{"url":"http://public2.vulnerablecode.io/api/packages/1077797?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","type":"deb","namespace":"debian","name":"roundcube","version":"1.4.15+dfsg.1-1+deb11u4","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.6.5+dfsg-1+deb12u8","latest_non_vulnerable_version":"1.6.5+dfsg-1+deb12u8","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71824?format=json","vulnerability_id":"VCID-1pan-qjdb-53hh","summary":"An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via SVG content (with animate attributes) in an e-mail message. This may lead to information disclosure or access-control bypass.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35543","reference_id":"","reference_type":"","scores":[{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03461","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.0348","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03466","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03475","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35543"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35543","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35543"},{"reference_url":"https://github.com/roundcube/roundcubemail","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/roundcube/roundcubemail"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35543","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35543"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182","reference_id":"1131182","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.14","reference_id":"1.5.14","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:45Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.14"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.14","reference_id":"1.6.14","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:45Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.14"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5","reference_id":"1.7-rc5","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:45Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/1a63e01542bff42aaa71c00c4c279a09ef31f20c","reference_id":"1a63e01542bff42aaa71c00c4c279a09ef31f20c","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:45Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/1a63e01542bff42aaa71c00c4c279a09ef31f20c"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/39471343ee081ce1d31696c456a2c163462daae3","reference_id":"39471343ee081ce1d31696c456a2c163462daae3","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:45Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/39471343ee081ce1d31696c456a2c163462daae3"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/82ab5eca7b332fce7a174b2b987f0957a66377cd","reference_id":"82ab5eca7b332fce7a174b2b987f0957a66377cd","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:45Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/82ab5eca7b332fce7a174b2b987f0957a66377cd"},{"reference_url":"https://github.com/advisories/GHSA-j2g6-8rvg-7mf6","reference_id":"GHSA-j2g6-8rvg-7mf6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j2g6-8rvg-7mf6"},{"reference_url":"https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14","reference_id":"security-updates-1.7-rc5-1.6.14-1.5.14","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:45Z/"}],"url":"https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1077798?format=json","purl":"pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u8"}],"aliases":["CVE-2026-35543","GHSA-j2g6-8rvg-7mf6"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1pan-qjdb-53hh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65877?format=json","vulnerability_id":"VCID-33t3-4xdt-mudz","summary":"Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when \"Block remote images\" is used, does not block SVG feImage.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25916","reference_id":"","reference_type":"","scores":[{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.1692","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16892","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16906","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16754","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25916"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25916","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25916"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127447","reference_id":"1127447","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127447"},{"reference_url":"https://nullcathedral.com/posts/2026-02-08-roundcube-svg-feimage-remote-image-bypass/","reference_id":"2026-02-08-roundcube-svg-feimage-remote-image-bypass","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-09T14:54:49Z/"}],"url":"https://nullcathedral.com/posts/2026-02-08-roundcube-svg-feimage-remote-image-bypass/"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/26d7677","reference_id":"26d7677","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-09T14:54:49Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/26d7677"},{"reference_url":"https://news.ycombinator.com/item?id=46937012","reference_id":"item?id=46937012","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-09T14:54:49Z/"}],"url":"https://news.ycombinator.com/item?id=46937012"},{"reference_url":"https://usn.ubuntu.com/8223-1/","reference_id":"USN-8223-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8223-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1077798?format=json","purl":"pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u8"}],"aliases":["CVE-2026-25916"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-33t3-4xdt-mudz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71658?format=json","vulnerability_id":"VCID-4kfx-8xyq-h7dz","summary":"An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsanitized IMAP SEARCH command arguments could lead to IMAP injection or CSRF bypass during mail search.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35538","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04427","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.0441","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04413","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04428","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35538"},{"reference_url":"https://github.com/roundcube/roundcubemail","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/roundcube/roundcubemail"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35538","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35538"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182","reference_id":"1131182","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.14","reference_id":"1.5.14","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:11:14Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.14"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.14","reference_id":"1.6.14","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:11:14Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.14"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5","reference_id":"1.7-rc5","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:11:14Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/5fe8a69956a9683a4269f3ad2a68e18deebf8a15","reference_id":"5fe8a69956a9683a4269f3ad2a68e18deebf8a15","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:11:14Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/5fe8a69956a9683a4269f3ad2a68e18deebf8a15"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/7daf5aa9c190ccc75bb31672d8fee9938877fd64","reference_id":"7daf5aa9c190ccc75bb31672d8fee9938877fd64","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:11:14Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/7daf5aa9c190ccc75bb31672d8fee9938877fd64"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/b18a8fa8e81571914c0ff55d4e20edb459c6952c","reference_id":"b18a8fa8e81571914c0ff55d4e20edb459c6952c","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:11:14Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/b18a8fa8e81571914c0ff55d4e20edb459c6952c"},{"reference_url":"https://github.com/advisories/GHSA-8jr8-v43g-5c57","reference_id":"GHSA-8jr8-v43g-5c57","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8jr8-v43g-5c57"},{"reference_url":"https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14","reference_id":"security-updates-1.7-rc5-1.6.14-1.5.14","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:11:14Z/"}],"url":"https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1077798?format=json","purl":"pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u8"}],"aliases":["CVE-2026-35538","GHSA-8jr8-v43g-5c57"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4kfx-8xyq-h7dz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71600?format=json","vulnerability_id":"VCID-4ksc-m92c-6ubv","summary":"An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. XSS exists because of insufficient HTML attachment sanitization in preview mode. A victim must preview a text/html attachment.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35539","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03912","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03934","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03921","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03932","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35539"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35539","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35539"},{"reference_url":"https://github.com/roundcube/roundcubemail","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/roundcube/roundcubemail"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35539","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35539"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/10a6d1fa8acac85c727b0a6ae4a6642bfa27bea1","reference_id":"10a6d1fa8acac85c727b0a6ae4a6642bfa27bea1","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:10:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/10a6d1fa8acac85c727b0a6ae4a6642bfa27bea1"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182","reference_id":"1131182","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.14","reference_id":"1.5.14","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:10:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.14"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.14","reference_id":"1.6.14","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:10:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.14"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5","reference_id":"1.7-rc5","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:10:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/1b30edf5369668c92fe91dae3d52e477c808aa4f","reference_id":"1b30edf5369668c92fe91dae3d52e477c808aa4f","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:10:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/1b30edf5369668c92fe91dae3d52e477c808aa4f"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/d742954ccbcdee7020f8f2e7c49ce0fca5a0efab","reference_id":"d742954ccbcdee7020f8f2e7c49ce0fca5a0efab","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:10:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/d742954ccbcdee7020f8f2e7c49ce0fca5a0efab"},{"reference_url":"https://github.com/advisories/GHSA-x4q5-8j5g-hpjc","reference_id":"GHSA-x4q5-8j5g-hpjc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x4q5-8j5g-hpjc"},{"reference_url":"https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14","reference_id":"security-updates-1.7-rc5-1.6.14-1.5.14","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T13:10:48Z/"}],"url":"https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1077798?format=json","purl":"pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u8"}],"aliases":["CVE-2026-35539","GHSA-x4q5-8j5g-hpjc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4ksc-m92c-6ubv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71582?format=json","vulnerability_id":"VCID-4nqw-h8se-27cy","summary":"An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via a crafted background attribute of a BODY element in an e-mail message. This may lead to information disclosure or access-control bypass.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35542","reference_id":"","reference_type":"","scores":[{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03461","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.0348","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03466","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03475","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35542"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35542","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35542"},{"reference_url":"https://github.com/roundcube/roundcubemail","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/roundcube/roundcubemail"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35542","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35542"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182","reference_id":"1131182","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.14","reference_id":"1.5.14","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:51:19Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.14"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.14","reference_id":"1.6.14","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:51:19Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.14"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5","reference_id":"1.7-rc5","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:51:19Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/e052328e3dc75f13adc2e314eaa4096ac21084ad","reference_id":"e052328e3dc75f13adc2e314eaa4096ac21084ad","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:51:19Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/e052328e3dc75f13adc2e314eaa4096ac21084ad"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/fd0e98178db5c73eaa93d005b561874923f9b0f0","reference_id":"fd0e98178db5c73eaa93d005b561874923f9b0f0","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:51:19Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/fd0e98178db5c73eaa93d005b561874923f9b0f0"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/fde14d01adc9f37893cd82b635883e516ed453f8","reference_id":"fde14d01adc9f37893cd82b635883e516ed453f8","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:51:19Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/fde14d01adc9f37893cd82b635883e516ed453f8"},{"reference_url":"https://github.com/advisories/GHSA-5hf6-crg4-fg59","reference_id":"GHSA-5hf6-crg4-fg59","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5hf6-crg4-fg59"},{"reference_url":"https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14","reference_id":"security-updates-1.7-rc5-1.6.14-1.5.14","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:51:19Z/"}],"url":"https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1077798?format=json","purl":"pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u8"}],"aliases":["CVE-2026-35542","GHSA-5hf6-crg4-fg59"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4nqw-h8se-27cy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98129?format=json","vulnerability_id":"VCID-5ggr-8vz5-p3hp","summary":"Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49113.json","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49113.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49113","reference_id":"","reference_type":"","scores":[{"value":"0.90469","scoring_system":"epss","scoring_elements":"0.99628","published_at":"2026-06-14T12:55:00Z"},{"value":"0.90469","scoring_system":"epss","scoring_elements":"0.99629","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49113"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49113","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49113"},{"reference_url":"https://github.com/roundcube/roundcubemail","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/roundcube/roundcubemail"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/06/msg00008.html","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/06/msg00008.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49113","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49113"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-49113","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-49113"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/06/02/3","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/06/02/3"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/0376f69e958a8fef7f6f09e352c541b4e7729c4d","reference_id":"0376f69e958a8fef7f6f09e352c541b4e7729c4d","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-02-20T20:05:40Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/0376f69e958a8fef7f6f09e352c541b4e7729c4d"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107073","reference_id":"1107073","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107073"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.10","reference_id":"1.5.10","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-02-20T20:05:40Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.10"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.11","reference_id":"1.6.11","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-02-20T20:05:40Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.11"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2369696","reference_id":"2369696","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2369696"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/7408f31379666124a39f9cb1018f62bc5e2dc695","reference_id":"7408f31379666124a39f9cb1018f62bc5e2dc695","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-02-20T20:05:40Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/7408f31379666124a39f9cb1018f62bc5e2dc695"},{"reference_url":"https://github.com/roundcube/roundcubemail/pull/9865","reference_id":"9865","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-02-20T20:05:40Z/"}],"url":"https://github.com/roundcube/roundcubemail/pull/9865"},{"reference_url":"https://security.archlinux.org/ASA-202506-1","reference_id":"ASA-202506-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202506-1"},{"reference_url":"https://security.archlinux.org/AVG-2891","reference_id":"AVG-2891","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2891"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/c50a07d88ca38f018a0f4a0b008e9a1deb32637e","reference_id":"c50a07d88ca38f018a0f4a0b008e9a1deb32637e","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-02-20T20:05:40Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/c50a07d88ca38f018a0f4a0b008e9a1deb32637e"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52324.NA","reference_id":"CVE-2025-49113","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52324.NA"},{"reference_url":"https://www.vicarius.io/vsociety/posts/cve-2025-49113-roundcube-mitigation-script","reference_id":"cve-2025-49113-roundcube-mitigation-script","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-02-20T20:05:40Z/"}],"url":"https://www.vicarius.io/vsociety/posts/cve-2025-49113-roundcube-mitigation-script"},{"reference_url":"https://www.vicarius.io/vsociety/posts/cve-2025-49113-roundcube-vulnerability-detection","reference_id":"cve-2025-49113-roundcube-vulnerability-detection","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-02-20T20:05:40Z/"}],"url":"https://www.vicarius.io/vsociety/posts/cve-2025-49113-roundcube-vulnerability-detection"},{"reference_url":"https://github.com/advisories/GHSA-8j8w-wwqc-x596","reference_id":"GHSA-8j8w-wwqc-x596","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8j8w-wwqc-x596"},{"reference_url":"https://fearsoff.org/research/roundcube","reference_id":"roundcube","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-02-20T20:05:40Z/"}],"url":"https://fearsoff.org/research/roundcube"},{"reference_url":"https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10","reference_id":"security-updates-1.6.11-and-1.5.10","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-02-20T20:05:40Z/"}],"url":"https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10"},{"reference_url":"https://usn.ubuntu.com/7584-1/","reference_id":"USN-7584-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7584-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1077798?format=json","purl":"pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u8"}],"aliases":["CVE-2025-49113","GHSA-8j8w-wwqc-x596"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5ggr-8vz5-p3hp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80435?format=json","vulnerability_id":"VCID-7eu3-ex4x-fua3","summary":"Roundcube Webmail 1.6.x before 1.6.16, and 1.7.x before 1.7.1 allows pre-authentication arbitrary file deletion via redis/memcache session poisoning bypass.