary": "Multiple vulnerabilities have been discovered in Roundcube, the worst of which could lead to execution of arbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44025", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00629", "scoring_system": "epss", "scoring_elements": "0.7019", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00629", "scoring_system": "epss", "scoring_elements": "0.70202", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00629", "scoring_system": "epss", "scoring_elements": "0.70219", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00629", "scoring_system": "epss", "scoring_elements": "0.70196", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00629", "scoring_system": "epss", "scoring_elements": "0.70242", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00629", "scoring_system": "epss", "scoring_elements": "0.70257", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00629", "scoring_system": "epss", "scoring_elements": "0.7028", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00629", "scoring_system": "epss", "scoring_elements": "0.70266", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00629", "scoring_system": "epss", "scoring_elements": "0.70253", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00629", "scoring_system": "epss", "scoring_elements": "0.70294", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00629", "scoring_system": "epss", "scoring_elements": "0.70304", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00629", "scoring_system": "epss", "scoring_elements": "0.70285", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00629", "scoring_system": "epss", "scoring_elements": "0.70338", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00629", "scoring_system": "epss", "scoring_elements": "0.70347", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00629", "scoring_system": "epss", "scoring_elements": "0.70344", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00629", "scoring_system": "epss", "scoring_elements": "0.70317", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44025" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44025", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44025" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44026", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44026" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000156", "reference_id": "1000156", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000156" }, { "reference_url": "https://security.gentoo.org/glsa/202507-10", "reference_id": "GLSA-202507-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202507-10" }, { "reference_url": "https://usn.ubuntu.com/USN-5182-1/", "reference_id": "USN-USN-5182-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5182-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037819?format=api", "purl": "pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14vp-t71a-4bh1" }, { "vulnerability": "VCID-2eyy-k49d-m3af" }, { "vulnerability": "VCID-2hap-9mqs-v3b8" }, { "vulnerability": "VCID-2k4q-26tk-j3gx" }, { "vulnerability": "VCID-2nb2-9vgp-tqg9" }, { "vulnerability": "VCID-36et-26h7-pke7" }, { "vulnerability": "VCID-3kyu-tx4q-p3aq" }, { "vulnerability": "VCID-4yzj-hrqv-vbcp" }, { "vulnerability": "VCID-5yts-xnha-4bf3" }, { "vulnerability": "VCID-79me-pjdn-ykgq" }, { "vulnerability": "VCID-7nn6-aywu-z7g8" }, { "vulnerability": "VCID-8vmm-1hvf-17ap" }, { "vulnerability": "VCID-8xf2-hjfv-hybh" }, { "vulnerability": "VCID-9der-5csu-nbbq" }, { "vulnerability": "VCID-9uv1-gqq7-3kc9" }, { "vulnerability": "VCID-cjkd-2jr6-n7as" }, { "vulnerability": "VCID-ck88-1urs-2kes" }, { "vulnerability": "VCID-cnkc-vcp7-6kcw" }, { "vulnerability": "VCID-ddfq-28qm-2fbn" }, { "vulnerability": "VCID-gh6k-19h8-fqbf" }, { "vulnerability": "VCID-hg1a-vx5c-hue3" }, { "vulnerability": "VCID-jck5-xymf-s3bh" }, { "vulnerability": "VCID-jqs5-8ct7-wfgk" }, { "vulnerability": "VCID-kyxz-v3sj-w3cw" }, { "vulnerability": "VCID-m4yc-ms54-zyhv" }, { "vulnerability": "VCID-ncbg-6m11-3qan" }, { "vulnerability": "VCID-qwak-6wgy-wfgs" }, { "vulnerability": "VCID-rc91-j3kf-zfch" }, { "vulnerability": "VCID-s6p1-rf35-euhy" }, { "vulnerability": "VCID-u8a4-4pe2-9kcb" }, { "vulnerability": "VCID-ub6x-9dku-c7fk" }, { "vulnerability": "VCID-vehj-ytsm-kqgz" }, { "vulnerability": "VCID-vtz8-zmp4-xbdh" }, { "vulnerability": "VCID-x9j7-98zt-6ygt" }, { "vulnerability": "VCID-xssa-fwbx-kybq" }, { "vulnerability": "VCID-ybv7-hqmj-nbgr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1050285?format=api", "purl": "pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2hap-9mqs-v3b8" }, { "vulnerability": "VCID-2nb2-9vgp-tqg9" }, { "vulnerability": "VCID-3kyu-tx4q-p3aq" }, { "vulnerability": "VCID-4yzj-hrqv-vbcp" }, { "vulnerability": "VCID-5yts-xnha-4bf3" }, { "vulnerability": "VCID-8vmm-1hvf-17ap" }, { "vulnerability": "VCID-8xf2-hjfv-hybh" }, { "vulnerability": "VCID-9uv1-gqq7-3kc9" }, { "vulnerability": "VCID-ck88-1urs-2kes" }, { "vulnerability": "VCID-ddfq-28qm-2fbn" }, { "vulnerability": "VCID-gh6k-19h8-fqbf" }, { "vulnerability": "VCID-rdb5-bbvn-7fcq" }, { "vulnerability": "VCID-ub6x-9dku-c7fk" }, { "vulnerability": "VCID-vtz8-zmp4-xbdh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4" } ], "aliases": [ "CVE-2021-44025" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ybv7-hqmj-nbgr" } ], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4" }