As per the title, how to report current exploits? Where can I send details on how it's being done (captured via a WAF) without exposing them publicly?
RC 1.3.3
PHP 5.6.32
You can send an email to one of Roundcube authors. You can find addresses in Roundcube source code, e.g. index.php file. You can find PGP keys on public key servers, if you want to use encryption.