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-48847","reference_id":"","reference_type":"","scores":[{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21051","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21225","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21247","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21233","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-48847"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48847","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48847"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137507","reference_id":"1137507","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137507"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.16","reference_id":"1.6.16","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-26T13:02:06Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.16"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7.1","reference_id":"1.7.1","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-26T13:02:06Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7.1"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/703318e6a59515b73b0d8aa2a91e346b02f56baa","reference_id":"703318e6a59515b73b0d8aa2a91e346b02f56baa","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-26T13:02:06Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/703318e6a59515b73b0d8aa2a91e346b02f56baa"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/a4eb375b98cc3d055de665c34efc729dd8ef272a","reference_id":"a4eb375b98cc3d055de665c34efc729dd8ef272a","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-26T13:02:06Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/a4eb375b98cc3d055de665c34efc729dd8ef272a"},{"reference_url":"https://roundcube.net/news/2026/05/24/security-updates-1.6.16-and-1.7.1","reference_id":"security-updates-1.6.16-and-1.7.1","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-26T13:02:06Z/"}],"url":"https://roundcube.net/news/2026/05/24/security-updates-1.6.16-and-1.7.1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1077798?format=json","purl":"pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u8"}],"aliases":["CVE-2026-48847"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7eu3-ex4x-fua3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71617?format=json","vulnerability_id":"VCID-ahv8-wew9-yqge","summary":"An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Incorrect password comparison in the password plugin could lead to type confusion that allows a password change without knowing the old password.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35541","reference_id":"","reference_type":"","scores":[{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03166","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03174","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03162","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03178","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35541"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35541","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35541"},{"reference_url":"https://github.com/roundcube/roundcubemail","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/roundcube/roundcubemail"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35541","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35541"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182","reference_id":"1131182","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.14","reference_id":"1.5.14","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:00Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.14"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.14","reference_id":"1.6.14","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:00Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.14"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5","reference_id":"1.7-rc5","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:00Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/2e6a99b2a38110907ea8d3be8e59ec3d5802c394","reference_id":"2e6a99b2a38110907ea8d3be8e59ec3d5802c394","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:00Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/2e6a99b2a38110907ea8d3be8e59ec3d5802c394"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/6a275676a8043083c05c961914d830b79e2490d4","reference_id":"6a275676a8043083c05c961914d830b79e2490d4","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:00Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/6a275676a8043083c05c961914d830b79e2490d4"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/6fa2bddc59b9c9fd31cad4a9e2954a208d793dce","reference_id":"6fa2bddc59b9c9fd31cad4a9e2954a208d793dce","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:00Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/6fa2bddc59b9c9fd31cad4a9e2954a208d793dce"},{"reference_url":"https://github.com/advisories/GHSA-46pv-mj2g-93gh","reference_id":"GHSA-46pv-mj2g-93gh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-46pv-mj2g-93gh"},{"reference_url":"https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14","reference_id":"security-updates-1.7-rc5-1.6.14-1.5.14","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:00Z/"}],"url":"https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1077798?format=json","purl":"pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u8"}],"aliases":["CVE-2026-35541","GHSA-46pv-mj2g-93gh"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ahv8-wew9-yqge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80484?format=json","vulnerability_id":"VCID-chme-pkx3-xub5","summary":"In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, the remote image blocking feature can be bypassed via a crafted CSS var() value in an e-mail message, which may lead to information disclosure or access-control bypass.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-48846","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12809","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12727","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12828","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12818","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-48846"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48846","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48846"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137507","reference_id":"1137507","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137507"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.16","reference_id":"1.6.16","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-26T13:05:47Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.16"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7.1","reference_id":"1.7.1","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-26T13:05:47Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7.1"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/59cca80908a61e662c5f81741449e9aeb91e8abe","reference_id":"59cca80908a61e662c5f81741449e9aeb91e8abe","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-26T13:05:47Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/59cca80908a61e662c5f81741449e9aeb91e8abe"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/852350486b88b35b8544e8a630fad89e99e2150a","reference_id":"852350486b88b35b8544e8a630fad89e99e2150a","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-26T13:05:47Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/852350486b88b35b8544e8a630fad89e99e2150a"},{"reference_url":"https://roundcube.net/news/2026/05/24/security-updates-1.6.16-and-1.7.1","reference_id":"security-updates-1.6.16-and-1.7.1","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-26T13:05:47Z/"}],"url":"https://roundcube.net/news/2026/05/24/security-updates-1.6.16-and-1.7.1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1077798?format=json","purl":"pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u8"}],"aliases":["CVE-2026-48846"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-chme-pkx3-xub5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80412?format=json","vulnerability_id":"VCID-dw7a-b9jk-c3dd","summary":"Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has insecure code evaluation logic in LDAP the autovalues option that could lead to code injection. (Support for code evaluation has been removed in 1.6.16 and 1.7.1.)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-48844","reference_id":"","reference_type":"","scores":[{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16329","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16458","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16485","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16475","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-48844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48844"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137507","reference_id":"1137507","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137507"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.16","reference_id":"1.6.16","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-26T12:47:59Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.16"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7.1","reference_id":"1.7.1","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-26T12:47:59Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7.1"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/6a777d7394b763ce9acfce86c1a521e14a02d862","reference_id":"6a777d7394b763ce9acfce86c1a521e14a02d862","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-26T12:47:59Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/6a777d7394b763ce9acfce86c1a521e14a02d862"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/ea1798a6fbf060abcc0ba73b2435036bf8016a5a","reference_id":"ea1798a6fbf060abcc0ba73b2435036bf8016a5a","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-26T12:47:59Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/ea1798a6fbf060abcc0ba73b2435036bf8016a5a"},{"reference_url":"https://roundcube.net/news/2026/05/24/security-updates-1.6.16-and-1.7.1","reference_id":"security-updates-1.6.16-and-1.7.1","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-26T12:47:59Z/"}],"url":"https://roundcube.net/news/2026/05/24/security-updates-1.6.16-and-1.7.1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1077798?format=json","purl":"pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u8"}],"aliases":["CVE-2026-48844"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dw7a-b9jk-c3dd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80465?format=json","vulnerability_id":"VCID-ermy-mkje-ayhb","summary":"In Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16 and 1.7.x before 1.7.1, remote image blocking was not honored for URLs pointing to local/private destinations, which may lead to information disclosure or privilege escalation via a text/html email message.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-48845","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12727","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12809","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12828","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12818","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-48845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48845"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137507","reference_id":"1137507","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137507"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.16","reference_id":"1.6.16","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-26T13:06:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.16"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7.1","reference_id":"1.7.1","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-26T13:06:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7.1"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/7b52353653a67e6073b97d70eb94047132b78556","reference_id":"7b52353653a67e6073b97d70eb94047132b78556","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-26T13:06:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/7b52353653a67e6073b97d70eb94047132b78556"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/d82b8c6cd06c378eca6d647ccd548f4ff1c68659","reference_id":"d82b8c6cd06c378eca6d647ccd548f4ff1c68659","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-26T13:06:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/d82b8c6cd06c378eca6d647ccd548f4ff1c68659"},{"reference_url":"https://roundcube.net/news/2026/05/24/security-updates-1.6.16-and-1.7.1","reference_id":"security-updates-1.6.16-and-1.7.1","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-26T13:06:48Z/"}],"url":"https://roundcube.net/news/2026/05/24/security-updates-1.6.16-and-1.7.1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1077798?format=json","purl":"pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u8"}],"aliases":["CVE-2026-48845"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ermy-mkje-ayhb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6446?format=json","vulnerability_id":"VCID-f6bd-3n2d-2fd3","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-15237","reference_id":"","reference_type":"","scores":[{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33795","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33973","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33996","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33974","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-15237"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15237","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15237"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949629","reference_id":"949629","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949629"},{"reference_url":"https://security.gentoo.org/glsa/202507-10","reference_id":"GLSA-202507-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202507-10"},{"reference_url":"https://usn.ubuntu.com/8223-1/","reference_id":"USN-8223-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8223-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1077798?format=json","purl":"pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u8"}],"aliases":["CVE-2019-15237"],"risk_score":1.1,"exploitability":"0.5","weighted_severity":"2.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f6bd-3n2d-2fd3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211405?format=json","vulnerability_id":"VCID-h7yh-bvtu-gqgp","summary":"Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a information disclosure vulnerability in the HTML style sanitizer.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68460.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68460.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-68460","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12928","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.13022","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.13032","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.1301","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-68460"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68460"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122899","reference_id":"1122899","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122899"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2423487","reference_id":"2423487","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2423487"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1077798?format=json","purl":"pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u8"}],"aliases":["CVE-2025-68460"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"4.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h7yh-bvtu-gqgp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/27473?format=json","vulnerability_id":"VCID-nfyj-9ucz-cyc7","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26079.json","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26079.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26079","reference_id":"","reference_type":"","scores":[{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24706","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24905","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.2991","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.29926","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26079"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26079"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127447","reference_id":"1127447","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127447"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.13","reference_id":"1.5.13","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T16:05:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.13"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.13","reference_id":"1.6.13","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T16:05:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.13"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/1f4c3a5af5033747f9685a8a395dbd8228d19816","reference_id":"1f4c3a5af5033747f9685a8a395dbd8228d19816","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T16:05:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/1f4c3a5af5033747f9685a8a395dbd8228d19816"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2438807","reference_id":"2438807","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2438807"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/2b5625f1d2ef7e050fd1ae481b2a52dc35466447","reference_id":"2b5625f1d2ef7e050fd1ae481b2a52dc35466447","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T16:05:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/2b5625f1d2ef7e050fd1ae481b2a52dc35466447"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/53d75d5dfebef235a344d476b900c20c12d52b01","reference_id":"53d75d5dfebef235a344d476b900c20c12d52b01","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T16:05:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/53d75d5dfebef235a344d476b900c20c12d52b01"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/5a3315cce587e0be58335d11ff9a5571c90494a5","reference_id":"5a3315cce587e0be58335d11ff9a5571c90494a5","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T16:05:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/5a3315cce587e0be58335d11ff9a5571c90494a5"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/bf89cbaa5897d8ad62e8057d9a3f6babb90b7954","reference_id":"bf89cbaa5897d8ad62e8057d9a3f6babb90b7954","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T16:05:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/bf89cbaa5897d8ad62e8057d9a3f6babb90b7954"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/c15f5dbf093a497e19a749b20e7f8fb5a9c24cde","reference_id":"c15f5dbf093a497e19a749b20e7f8fb5a9c24cde","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T16:05:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/c15f5dbf093a497e19a749b20e7f8fb5a9c24cde"},{"reference_url":"https://roundcube.net/news/2026/02/08/security-updates-1.6.13-and-1.5.13","reference_id":"security-updates-1.6.13-and-1.5.13","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T16:05:48Z/"}],"url":"https://roundcube.net/news/2026/02/08/security-updates-1.6.13-and-1.5.13"},{"reference_url":"https://usn.ubuntu.com/8223-1/","reference_id":"USN-8223-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8223-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1077798?format=json","purl":"pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u8"}],"aliases":["CVE-2026-26079"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nfyj-9ucz-cyc7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93418?format=json","vulnerability_id":"VCID-njkh-85yd-f7fy","summary":"Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting (XSS) vulnerability via the animate tag in an SVG document.