[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Tue, 06 Jan 2026 12:13:34 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
a7e28aa7 by security tracker role at 2026-01-06T20:13:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,167 @@
+CVE-2026-21494 (iccDEV provides a set of libraries and tools that allow for 
the intera ...)
+       TODO: check
+CVE-2026-21493 (iccDEV provides a set of libraries and tools for working with 
ICC colo ...)
+       TODO: check
+CVE-2026-21491 (iccDEV provides a set of libraries and tools that allow for 
the intera ...)
+       TODO: check
+CVE-2026-21490 (iccDEV provides a set of libraries and tools that allow for 
the intera ...)
+       TODO: check
+CVE-2026-21489 (iccDEV provides a set of libraries and tools for working with 
ICC colo ...)
+       TODO: check
+CVE-2026-21488 (iccDEV provides a set of libraries and tools for working with 
ICC colo ...)
+       TODO: check
+CVE-2026-0641 (A security vulnerability has been detected in TOTOLINK WA300 
5.2cu.711 ...)
+       TODO: check
+CVE-2026-0640 (A weakness has been identified in Tenda AC23 16.03.07.52. This 
affects ...)
+       TODO: check
+CVE-2025-9637 (The Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey 
Maker plu ...)
+       TODO: check
+CVE-2025-9318 (The Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey 
Maker plu ...)
+       TODO: check
+CVE-2025-9294 (The Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey 
Maker plu ...)
+       TODO: check
+CVE-2025-7048 (On affected platforms running Arista EOS with MACsec 
configuration, a  ...)
+       TODO: check
+CVE-2025-69364 (Missing Authorization vulnerability in Cloudways Breeze breeze 
allows  ...)
+       TODO: check
+CVE-2025-69363 (Missing Authorization vulnerability in CyberChimps Responsive 
Addons f ...)
+       TODO: check
+CVE-2025-69362 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-69361 (Missing Authorization vulnerability in PublishPress Post 
Expirator pos ...)
+       TODO: check
+CVE-2025-69360 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-69359 (Missing Authorization vulnerability in WPFunnels Creator LMS 
creatorlm ...)
+       TODO: check
+CVE-2025-69357 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-69356 (Improper Control of Filename for Include/Require Statement in 
PHP Prog ...)
+       TODO: check
+CVE-2025-69355 (Missing Authorization vulnerability in Tickera Tickera 
tickera-event-t ...)
+       TODO: check
+CVE-2025-69354 (Missing Authorization vulnerability in BBR Plugins Better 
Business Rev ...)
+       TODO: check
+CVE-2025-69353 (Missing Authorization vulnerability in Proxy &amp; VPN Blocker 
Proxy & ...)
+       TODO: check
+CVE-2025-69352 (Missing Authorization vulnerability in StellarWP The Events 
Calendar t ...)
+       TODO: check
+CVE-2025-69351 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2025-69350 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-69349 (Missing Authorization vulnerability in Fahad Mahmood RSS Feed 
Widget r ...)
+       TODO: check
+CVE-2025-69348 (Missing Authorization vulnerability in CoolHappy The Events 
Calendar C ...)
+       TODO: check
+CVE-2025-69346 (Missing Authorization vulnerability in WPCenter AffiliateX 
affiliatex  ...)
+       TODO: check
+CVE-2025-69345 (Missing Authorization vulnerability in BoldGrid Post and Page 
Builder  ...)
+       TODO: check
+CVE-2025-69342 (Improper Control of Filename for Include/Require Statement in 
PHP Prog ...)
+       TODO: check
+CVE-2025-69341 (Missing Authorization vulnerability in BuddhaThemes 
WeDesignTech Ultim ...)
+       TODO: check
+CVE-2025-69336 (Missing Authorization vulnerability in bdthemes Ultimate Store 
Kit Ele ...)
+       TODO: check
+CVE-2025-69335 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-69334 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-69331 (Missing Authorization vulnerability in Jeroen Schmit Theater 
for WordP ...)
+       TODO: check
+CVE-2025-69327 (Missing Authorization vulnerability in magepeopleteam Car 
Rental Manag ...)
+       TODO: check
+CVE-2025-69086 (Improper Control of Filename for Include/Require Statement in 
PHP Prog ...)
+       TODO: check
+CVE-2025-69085 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-69084 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-69083 (Improper Control of Filename for Include/Require Statement in 
PHP Prog ...)
+       TODO: check
+CVE-2025-65212 (An issue was discovered in NJHYST HY511 POE core before 2.1 
and plugin ...)
+       TODO: check
+CVE-2025-63083 (Lack of output escaping leads to a XSS vector in the pagebreak 
plugin.)
+       TODO: check
+CVE-2025-63082 (Lack of input filtering leads to an XSS vector in the HTML 
filter code ...)
+       TODO: check
+CVE-2025-60534 (Blue Access Cobalt v02.000.195 suffers from an authentication 
bypass v ...)
+       TODO: check
+CVE-2025-60262 (An issue in H3C M102G HM1A0V200R010 wireless controller and 
BA1500L SW ...)
+       TODO: check
+CVE-2025-5919 (The Appointment Booking and Scheduling Calendar Plugin \u2013 
WP Timet ...)
+       TODO: check
+CVE-2025-59379 (DwyerOmega Isensix Advanced Remote Monitoring System (ARMS) 
1.5.7 allo ...)
+       TODO: check
+CVE-2025-47553 (Deserialization of Untrusted Data vulnerability in Digital 
zoom studio ...)
+       TODO: check
+CVE-2025-46696 (Dell Secure Connect Gateway (SCG) 5.0 Appliance and 
Application, versi ...)
