[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Tue, 06 Jan 2026 00:13:35 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
9f762208 by security tracker role at 2026-01-06T08:13:10+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,37 +1,217 @@
-CVE-2025-69225
+CVE-2026-21750
+       REJECTED
+CVE-2026-21749
+       REJECTED
+CVE-2026-21748
+       REJECTED
+CVE-2026-21747
+       REJECTED
+CVE-2026-21746
+       REJECTED
+CVE-2026-21745
+       REJECTED
+CVE-2026-21744
+       REJECTED
+CVE-2026-21677 (iccDEV provides a set of libraries and tools for working with 
ICC colo ...)
+       TODO: check
+CVE-2026-21676 (iccDEV provides a set of libraries and tools for working with 
ICC colo ...)
+       TODO: check
+CVE-2026-21675 (iccDEV provides a set of libraries and tools for working with 
ICC colo ...)
+       TODO: check
+CVE-2026-21674 (iccDEV provides a set of libraries and tools for working with 
ICC colo ...)
+       TODO: check
+CVE-2026-21673 (iccDEV provides a set of libraries and tools for working with 
ICC colo ...)
+       TODO: check
+CVE-2026-21507 (iccDEV provides a set of libraries and tools for working with 
ICC colo ...)
+       TODO: check
+CVE-2026-21487 (iccDEV provides a set of libraries and tools for working with 
ICC colo ...)
+       TODO: check
+CVE-2026-21486 (iccDEV provides a set of libraries and tools for working with 
ICC colo ...)
+       TODO: check
+CVE-2026-21485 (iccDEV provides a set of libraries and tools for working with 
ICC colo ...)
+       TODO: check
+CVE-2026-21439 (badkeys is a tool and library for checking cryptographic 
public keys f ...)
+       TODO: check
+CVE-2026-21411 (Authentication bypass issue exists in OpenBlocks series 
versions prior ...)
+       TODO: check
+CVE-2026-0625 (Multiple D-Link DSL gateway devices contain a command injection 
vulner ...)
+       TODO: check
+CVE-2026-0621 (Anthropic's MCP TypeScript SDK versions up to and including 
1.25.1 con ...)
+       TODO: check
+CVE-2026-0607 (A flaw has been found in code-projects Online Music Site 1.0. 
This aff ...)
+       TODO: check
+CVE-2026-0606 (A vulnerability was detected in code-projects Online Music Site 
1.0. A ...)
+       TODO: check
+CVE-2026-0605 (A security vulnerability has been detected in code-projects 
Online Mus ...)
+       TODO: check
+CVE-2026-0604 (The FastDup \u2013 Fastest WordPress Migration & Duplicator 
plugin for ...)
+       TODO: check
+CVE-2025-69197 (Pterodactyl is a free, open-source game server management 
panel. Versi ...)
+       TODO: check
+CVE-2025-68954 (Pterodactyl is a free, open-source game server management 
panel. Versi ...)
+       TODO: check
+CVE-2025-68953 (Frappe is a full-stack web application framework. Versions 
14.99.5 and ...)
+       TODO: check
+CVE-2025-68456 (Craft is a platform for creating digital experiences. In 
versions 5.0. ...)
+       TODO: check
+CVE-2025-68455 (Craft is a platform for creating digital experiences. Versions 
5.0.0-R ...)
+       TODO: check
+CVE-2025-68454 (Craft is a platform for creating digital experiences. Versions 
5.0.0-R ...)
+       TODO: check
+CVE-2025-68437 (Craft is a platform for creating digital experiences. In 
versions 5.0. ...)
+       TODO: check
+CVE-2025-68436 (Craft is a platform for creating digital experiences. In 
versions 5.0. ...)
+       TODO: check
+CVE-2025-68428 (jsPDF is a library to generate PDFs in JavaScript. Prior to 
version 4. ...)
+       TODO: check
+CVE-2025-67732 (Dify is an open-source LLM app development platform. Prior to 
version  ...)
+       TODO: check
+CVE-2025-66648 (vega-functions provides function implementations for the Vega 
expressi ...)
+       TODO: check
+CVE-2025-65110 (Vega is a visualization grammar, a declarative format for 
creating, sa ...)
+       TODO: check
+CVE-2025-64425 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
+       TODO: check
+CVE-2025-64424 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
+       TODO: check
+CVE-2025-64423 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
+       TODO: check
+CVE-2025-64422 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
+       TODO: check
+CVE-2025-61916 (Spinnaker is an open source, multi-cloud continuous delivery 
platform. ...)
+       TODO: check
+CVE-2025-4776 (The Phlox theme for WordPress is vulnerable to Stored 
Cross-Site Scrip ...)
+       TODO: check
+CVE-2025-20807 (In dpe, there is a possible out of bounds write due to an 
integer over ...)
+       TODO: check
+CVE-2025-20806 (In dpe, there is a possible memory corruption due to use after 
free. T ...)