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68461.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68461.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-68461","reference_id":"","reference_type":"","scores":[{"value":"0.06858","scoring_system":"epss","scoring_elements":"0.91568","published_at":"2026-06-11T12:55:00Z"},{"value":"0.06858","scoring_system":"epss","scoring_elements":"0.91597","published_at":"2026-06-12T12:55:00Z"},{"value":"0.11414","scoring_system":"epss","scoring_elements":"0.93765","published_at":"2026-06-14T12:55:00Z"},{"value":"0.11414","scoring_system":"epss","scoring_elements":"0.93763","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-68461"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68461","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68461"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122899","reference_id":"1122899","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122899"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2423507","reference_id":"2423507","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2423507"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/bfa032631c36b900e7444dfa278340b33cbf7cdb","reference_id":"bfa032631c36b900e7444dfa278340b33cbf7cdb","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2026-02-20T20:07:06Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/bfa032631c36b900e7444dfa278340b33cbf7cdb"},{"reference_url":"https://roundcube.net/news/2025/12/13/security-updates-1.6.12-and-1.5.12","reference_id":"security-updates-1.6.12-and-1.5.12","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2026-02-20T20:07:06Z/"}],"url":"https://roundcube.net/news/2025/12/13/security-updates-1.6.12-and-1.5.12"},{"reference_url":"https://usn.ubuntu.com/8097-1/","reference_id":"USN-8097-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8097-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1077798?format=json","purl":"pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u8"}],"aliases":["CVE-2025-68461"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-njkh-85yd-f7fy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80464?format=json","vulnerability_id":"VCID-nnuu-kqha-uqeh","summary":"In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, an unsanitized subject field in the draft restored value could lead to stored XSS/HTML/CSS injection on shared mailboxes.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-48849","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.1001","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10051","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10066","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.1006","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-48849"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48849","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48849"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137507","reference_id":"1137507","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137507"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.16","reference_id":"1.6.16","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-26T13:01:01Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.16"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7.1","reference_id":"1.7.1","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-26T13:01:01Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7.1"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/189d30a4890319cd687df959ca9f768a3a613d61","reference_id":"189d30a4890319cd687df959ca9f768a3a613d61","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-26T13:01:01Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/189d30a4890319cd687df959ca9f768a3a613d61"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/a21519187873ce962db029b6ff68e47bd7f3fd8a","reference_id":"a21519187873ce962db029b6ff68e47bd7f3fd8a","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-26T13:01:01Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/a21519187873ce962db029b6ff68e47bd7f3fd8a"},{"reference_url":"https://roundcube.net/news/2026/05/24/security-updates-1.6.16-and-1.7.1","reference_id":"security-updates-1.6.16-and-1.7.1","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-26T13:01:01Z/"}],"url":"https://roundcube.net/news/2026/05/24/security-updates-1.6.16-and-1.7.1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1077798?format=json","purl":"pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u8"}],"aliases":["CVE-2026-48849"],"risk_score":2.0,"exploitability":"0.5","weighted_severity":"4.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nnuu-kqha-uqeh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80466?format=json","vulnerability_id":"VCID-par8-gwn6-xqgd","summary":"Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7 has insufficient HTML sanitization that could lead to Cascading Style Sheets (CSS) injection via an SVG document that has an animate element with the attributeName attribute.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-48848","reference_id":"","reference_type":"","scores":[{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14476","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14447","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14355","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14474","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-48848"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48848","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48848"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137507","reference_id":"1137507","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137507"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.16","reference_id":"1.6.16","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-26T13:00:37Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.16"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7.1","reference_id":"1.7.1","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-26T13:00:37Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7.1"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/58e5263f341e6a418774fb6d2643669a3c4d8a27","reference_id":"58e5263f341e6a418774fb6d2643669a3c4d8a27","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-26T13:00:37Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/58e5263f341e6a418774fb6d2643669a3c4d8a27"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/c960d102472dc579e15907d5bcdc3103a090ccf9","reference_id":"c960d102472dc579e15907d5bcdc3103a090ccf9","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-26T13:00:37Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/c960d102472dc579e15907d5bcdc3103a090ccf9"},{"reference_url":"https://roundcube.net/news/2026/05/24/security-updates-1.6.16-and-1.7.1","reference_id":"security-updates-1.6.16-and-1.7.1","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-26T13:00:37Z/"}],"url":"https://roundcube.net/news/2026/05/24/security-updates-1.6.16-and-1.7.1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1077798?format=json","purl":"pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u8"}],"aliases":["CVE-2026-48848"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-par8-gwn6-xqgd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71837?format=json","vulnerability_id":"VCID-pdqp-9vg1-wyg9","summary":"An issue was discovered in Roundcube Webmail 1.6.0 before 1.6.14. Insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35540","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04576","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04554","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04574","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.0456","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35540"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35540","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35540"},{"reference_url":"https://github.com/roundcube/roundcubemail","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/roundcube/roundcubemail"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35540","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35540"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182","reference_id":"1131182","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.14","reference_id":"1.6.14","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:31Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.14"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5","reference_id":"1.7-rc5","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:31Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/27ec6cc9cb25e1ef8b4d4ef39ce76d619caa6870","reference_id":"27ec6cc9cb25e1ef8b4d4ef39ce76d619caa6870","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:31Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/27ec6cc9cb25e1ef8b4d4ef39ce76d619caa6870"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/579b68eff90650a5c782e153debd66c765648942","reference_id":"579b68eff90650a5c782e153debd66c765648942","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:31Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/579b68eff90650a5c782e153debd66c765648942"},{"reference_url":"https://github.com/advisories/GHSA-vxg2-hhgr-37fx","reference_id":"GHSA-vxg2-hhgr-37fx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vxg2-hhgr-37fx"},{"reference_url":"https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14","reference_id":"security-updates-1.7-rc5-1.6.14-1.5.14","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:52:31Z/"}],"url":"https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1077798?format=json","purl":"pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u8"}],"aliases":["CVE-2026-35540","GHSA-vxg2-hhgr-37fx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pdqp-9vg1-wyg9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71862?format=json","vulnerability_id":"VCID-tz7t-shha-tqc5","summary":"An issue was discovered in Roundcube Webmail before 1.5.15 and 1.6.15. The remote image blocking feature can be bypassed via SVG content in an e-mail message. This may lead to information disclosure or access-control bypass. This involves the animate element with attributeName=fill/filter/stroke.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35545","reference_id":"","reference_type":"","scores":[{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.16018","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.16134","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.16168","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.1616","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35545"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35545","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35545"},{"reference_url":"https://github.com/roundcube/roundcubemail","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/roundcube/roundcubemail"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35545","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35545"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132268","reference_id":"1132268","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132268"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.15","reference_id":"1.5.15","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T15:35:57Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.15"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.15","reference_id":"1.6.15","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T15:35:57Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.15"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc6","reference_id":"1.7-rc6","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T15:35:57Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc6"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/7ad62de184368bf42c0f522d1aacc030f5ddcc46","reference_id":"7ad62de184368bf42c0f522d1aacc030f5ddcc46","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T15:35:57Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/7ad62de184368bf42c0f522d1aacc030f5ddcc46"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/9d18d524f3cc211003fc99e2e54eed09a2f3da88","reference_id":"9d18d524f3cc211003fc99e2e54eed09a2f3da88","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T15:35:57Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/9d18d524f3cc211003fc99e2e54eed09a2f3da88"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/fe1320b199d3a2f58351bb699c9ed4316e73221b","reference_id":"fe1320b199d3a2f58351bb699c9ed4316e73221b","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T15:35:57Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/fe1320b199d3a2f58351bb699c9ed4316e73221b"},{"reference_url":"https://github.com/advisories/GHSA-w846-74jr-76cv","reference_id":"GHSA-w846-74jr-76cv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w846-74jr-76cv"},{"reference_url":"https://roundcube.net/news/2026/03/29/security-updates-1.7-rc6-1.6.15-1.5.15","reference_id":"security-updates-1.7-rc6-1.6.15-1.5.15","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T15:35:57Z/"}],"url":"https://roundcube.net/news/2026/03/29/security-updates-1.7-rc6-1.6.15-1.5.15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1077798?format=json","purl":"pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u8"}],"aliases":["CVE-2026-35545","GHSA-w846-74jr-76cv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tz7t-shha-tqc5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71520?format=json","vulnerability_id":"VCID-ypk7-n5fc-5ye9","summary":"An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to a fixed-position mitigation bypass via the use of !important.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35544","reference_id":"","reference_type":"","scores":[{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03465","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03484","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.0347","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03479","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-35544"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35544","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35544"},{"reference_url":"https://github.com/roundcube/roundcubemail","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/roundcube/roundcubemail"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35544","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35544"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/099009b9c8e1d3c636fb9a5af72f7c2596018662","reference_id":"099009b9c8e1d3c636fb9a5af72f7c2596018662","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:06Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/099009b9c8e1d3c636fb9a5af72f7c2596018662"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182","reference_id":"1131182","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131182"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.14","reference_id":"1.5.14","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:06Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.14"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.14","reference_id":"1.6.14","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:06Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.14"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5","reference_id":"1.7-rc5","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:06Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/226811a1c974271dbedca72672923abaff8191c0","reference_id":"226811a1c974271dbedca72672923abaff8191c0","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:06Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/226811a1c974271dbedca72672923abaff8191c0"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/57dec0c127b98e0c8e3b9c26c80049b9c4bcaea7","reference_id":"57dec0c127b98e0c8e3b9c26c80049b9c4bcaea7","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:06Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/57dec0c127b98e0c8e3b9c26c80049b9c4bcaea7"},{"reference_url":"https://github.com/advisories/GHSA-xpqh-grpw-4xmg","reference_id":"GHSA-xpqh-grpw-4xmg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xpqh-grpw-4xmg"},{"reference_url":"https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14","reference_id":"security-updates-1.7-rc5-1.6.14-1.5.14","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T12:50:06Z/"}],"url":"https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1077798?format=json","purl":"pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u8"}],"aliases":["CVE-2026-35544","GHSA-xpqh-grpw-4xmg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ypk7-n5fc-5ye9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80461?format=json","vulnerability_id":"VCID-zjx2-yaym-dqcz","summary":"Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16,and 1.7.x before 1.7.1 has Insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts. The issue stems from an insufficient fix for CVE-2026-35540.