FAIL › dossier
Dossier not yet built — the RAG curator builds one for players with ≥2 failure events (factory/dossier.py). The failure history and sentiment below are live.
| Date | Event | Sev | Flags | Shame | Summary |
|---|---|---|---|---|---|
| 2026-02-20 | CVE-2025-49113 | high | ⚡RCE ⌖KEV | 65 | RoundCube Webmail contains a deserialization of untrusted data vulnerability that allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php. |
| 2026-02-20 | CVE-2025-68461 | high | ⌖KEV | 50 | RoundCube Webmail contains a cross-site scripting vulnerability via the animate tag in an SVG document. |
| 2025-06-09 | CVE-2024-42009 | high | ⌖KEV | 50 | RoundCube Webmail contains a cross-site scripting vulnerability. This vulnerability could allow a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php. |
| 2024-10-24 | CVE-2024-37383 | high | ⌖KEV | 50 | RoundCube Webmail contains a cross-site scripting (XSS) vulnerability in the handling of SVG animate attributes that allows a remote attacker to run malicious JavaScript code. |
| 2024-06-26 | CVE-2020-13965 | high | ⌖KEV | 50 | Roundcube Webmail contains a cross-site scripting (XSS) vulnerability that allows a remote attacker to manipulate data via a malicious XML attachment. |
| 2024-02-12 | CVE-2023-43770 | high | ⌖KEV | 50 | Roundcube Webmail contains a persistent cross-site scripting (XSS) vulnerability that can lead to information disclosure via malicious link references in plain/text messages. |
| 2023-10-26 | CVE-2023-5631 | high | ⌖KEV | 50 | Roundcube Webmail contains a persistent cross-site scripting (XSS) vulnerability that allows a remote attacker to run malicious JavaScript code. |