+       TODO: check
+CVE-2025-39477 (Missing Authorization vulnerability in Sfwebservice InWave 
Jobs allows ...)
+       TODO: check
+CVE-2025-36589 (Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an 
Imprope ...)
+       TODO: check
+CVE-2025-32304 (Improper Control of Filename for Include/Require Statement in 
PHP Prog ...)
+       TODO: check
+CVE-2025-15382 (A heap buffer over-read vulnerability exists in the 
wolfSSH_CleanPath( ...)
+       TODO: check
+CVE-2025-14979 (AirVPN Eddie on MacOS contains an insecure XPC service that 
allows loc ...)
+       TODO: check
+CVE-2025-14942 (wolfSSH\u2019s key exchange state machine can be manipulated 
to leak t ...)
+       TODO: check
+CVE-2025-14552 (The MediaPress plugin for WordPress is vulnerable to Stored 
Cross-Site ...)
+       TODO: check
+CVE-2025-14026 (Forcepoint One DLP Client, version 23.04.5642 (and possibly 
newer vers ...)
+       TODO: check
+CVE-2025-13964 (The LearnPress \u2013 WordPress LMS Plugin plugin for 
WordPress is vul ...)
+       TODO: check
+CVE-2025-13766 (The MasterStudy LMS WordPress Plugin \u2013 for Online Courses 
and Edu ...)
+       TODO: check
+CVE-2024-31088 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
+       TODO: check
+CVE-2024-30547 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
+       TODO: check
+CVE-2023-5069
+       REJECTED
+CVE-2020-36925 (Arteco Web Client DVR/NVR contains a session hijacking 
vulnerability w ...)
+       TODO: check
+CVE-2020-36924 (Sony BRAVIA Digital Signage 1.7.8 contains a remote file 
inclusion vul ...)
+       TODO: check
+CVE-2020-36923 (Sony BRAVIA Digital Signage 1.7.8 contains an insecure direct 
object r ...)
+       TODO: check
+CVE-2020-36922 (Sony BRAVIA Digital Signage 1.7.8 contains an information 
disclosure v ...)
+       TODO: check
+CVE-2020-36921 (RED-V Super Digital Signage System 5.1.1 contains an 
information discl ...)
+       TODO: check
+CVE-2020-36920 (iDS6 DSSPro Digital Signage System 6.2 contains an improper 
access con ...)
+       TODO: check
+CVE-2020-36918 (iDS6 DSSPro Digital Signage System 6.2 contains a cross-site 
request f ...)
+       TODO: check
+CVE-2020-36917 (iDS6 DSSPro Digital Signage System 6.2 contains a sensitive 
informatio ...)
+       TODO: check
+CVE-2020-36916 (TDM Digital Signage PC Player 4.1.0.4 contains an elevation of 
privile ...)
+       TODO: check
+CVE-2020-36915 (Adtec Digital SignEdje Digital Signage Player v2.08.28 
contains multip ...)
+       TODO: check
+CVE-2020-36914 (QiHang Media Web Digital Signage 3.0.9 contains a sensitive 
informatio ...)
+       TODO: check
+CVE-2020-36913 (All-Dynamics Software enlogic:show 2.0.2 contains a session 
fixation v ...)
+       TODO: check
+CVE-2020-36912 (Plexus anblick Digital Signage Management 3.1.13 contains an 
open redi ...)
+       TODO: check
+CVE-2020-36910 (Cayin Signage Media Player 3.0 contains an authenticated 
remote comman ...)
+       TODO: check
+CVE-2020-36909 (SnapGear Management Console SG560 3.1.5 contains a file 
manipulation v ...)
+       TODO: check
+CVE-2020-36908 (SnapGear Management Console SG560 version 3.1.5 contains a 
cross-site  ...)
+       TODO: check
+CVE-2020-36907 (Aerohive HiveOS contains a denial of service vulnerability in 
the NetC ...)
+       TODO: check
+CVE-2020-36906 (P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request 
forgery v ...)
+       TODO: check
+CVE-2020-36905 (FIBARO System Home Center 5.021 contains a remote file 
inclusion vulne ...)
+       TODO: check
 CVE-2026-21750
        REJECTED
 CVE-2026-21749
@@ -15851,6 +16015,7 @@ CVE-2025-65346 (alexusmai laravel-file-manager 3.3.1 
and below is vulnerable to
 CVE-2025-63681 (open-webui v0.6.33 is vulnerable to Incorrect Access Control. 
The API  ...)
        NOT-FOR-US: open-webui
 CVE-2025-63499 (Alinto Sogo 5.12.3 is vulnerable to Cross Site Scripting (XSS) 
via the ...)
+       {DLA-4434-1}
        - sogo 5.12.4-1.2 (bug #1121952)
        [trixie] - sogo <no-dsa> (Minor issue, can be fixed via point release)
        [bookworm] - sogo <no-dsa> (Minor issue, can be fixed via point release)
@@ -193566,6 +193731,7 @@ CVE-2024-34468 (Rukovoditel before 3.5.3 allows XSS 
via user_photo to My Page.)
 CVE-2024-34467 (ThinkPHP 8.0.3 allows remote attackers to exploit XSS due to 
inadequat ...)
        NOT-FOR-US: ThinkPHP
 CVE-2024-34462 (Alinto SOGo through 5.10.0 allows XSS during attachment 
preview.)
+       {DLA-4434-1}
        - sogo 5.11.0-1 (bug #1071163)
        [bookworm] - sogo <no-dsa> (Minor issue)
        [buster] - sogo <postponed> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7e28aa7160d58fa1fcefce7af1e4cfd32f50f3c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7e28aa7160d58fa1fcefce7af1e4cfd32f50f3c
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to