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-48843","reference_id":"","reference_type":"","scores":[{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.1226","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12335","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12356","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.1235","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-48843"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48843","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48843"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137507","reference_id":"1137507","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137507"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.16","reference_id":"1.6.16","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-26T12:50:34Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.16"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7.1","reference_id":"1.7.1","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-26T12:50:34Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7.1"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/ab96c88bfd888866ec5e02190b19618db283923a","reference_id":"ab96c88bfd888866ec5e02190b19618db283923a","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-26T12:50:34Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/ab96c88bfd888866ec5e02190b19618db283923a"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/cb3fc9041e91640ba9ba49ee7b2147c176ebf5a1","reference_id":"cb3fc9041e91640ba9ba49ee7b2147c176ebf5a1","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-26T12:50:34Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/cb3fc9041e91640ba9ba49ee7b2147c176ebf5a1"},{"reference_url":"https://roundcube.net/news/2026/05/24/security-updates-1.6.16-and-1.7.1","reference_id":"security-updates-1.6.16-and-1.7.1","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-26T12:50:34Z/"}],"url":"https://roundcube.net/news/2026/05/24/security-updates-1.6.16-and-1.7.1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1077798?format=json","purl":"pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u8"}],"aliases":["CVE-2026-48843"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zjx2-yaym-dqcz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80507?format=json","vulnerability_id":"VCID-zq73-pyu4-h3g5","summary":"Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuser_query plugin via a preg_replace() backslash escape bypass.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-48842","reference_id":"","reference_type":"","scores":[{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.31798","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.31981","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.32003","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.31986","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-48842"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48842","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48842"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137507","reference_id":"1137507","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137507"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.16","reference_id":"1.6.16","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-26T12:58:31Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.16"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7.1","reference_id":"1.7.1","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-26T12:58:31Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.7.1"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/3406183a9976e36f992d3468f37d0e2346526ee9","reference_id":"3406183a9976e36f992d3468f37d0e2346526ee9","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-26T12:58:31Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/3406183a9976e36f992d3468f37d0e2346526ee9"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/87124cc7136a48b5fa9d2b40dfead6e9dcaeaf4b","reference_id":"87124cc7136a48b5fa9d2b40dfead6e9dcaeaf4b","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-26T12:58:31Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/87124cc7136a48b5fa9d2b40dfead6e9dcaeaf4b"},{"reference_url":"https://roundcube.net/news/2026/05/24/security-updates-1.6.16-and-1.7.1","reference_id":"security-updates-1.6.16-and-1.7.1","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-26T12:58:31Z/"}],"url":"https://roundcube.net/news/2026/05/24/security-updates-1.6.16-and-1.7.1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1077798?format=json","purl":"pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u8"}],"aliases":["CVE-2026-48842"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zq73-pyu4-h3g5"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/153617?format=json","vulnerability_id":"VCID-2pgb-uwem-h3ar","summary":"An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. There is XSS via a malicious XML attachment because text/xml is among the allowed types for a preview.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13965.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13965.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13965","reference_id":"","reference_type":"","scores":[{"value":"0.71819","scoring_system":"epss","scoring_elements":"0.98764","published_at":"2026-06-13T12:55:00Z"},{"value":"0.71819","scoring_system":"epss","scoring_elements":"0.98765","published_at":"2026-06-14T12:55:00Z"},{"value":"0.71819","scoring_system":"epss","scoring_elements":"0.98758","published_at":"2026-06-11T12:55:00Z"},{"value":"0.71819","scoring_system":"epss","scoring_elements":"0.98762","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13965"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13964","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13964"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13965","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13965"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.3.12","reference_id":"1.3.12","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.3.12"},{"reference_url":"https://github.com/roundcube/roundcubemail/compare/1.4.4...1.4.5","reference_id":"1.4.4...1.4.5","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/"}],"url":"https://github.com/roundcube/roundcubemail/compare/1.4.4...1.4.5"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.4.5","reference_id":"1.4.5","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.4.5"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1848338","reference_id":"1848338","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1848338"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/884eb611627ef2bd5a2e20e02009ebb1eceecdc3","reference_id":"884eb611627ef2bd5a2e20e02009ebb1eceecdc3","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/884eb611627ef2bd5a2e20e02009ebb1eceecdc3"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962124","reference_id":"962124","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962124"},{"reference_url":"https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-13965-Cross%20Site-Scripting%20via%20Malicious%20XML%20Attachment-Roundcube","reference_id":"CVE-2020-13965-Cross%20Site-Scripting%20via%20Malicious%20XML%20Attachment-Roundcube","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/"}],"url":"https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-13965-Cross%20Site-Scripting%20via%20Malicious%20XML%20Attachment-Roundcube"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLESQ4LPJGMSWHQ4TBRTVQRDG7IXAZCW/","reference_id":"DLESQ4LPJGMSWHQ4TBRTVQRDG7IXAZCW","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLESQ4LPJGMSWHQ4TBRTVQRDG7IXAZCW/"},{"reference_url":"https://www.debian.org/security/2020/dsa-4700","reference_id":"dsa-4700","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/"}],"url":"https://www.debian.org/security/2020/dsa-4700"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ODPJXBHZ32QSP4MYT2OBCALYXSUJ47SK/","reference_id":"ODPJXBHZ32QSP4MYT2OBCALYXSUJ47SK","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ODPJXBHZ32QSP4MYT2OBCALYXSUJ47SK/"},{"reference_url":"https://roundcube.net/news/2020/06/02/security-updates-1.4.5-and-1.3.12","reference_id":"security-updates-1.4.5-and-1.3.12","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T15:33:41Z/"}],"url":"https://roundcube.net/news/2020/06/02/security-updates-1.4.5-and-1.3.12"},{"reference_url":"https://usn.ubuntu.com/USN-5182-1/","reference_id":"USN-USN-5182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1076997?format=json","purl":"pkg:deb/debian/roundcube@1.2.3%2Bdfsg.1-4%2Bdeb9u6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pan-qjdb-53hh"},{"vulnerability":"VCID-2c8n-dwgj-d3dw"},{"vulnerability":"VCID-2pgb-uwem-h3ar"},{"vulnerability":"VCID-33t3-4xdt-mudz"},{"vulnerability":"VCID-3cfa-7wge-d7a8"},{"vulnerability":"VCID-43uk-86r9-pygh"},{"vulnerability":"VCID-4kfx-8xyq-h7dz"},{"vulnerability":"VCID-4ksc-m92c-6ubv"},{"vulnerability":"VCID-4nqw-h8se-27cy"},{"vulnerability":"VCID-5ase-acjx-kffw"},{"vulnerability":"VCID-5ggr-8vz5-p3hp"},{"vulnerability":"VCID-7eu3-ex4x-fua3"},{"vulnerability":"VCID-86tm-143m-cyas"},{"vulnerability":"VCID-8s13-v3gv-efhj"},{"vulnerability":"VCID-abev-bbjb-cue6"},{"vulnerability":"VCID-ahv8-wew9-yqge"},{"vulnerability":"VCID-ampw-136d-9yf4"},{"vulnerability":"VCID-cftw-zeqb-5khs"},{"vulnerability":"VCID-chme-pkx3-xub5"},{"vulnerability":"VCID-dw7a-b9jk-c3dd"},{"vulnerability":"VCID-dzp6-798v-w7am"},{"vulnerability":"VCID-ermy-mkje-ayhb"},{"vulnerability":"VCID-ezd7-utbe-ryaa"},{"vulnerability":"VCID-gbu5-8a2e-mqdb"},{"vulnerability":"VCID-gd6a-p28z-8uea"},{"vulnerability":"VCID-h5a4-hpws-h3fv"},{"vulnerability":"VCID-h7yh-bvtu-gqgp"},{"vulnerability":"VCID-haym-dk3e-aqbf"},{"vulnerability":"VCID-hydk-88d6-uqha"},{"vulnerability":"VCID-hyz1-qrsp-sbcv"},{"vulnerability":"VCID-jdkj-s9h7-hqfx"},{"vulnerability":"VCID-nfyj-9ucz-cyc7"},{"vulnerability":"VCID-njkh-85yd-f7fy"},{"vulnerability":"VCID-nnuu-kqha-uqeh"},{"vulnerability":"VCID-p4n3-6w9k-akde"},{"vulnerability":"VCID-p9rd-gezp-c7a2"},{"vulnerability":"VCID-par8-gwn6-xqgd"},{"vulnerability":"VCID-pdqp-9vg1-wyg9"},{"vulnerability":"VCID-pyed-syag-4kcg"},{"vulnerability":"VCID-qxcm-qjew-d3cw"},{"vulnerability":"VCID-rn93-e1k8-cycs"},{"vulnerability":"VCID-tz7t-shha-tqc5"},{"vulnerability":"VCID-u5fq-8zr1-xqhv"},{"vulnerability":"VCID-ufvv-rm7c-s3b2"},{"vulnerability":"VCID-y4aq-wjze-7kft"},{"vulnerability":"VCID-y9r2-67uj-cfd1"},{"vulnerability":"VCID-ypk7-n5fc-5ye9"},{"vulnerability":"VCID-zjx2-yaym-dqcz"},{"vulnerability":"VCID-zp7v-cp58-a3e8"},{"vulnerability":"VCID-zq73-pyu4-h3g5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.2.3%252Bdfsg.1-4%252Bdeb9u6"},{"url":"http://public2.vulnerablecode.io/api/packages/1078285?format=json","purl":"pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pan-qjdb-53hh"},{"vulnerability":"VCID-2pgb-uwem-h3ar"},{"vulnerability":"VCID-33t3-4xdt-mudz"},{"vulnerability":"VCID-43uk-86r9-pygh"},{"vulnerability":"VCID-4kfx-8xyq-h7dz"},{"vulnerability":"VCID-4ksc-m92c-6ubv"},{"vulnerability":"VCID-4nqw-h8se-27cy"},{"vulnerability":"VCID-5ggr-8vz5-p3hp"},{"vulnerability":"VCID-7eu3-ex4x-fua3"},{"vulnerability":"VCID-86tm-143m-cyas"},{"vulnerability":"VCID-8s13-v3gv-efhj"},{"vulnerability":"VCID-abev-bbjb-cue6"},{"vulnerability":"VCID-ahv8-wew9-yqge"},{"vulnerability":"VCID-ampw-136d-9yf4"},{"vulnerability":"VCID-cftw-zeqb-5khs"},{"vulnerability":"VCID-chme-pkx3-xub5"},{"vulnerability":"VCID-dw7a-b9jk-c3dd"},{"vulnerability":"VCID-dzp6-798v-w7am"},{"vulnerability":"VCID-ermy-mkje-ayhb"},{"vulnerability":"VCID-gbu5-8a2e-mqdb"},{"vulnerability":"VCID-gd6a-p28z-8uea"},{"vulnerability":"VCID-h5a4-hpws-h3fv"},{"vulnerability":"VCID-h7yh-bvtu-gqgp"},{"vulnerability":"VCID-haym-dk3e-aqbf"},{"vulnerability":"VCID-hydk-88d6-uqha"},{"vulnerability":"VCID-hyz1-qrsp-sbcv"},{"vulnerability":"VCID-jdkj-s9h7-hqfx"},{"vulnerability":"VCID-nfyj-9ucz-cyc7"},{"vulnerability":"VCID-njkh-85yd-f7fy"},{"vulnerability":"VCID-nnuu-kqha-uqeh"},{"vulnerability":"VCID-p4n3-6w9k-akde"},{"vulnerability":"VCID-par8-gwn6-xqgd"},{"vulnerability":"VCID-pdqp-9vg1-wyg9"},{"vulnerability":"VCID-pyed-syag-4kcg"},{"vulnerability":"VCID-qxcm-qjew-d3cw"},{"vulnerability":"VCID-rn93-e1k8-cycs"},{"vulnerability":"VCID-tz7t-shha-tqc5"},{"vulnerability":"VCID-u5fq-8zr1-xqhv"},{"vulnerability":"VCID-ufvv-rm7c-s3b2"},{"vulnerability":"VCID-y9r2-67uj-cfd1"},{"vulnerability":"VCID-ypk7-n5fc-5ye9"},{"vulnerability":"VCID-zjx2-yaym-dqcz"},{"vulnerability":"VCID-zp7v-cp58-a3e8"},{"vulnerability":"VCID-zq73-pyu4-h3g5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1077797?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pan-qjdb-53hh"},{"vulnerability":"VCID-33t3-4xdt-mudz"},{"vulnerability":"VCID-4kfx-8xyq-h7dz"},{"vulnerability":"VCID-4ksc-m92c-6ubv"},{"vulnerability":"VCID-4nqw-h8se-27cy"},{"vulnerability":"VCID-5ggr-8vz5-p3hp"},{"vulnerability":"VCID-7eu3-ex4x-fua3"},{"vulnerability":"VCID-ahv8-wew9-yqge"},{"vulnerability":"VCID-chme-pkx3-xub5"},{"vulnerability":"VCID-dw7a-b9jk-c3dd"},{"vulnerability":"VCID-ermy-mkje-ayhb"},{"vulnerability":"VCID-f6bd-3n2d-2fd3"},{"vulnerability":"VCID-h7yh-bvtu-gqgp"},{"vulnerability":"VCID-nfyj-9ucz-cyc7"},{"vulnerability":"VCID-njkh-85yd-f7fy"},{"vulnerability":"VCID-nnuu-kqha-uqeh"},{"vulnerability":"VCID-par8-gwn6-xqgd"},{"vulnerability":"VCID-pdqp-9vg1-wyg9"},{"vulnerability":"VCID-tz7t-shha-tqc5"},{"vulnerability":"VCID-ypk7-n5fc-5ye9"},{"vulnerability":"VCID-zjx2-yaym-dqcz"},{"vulnerability":"VCID-zq73-pyu4-h3g5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2020-13965"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"5.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2pgb-uwem-h3ar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/152923?format=json","vulnerability_id":"VCID-43uk-86r9-pygh","summary":"An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference element that is mishandled by linkref_addindex in rcube_string_replacer.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35730","reference_id":"","reference_type":"","scores":[{"value":"0.67424","scoring_system":"epss","scoring_elements":"0.98596","published_at":"2026-06-13T12:55:00Z"},{"value":"0.67424","scoring_system":"epss","scoring_elements":"0.98598","published_at":"2026-06-14T12:55:00Z"},{"value":"0.67424","scoring_system":"epss","scoring_elements":"0.98592","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35730"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35730","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35730"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.2.13","reference_id":"1.2.13","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:21:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.2.13"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.3.16","reference_id":"1.3.16","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:21:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.3.16"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.4.10","reference_id":"1.4.10","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:21:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.4.10"},{"reference_url":"https://github.com/roundcube/roundcubemail/compare/1.4.9...1.4.10","reference_id":"1.4.9...1.4.10","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:21:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/compare/1.4.9...1.4.10"},{"reference_url":"https://security.archlinux.org/ASA-202101-2","reference_id":"ASA-202101-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-2"},{"reference_url":"https://security.archlinux.org/AVG-1388","reference_id":"AVG-1388","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1388"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978491","reference_id":"bugreport.cgi?bug=978491","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:21:48Z/"}],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978491"},{"reference_url":"https://roundcube.net/download/","reference_id":"download","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:21:48Z/"}],"url":"https://roundcube.net/download/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HCEU4BM5WGIDJWP6Z4PCH62ZMH57QYM2/","reference_id":"HCEU4BM5WGIDJWP6Z4PCH62ZMH57QYM2","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:21:48Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HCEU4BM5WGIDJWP6Z4PCH62ZMH57QYM2/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HMLIZWKMTRCLU7KZLEQHELS4INXJ7X5Q/","reference_id":"HMLIZWKMTRCLU7KZLEQHELS4INXJ7X5Q","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:21:48Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HMLIZWKMTRCLU7KZLEQHELS4INXJ7X5Q/"},{"reference_url":"https://www.alexbirnberg.com/roundcube-xss.html","reference_id":"roundcube-xss.html","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:21:48Z/"}],"url":"https://www.alexbirnberg.com/roundcube-xss.html"},{"reference_url":"https://usn.ubuntu.com/USN-5182-1/","reference_id":"USN-USN-5182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1078285?format=json","purl":"pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pan-qjdb-53hh"},{"vulnerability":"VCID-2pgb-uwem-h3ar"},{"vulnerability":"VCID-33t3-4xdt-mudz"},{"vulnerability":"VCID-43uk-86r9-pygh"},{"vulnerability":"VCID-4kfx-8xyq-h7dz"},{"vulnerability":"VCID-4ksc-m92c-6ubv"},{"vulnerability":"VCID-4nqw-h8se-27cy"},{"vulnerability":"VCID-5ggr-8vz5-p3hp"},{"vulnerability":"VCID-7eu3-ex4x-fua3"},{"vulnerability":"VCID-86tm-143m-cyas"},{"vulnerability":"VCID-8s13-v3gv-efhj"},{"vulnerability":"VCID-abev-bbjb-cue6"},{"vulnerability":"VCID-ahv8-wew9-yqge"},{"vulnerability":"VCID-ampw-136d-9yf4"},{"vulnerability":"VCID-cftw-zeqb-5khs"},{"vulnerability":"VCID-chme-pkx3-xub5"},{"vulnerability":"VCID-dw7a-b9jk-c3dd"},{"vulnerability":"VCID-dzp6-798v-w7am"},{"vulnerability":"VCID-ermy-mkje-ayhb"},{"vulnerability":"VCID-gbu5-8a2e-mqdb"},{"vulnerability":"VCID-gd6a-p28z-8uea"},{"vulnerability":"VCID-h5a4-hpws-h3fv"},{"vulnerability":"VCID-h7yh-bvtu-gqgp"},{"vulnerability":"VCID-haym-dk3e-aqbf"},{"vulnerability":"VCID-hydk-88d6-uqha"},{"vulnerability":"VCID-hyz1-qrsp-sbcv"},{"vulnerability":"VCID-jdkj-s9h7-hqfx"},{"vulnerability":"VCID-nfyj-9ucz-cyc7"},{"vulnerability":"VCID-njkh-85yd-f7fy"},{"vulnerability":"VCID-nnuu-kqha-uqeh"},{"vulnerability":"VCID-p4n3-6w9k-akde"},{"vulnerability":"VCID-par8-gwn6-xqgd"},{"vulnerability":"VCID-pdqp-9vg1-wyg9"},{"vulnerability":"VCID-pyed-syag-4kcg"},{"vulnerability":"VCID-qxcm-qjew-d3cw"},{"vulnerability":"VCID-rn93-e1k8-cycs"},{"vulnerability":"VCID-tz7t-shha-tqc5"},{"vulnerability":"VCID-u5fq-8zr1-xqhv"},{"vulnerability":"VCID-ufvv-rm7c-s3b2"},{"vulnerability":"VCID-y9r2-67uj-cfd1"},{"vulnerability":"VCID-ypk7-n5fc-5ye9"},{"vulnerability":"VCID-zjx2-yaym-dqcz"},{"vulnerability":"VCID-zp7v-cp58-a3e8"},{"vulnerability":"VCID-zq73-pyu4-h3g5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1077797?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pan-qjdb-53hh"},{"vulnerability":"VCID-33t3-4xdt-mudz"},{"vulnerability":"VCID-4kfx-8xyq-h7dz"},{"vulnerability":"VCID-4ksc-m92c-6ubv"},{"vulnerability":"VCID-4nqw-h8se-27cy"},{"vulnerability":"VCID-5ggr-8vz5-p3hp"},{"vulnerability":"VCID-7eu3-ex4x-fua3"},{"vulnerability":"VCID-ahv8-wew9-yqge"},{"vulnerability":"VCID-chme-pkx3-xub5"},{"vulnerability":"VCID-dw7a-b9jk-c3dd"},{"vulnerability":"VCID-ermy-mkje-ayhb"},{"vulnerability":"VCID-f6bd-3n2d-2fd3"},{"vulnerability":"VCID-h7yh-bvtu-gqgp"},{"vulnerability":"VCID-nfyj-9ucz-cyc7"},{"vulnerability":"VCID-njkh-85yd-f7fy"},{"vulnerability":"VCID-nnuu-kqha-uqeh"},{"vulnerability":"VCID-par8-gwn6-xqgd"},{"vulnerability":"VCID-pdqp-9vg1-wyg9"},{"vulnerability":"VCID-tz7t-shha-tqc5"},{"vulnerability":"VCID-ypk7-n5fc-5ye9"},{"vulnerability":"VCID-zjx2-yaym-dqcz"},{"vulnerability":"VCID-zq73-pyu4-h3g5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2020-35730"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-43uk-86r9-pygh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/197283?format=json","vulnerability_id":"VCID-86tm-143m-cyas","summary":"cross-site scripting","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26925","reference_id":"","reference_type":"","scores":[{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.4961","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49746","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49766","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49753","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26925"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26925","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26925"},{"reference_url":"https://security.archlinux.org/ASA-202102-27","reference_id":"ASA-202102-27","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202102-27"},{"reference_url":"https://security.archlinux.org/AVG-1551","reference_id":"AVG-1551","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1551"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1077797?