+       TODO: check
+CVE-2025-20805 (In dpe, there is a possible memory corruption due to use after 
free. T ...)
+       TODO: check
+CVE-2025-20804 (In dpe, there is a possible memory corruption due to use after 
free. T ...)
+       TODO: check
+CVE-2025-20803 (In dpe, there is a possible memory corruption due to an 
integer overfl ...)
+       TODO: check
+CVE-2025-20802 (In geniezone, there is a possible memory corruption due to use 
after f ...)
+       TODO: check
+CVE-2025-20801 (In seninf, there is a possible memory corruption due to a race 
conditi ...)
+       TODO: check
+CVE-2025-20800 (In mminfra, there is a possible out of bounds write due to a 
missing b ...)
+       TODO: check
+CVE-2025-20799 (In c2ps, there is a possible memory corruption due to use 
after free.  ...)
+       TODO: check
+CVE-2025-20798 (In battery, there is a possible out of bounds write due to a 
missing b ...)
+       TODO: check
+CVE-2025-20797 (In battery, there is a possible out of bounds write due to a 
missing b ...)
+       TODO: check
+CVE-2025-20796 (In imgsys, there is a possible out of bounds write due to 
improper inp ...)
+       TODO: check
+CVE-2025-20795 (In KeyInstall, there is a possible out of bounds write due to 
a missin ...)
+       TODO: check
+CVE-2025-20794 (In Modem, there is a possible system crash due to improper 
input valid ...)
+       TODO: check
+CVE-2025-20793 (In Modem, there is a possible system crash due to incorrect 
error hand ...)
+       TODO: check
+CVE-2025-20787 (In display, there is a possible memory corruption due to use 
after fre ...)
+       TODO: check
+CVE-2025-20786 (In display, there is a possible memory corruption due to use 
after fre ...)
+       TODO: check
+CVE-2025-20785 (In display, there is a possible memory corruption due to use 
after fre ...)
+       TODO: check
+CVE-2025-20784 (In display, there is a possible memory corruption due to 
uninitialized ...)
+       TODO: check
+CVE-2025-20783 (In display, there is a possible out of bounds write due to a 
missing b ...)
+       TODO: check
+CVE-2025-20782 (In display, there is a possible out of bounds write due to a 
missing b ...)
+       TODO: check
+CVE-2025-20781 (In display, there is a possible memory corruption due to use 
after fre ...)
+       TODO: check
+CVE-2025-20780 (In display, there is a possible memory corruption due to use 
after fre ...)
+       TODO: check
+CVE-2025-20779 (In display, there is a possible use after free due to a race 
condition ...)
+       TODO: check
+CVE-2025-20778 (In display, there is a possible out of bounds write due to a 
missing b ...)
+       TODO: check
+CVE-2025-20762 (In Modem, there is a possible system crash due to incorrect 
error hand ...)
+       TODO: check
+CVE-2025-20761 (In Modem, there is a possible system crash due to incorrect 
error hand ...)
+       TODO: check
+CVE-2025-20760 (In Modem, there is a possible read of uninitialized heap data 
due to a ...)
+       TODO: check
+CVE-2025-15385 (Insufficient Verification of Data Authenticity vulnerability 
in TECNO  ...)
+       TODO: check
+CVE-2025-15364 (The Download Manager plugin for WordPress is vulnerable to 
privilege e ...)
+       TODO: check
+CVE-2025-15001 (The FS Registration Password plugin for WordPress is 
vulnerable to pri ...)
+       TODO: check
+CVE-2025-14997 (The BuddyPress Xprofile Custom Field Types plugin for 
WordPress is vul ...)
+       TODO: check
+CVE-2025-14996 (The AS Password Field In Default Registration Form plugin for 
WordPres ...)
+       TODO: check
+CVE-2025-14441 (The Popupkit plugin for WordPress is vulnerable to arbitrary 
subscribe ...)
+       TODO: check
+CVE-2025-14438 (The Xagio SEO \u2013 AI Powered SEO plugin for WordPress is 
vulnerable ...)
+       TODO: check
+CVE-2025-14371 (The Tag, Category, and Taxonomy Manager \u2013 AI Autotagger 
with Open ...)
+       TODO: check
+CVE-2025-14153 (The Page Expire Popup/Redirection for WordPress plugin for 
WordPress i ...)
+       TODO: check
+CVE-2025-14120 (The URL Image Importer plugin for WordPress is vulnerable to 
Stored Cr ...)
+       TODO: check
+CVE-2025-14034 (The ilGhera Support System for WooCommerce plugin for 
WordPress is vul ...)
+       TODO: check
+CVE-2025-13812 (The GamiPress \u2013 Gamification plugin to reward points, 
achievement ...)
+       TODO: check
+CVE-2025-13746 (The ForumWP \u2013 Forum & Discussion Board plugin for 
WordPress is vu ...)
+       TODO: check
+CVE-2025-13652 (The CBX Bookmark & Favorite plugin for WordPress is vulnerable 
to gene ...)