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pan-qjdb-53hh"},{"vulnerability":"VCID-33t3-4xdt-mudz"},{"vulnerability":"VCID-4kfx-8xyq-h7dz"},{"vulnerability":"VCID-4ksc-m92c-6ubv"},{"vulnerability":"VCID-4nqw-h8se-27cy"},{"vulnerability":"VCID-5ggr-8vz5-p3hp"},{"vulnerability":"VCID-7eu3-ex4x-fua3"},{"vulnerability":"VCID-ahv8-wew9-yqge"},{"vulnerability":"VCID-chme-pkx3-xub5"},{"vulnerability":"VCID-dw7a-b9jk-c3dd"},{"vulnerability":"VCID-ermy-mkje-ayhb"},{"vulnerability":"VCID-f6bd-3n2d-2fd3"},{"vulnerability":"VCID-h7yh-bvtu-gqgp"},{"vulnerability":"VCID-nfyj-9ucz-cyc7"},{"vulnerability":"VCID-njkh-85yd-f7fy"},{"vulnerability":"VCID-nnuu-kqha-uqeh"},{"vulnerability":"VCID-par8-gwn6-xqgd"},{"vulnerability":"VCID-pdqp-9vg1-wyg9"},{"vulnerability":"VCID-tz7t-shha-tqc5"},{"vulnerability":"VCID-ypk7-n5fc-5ye9"},{"vulnerability":"VCID-zjx2-yaym-dqcz"},{"vulnerability":"VCID-zq73-pyu4-h3g5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2021-26925"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-86tm-143m-cyas"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40957?format=json","vulnerability_id":"VCID-8s13-v3gv-efhj","summary":"A Cross-Site Scripting vulnerability in rcmail_action_mail_get->run() in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a malicious e-mail attachment served with a dangerous Content-Type header.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-42008","reference_id":"","reference_type":"","scores":[{"value":"0.50951","scoring_system":"epss","scoring_elements":"0.97928","published_at":"2026-06-11T12:55:00Z"},{"value":"0.50951","scoring_system":"epss","scoring_elements":"0.97936","published_at":"2026-06-14T12:55:00Z"},{"value":"0.50951","scoring_system":"epss","scoring_elements":"0.97935","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-42008"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42008","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42008"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42009","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42009"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42010","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42010"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077969","reference_id":"1077969","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077969"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.8","reference_id":"1.5.8","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-07T19:56:10Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.8"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.8","reference_id":"1.6.8","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-07T19:56:10Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.8"},{"reference_url":"https://sonarsource.com/blog/government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail/","reference_id":"government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-07T19:56:10Z/"}],"url":"https://sonarsource.com/blog/government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail/"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases","reference_id":"releases","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-07T19:56:10Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases"},{"reference_url":"https://roundcube.net/news/2024/08/04/security-updates-1.6.8-and-1.5.8","reference_id":"security-updates-1.6.8-and-1.5.8","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-07T19:56:10Z/"}],"url":"https://roundcube.net/news/2024/08/04/security-updates-1.6.8-and-1.5.8"},{"reference_url":"https://usn.ubuntu.com/8223-1/","reference_id":"USN-8223-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8223-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1077797?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pan-qjdb-53hh"},{"vulnerability":"VCID-33t3-4xdt-mudz"},{"vulnerability":"VCID-4kfx-8xyq-h7dz"},{"vulnerability":"VCID-4ksc-m92c-6ubv"},{"vulnerability":"VCID-4nqw-h8se-27cy"},{"vulnerability":"VCID-5ggr-8vz5-p3hp"},{"vulnerability":"VCID-7eu3-ex4x-fua3"},{"vulnerability":"VCID-ahv8-wew9-yqge"},{"vulnerability":"VCID-chme-pkx3-xub5"},{"vulnerability":"VCID-dw7a-b9jk-c3dd"},{"vulnerability":"VCID-ermy-mkje-ayhb"},{"vulnerability":"VCID-f6bd-3n2d-2fd3"},{"vulnerability":"VCID-h7yh-bvtu-gqgp"},{"vulnerability":"VCID-nfyj-9ucz-cyc7"},{"vulnerability":"VCID-njkh-85yd-f7fy"},{"vulnerability":"VCID-nnuu-kqha-uqeh"},{"vulnerability":"VCID-par8-gwn6-xqgd"},{"vulnerability":"VCID-pdqp-9vg1-wyg9"},{"vulnerability":"VCID-tz7t-shha-tqc5"},{"vulnerability":"VCID-ypk7-n5fc-5ye9"},{"vulnerability":"VCID-zjx2-yaym-dqcz"},{"vulnerability":"VCID-zq73-pyu4-h3g5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2024-42008"],"risk_score":4.2,"exploitability":"0.5","weighted_severity":"8.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8s13-v3gv-efhj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/152050?format=json","vulnerability_id":"VCID-abev-bbjb-cue6","summary":"rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12641","reference_id":"","reference_type":"","scores":[{"value":"0.93275","scoring_system":"epss","scoring_elements":"0.99817","published_at":"2026-06-14T12:55:00Z"},{"value":"0.93275","scoring_system":"epss","scoring_elements":"0.99816","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12641"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12641","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12641"},{"reference_url":"https://github.com/roundcube/roundcubemail/compare/1.4.3...1.4.4","reference_id":"1.4.3...1.4.4","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:53:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/compare/1.4.3...1.4.4"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.4.4","reference_id":"1.4.4","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:53:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.4.4"},{"reference_url":"https://security.gentoo.org/glsa/202007-41","reference_id":"202007-41","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:53:48Z/"}],"url":"https://security.gentoo.org/glsa/202007-41"},{"reference_url":"https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-12641-Command%20Injection-Roundcube","reference_id":"CVE-2020-12641-Command%20Injection-Roundcube","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:53:48Z/"}],"url":"https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-12641-Command%20Injection-Roundcube"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/fcfb099477f353373c34c8a65c9035b06b364db3","reference_id":"fcfb099477f353373c34c8a65c9035b06b364db3","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:53:48Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/fcfb099477f353373c34c8a65c9035b06b364db3"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00083.html","reference_id":"msg00083.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:53:48Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00083.html"},{"reference_url":"https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1.3.11-and-1.2.10","reference_id":"security-updates-1.4.4-1.3.11-and-1.2.10","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:53:48Z/"}],"url":"https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1.3.11-and-1.2.10"},{"reference_url":"https://usn.ubuntu.com/USN-5182-1/","reference_id":"USN-USN-5182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1077797?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pan-qjdb-53hh"},{"vulnerability":"VCID-33t3-4xdt-mudz"},{"vulnerability":"VCID-4kfx-8xyq-h7dz"},{"vulnerability":"VCID-4ksc-m92c-6ubv"},{"vulnerability":"VCID-4nqw-h8se-27cy"},{"vulnerability":"VCID-5ggr-8vz5-p3hp"},{"vulnerability":"VCID-7eu3-ex4x-fua3"},{"vulnerability":"VCID-ahv8-wew9-yqge"},{"vulnerability":"VCID-chme-pkx3-xub5"},{"vulnerability":"VCID-dw7a-b9jk-c3dd"},{"vulnerability":"VCID-ermy-mkje-ayhb"},{"vulnerability":"VCID-f6bd-3n2d-2fd3"},{"vulnerability":"VCID-h7yh-bvtu-gqgp"},{"vulnerability":"VCID-nfyj-9ucz-cyc7"},{"vulnerability":"VCID-njkh-85yd-f7fy"},{"vulnerability":"VCID-nnuu-kqha-uqeh"},{"vulnerability":"VCID-par8-gwn6-xqgd"},{"vulnerability":"VCID-pdqp-9vg1-wyg9"},{"vulnerability":"VCID-tz7t-shha-tqc5"},{"vulnerability":"VCID-ypk7-n5fc-5ye9"},{"vulnerability":"VCID-zjx2-yaym-dqcz"},{"vulnerability":"VCID-zq73-pyu4-h3g5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2020-12641"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-abev-bbjb-cue6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/179685?format=json","vulnerability_id":"VCID-ampw-136d-9yf4","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12625","reference_id":"","reference_type":"","scores":[{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.85116","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.85168","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.85178","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.85171","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12625"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12625","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12625"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12626","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12626"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959140","reference_id":"959140","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959140"},{"reference_url":"https://usn.ubuntu.com/USN-5182-1/","reference_id":"USN-USN-5182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1076997?format=json","purl":"pkg:deb/debian/roundcube@1.2.3%2Bdfsg.1-4%2Bdeb9u6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pan-qjdb-53hh"},{"vulnerability":"VCID-2c8n-dwgj-d3dw"},{"vulnerability":"VCID-2pgb-uwem-h3ar"},{"vulnerability":"VCID-33t3-4xdt-mudz"},{"vulnerability":"VCID-3cfa-7wge-d7a8"},{"vulnerability":"VCID-43uk-86r9-pygh"},{"vulnerability":"VCID-4kfx-8xyq-h7dz"},{"vulnerability":"VCID-4ksc-m92c-6ubv"},{"vulnerability":"VCID-4nqw-h8se-27cy"},{"vulnerability":"VCID-5ase-acjx-kffw"},{"vulnerability":"VCID-5ggr-8vz5-p3hp"},{"vulnerability":"VCID-7eu3-ex4x-fua3"},{"vulnerability":"VCID-86tm-143m-cyas"},{"vulnerability":"VCID-8s13-v3gv-efhj"},{"vulnerability":"VCID-abev-bbjb-cue6"},{"vulnerability":"VCID-ahv8-wew9-yqge"},{"vulnerability":"VCID-ampw-136d-9yf4"},{"vulnerability":"VCID-cftw-zeqb-5khs"},{"vulnerability":"VCID-chme-pkx3-xub5"},{"vulnerability":"VCID-dw7a-b9jk-c3dd"},{"vulnerability":"VCID-dzp6-798v-w7am"},{"vulnerability":"VCID-ermy-mkje-ayhb"},{"vulnerability":"VCID-ezd7-utbe-ryaa"},{"vulnerability":"VCID-gbu5-8a2e-mqdb"},{"vulnerability":"VCID-gd6a-p28z-8uea"},{"vulnerability":"VCID-h5a4-hpws-h3fv"},{"vulnerability":"VCID-h7yh-bvtu-gqgp"},{"vulnerability":"VCID-haym-dk3e-aqbf"},{"vulnerability":"VCID-hydk-88d6-uqha"},{"vulnerability":"VCID-hyz1-qrsp-sbcv"},{"vulnerability":"VCID-jdkj-s9h7-hqfx"},{"vulnerability":"VCID-nfyj-9ucz-cyc7"},{"vulnerability":"VCID-njkh-85yd-f7fy"},{"vulnerability":"VCID-nnuu-kqha-uqeh"},{"vulnerability":"VCID-p4n3-6w9k-akde"},{"vulnerability":"VCID-p9rd-gezp-c7a2"},{"vulnerability":"VCID-par8-gwn6-xqgd"},{"vulnerability":"VCID-pdqp-9vg1-wyg9"},{"vulnerability":"VCID-pyed-syag-4kcg"},{"vulnerability":"VCID-qxcm-qjew-d3cw"},{"vulnerability":"VCID-rn93-e1k8-cycs"},{"vulnerability":"VCID-tz7t-shha-tqc5"},{"vulnerability":"VCID-u5fq-8zr1-xqhv"},{"vulnerability":"VCID-ufvv-rm7c-s3b2"},{"vulnerability":"VCID-y4aq-wjze-7kft"},{"vulnerability":"VCID-y9r2-67uj-cfd1"},{"vulnerability":"VCID-ypk7-n5fc-5ye9"},{"vulnerability":"VCID-zjx2-yaym-dqcz"},{"vulnerability":"VCID-zp7v-cp58-a3e8"},{"vulnerability":"VCID-zq73-pyu4-h3g5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.2.3%252Bdfsg.1-4%252Bdeb9u6"},{"url":"http://public2.vulnerablecode.io/api/packages/1078285?format=json","purl":"pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pan-qjdb-53hh"},{"vulnerability":"VCID-2pgb-uwem-h3ar"},{"vulnerability":"VCID-33t3-4xdt-mudz"},{"vulnerability":"VCID-43uk-86r9-pygh"},{"vulnerability":"VCID-4kfx-8xyq-h7dz"},{"vulnerability":"VCID-4ksc-m92c-6ubv"},{"vulnerability":"VCID-4nqw-h8se-27cy"},{"vulnerability":"VCID-5ggr-8vz5-p3hp"},{"vulnerability":"VCID-7eu3-ex4x-fua3"},{"vulnerability":"VCID-86tm-143m-cyas"},{"vulnerability":"VCID-8s13-v3gv-efhj"},{"vulnerability":"VCID-abev-bbjb-cue6"},{"vulnerability":"VCID-ahv8-wew9-yqge"},{"vulnerability":"VCID-ampw-136d-9yf4"},{"vulnerability":"VCID-cftw-zeqb-5khs"},{"vulnerability":"VCID-chme-pkx3-xub5"},{"vulnerability":"VCID-dw7a-b9jk-c3dd"},{"vulnerability":"VCID-dzp6-798v-w7am"},{"vulnerability":"VCID-ermy-mkje-ayhb"},{"vulnerability":"VCID-gbu5-8a2e-mqdb"},{"vulnerability":"VCID-gd6a-p28z-8uea"},{"vulnerability":"VCID-h5a4-hpws-h3fv"},{"vulnerability":"VCID-h7yh-bvtu-gqgp"},{"vulnerability":"VCID-haym-dk3e-aqbf"},{"vulnerability":"VCID-hydk-88d6-uqha"},{"vulnerability":"VCID-hyz1-qrsp-sbcv"},{"vulnerability":"VCID-jdkj-s9h7-hqfx"},{"vulnerability":"VCID-nfyj-9ucz-cyc7"},{"vulnerability":"VCID-njkh-85yd-f7fy"},{"vulnerability":"VCID-nnuu-kqha-uqeh"},{"vulnerability":"VCID-p4n3-6w9k-akde"},{"vulnerability":"VCID-par8-gwn6-xqgd"},{"vulnerability":"VCID-pdqp-9vg1-wyg9"},{"vulnerability":"VCID-pyed-syag-4kcg"},{"vulnerability":"VCID-qxcm-qjew-d3cw"},{"vulnerability":"VCID-rn93-e1k8-cycs"},{"vulnerability":"VCID-tz7t-shha-tqc5"},{"vulnerability":"VCID-u5fq-8zr1-xqhv"},{"vulnerability":"VCID-ufvv-rm7c-s3b2"},{"vulnerability":"VCID-y9r2-67uj-cfd1"},{"vulnerability":"VCID-ypk7-n5fc-5ye9"},{"vulnerability":"VCID-zjx2-yaym-dqcz"},{"vulnerability":"VCID-zp7v-cp58-a3e8"},{"vulnerability":"VCID-zq73-pyu4-h3g5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1077797?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pan-qjdb-53hh"},{"vulnerability":"VCID-33t3-4xdt-mudz"},{"vulnerability":"VCID-4kfx-8xyq-h7dz"},{"vulnerability":"VCID-4ksc-m92c-6ubv"},{"vulnerability":"VCID-4nqw-h8se-27cy"},{"vulnerability":"VCID-5ggr-8vz5-p3hp"},{"vulnerability":"VCID-7eu3-ex4x-fua3"},{"vulnerability":"VCID-ahv8-wew9-yqge"},{"vulnerability":"VCID-chme-pkx3-xub5"},{"vulnerability":"VCID-dw7a-b9jk-c3dd"},{"vulnerability":"VCID-ermy-mkje-ayhb"},{"vulnerability":"VCID-f6bd-3n2d-2fd3"},{"vulnerability":"VCID-h7yh-bvtu-gqgp"},{"vulnerability":"VCID-nfyj-9ucz-cyc7"},{"vulnerability":"VCID-njkh-85yd-f7fy"},{"vulnerability":"VCID-nnuu-kqha-uqeh"},{"vulnerability":"VCID-par8-gwn6-xqgd"},{"vulnerability":"VCID-pdqp-9vg1-wyg9"},{"vulnerability":"VCID-tz7t-shha-tqc5"},{"vulnerability":"VCID-ypk7-n5fc-5ye9"},{"vulnerability":"VCID-zjx2-yaym-dqcz"},{"vulnerability":"VCID-zq73-pyu4-h3g5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2020-12625"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ampw-136d-9yf4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/188725?format=json","vulnerability_id":"VCID-cftw-zeqb-5khs","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15562","reference_id":"","reference_type":"","scores":[{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75495","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75566","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.7558","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75574","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15562"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15562","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15562"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964355","reference_id":"964355","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964355"},{"reference_url":"https://usn.ubuntu.com/USN-5182-1/","reference_id":"USN-USN-5182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1078285?format=json","purl":"pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pan-qjdb-53hh"},{"vulnerability":"VCID-2pgb-uwem-h3ar"},{"vulnerability":"VCID-33t3-4xdt-mudz"},{"vulnerability":"VCID-43uk-86r9-pygh"},{"vulnerability":"VCID-4kfx-8xyq-h7dz"},{"vulnerability":"VCID-4ksc-m92c-6ubv"},{"vulnerability":"VCID-4nqw-h8se-27cy"},{"vulnerability":"VCID-5ggr-8vz5-p3hp"},{"vulnerability":"VCID-7eu3-ex4x-fua3"},{"vulnerability":"VCID-86tm-143m-cyas"},{"vulnerability":"VCID-8s13-v3gv-efhj"},{"vulnerability":"VCID-abev-bbjb-cue6"},{"vulnerability":"VCID-ahv8-wew9-yqge"},{"vulnerability":"VCID-ampw-136d-9yf4"},{"vulnerability":"VCID-cftw-zeqb-5khs"},{"vulnerability":"VCID-chme-pkx3-xub5"},{"vulnerability":"VCID-dw7a-b9jk-c3dd"},{"vulnerability":"VCID-dzp6-798v-w7am"},{"vulnerability":"VCID-ermy-mkje-ayhb"},{"vulnerability":"VCID-gbu5-8a2e-mqdb"},{"vulnerability":"VCID-gd6a-p28z-8uea"},{"vulnerability":"VCID-h5a4-hpws-h3fv"},{"vulnerability":"VCID-h7yh-bvtu-gqgp"},{"vulnerability":"VCID-haym-dk3e-aqbf"},{"vulnerability":"VCID-hydk-88d6-uqha"},{"vulnerability":"VCID-hyz1-qrsp-sbcv"},{"vulnerability":"VCID-jdkj-s9h7-hqfx"},{"vulnerability":"VCID-nfyj-9ucz-cyc7"},{"vulnerability":"VCID-njkh-85yd-f7fy"},{"vulnerability":"VCID-nnuu-kqha-uqeh"},{"vulnerability":"VCID-p4n3-6w9k-akde"},{"vulnerability":"VCID-par8-gwn6-xqgd"},{"vulnerability":"VCID-pdqp-9vg1-wyg9"},{"vulnerability":"VCID-pyed-syag-4kcg"},{"vulnerability":"VCID-qxcm-qjew-d3cw"},{"vulnerability":"VCID-rn93-e1k8-cycs"},{"vulnerability":"VCID-tz7t-shha-tqc5"},{"vulnerability":"VCID-u5fq-8zr1-xqhv"},{"vulnerability":"VCID-ufvv-rm7c-s3b2"},{"vulnerability":"VCID-y9r2-67uj-cfd1"},{"vulnerability":"VCID-ypk7-n5fc-5ye9"},{"vulnerability":"VCID-zjx2-yaym-dqcz"},{"vulnerability":"VCID-zp7v-cp58-a3e8"},{"vulnerability":"VCID-zq73-pyu4-h3g5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1077797?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pan-qjdb-53hh"},{"vulnerability":"VCID-33t3-4xdt-mudz"},{"vulnerability":"VCID-4kfx-8xyq-h7dz"},{"vulnerability":"VCID-4ksc-m92c-6ubv"},{"vulnerability":"VCID-4nqw-h8se-27cy"},{"vulnerability":"VCID-5ggr-8vz5-p3hp"},{"vulnerability":"VCID-7eu3-ex4x-fua3"},{"vulnerability":"VCID-ahv8-wew9-yqge"},{"vulnerability":"VCID-chme-pkx3-xub5"},{"vulnerability":"VCID-dw7a-b9jk-c3dd"},{"vulnerability":"VCID-ermy-mkje-ayhb"},{"vulnerability":"VCID-f6bd-3n2d-2fd3"},{"vulnerability":"VCID-h7yh-bvtu-gqgp"},{"vulnerability":"VCID-nfyj-9ucz-cyc7"},{"vulnerability":"VCID-njkh-85yd-f7fy"},{"vulnerability":"VCID-nnuu-kqha-uqeh"},{"vulnerability":"VCID-par8-gwn6-xqgd"},{"vulnerability":"VCID-pdqp-9vg1-wyg9"},{"vulnerability":"VCID-tz7t-shha-tqc5"},{"vulnerability":"VCID-ypk7-n5fc-5ye9"},{"vulnerability":"VCID-zjx2-yaym-dqcz"},{"vulnerability":"VCID-zq73-pyu4-h3g5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2020-15562"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cftw-zeqb-5khs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207819?format=json","vulnerability_id":"VCID-dzp6-798v-w7am","summary":"Cross Site Scripting (XSS) vulnerability in Roundcube Mail <=1.4.4 via smtp config in /installer/test.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-18671","reference_id":"","reference_type":"","scores":[{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.602","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.60306","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.60317","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.60311","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-18671"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-18671","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-18671"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1077797?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pan-qjdb-53hh"},{"vulnerability":"VCID-33t3-4xdt-mudz"},{"vulnerability":"VCID-4kfx-8xyq-h7dz"},{"vulnerability":"VCID-4ksc-m92c-6ubv"},{"vulnerability":"VCID-4nqw-h8se-27cy"},{"vulnerability":"VCID-5ggr-8vz5-p3hp"},{"vulnerability":"VCID-7eu3-ex4x-fua3"},{"vulnerability":"VCID-ahv8-wew9-yqge"},{"vulnerability":"VCID-chme-pkx3-xub5"},{"vulnerability":"VCID-dw7a-b9jk-c3dd"},{"vulnerability":"VCID-ermy-mkje-ayhb"},{"vulnerability":"VCID-f6bd-3n2d-2fd3"},{"vulnerability":"VCID-h7yh-bvtu-gqgp"},{"vulnerability":"VCID-nfyj-9ucz-cyc7"},{"vulnerability":"VCID-njkh-85yd-f7fy"},{"vulnerability":"VCID-nnuu-kqha-uqeh"},{"vulnerability":"VCID-par8-gwn6-xqgd"},{"vulnerability":"VCID-pdqp-9vg1-wyg9"},{"vulnerability":"VCID-tz7t-shha-tqc5"},{"vulnerability":"VCID-ypk7-n5fc-5ye9"},{"vulnerability":"VCID-zjx2-yaym-dqcz"},{"vulnerability":"VCID-zq73-pyu4-h3g5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2020-18671"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dzp6-798v-w7am"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/186107?format=json","vulnerability_id":"VCID-gbu5-8a2e-mqdb","summary":"A flaw in Roundcube's handling of configuration files may allow\n    arbitrary code execution, amongst other vulnerabilities.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12640","reference_id":"","reference_type":"","scores":[{"value":"0.11246","scoring_system":"epss","scoring_elements":"0.93684","published_at":"2026-06-11T12:55:00Z"},{"value":"0.11246","scoring_system":"epss","scoring_elements":"0.93705","published_at":"2026-06-12T12:55:00Z"},{"value":"0.11246","scoring_system":"epss","scoring_elements":"0.93709","published_at":"2026-06-13T12:55:00Z"},{"value":"0.11246","scoring_system":"epss","scoring_elements":"0.9371","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12640"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12640","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12640"},{"reference_url":"https://usn.ubuntu.com/USN-5182-1/","reference_id":"USN-USN-5182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1077797?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pan-qjdb-53hh"},{"vulnerability":"VCID-33t3-4xdt-mudz"},{"vulnerability":"VCID-4kfx-8xyq-h7dz"},{"vulnerability":"VCID-4ksc-m92c-6ubv"},{"vulnerability":"VCID-4nqw-h8se-27cy"},{"vulnerability":"VCID-5ggr-8vz5-p3hp"},{"vulnerability":"VCID-7eu3-ex4x-fua3"},{"vulnerability":"VCID-ahv8-wew9-yqge"},{"vulnerability":"VCID-chme-pkx3-xub5"},{"vulnerability":"VCID-dw7a-b9jk-c3dd"},{"vulnerability":"VCID-ermy-mkje-ayhb"},{"vulnerability":"VCID-f6bd-3n2d-2fd3"},{"vulnerability":"VCID-h7yh-bvtu-gqgp"},{"vulnerability":"VCID-nfyj-9ucz-cyc7"},{"vulnerability":"VCID-njkh-85yd-f7fy"},{"vulnerability":"VCID-nnuu-kqha-uqeh"},{"vulnerability":"VCID-par8-gwn6-xqgd"},{"vulnerability":"VCID-pdqp-9vg1-wyg9"},{"vulnerability":"VCID-tz7t-shha-tqc5"},{"vulnerability":"VCID-ypk7-n5fc-5ye9"},{"vulnerability":"VCID-zjx2-yaym-dqcz"},{"vulnerability":"VCID-zq73-pyu4-h3g5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2020-12640"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gbu5-8a2e-mqdb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207818?format=json","vulnerability_id":"VCID-gd6a-p28z-8uea","summary":"Cross Site Scripting (XSS) vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-18670","reference_id":"","reference_type":"","scores":[{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.62078","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.6218","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.62191","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.62189","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-18670"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-18670","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-18670"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1077797?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pan-qjdb-53hh"},{"vulnerability":"VCID-33t3-4xdt-mudz"},{"vulnerability":"VCID-4kfx-8xyq-h7dz"},{"vulnerability":"VCID-4ksc-m92c-6ubv"},{"vulnerability":"VCID-4nqw-h8se-27cy"},{"vulnerability":"VCID-5ggr-8vz5-p3hp"},{"vulnerability":"VCID-7eu3-ex4x-fua3"},{"vulnerability":"VCID-ahv8-wew9-yqge"},{"vulnerability":"VCID-chme-pkx3-xub5"},{"vulnerability":"VCID-dw7a-b9jk-c3dd"},{"vulnerability":"VCID-ermy-mkje-ayhb"},{"vulnerability":"VCID-f6bd-3n2d-2fd3"},{"vulnerability":"VCID-h7yh-bvtu-gqgp"},{"vulnerability":"VCID-nfyj-9ucz-cyc7"},{"vulnerability":"VCID-njkh-85yd-f7fy"},{"vulnerability":"VCID-nnuu-kqha-uqeh"},{"vulnerability":"VCID-par8-gwn6-xqgd"},{"vulnerability":"VCID-pdqp-9vg1-wyg9"},{"vulnerability":"VCID-tz7t-shha-tqc5"},{"vulnerability":"VCID-ypk7-n5fc-5ye9"},{"vulnerability":"VCID-zjx2-yaym-dqcz"},{"vulnerability":"VCID-zq73-pyu4-h3g5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2020-18670"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gd6a-p28z-8uea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45325?format=json","vulnerability_id":"VCID-h5a4-hpws-h3fv","summary":"Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-37383.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-37383.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-37383","reference_id":"","reference_type":"","scores":[{"value":"0.64028","scoring_system":"epss","scoring_elements":"0.98455","published_at":"2026-06-11T12:55:00Z"},{"value":"0.64028","scoring_system":"epss","scoring_elements":"0.9846","published_at":"2026-06-14T12:55:00Z"},{"value":"0.64028","scoring_system":"epss","scoring_elements":"0.98461","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-37383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37384","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37384"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071474","reference_id":"1071474","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071474"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.7","reference_id":"1.5.7","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-25T18:32:17Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.7"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.7","reference_id":"1.6.7","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-25T18:32:17Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.7"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2290826","reference_id":"2290826","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2290826"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/43aaaa528646877789ec028d87924ba1accf5242","reference_id":"43aaaa528646877789ec028d87924ba1accf5242","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-25T18:32:17Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/43aaaa528646877789ec028d87924ba1accf5242"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52173.txt","reference_id":"CVE-2024-37383","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52173.txt"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00008.html","reference_id":"msg00008.html","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-25T18:32:17Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00008.html"},{"reference_url":"https://usn.ubuntu.com/6848-1/","reference_id":"USN-6848-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6848-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1077797?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pan-qjdb-53hh"},{"vulnerability":"VCID-33t3-4xdt-mudz"},{"vulnerability":"VCID-4kfx-8xyq-h7dz"},{"vulnerability":"VCID-4ksc-m92c-6ubv"},{"vulnerability":"VCID-4nqw-h8se-27cy"},{"vulnerability":"VCID-5ggr-8vz5-p3hp"},{"vulnerability":"VCID-7eu3-ex4x-fua3"},{"vulnerability":"VCID-ahv8-wew9-yqge"},{"vulnerability":"VCID-chme-pkx3-xub5"},{"vulnerability":"VCID-dw7a-b9jk-c3dd"},{"vulnerability":"VCID-ermy-mkje-ayhb"},{"vulnerability":"VCID-f6bd-3n2d-2fd3"},{"vulnerability":"VCID-h7yh-bvtu-gqgp"},{"vulnerability":"VCID-nfyj-9ucz-cyc7"},{"vulnerability":"VCID-njkh-85yd-f7fy"},{"vulnerability":"VCID-nnuu-kqha-uqeh"},{"vulnerability":"VCID-par8-gwn6-xqgd"},{"vulnerability":"VCID-pdqp-9vg1-wyg9"},{"vulnerability":"VCID-tz7t-shha-tqc5"},{"vulnerability":"VCID-ypk7-n5fc-5ye9"},{"vulnerability":"VCID-zjx2-yaym-dqcz"},{"vulnerability":"VCID-zq73-pyu4-h3g5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2024-37383"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h5a4-hpws-h3fv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/195096?format=json","vulnerability_id":"VCID-haym-dk3e-aqbf","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-16145","reference_id":"","reference_type":"","scores":[{"value":"0.00704","scoring_system":"epss","scoring_elements":"0.72559","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00704","scoring_system":"epss","scoring_elements":"0.72636","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00704","scoring_system":"epss","scoring_elements":"0.72651","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00704","scoring_system":"epss","scoring_elements":"0.72649","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-16145"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16145","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16145"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968216","reference_id":"968216","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968216"},{"reference_url":"https://usn.ubuntu.com/USN-5182-1/","reference_id":"USN-USN-5182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1078285?format=json","purl":"pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pan-qjdb-53hh"},{"vulnerability":"VCID-2pgb-uwem-h3ar"},{"vulnerability":"VCID-33t3-4xdt-mudz"},{"vulnerability":"VCID-43uk-86r9-pygh"},{"vulnerability":"VCID-4kfx-8xyq-h7dz"},{"vulnerability":"VCID-4ksc-m92c-6ubv"},{"vulnerability":"VCID-4nqw-h8se-27cy"},{"vulnerability":"VCID-5ggr-8vz5-p3hp"},{"vulnerability":"VCID-7eu3-ex4x-fua3"},{"vulnerability":"VCID-86tm-143m-cyas"},{"vulnerability":"VCID-8s13-v3gv-efhj"},{"vulnerability":"VCID-abev-bbjb-cue6"},{"vulnerability":"VCID-ahv8-wew9-yqge"},{"vulnerability":"VCID-ampw-136d-9yf4"},{"vulnerability":"VCID-cftw-zeqb-5khs"},{"vulnerability":"VCID-chme-pkx3-xub5"},{"vulnerability":"VCID-dw7a-b9jk-c3dd"},{"vulnerability":"VCID-dzp6-798v-w7am"},{"vulnerability":"VCID-ermy-mkje-ayhb"},{"vulnerability":"VCID-gbu5-8a2e-mqdb"},{"vulnerability":"VCID-gd6a-p28z-8uea"},{"vulnerability":"VCID-h5a4-hpws-h3fv"},{"vulnerability":"VCID-h7yh-bvtu-gqgp"},{"vulnerability":"VCID-haym-dk3e-aqbf"},{"vulnerability":"VCID-hydk-88d6-uqha"},{"vulnerability":"VCID-hyz1-qrsp-sbcv"},{"vulnerability":"VCID-jdkj-s9h7-hqfx"},{"vulnerability":"VCID-nfyj-9ucz-cyc7"},{"vulnerability":"VCID-njkh-85yd-f7fy"},{"vulnerability":"VCID-nnuu-kqha-uqeh"},{"vulnerability":"VCID-p4n3-6w9k-akde"},{"vulnerability":"VCID-par8-gwn6-xqgd"},{"vulnerability":"VCID-pdqp-9vg1-wyg9"},{"vulnerability":"VCID-pyed-syag-4kcg"},{"vulnerability":"VCID-qxcm-qjew-d3cw"},{"vulnerability":"VCID-rn93-e1k8-cycs"},{"vulnerability":"VCID-tz7t-shha-tqc5"},{"vulnerability":"VCID-u5fq-8zr1-xqhv"},{"vulnerability":"VCID-ufvv-rm7c-s3b2"},{"vulnerability":"VCID-y9r2-67uj-cfd1"},{"vulnerability":"VCID-ypk7-n5fc-5ye9"},{"vulnerability":"VCID-zjx2-yaym-dqcz"},{"vulnerability":"VCID-zp7v-cp58-a3e8"},{"vulnerability":"VCID-zq73-pyu4-h3g5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1077797?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pan-qjdb-53hh"},{"vulnerability":"VCID-33t3-4xdt-mudz"},{"vulnerability":"VCID-4kfx-8xyq-h7dz"},{"vulnerability":"VCID-4ksc-m92c-6ubv"},{"vulnerability":"VCID-4nqw-h8se-27cy"},{"vulnerability":"VCID-5ggr-8vz5-p3hp"},{"vulnerability":"VCID-7eu3-ex4x-fua3"},{"vulnerability":"VCID-ahv8-wew9-yqge"},{"vulnerability":"VCID-chme-pkx3-xub5"},{"vulnerability":"VCID-dw7a-b9jk-c3dd"},{"vulnerability":"VCID-ermy-mkje-ayhb"},{"vulnerability":"VCID-f6bd-3n2d-2fd3"},{"vulnerability":"VCID-h7yh-bvtu-gqgp"},{"vulnerability":"VCID-nfyj-9ucz-cyc7"},{"vulnerability":"VCID-njkh-85yd-f7fy"},{"vulnerability":"VCID-nnuu-kqha-uqeh"},{"vulnerability":"VCID-par8-gwn6-xqgd"},{"vulnerability":"VCID-pdqp-9vg1-wyg9"},{"vulnerability":"VCID-tz7t-shha-tqc5"},{"vulnerability":"VCID-ypk7-n5fc-5ye9"},{"vulnerability":"VCID-zjx2-yaym-dqcz"},{"vulnerability":"VCID-zq73-pyu4-h3g5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2020-16145"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-haym-dk3e-aqbf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17864?format=json","vulnerability_id":"VCID-hydk-88d6-uqha","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5631","reference_id":"","reference_type":"","scores":[{"value":"0.83235","scoring_system":"epss","scoring_elements":"0.99286","published_at":"2026-06-11T12:55:00Z"},{"value":"0.83235","scoring_system":"epss","scoring_elements":"0.99287","published_at":"2026-06-14T12:55:00Z"},{"value":"0.83235","scoring_system":"epss","scoring_elements":"0.99289","published_at":"2026-06-13T12:55:00Z"},{"value":"0.83235","scoring_system":"epss","scoring_elements":"0.99288","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5631"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5631","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5631"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/11/01/1","reference_id":"1","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/11/01/1"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.4.15","reference_id":"1.4.15","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.4.15"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.5","reference_id":"1.5.5","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.5"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.4","reference_id":"1.6.4","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.4"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/11/17/2","reference_id":"2","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/11/17/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/11/01/3","reference_id":"3","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/11/01/3"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/41756cc3331b495cc0b71886984474dc529dd31d","reference_id":"41756cc3331b495cc0b71886984474dc529dd31d","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/41756cc3331b495cc0b71886984474dc529dd31d"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/6ee6e7ae301e165e2b2cb703edf75552e5376613","reference_id":"6ee6e7ae301e165e2b2cb703edf75552e5376613","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/6ee6e7ae301e165e2b2cb703edf75552e5376613"},{"reference_url":"https://github.com/roundcube/roundcubemail/issues/9168","reference_id":"9168","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/"}],"url":"https://github.com/roundcube/roundcubemail/issues/9168"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054079","reference_id":"bugreport.cgi?bug=1054079","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/"}],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054079"},{"reference_url":"https://www.debian.org/security/2023/dsa-5531","reference_id":"dsa-5531","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/"}],"url":"https://www.debian.org/security/2023/dsa-5531"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LK67Q46OIEGJCRQUBHKLH3IIJTBNGGX4/","reference_id":"LK67Q46OIEGJCRQUBHKLH3IIJTBNGGX4","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LK67Q46OIEGJCRQUBHKLH3IIJTBNGGX4/"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00035.html","reference_id":"msg00035.html","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00035.html"},{"reference_url":"https://roundcube.net/news/2023/10/16/security-update-1.6.4-released","reference_id":"security-update-1.6.4-released","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/"}],"url":"https://roundcube.net/news/2023/10/16/security-update-1.6.4-released"},{"reference_url":"https://roundcube.net/news/2023/10/16/security-updates-1.5.5-and-1.4.15","reference_id":"security-updates-1.5.5-and-1.4.15","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-11-15T16:39:21Z/"}],"url":"https://roundcube.net/news/2023/10/16/security-updates-1.5.5-and-1.4.15"},{"reference_url":"https://usn.ubuntu.com/6848-1/","reference_id":"USN-6848-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6848-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1077797?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pan-qjdb-53hh"},{"vulnerability":"VCID-33t3-4xdt-mudz"},{"vulnerability":"VCID-4kfx-8xyq-h7dz"},{"vulnerability":"VCID-4ksc-m92c-6ubv"},{"vulnerability":"VCID-4nqw-h8se-27cy"},{"vulnerability":"VCID-5ggr-8vz5-p3hp"},{"vulnerability":"VCID-7eu3-ex4x-fua3"},{"vulnerability":"VCID-ahv8-wew9-yqge"},{"vulnerability":"VCID-chme-pkx3-xub5"},{"vulnerability":"VCID-dw7a-b9jk-c3dd"},{"vulnerability":"VCID-ermy-mkje-ayhb"},{"vulnerability":"VCID-f6bd-3n2d-2fd3"},{"vulnerability":"VCID-h7yh-bvtu-gqgp"},{"vulnerability":"VCID-nfyj-9ucz-cyc7"},{"vulnerability":"VCID-njkh-85yd-f7fy"},{"vulnerability":"VCID-nnuu-kqha-uqeh"},{"vulnerability":"VCID-par8-gwn6-xqgd"},{"vulnerability":"VCID-pdqp-9vg1-wyg9"},{"vulnerability":"VCID-tz7t-shha-tqc5"},{"vulnerability":"VCID-ypk7-n5fc-5ye9"},{"vulnerability":"VCID-zjx2-yaym-dqcz"},{"vulnerability":"VCID-zq73-pyu4-h3g5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2023-5631"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hydk-88d6-uqha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/181294?format=json","vulnerability_id":"VCID-hyz1-qrsp-sbcv","summary":"Multiple vulnerabilities have been discovered in Roundcube, the worst of which could lead to execution of arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44025","reference_id":"","reference_type":"","scores":[{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70745","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70836","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70849","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70846","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44025"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44025","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44025"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44026","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44026"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000156","reference_id":"1000156","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000156"},{"reference_url":"https://security.gentoo.org/glsa/202507-10","reference_id":"GLSA-202507-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202507-10"},{"reference_url":"https://usn.ubuntu.com/USN-5182-1/","reference_id":"USN-USN-5182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1078285?format=json","purl":"pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pan-qjdb-53hh"},{"vulnerability":"VCID-2pgb-uwem-h3ar"},{"vulnerability":"VCID-33t3-4xdt-mudz"},{"vulnerability":"VCID-43uk-86r9-pygh"},{"vulnerability":"VCID-4kfx-8xyq-h7dz"},{"vulnerability":"VCID-4ksc-m92c-6ubv"},{"vulnerability":"VCID-4nqw-h8se-27cy"},{"vulnerability":"VCID-5ggr-8vz5-p3hp"},{"vulnerability":"VCID-7eu3-ex4x-fua3"},{"vulnerability":"VCID-86tm-143m-cyas"},{"vulnerability":"VCID-8s13-v3gv-efhj"},{"vulnerability":"VCID-abev-bbjb-cue6"},{"vulnerability":"VCID-ahv8-wew9-yqge"},{"vulnerability":"VCID-ampw-136d-9yf4"},{"vulnerability":"VCID-cftw-zeqb-5khs"},{"vulnerability":"VCID-chme-pkx3-xub5"},{"vulnerability":"VCID-dw7a-b9jk-c3dd"},{"vulnerability":"VCID-dzp6-798v-w7am"},{"vulnerability":"VCID-ermy-mkje-ayhb"},{"vulnerability":"VCID-gbu5-8a2e-mqdb"},{"vulnerability":"VCID-gd6a-p28z-8uea"},{"vulnerability":"VCID-h5a4-hpws-h3fv"},{"vulnerability":"VCID-h7yh-bvtu-gqgp"},{"vulnerability":"VCID-haym-dk3e-aqbf"},{"vulnerability":"VCID-hydk-88d6-uqha"},{"vulnerability":"VCID-hyz1-qrsp-sbcv"},{"vulnerability":"VCID-jdkj-s9h7-hqfx"},{"vulnerability":"VCID-nfyj-9ucz-cyc7"},{"vulnerability":"VCID-njkh-85yd-f7fy"},{"vulnerability":"VCID-nnuu-kqha-uqeh"},{"vulnerability":"VCID-p4n3-6w9k-akde"},{"vulnerability":"VCID-par8-gwn6-xqgd"},{"vulnerability":"VCID-pdqp-9vg1-wyg9"},{"vulnerability":"VCID-pyed-syag-4kcg"},{"vulnerability":"VCID-qxcm-qjew-d3cw"},{"vulnerability":"VCID-rn93-e1k8-cycs"},{"vulnerability":"VCID-tz7t-shha-tqc5"},{"vulnerability":"VCID-u5fq-8zr1-xqhv"},{"vulnerability":"VCID-ufvv-rm7c-s3b2"},{"vulnerability":"VCID-y9r2-67uj-cfd1"},{"vulnerability":"VCID-ypk7-n5fc-5ye9"},{"vulnerability":"VCID-zjx2-yaym-dqcz"},{"vulnerability":"VCID-zp7v-cp58-a3e8"},{"vulnerability":"VCID-zq73-pyu4-h3g5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1077797?