+       TODO: check
+CVE-2025-13409 (The Form Vibes \u2013 Database Manager for Forms plugin for 
WordPress  ...)
+       TODO: check
+CVE-2025-13215 (The Shortcodes and extra features for Phlox theme plugin for 
WordPress ...)
+       TODO: check
+CVE-2025-12793 (An uncontrolled DLL loading path vulnerability exists in 
AsusSoftwareM ...)
+       TODO: check
+CVE-2025-12067 (The Table Field Add-on for ACF and SCF plugin for WordPress is 
vulnera ...)
+       TODO: check
+CVE-2025-11723 (The Appointment Booking Calendar \u2014 Simply Schedule 
Appointments B ...)
+       TODO: check
+CVE-2025-11370 (The Popup and Slider Builder by Depicter \u2013 Add Email 
collecting P ...)
+       TODO: check
+CVE-2025-69225 (AIOHTTP is an asynchronous HTTP client/server framework for 
asyncio an ...)
        - python-aiohttp <unfixed>
        NOTE: 
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-mqqc-3gqh-h2x8
        NOTE: Fixed by: 
https://github.com/aio-libs/aiohttp/commit/c7b7a044f88c71cefda95ec75cdcfaa4792b3b96
 (v3.13.3)
-CVE-2025-69224
+CVE-2025-69224 (AIOHTTP is an asynchronous HTTP client/server framework for 
asyncio an ...)
        - python-aiohttp <unfixed>
        NOTE: 
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-69f9-5gxw-wvc2
        NOTE: Fixed by: 
https://github.com/aio-libs/aiohttp/commit/32677f2adfd907420c078dda6b79225c6f4ebce0
 (v3.13.3)
-CVE-2025-69226
+CVE-2025-69226 (AIOHTTP is an asynchronous HTTP client/server framework for 
asyncio an ...)
        - python-aiohttp <unfixed>
        NOTE: 
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-54jq-c3m8-4m76
        NOTE: Fixed by: 
https://github.com/aio-libs/aiohttp/commit/f2a86fd5ac0383000d1715afddfa704413f0711e
 (v3.13.3)
-CVE-2025-69230
+CVE-2025-69230 (AIOHTTP is an asynchronous HTTP client/server framework for 
asyncio an ...)
        - python-aiohttp <unfixed>
        NOTE: 
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-fh55-r93g-j68g
        NOTE: Fixed by: 
https://github.com/aio-libs/aiohttp/commit/64629a0834f94e46d9881f4e99c41a137e1f3326
 (v3.13.3)
-CVE-2025-69229
+CVE-2025-69229 (AIOHTTP is an asynchronous HTTP client/server framework for 
asyncio an ...)
        - python-aiohttp <unfixed>
        NOTE: 
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-g84x-mcqj-x9qq
        NOTE: Fixed by: 
https://github.com/aio-libs/aiohttp/commit/dc3170b56904bdf814228fae70a5501a42a6c712
 (v3.13.3)
        NOTE: Fixed by: 
https://github.com/aio-libs/aiohttp/commit/4ed97a4e46eaf61bd0f05063245f613469700229
 (v3.13.3)
-CVE-2025-69227
+CVE-2025-69227 (AIOHTTP is an asynchronous HTTP client/server framework for 
asyncio an ...)
        - python-aiohttp <unfixed>
        NOTE: 
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-jj3x-wxrx-4x23
        NOTE: Fixed by: 
https://github.com/aio-libs/aiohttp/commit/bc1319ec3cbff9438a758951a30907b072561259
 (v3.13.3)
-CVE-2025-69228
+CVE-2025-69228 (AIOHTTP is an asynchronous HTTP client/server framework for 
asyncio an ...)
        - python-aiohttp <unfixed>
        NOTE: 
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-6jhg-hg63-jvvf
        NOTE: Fixed by: 
https://github.com/aio-libs/aiohttp/commit/b7dbd35375aedbcd712cbae8ad513d56d11cce60
 (v3.13.3)
-CVE-2025-69223
+CVE-2025-69223 (AIOHTTP is an asynchronous HTTP client/server framework for 
asyncio an ...)
        - python-aiohttp <unfixed>
        NOTE: 
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-6mq8-rvhq-8wgg
        NOTE: Fixed by: 
https://github.com/aio-libs/aiohttp/commit/2b920c39002cee0ec5b402581779bbaaf7c9138a
 (v3.13.3)
-CVE-2025-15444
+CVE-2025-15444 (Crypt::Sodium::XS module versions prior to0.000042,for Perl, 
include a ...)
        NOT-FOR-US: Crypt::Sodium::XS Perl module
 CVE-2026-21635 (An Improper Access Control could allow a malicious actor in 
Wi-Fi rang ...)
        NOT-FOR-US: Ubiquiti



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f76220870a39ffb8173efab2db1f8059cc661d3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f76220870a39ffb8173efab2db1f8059cc661d3
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to