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pan-qjdb-53hh"},{"vulnerability":"VCID-33t3-4xdt-mudz"},{"vulnerability":"VCID-4kfx-8xyq-h7dz"},{"vulnerability":"VCID-4ksc-m92c-6ubv"},{"vulnerability":"VCID-4nqw-h8se-27cy"},{"vulnerability":"VCID-5ggr-8vz5-p3hp"},{"vulnerability":"VCID-7eu3-ex4x-fua3"},{"vulnerability":"VCID-ahv8-wew9-yqge"},{"vulnerability":"VCID-chme-pkx3-xub5"},{"vulnerability":"VCID-dw7a-b9jk-c3dd"},{"vulnerability":"VCID-ermy-mkje-ayhb"},{"vulnerability":"VCID-f6bd-3n2d-2fd3"},{"vulnerability":"VCID-h7yh-bvtu-gqgp"},{"vulnerability":"VCID-nfyj-9ucz-cyc7"},{"vulnerability":"VCID-njkh-85yd-f7fy"},{"vulnerability":"VCID-nnuu-kqha-uqeh"},{"vulnerability":"VCID-par8-gwn6-xqgd"},{"vulnerability":"VCID-pdqp-9vg1-wyg9"},{"vulnerability":"VCID-tz7t-shha-tqc5"},{"vulnerability":"VCID-ypk7-n5fc-5ye9"},{"vulnerability":"VCID-zjx2-yaym-dqcz"},{"vulnerability":"VCID-zq73-pyu4-h3g5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2021-44025"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hyz1-qrsp-sbcv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210019?format=json","vulnerability_id":"VCID-jdkj-s9h7-hqfx","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-47272","reference_id":"","reference_type":"","scores":[{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.66323","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.66417","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.66431","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.66429","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-47272"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47272","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47272"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055421","reference_id":"1055421","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055421"},{"reference_url":"https://usn.ubuntu.com/6848-1/","reference_id":"USN-6848-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6848-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1077797?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pan-qjdb-53hh"},{"vulnerability":"VCID-33t3-4xdt-mudz"},{"vulnerability":"VCID-4kfx-8xyq-h7dz"},{"vulnerability":"VCID-4ksc-m92c-6ubv"},{"vulnerability":"VCID-4nqw-h8se-27cy"},{"vulnerability":"VCID-5ggr-8vz5-p3hp"},{"vulnerability":"VCID-7eu3-ex4x-fua3"},{"vulnerability":"VCID-ahv8-wew9-yqge"},{"vulnerability":"VCID-chme-pkx3-xub5"},{"vulnerability":"VCID-dw7a-b9jk-c3dd"},{"vulnerability":"VCID-ermy-mkje-ayhb"},{"vulnerability":"VCID-f6bd-3n2d-2fd3"},{"vulnerability":"VCID-h7yh-bvtu-gqgp"},{"vulnerability":"VCID-nfyj-9ucz-cyc7"},{"vulnerability":"VCID-njkh-85yd-f7fy"},{"vulnerability":"VCID-nnuu-kqha-uqeh"},{"vulnerability":"VCID-par8-gwn6-xqgd"},{"vulnerability":"VCID-pdqp-9vg1-wyg9"},{"vulnerability":"VCID-tz7t-shha-tqc5"},{"vulnerability":"VCID-ypk7-n5fc-5ye9"},{"vulnerability":"VCID-zjx2-yaym-dqcz"},{"vulnerability":"VCID-zq73-pyu4-h3g5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2023-47272"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jdkj-s9h7-hqfx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41098?format=json","vulnerability_id":"VCID-p4n3-6w9k-akde","summary":"A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-42009","reference_id":"","reference_type":"","scores":[{"value":"0.91411","scoring_system":"epss","scoring_elements":"0.9968","published_at":"2026-06-11T12:55:00Z"},{"value":"0.91411","scoring_system":"epss","scoring_elements":"0.99681","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-42009"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42008","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42008"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42009","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42009"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42010","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42010"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077969","reference_id":"1077969","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077969"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.8","reference_id":"1.5.8","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-08-20T03:56:09Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.8"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.8","reference_id":"1.6.8","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-08-20T03:56:09Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.8"},{"reference_url":"https://sonarsource.com/blog/government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail/","reference_id":"government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-08-20T03:56:09Z/"}],"url":"https://sonarsource.com/blog/government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail/"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases","reference_id":"releases","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-08-20T03:56:09Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases"},{"reference_url":"https://roundcube.net/news/2024/08/04/security-updates-1.6.8-and-1.5.8","reference_id":"security-updates-1.6.8-and-1.5.8","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-08-20T03:56:09Z/"}],"url":"https://roundcube.net/news/2024/08/04/security-updates-1.6.8-and-1.5.8"},{"reference_url":"https://usn.ubuntu.com/7636-1/","reference_id":"USN-7636-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7636-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1077797?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pan-qjdb-53hh"},{"vulnerability":"VCID-33t3-4xdt-mudz"},{"vulnerability":"VCID-4kfx-8xyq-h7dz"},{"vulnerability":"VCID-4ksc-m92c-6ubv"},{"vulnerability":"VCID-4nqw-h8se-27cy"},{"vulnerability":"VCID-5ggr-8vz5-p3hp"},{"vulnerability":"VCID-7eu3-ex4x-fua3"},{"vulnerability":"VCID-ahv8-wew9-yqge"},{"vulnerability":"VCID-chme-pkx3-xub5"},{"vulnerability":"VCID-dw7a-b9jk-c3dd"},{"vulnerability":"VCID-ermy-mkje-ayhb"},{"vulnerability":"VCID-f6bd-3n2d-2fd3"},{"vulnerability":"VCID-h7yh-bvtu-gqgp"},{"vulnerability":"VCID-nfyj-9ucz-cyc7"},{"vulnerability":"VCID-njkh-85yd-f7fy"},{"vulnerability":"VCID-nnuu-kqha-uqeh"},{"vulnerability":"VCID-par8-gwn6-xqgd"},{"vulnerability":"VCID-pdqp-9vg1-wyg9"},{"vulnerability":"VCID-tz7t-shha-tqc5"},{"vulnerability":"VCID-ypk7-n5fc-5ye9"},{"vulnerability":"VCID-zjx2-yaym-dqcz"},{"vulnerability":"VCID-zq73-pyu4-h3g5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2024-42009"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p4n3-6w9k-akde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44960?format=json","vulnerability_id":"VCID-pyed-syag-4kcg","summary":"Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via list columns from user preferences.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-37384","reference_id":"","reference_type":"","scores":[{"value":"0.00525","scoring_system":"epss","scoring_elements":"0.67435","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00525","scoring_system":"epss","scoring_elements":"0.67537","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00525","scoring_system":"epss","scoring_elements":"0.67539","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00525","scoring_system":"epss","scoring_elements":"0.67526","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-37384"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37384","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37384"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071474","reference_id":"1071474","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071474"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.7","reference_id":"1.5.7","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-17T17:48:19Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.7"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.7","reference_id":"1.6.7","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-17T17:48:19Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.7"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/cde4522c5c95f13c6aeeb1600ab17e5067a536f7","reference_id":"cde4522c5c95f13c6aeeb1600ab17e5067a536f7","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-17T17:48:19Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/cde4522c5c95f13c6aeeb1600ab17e5067a536f7"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00008.html","reference_id":"msg00008.html","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-17T17:48:19Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00008.html"},{"reference_url":"https://usn.ubuntu.com/6848-1/","reference_id":"USN-6848-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6848-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1077797?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pan-qjdb-53hh"},{"vulnerability":"VCID-33t3-4xdt-mudz"},{"vulnerability":"VCID-4kfx-8xyq-h7dz"},{"vulnerability":"VCID-4ksc-m92c-6ubv"},{"vulnerability":"VCID-4nqw-h8se-27cy"},{"vulnerability":"VCID-5ggr-8vz5-p3hp"},{"vulnerability":"VCID-7eu3-ex4x-fua3"},{"vulnerability":"VCID-ahv8-wew9-yqge"},{"vulnerability":"VCID-chme-pkx3-xub5"},{"vulnerability":"VCID-dw7a-b9jk-c3dd"},{"vulnerability":"VCID-ermy-mkje-ayhb"},{"vulnerability":"VCID-f6bd-3n2d-2fd3"},{"vulnerability":"VCID-h7yh-bvtu-gqgp"},{"vulnerability":"VCID-nfyj-9ucz-cyc7"},{"vulnerability":"VCID-njkh-85yd-f7fy"},{"vulnerability":"VCID-nnuu-kqha-uqeh"},{"vulnerability":"VCID-par8-gwn6-xqgd"},{"vulnerability":"VCID-pdqp-9vg1-wyg9"},{"vulnerability":"VCID-tz7t-shha-tqc5"},{"vulnerability":"VCID-ypk7-n5fc-5ye9"},{"vulnerability":"VCID-zjx2-yaym-dqcz"},{"vulnerability":"VCID-zq73-pyu4-h3g5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2024-37384"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pyed-syag-4kcg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/179686?format=json","vulnerability_id":"VCID-qxcm-qjew-d3cw","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12626","reference_id":"","reference_type":"","scores":[{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.80057","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.8012","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.80137","published_at":"2026-06-13T12:55:00Z"},{"value":"0.01288","scoring_system":"epss","scoring_elements":"0.80129","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12626"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12625","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12625"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12626","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12626"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959142","reference_id":"959142","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959142"},{"reference_url":"https://usn.ubuntu.com/USN-5182-1/","reference_id":"USN-USN-5182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1076997?format=json","purl":"pkg:deb/debian/roundcube@1.2.3%2Bdfsg.1-4%2Bdeb9u6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pan-qjdb-53hh"},{"vulnerability":"VCID-2c8n-dwgj-d3dw"},{"vulnerability":"VCID-2pgb-uwem-h3ar"},{"vulnerability":"VCID-33t3-4xdt-mudz"},{"vulnerability":"VCID-3cfa-7wge-d7a8"},{"vulnerability":"VCID-43uk-86r9-pygh"},{"vulnerability":"VCID-4kfx-8xyq-h7dz"},{"vulnerability":"VCID-4ksc-m92c-6ubv"},{"vulnerability":"VCID-4nqw-h8se-27cy"},{"vulnerability":"VCID-5ase-acjx-kffw"},{"vulnerability":"VCID-5ggr-8vz5-p3hp"},{"vulnerability":"VCID-7eu3-ex4x-fua3"},{"vulnerability":"VCID-86tm-143m-cyas"},{"vulnerability":"VCID-8s13-v3gv-efhj"},{"vulnerability":"VCID-abev-bbjb-cue6"},{"vulnerability":"VCID-ahv8-wew9-yqge"},{"vulnerability":"VCID-ampw-136d-9yf4"},{"vulnerability":"VCID-cftw-zeqb-5khs"},{"vulnerability":"VCID-chme-pkx3-xub5"},{"vulnerability":"VCID-dw7a-b9jk-c3dd"},{"vulnerability":"VCID-dzp6-798v-w7am"},{"vulnerability":"VCID-ermy-mkje-ayhb"},{"vulnerability":"VCID-ezd7-utbe-ryaa"},{"vulnerability":"VCID-gbu5-8a2e-mqdb"},{"vulnerability":"VCID-gd6a-p28z-8uea"},{"vulnerability":"VCID-h5a4-hpws-h3fv"},{"vulnerability":"VCID-h7yh-bvtu-gqgp"},{"vulnerability":"VCID-haym-dk3e-aqbf"},{"vulnerability":"VCID-hydk-88d6-uqha"},{"vulnerability":"VCID-hyz1-qrsp-sbcv"},{"vulnerability":"VCID-jdkj-s9h7-hqfx"},{"vulnerability":"VCID-nfyj-9ucz-cyc7"},{"vulnerability":"VCID-njkh-85yd-f7fy"},{"vulnerability":"VCID-nnuu-kqha-uqeh"},{"vulnerability":"VCID-p4n3-6w9k-akde"},{"vulnerability":"VCID-p9rd-gezp-c7a2"},{"vulnerability":"VCID-par8-gwn6-xqgd"},{"vulnerability":"VCID-pdqp-9vg1-wyg9"},{"vulnerability":"VCID-pyed-syag-4kcg"},{"vulnerability":"VCID-qxcm-qjew-d3cw"},{"vulnerability":"VCID-rn93-e1k8-cycs"},{"vulnerability":"VCID-tz7t-shha-tqc5"},{"vulnerability":"VCID-u5fq-8zr1-xqhv"},{"vulnerability":"VCID-ufvv-rm7c-s3b2"},{"vulnerability":"VCID-y4aq-wjze-7kft"},{"vulnerability":"VCID-y9r2-67uj-cfd1"},{"vulnerability":"VCID-ypk7-n5fc-5ye9"},{"vulnerability":"VCID-zjx2-yaym-dqcz"},{"vulnerability":"VCID-zp7v-cp58-a3e8"},{"vulnerability":"VCID-zq73-pyu4-h3g5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.2.3%252Bdfsg.1-4%252Bdeb9u6"},{"url":"http://public2.vulnerablecode.io/api/packages/1078285?format=json","purl":"pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pan-qjdb-53hh"},{"vulnerability":"VCID-2pgb-uwem-h3ar"},{"vulnerability":"VCID-33t3-4xdt-mudz"},{"vulnerability":"VCID-43uk-86r9-pygh"},{"vulnerability":"VCID-4kfx-8xyq-h7dz"},{"vulnerability":"VCID-4ksc-m92c-6ubv"},{"vulnerability":"VCID-4nqw-h8se-27cy"},{"vulnerability":"VCID-5ggr-8vz5-p3hp"},{"vulnerability":"VCID-7eu3-ex4x-fua3"},{"vulnerability":"VCID-86tm-143m-cyas"},{"vulnerability":"VCID-8s13-v3gv-efhj"},{"vulnerability":"VCID-abev-bbjb-cue6"},{"vulnerability":"VCID-ahv8-wew9-yqge"},{"vulnerability":"VCID-ampw-136d-9yf4"},{"vulnerability":"VCID-cftw-zeqb-5khs"},{"vulnerability":"VCID-chme-pkx3-xub5"},{"vulnerability":"VCID-dw7a-b9jk-c3dd"},{"vulnerability":"VCID-dzp6-798v-w7am"},{"vulnerability":"VCID-ermy-mkje-ayhb"},{"vulnerability":"VCID-gbu5-8a2e-mqdb"},{"vulnerability":"VCID-gd6a-p28z-8uea"},{"vulnerability":"VCID-h5a4-hpws-h3fv"},{"vulnerability":"VCID-h7yh-bvtu-gqgp"},{"vulnerability":"VCID-haym-dk3e-aqbf"},{"vulnerability":"VCID-hydk-88d6-uqha"},{"vulnerability":"VCID-hyz1-qrsp-sbcv"},{"vulnerability":"VCID-jdkj-s9h7-hqfx"},{"vulnerability":"VCID-nfyj-9ucz-cyc7"},{"vulnerability":"VCID-njkh-85yd-f7fy"},{"vulnerability":"VCID-nnuu-kqha-uqeh"},{"vulnerability":"VCID-p4n3-6w9k-akde"},{"vulnerability":"VCID-par8-gwn6-xqgd"},{"vulnerability":"VCID-pdqp-9vg1-wyg9"},{"vulnerability":"VCID-pyed-syag-4kcg"},{"vulnerability":"VCID-qxcm-qjew-d3cw"},{"vulnerability":"VCID-rn93-e1k8-cycs"},{"vulnerability":"VCID-tz7t-shha-tqc5"},{"vulnerability":"VCID-u5fq-8zr1-xqhv"},{"vulnerability":"VCID-ufvv-rm7c-s3b2"},{"vulnerability":"VCID-y9r2-67uj-cfd1"},{"vulnerability":"VCID-ypk7-n5fc-5ye9"},{"vulnerability":"VCID-zjx2-yaym-dqcz"},{"vulnerability":"VCID-zp7v-cp58-a3e8"},{"vulnerability":"VCID-zq73-pyu4-h3g5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1077797?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pan-qjdb-53hh"},{"vulnerability":"VCID-33t3-4xdt-mudz"},{"vulnerability":"VCID-4kfx-8xyq-h7dz"},{"vulnerability":"VCID-4ksc-m92c-6ubv"},{"vulnerability":"VCID-4nqw-h8se-27cy"},{"vulnerability":"VCID-5ggr-8vz5-p3hp"},{"vulnerability":"VCID-7eu3-ex4x-fua3"},{"vulnerability":"VCID-ahv8-wew9-yqge"},{"vulnerability":"VCID-chme-pkx3-xub5"},{"vulnerability":"VCID-dw7a-b9jk-c3dd"},{"vulnerability":"VCID-ermy-mkje-ayhb"},{"vulnerability":"VCID-f6bd-3n2d-2fd3"},{"vulnerability":"VCID-h7yh-bvtu-gqgp"},{"vulnerability":"VCID-nfyj-9ucz-cyc7"},{"vulnerability":"VCID-njkh-85yd-f7fy"},{"vulnerability":"VCID-nnuu-kqha-uqeh"},{"vulnerability":"VCID-par8-gwn6-xqgd"},{"vulnerability":"VCID-pdqp-9vg1-wyg9"},{"vulnerability":"VCID-tz7t-shha-tqc5"},{"vulnerability":"VCID-ypk7-n5fc-5ye9"},{"vulnerability":"VCID-zjx2-yaym-dqcz"},{"vulnerability":"VCID-zq73-pyu4-h3g5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2020-12626"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qxcm-qjew-d3cw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41133?format=json","vulnerability_id":"VCID-rn93-e1k8-cycs","summary":"mod_css_styles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 insufficiently filters Cascading Style Sheets (CSS) token sequences in rendered e-mail messages, allowing a remote attacker to obtain sensitive information.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-42010","reference_id":"","reference_type":"","scores":[{"value":"0.15089","scoring_system":"epss","scoring_elements":"0.94741","published_at":"2026-06-11T12:55:00Z"},{"value":"0.15089","scoring_system":"epss","scoring_elements":"0.94767","published_at":"2026-06-14T12:55:00Z"},{"value":"0.15089","scoring_system":"epss","scoring_elements":"0.94766","published_at":"2026-06-13T12:55:00Z"},{"value":"0.15089","scoring_system":"epss","scoring_elements":"0.94758","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-42010"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42008","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42008"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42009","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42009"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42010","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42010"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077969","reference_id":"1077969","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077969"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.8","reference_id":"1.5.8","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-06T14:03:28Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.5.8"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.8","reference_id":"1.6.8","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-06T14:03:28Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases/tag/1.6.8"},{"reference_url":"https://sonarsource.com/blog/government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail/","reference_id":"government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-06T14:03:28Z/"}],"url":"https://sonarsource.com/blog/government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail/"},{"reference_url":"https://github.com/roundcube/roundcubemail/releases","reference_id":"releases","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-06T14:03:28Z/"}],"url":"https://github.com/roundcube/roundcubemail/releases"},{"reference_url":"https://roundcube.net/news/2024/08/04/security-updates-1.6.8-and-1.5.8","reference_id":"security-updates-1.6.8-and-1.5.8","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-06T14:03:28Z/"}],"url":"https://roundcube.net/news/2024/08/04/security-updates-1.6.8-and-1.5.8"},{"reference_url":"https://usn.ubuntu.com/8223-1/","reference_id":"USN-8223-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8223-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1077797?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pan-qjdb-53hh"},{"vulnerability":"VCID-33t3-4xdt-mudz"},{"vulnerability":"VCID-4kfx-8xyq-h7dz"},{"vulnerability":"VCID-4ksc-m92c-6ubv"},{"vulnerability":"VCID-4nqw-h8se-27cy"},{"vulnerability":"VCID-5ggr-8vz5-p3hp"},{"vulnerability":"VCID-7eu3-ex4x-fua3"},{"vulnerability":"VCID-ahv8-wew9-yqge"},{"vulnerability":"VCID-chme-pkx3-xub5"},{"vulnerability":"VCID-dw7a-b9jk-c3dd"},{"vulnerability":"VCID-ermy-mkje-ayhb"},{"vulnerability":"VCID-f6bd-3n2d-2fd3"},{"vulnerability":"VCID-h7yh-bvtu-gqgp"},{"vulnerability":"VCID-nfyj-9ucz-cyc7"},{"vulnerability":"VCID-njkh-85yd-f7fy"},{"vulnerability":"VCID-nnuu-kqha-uqeh"},{"vulnerability":"VCID-par8-gwn6-xqgd"},{"vulnerability":"VCID-pdqp-9vg1-wyg9"},{"vulnerability":"VCID-tz7t-shha-tqc5"},{"vulnerability":"VCID-ypk7-n5fc-5ye9"},{"vulnerability":"VCID-zjx2-yaym-dqcz"},{"vulnerability":"VCID-zq73-pyu4-h3g5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2024-42010"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rn93-e1k8-cycs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/179763?format=json","vulnerability_id":"VCID-u5fq-8zr1-xqhv","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13964","reference_id":"","reference_type":"","scores":[{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75653","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75723","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75737","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00872","scoring_system":"epss","scoring_elements":"0.75732","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13964"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13964","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13964"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13965","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13965"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962123","reference_id":"962123","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962123"},{"reference_url":"https://usn.ubuntu.com/USN-5182-1/","reference_id":"USN-USN-5182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1076997?format=json","purl":"pkg:deb/debian/roundcube@1.2.3%2Bdfsg.1-4%2Bdeb9u6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pan-qjdb-53hh"},{"vulnerability":"VCID-2c8n-dwgj-d3dw"},{"vulnerability":"VCID-2pgb-uwem-h3ar"},{"vulnerability":"VCID-33t3-4xdt-mudz"},{"vulnerability":"VCID-3cfa-7wge-d7a8"},{"vulnerability":"VCID-43uk-86r9-pygh"},{"vulnerability":"VCID-4kfx-8xyq-h7dz"},{"vulnerability":"VCID-4ksc-m92c-6ubv"},{"vulnerability":"VCID-4nqw-h8se-27cy"},{"vulnerability":"VCID-5ase-acjx-kffw"},{"vulnerability":"VCID-5ggr-8vz5-p3hp"},{"vulnerability":"VCID-7eu3-ex4x-fua3"},{"vulnerability":"VCID-86tm-143m-cyas"},{"vulnerability":"VCID-8s13-v3gv-efhj"},{"vulnerability":"VCID-abev-bbjb-cue6"},{"vulnerability":"VCID-ahv8-wew9-yqge"},{"vulnerability":"VCID-ampw-136d-9yf4"},{"vulnerability":"VCID-cftw-zeqb-5khs"},{"vulnerability":"VCID-chme-pkx3-xub5"},{"vulnerability":"VCID-dw7a-b9jk-c3dd"},{"vulnerability":"VCID-dzp6-798v-w7am"},{"vulnerability":"VCID-ermy-mkje-ayhb"},{"vulnerability":"VCID-ezd7-utbe-ryaa"},{"vulnerability":"VCID-gbu5-8a2e-mqdb"},{"vulnerability":"VCID-gd6a-p28z-8uea"},{"vulnerability":"VCID-h5a4-hpws-h3fv"},{"vulnerability":"VCID-h7yh-bvtu-gqgp"},{"vulnerability":"VCID-haym-dk3e-aqbf"},{"vulnerability":"VCID-hydk-88d6-uqha"},{"vulnerability":"VCID-hyz1-qrsp-sbcv"},{"vulnerability":"VCID-jdkj-s9h7-hqfx"},{"vulnerability":"VCID-nfyj-9ucz-cyc7"},{"vulnerability":"VCID-njkh-85yd-f7fy"},{"vulnerability":"VCID-nnuu-kqha-uqeh"},{"vulnerability":"VCID-p4n3-6w9k-akde"},{"vulnerability":"VCID-p9rd-gezp-c7a2"},{"vulnerability":"VCID-par8-gwn6-xqgd"},{"vulnerability":"VCID-pdqp-9vg1-wyg9"},{"vulnerability":"VCID-pyed-syag-4kcg"},{"vulnerability":"VCID-qxcm-qjew-d3cw"},{"vulnerability":"VCID-rn93-e1k8-cycs"},{"vulnerability":"VCID-tz7t-shha-tqc5"},{"vulnerability":"VCID-u5fq-8zr1-xqhv"},{"vulnerability":"VCID-ufvv-rm7c-s3b2"},{"vulnerability":"VCID-y4aq-wjze-7kft"},{"vulnerability":"VCID-y9r2-67uj-cfd1"},{"vulnerability":"VCID-ypk7-n5fc-5ye9"},{"vulnerability":"VCID-zjx2-yaym-dqcz"},{"vulnerability":"VCID-zp7v-cp58-a3e8"},{"vulnerability":"VCID-zq73-pyu4-h3g5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.2.3%252Bdfsg.1-4%252Bdeb9u6"},{"url":"http://public2.vulnerablecode.io/api/packages/1078285?format=json","purl":"pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pan-qjdb-53hh"},{"vulnerability":"VCID-2pgb-uwem-h3ar"},{"vulnerability":"VCID-33t3-4xdt-mudz"},{"vulnerability":"VCID-43uk-86r9-pygh"},{"vulnerability":"VCID-4kfx-8xyq-h7dz"},{"vulnerability":"VCID-4ksc-m92c-6ubv"},{"vulnerability":"VCID-4nqw-h8se-27cy"},{"vulnerability":"VCID-5ggr-8vz5-p3hp"},{"vulnerability":"VCID-7eu3-ex4x-fua3"},{"vulnerability":"VCID-86tm-143m-cyas"},{"vulnerability":"VCID-8s13-v3gv-efhj"},{"vulnerability":"VCID-abev-bbjb-cue6"},{"vulnerability":"VCID-ahv8-wew9-yqge"},{"vulnerability":"VCID-ampw-136d-9yf4"},{"vulnerability":"VCID-cftw-zeqb-5khs"},{"vulnerability":"VCID-chme-pkx3-xub5"},{"vulnerability":"VCID-dw7a-b9jk-c3dd"},{"vulnerability":"VCID-dzp6-798v-w7am"},{"vulnerability":"VCID-ermy-mkje-ayhb"},{"vulnerability":"VCID-gbu5-8a2e-mqdb"},{"vulnerability":"VCID-gd6a-p28z-8uea"},{"vulnerability":"VCID-h5a4-hpws-h3fv"},{"vulnerability":"VCID-h7yh-bvtu-gqgp"},{"vulnerability":"VCID-haym-dk3e-aqbf"},{"vulnerability":"VCID-hydk-88d6-uqha"},{"vulnerability":"VCID-hyz1-qrsp-sbcv"},{"vulnerability":"VCID-jdkj-s9h7-hqfx"},{"vulnerability":"VCID-nfyj-9ucz-cyc7"},{"vulnerability":"VCID-njkh-85yd-f7fy"},{"vulnerability":"VCID-nnuu-kqha-uqeh"},{"vulnerability":"VCID-p4n3-6w9k-akde"},{"vulnerability":"VCID-par8-gwn6-xqgd"},{"vulnerability":"VCID-pdqp-9vg1-wyg9"},{"vulnerability":"VCID-pyed-syag-4kcg"},{"vulnerability":"VCID-qxcm-qjew-d3cw"},{"vulnerability":"VCID-rn93-e1k8-cycs"},{"vulnerability":"VCID-tz7t-shha-tqc5"},{"vulnerability":"VCID-u5fq-8zr1-xqhv"},{"vulnerability":"VCID-ufvv-rm7c-s3b2"},{"vulnerability":"VCID-y9r2-67uj-cfd1"},{"vulnerability":"VCID-ypk7-n5fc-5ye9"},{"vulnerability":"VCID-zjx2-yaym-dqcz"},{"vulnerability":"VCID-zp7v-cp58-a3e8"},{"vulnerability":"VCID-zq73-pyu4-h3g5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1077797?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pan-qjdb-53hh"},{"vulnerability":"VCID-33t3-4xdt-mudz"},{"vulnerability":"VCID-4kfx-8xyq-h7dz"},{"vulnerability":"VCID-4ksc-m92c-6ubv"},{"vulnerability":"VCID-4nqw-h8se-27cy"},{"vulnerability":"VCID-5ggr-8vz5-p3hp"},{"vulnerability":"VCID-7eu3-ex4x-fua3"},{"vulnerability":"VCID-ahv8-wew9-yqge"},{"vulnerability":"VCID-chme-pkx3-xub5"},{"vulnerability":"VCID-dw7a-b9jk-c3dd"},{"vulnerability":"VCID-ermy-mkje-ayhb"},{"vulnerability":"VCID-f6bd-3n2d-2fd3"},{"vulnerability":"VCID-h7yh-bvtu-gqgp"},{"vulnerability":"VCID-nfyj-9ucz-cyc7"},{"vulnerability":"VCID-njkh-85yd-f7fy"},{"vulnerability":"VCID-nnuu-kqha-uqeh"},{"vulnerability":"VCID-par8-gwn6-xqgd"},{"vulnerability":"VCID-pdqp-9vg1-wyg9"},{"vulnerability":"VCID-tz7t-shha-tqc5"},{"vulnerability":"VCID-ypk7-n5fc-5ye9"},{"vulnerability":"VCID-zjx2-yaym-dqcz"},{"vulnerability":"VCID-zq73-pyu4-h3g5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2020-13964"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u5fq-8zr1-xqhv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/199309?format=json","vulnerability_id":"VCID-ufvv-rm7c-s3b2","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-46144","reference_id":"","reference_type":"","scores":[{"value":"0.01055","scoring_system":"epss","scoring_elements":"0.77999","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01055","scoring_system":"epss","scoring_elements":"0.78068","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01055","scoring_system":"epss","scoring_elements":"0.78081","published_at":"2026-06-13T12:55:00Z"},{"value":"0.01055","scoring_system":"epss","scoring_elements":"0.78076","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-46144"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46144","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46144"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003027","reference_id":"1003027","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003027"},{"reference_url":"https://usn.ubuntu.com/USN-5182-1/","reference_id":"USN-USN-5182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1078285?format=json","purl":"pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pan-qjdb-53hh"},{"vulnerability":"VCID-2pgb-uwem-h3ar"},{"vulnerability":"VCID-33t3-4xdt-mudz"},{"vulnerability":"VCID-43uk-86r9-pygh"},{"vulnerability":"VCID-4kfx-8xyq-h7dz"},{"vulnerability":"VCID-4ksc-m92c-6ubv"},{"vulnerability":"VCID-4nqw-h8se-27cy"},{"vulnerability":"VCID-5ggr-8vz5-p3hp"},{"vulnerability":"VCID-7eu3-ex4x-fua3"},{"vulnerability":"VCID-86tm-143m-cyas"},{"vulnerability":"VCID-8s13-v3gv-efhj"},{"vulnerability":"VCID-abev-bbjb-cue6"},{"vulnerability":"VCID-ahv8-wew9-yqge"},{"vulnerability":"VCID-ampw-136d-9yf4"},{"vulnerability":"VCID-cftw-zeqb-5khs"},{"vulnerability":"VCID-chme-pkx3-xub5"},{"vulnerability":"VCID-dw7a-b9jk-c3dd"},{"vulnerability":"VCID-dzp6-798v-w7am"},{"vulnerability":"VCID-ermy-mkje-ayhb"},{"vulnerability":"VCID-gbu5-8a2e-mqdb"},{"vulnerability":"VCID-gd6a-p28z-8uea"},{"vulnerability":"VCID-h5a4-hpws-h3fv"},{"vulnerability":"VCID-h7yh-bvtu-gqgp"},{"vulnerability":"VCID-haym-dk3e-aqbf"},{"vulnerability":"VCID-hydk-88d6-uqha"},{"vulnerability":"VCID-hyz1-qrsp-sbcv"},{"vulnerability":"VCID-jdkj-s9h7-hqfx"},{"vulnerability":"VCID-nfyj-9ucz-cyc7"},{"vulnerability":"VCID-njkh-85yd-f7fy"},{"vulnerability":"VCID-nnuu-kqha-uqeh"},{"vulnerability":"VCID-p4n3-6w9k-akde"},{"vulnerability":"VCID-par8-gwn6-xqgd"},{"vulnerability":"VCID-pdqp-9vg1-wyg9"},{"vulnerability":"VCID-pyed-syag-4kcg"},{"vulnerability":"VCID-qxcm-qjew-d3cw"},{"vulnerability":"VCID-rn93-e1k8-cycs"},{"vulnerability":"VCID-tz7t-shha-tqc5"},{"vulnerability":"VCID-u5fq-8zr1-xqhv"},{"vulnerability":"VCID-ufvv-rm7c-s3b2"},{"vulnerability":"VCID-y9r2-67uj-cfd1"},{"vulnerability":"VCID-ypk7-n5fc-5ye9"},{"vulnerability":"VCID-zjx2-yaym-dqcz"},{"vulnerability":"VCID-zp7v-cp58-a3e8"},{"vulnerability":"VCID-zq73-pyu4-h3g5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1077797?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pan-qjdb-53hh"},{"vulnerability":"VCID-33t3-4xdt-mudz"},{"vulnerability":"VCID-4kfx-8xyq-h7dz"},{"vulnerability":"VCID-4ksc-m92c-6ubv"},{"vulnerability":"VCID-4nqw-h8se-27cy"},{"vulnerability":"VCID-5ggr-8vz5-p3hp"},{"vulnerability":"VCID-7eu3-ex4x-fua3"},{"vulnerability":"VCID-ahv8-wew9-yqge"},{"vulnerability":"VCID-chme-pkx3-xub5"},{"vulnerability":"VCID-dw7a-b9jk-c3dd"},{"vulnerability":"VCID-ermy-mkje-ayhb"},{"vulnerability":"VCID-f6bd-3n2d-2fd3"},{"vulnerability":"VCID-h7yh-bvtu-gqgp"},{"vulnerability":"VCID-nfyj-9ucz-cyc7"},{"vulnerability":"VCID-njkh-85yd-f7fy"},{"vulnerability":"VCID-nnuu-kqha-uqeh"},{"vulnerability":"VCID-par8-gwn6-xqgd"},{"vulnerability":"VCID-pdqp-9vg1-wyg9"},{"vulnerability":"VCID-tz7t-shha-tqc5"},{"vulnerability":"VCID-ypk7-n5fc-5ye9"},{"vulnerability":"VCID-zjx2-yaym-dqcz"},{"vulnerability":"VCID-zq73-pyu4-h3g5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2021-46144"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ufvv-rm7c-s3b2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/154942?format=json","vulnerability_id":"VCID-y9r2-67uj-cfd1","summary":"Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44026","reference_id":"","reference_type":"","scores":[{"value":"0.72527","scoring_system":"epss","scoring_elements":"0.98787","published_at":"2026-06-11T12:55:00Z"},{"value":"0.72527","scoring_system":"epss","scoring_elements":"0.98793","published_at":"2026-06-14T12:55:00Z"},{"value":"0.72527","scoring_system":"epss","scoring_elements":"0.98791","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44026"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44025","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44025"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44026","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44026"},{"reference_url":"https://bugs.debian.org/1000156","reference_id":"1000156","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:33:07Z/"}],"url":"https://bugs.debian.org/1000156"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000156","reference_id":"1000156","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000156"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/c8947ecb762d9e89c2091bda28d49002817263f1","reference_id":"c8947ecb762d9e89c2091bda28d49002817263f1","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:33:07Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/c8947ecb762d9e89c2091bda28d49002817263f1"},{"reference_url":"https://www.debian.org/security/2021/dsa-5013","reference_id":"dsa-5013","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:33:07Z/"}],"url":"https://www.debian.org/security/2021/dsa-5013"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/ee809bde2dcaa04857a919397808a7296681dcfa","reference_id":"ee809bde2dcaa04857a919397808a7296681dcfa","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:33:07Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/ee809bde2dcaa04857a919397808a7296681dcfa"},{"reference_url":"https://security.gentoo.org/glsa/202507-10","reference_id":"GLSA-202507-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202507-10"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/12/msg00004.html","reference_id":"msg00004.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:33:07Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2021/12/msg00004.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDVGIZMQJ5IOM47Y3SAAJRN5VPANKTKO/","reference_id":"NDVGIZMQJ5IOM47Y3SAAJRN5VPANKTKO","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:33:07Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDVGIZMQJ5IOM47Y3SAAJRN5VPANKTKO/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TP3Y5RXTUUOUODNG7HFEKWYNIPIT2NL4/","reference_id":"TP3Y5RXTUUOUODNG7HFEKWYNIPIT2NL4","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T19:33:07Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TP3Y5RXTUUOUODNG7HFEKWYNIPIT2NL4/"},{"reference_url":"https://usn.ubuntu.com/USN-5182-1/","reference_id":"USN-USN-5182-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5182-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1078285?format=json","purl":"pkg:deb/debian/roundcube@1.3.17%2Bdfsg.1-1~deb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pan-qjdb-53hh"},{"vulnerability":"VCID-2pgb-uwem-h3ar"},{"vulnerability":"VCID-33t3-4xdt-mudz"},{"vulnerability":"VCID-43uk-86r9-pygh"},{"vulnerability":"VCID-4kfx-8xyq-h7dz"},{"vulnerability":"VCID-4ksc-m92c-6ubv"},{"vulnerability":"VCID-4nqw-h8se-27cy"},{"vulnerability":"VCID-5ggr-8vz5-p3hp"},{"vulnerability":"VCID-7eu3-ex4x-fua3"},{"vulnerability":"VCID-86tm-143m-cyas"},{"vulnerability":"VCID-8s13-v3gv-efhj"},{"vulnerability":"VCID-abev-bbjb-cue6"},{"vulnerability":"VCID-ahv8-wew9-yqge"},{"vulnerability":"VCID-ampw-136d-9yf4"},{"vulnerability":"VCID-cftw-zeqb-5khs"},{"vulnerability":"VCID-chme-pkx3-xub5"},{"vulnerability":"VCID-dw7a-b9jk-c3dd"},{"vulnerability":"VCID-dzp6-798v-w7am"},{"vulnerability":"VCID-ermy-mkje-ayhb"},{"vulnerability":"VCID-gbu5-8a2e-mqdb"},{"vulnerability":"VCID-gd6a-p28z-8uea"},{"vulnerability":"VCID-h5a4-hpws-h3fv"},{"vulnerability":"VCID-h7yh-bvtu-gqgp"},{"vulnerability":"VCID-haym-dk3e-aqbf"},{"vulnerability":"VCID-hydk-88d6-uqha"},{"vulnerability":"VCID-hyz1-qrsp-sbcv"},{"vulnerability":"VCID-jdkj-s9h7-hqfx"},{"vulnerability":"VCID-nfyj-9ucz-cyc7"},{"vulnerability":"VCID-njkh-85yd-f7fy"},{"vulnerability":"VCID-nnuu-kqha-uqeh"},{"vulnerability":"VCID-p4n3-6w9k-akde"},{"vulnerability":"VCID-par8-gwn6-xqgd"},{"vulnerability":"VCID-pdqp-9vg1-wyg9"},{"vulnerability":"VCID-pyed-syag-4kcg"},{"vulnerability":"VCID-qxcm-qjew-d3cw"},{"vulnerability":"VCID-rn93-e1k8-cycs"},{"vulnerability":"VCID-tz7t-shha-tqc5"},{"vulnerability":"VCID-u5fq-8zr1-xqhv"},{"vulnerability":"VCID-ufvv-rm7c-s3b2"},{"vulnerability":"VCID-y9r2-67uj-cfd1"},{"vulnerability":"VCID-ypk7-n5fc-5ye9"},{"vulnerability":"VCID-zjx2-yaym-dqcz"},{"vulnerability":"VCID-zp7v-cp58-a3e8"},{"vulnerability":"VCID-zq73-pyu4-h3g5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.17%252Bdfsg.1-1~deb10u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1077797?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pan-qjdb-53hh"},{"vulnerability":"VCID-33t3-4xdt-mudz"},{"vulnerability":"VCID-4kfx-8xyq-h7dz"},{"vulnerability":"VCID-4ksc-m92c-6ubv"},{"vulnerability":"VCID-4nqw-h8se-27cy"},{"vulnerability":"VCID-5ggr-8vz5-p3hp"},{"vulnerability":"VCID-7eu3-ex4x-fua3"},{"vulnerability":"VCID-ahv8-wew9-yqge"},{"vulnerability":"VCID-chme-pkx3-xub5"},{"vulnerability":"VCID-dw7a-b9jk-c3dd"},{"vulnerability":"VCID-ermy-mkje-ayhb"},{"vulnerability":"VCID-f6bd-3n2d-2fd3"},{"vulnerability":"VCID-h7yh-bvtu-gqgp"},{"vulnerability":"VCID-nfyj-9ucz-cyc7"},{"vulnerability":"VCID-njkh-85yd-f7fy"},{"vulnerability":"VCID-nnuu-kqha-uqeh"},{"vulnerability":"VCID-par8-gwn6-xqgd"},{"vulnerability":"VCID-pdqp-9vg1-wyg9"},{"vulnerability":"VCID-tz7t-shha-tqc5"},{"vulnerability":"VCID-ypk7-n5fc-5ye9"},{"vulnerability":"VCID-zjx2-yaym-dqcz"},{"vulnerability":"VCID-zq73-pyu4-h3g5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2021-44026"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y9r2-67uj-cfd1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/128783?format=json","vulnerability_id":"VCID-zp7v-cp58-a3e8","summary":"Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43770","reference_id":"","reference_type":"","scores":[{"value":"0.80839","scoring_system":"epss","scoring_elements":"0.99173","published_at":"2026-06-11T12:55:00Z"},{"value":"0.80839","scoring_system":"epss","scoring_elements":"0.99176","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43770"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43770","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43770"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052059","reference_id":"1052059","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052059"},{"reference_url":"https://github.com/roundcube/roundcubemail/commit/e92ec206a886461245e1672d8530cc93c618a49b","reference_id":"e92ec206a886461245e1672d8530cc93c618a49b","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-01T18:43:07Z/"}],"url":"https://github.com/roundcube/roundcubemail/commit/e92ec206a886461245e1672d8530cc93c618a49b"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00024.html","reference_id":"msg00024.html","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-01T18:43:07Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00024.html"},{"reference_url":"https://roundcube.net/news/2023/09/15/security-update-1.6.3-released","reference_id":"security-update-1.6.3-released","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-01T18:43:07Z/"}],"url":"https://roundcube.net/news/2023/09/15/security-update-1.6.3-released"},{"reference_url":"https://usn.ubuntu.com/6654-1/","reference_id":"USN-6654-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6654-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1077797?format=json","purl":"pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pan-qjdb-53hh"},{"vulnerability":"VCID-33t3-4xdt-mudz"},{"vulnerability":"VCID-4kfx-8xyq-h7dz"},{"vulnerability":"VCID-4ksc-m92c-6ubv"},{"vulnerability":"VCID-4nqw-h8se-27cy"},{"vulnerability":"VCID-5ggr-8vz5-p3hp"},{"vulnerability":"VCID-7eu3-ex4x-fua3"},{"vulnerability":"VCID-ahv8-wew9-yqge"},{"vulnerability":"VCID-chme-pkx3-xub5"},{"vulnerability":"VCID-dw7a-b9jk-c3dd"},{"vulnerability":"VCID-ermy-mkje-ayhb"},{"vulnerability":"VCID-f6bd-3n2d-2fd3"},{"vulnerability":"VCID-h7yh-bvtu-gqgp"},{"vulnerability":"VCID-nfyj-9ucz-cyc7"},{"vulnerability":"VCID-njkh-85yd-f7fy"},{"vulnerability":"VCID-nnuu-kqha-uqeh"},{"vulnerability":"VCID-par8-gwn6-xqgd"},{"vulnerability":"VCID-pdqp-9vg1-wyg9"},{"vulnerability":"VCID-tz7t-shha-tqc5"},{"vulnerability":"VCID-ypk7-n5fc-5ye9"},{"vulnerability":"VCID-zjx2-yaym-dqcz"},{"vulnerability":"VCID-zq73-pyu4-h3g5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}],"aliases":["CVE-2023-43770"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zp7v-cp58-a3e8"}],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4"}