Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e9dcbf9d by security tracker role at 2026-01-07T20:13:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,8 +1,260 @@
+CVE-2026-22544 (An attacker with a network connection could detect credentials
in clea ...)
+ TODO: check
+CVE-2026-22543 (The credentials required to access the device's web server are
sent in ...)
+ TODO: check
+CVE-2026-22542 (An attacker with access to the system's internal network can
cause a d ...)
+ TODO: check
+CVE-2026-22541 (The massive sending of ICMP requests causes a denial of
service on one ...)
+ TODO: check
+CVE-2026-22540 (The massive sending of ARP requests causes a denial of service
on one ...)
+ TODO: check
+CVE-2026-22539 (As the service interaction is performed without
authentication, an att ...)
+ TODO: check
+CVE-2026-22537 (The lack of hardening of the system allows the user used to
manage and ...)
+ TODO: check
+CVE-2026-22536 (The absence of permissions control for the user XXX allows the
current ...)
+ TODO: check
+CVE-2026-22535 (An attacker with the ability to interact through the network
and with ...)
+ TODO: check
+CVE-2026-21856 (The Tarkov Data Manager is a tool to manage the Tarkov item
data. Prio ...)
+ TODO: check
+CVE-2026-21855 (The Tarkov Data Manager is a tool to manage the Tarkov item
data. Prio ...)
+ TODO: check
+CVE-2026-21854 (The Tarkov Data Manager is a tool to manage the Tarkov item
data. Prio ...)
+ TODO: check
+CVE-2026-21680 (iccDEV provides a set of libraries and tools that allow for
the intera ...)
+ TODO: check
+CVE-2026-21679 (iccDEV provides a set of libraries and tools that allow for
the intera ...)
+ TODO: check
+CVE-2026-21678 (iccDEV provides a set of libraries and tools that allow for
the intera ...)
+ TODO: check
+CVE-2026-21506 (iccDEV provides a set of libraries and tools that allow for
the intera ...)
+ TODO: check
+CVE-2026-21505 (iccDEV provides a set of libraries and tools that allow for
the intera ...)
+ TODO: check
+CVE-2026-21504 (iccDEV provides a set of libraries and tools that allow for
the intera ...)
+ TODO: check
+CVE-2026-21503 (iccDEV provides a set of libraries and tools that allow for
the intera ...)
+ TODO: check
+CVE-2026-21502 (iccDEV provides a set of libraries and tools that allow for
the intera ...)
+ TODO: check
+CVE-2026-21501 (iccDEV provides a set of libraries and tools that allow for
the intera ...)
+ TODO: check
+CVE-2026-21500 (iccDEV provides a set of libraries and tools that allow for
the intera ...)
+ TODO: check
+CVE-2026-21499 (iccDEV provides a set of libraries and tools that allow for
the intera ...)
+ TODO: check
+CVE-2026-21498 (iccDEV provides a set of libraries and tools that allow for
the intera ...)
+ TODO: check
+CVE-2026-21497 (iccDEV provides a set of libraries and tools that allow for
the intera ...)
+ TODO: check
+CVE-2026-21496 (iccDEV provides a set of libraries and tools that allow for
the intera ...)
+ TODO: check
+CVE-2026-21495 (iccDEV provides a set of libraries and tools that allow for
the intera ...)
+ TODO: check
+CVE-2026-20029 (A vulnerability in the licensing features of Cisco
Identity Servi ...)
+ TODO: check
+CVE-2026-20027 (Multiple Cisco products are affected by a vulnerability in the
process ...)
+ TODO: check
+CVE-2026-20026 (Multiple Cisco products are affected by a vulnerability
in the pr ...)
+ TODO: check
+CVE-2026-0670 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2026-0669 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2026-0668 (Inefficient Regular Expression Complexity vulnerability in
Wikimedia F ...)
+ TODO: check
+CVE-2026-0618 (Cross-site Scripting vulnerability in Devolutions PowerShell
Universal ...)
+ TODO: check
+CVE-2025-6225 (Kieback&Peter Neutrino-GLT product is used for building
management. It ...)
+ TODO: check
+CVE-2025-69344 (Missing Authorization vulnerability in ThemeHunk Oneline Lite
allows E ...)
+ TODO: check
+CVE-2025-69333 (Missing Authorization vulnerability in Crocoblock JetEngine
allows Exp ...)
+ TODO: check
+CVE-2025-69082 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-69081 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-69080 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-68637 (The Uniffle HTTP client is configured to trust all SSL
certificates an ...)
+ TODO: check
+CVE-2025-67366 (@sylphxltd/filesystem-mcp v0.5.8 is an MCP server that
provides file c ...)
+ TODO: check
+CVE-2025-67364 (fast-filesystem-mcp version 3.4.0 contains a critical path
traversal v ...)
+ TODO: check
+CVE-2025-66838 (In Aris v10.0.23.0.3587512 and before, the file upload
functionality d ...)
+ TODO: check
+CVE-2025-66837 (A file upload vulnerability in ARIS 10.0.23.0.3587512 allows
attackers ...)
+ TODO: check
+CVE-2025-66786 (OpenAirInterface CN5G AMF<=v2.0.1 There is a logical error
when proces ...)
+ TODO: check
+CVE-2025-66686 (A stored Cross-Site Scripting (XSS) vulnerability exists in
Perch CMS ...)
+ TODO: check
+CVE-2025-66560 (Quarkus is a Cloud Native, (Linux) Container First framework
for writi ...)
+ TODO: check
+CVE-2025-65805 (OpenAirInterface CN5G AMF<=v2.1.9 has a buffer overflow
vulnerability ...)
+ TODO: check
+CVE-2025-62327 (In HCL DevOps Deploy 8.1.2.0 through 8.1.2.3, a user with LLM
configur ...)
+ TODO: check
+CVE-2025-61939 (An unused function in MicroServer can start a reverse SSH
connection t ...)
+ TODO: check
+CVE-2025-61782 (OpenCTI is an open source platform for managing cyber threat
intellige ...)
+ TODO: check
+CVE-2025-61492 (A command injection vulnerability in the execute_command
function of t ...)
+ TODO: check
+CVE-2025-61489 (A command injection vulnerability in the shell_exec function
of soniri ...)
+ TODO: check
+CVE-2025-58441 (Knowage is an open source analytics and business intelligence
suite. P ...)
+ TODO: check
+CVE-2025-4677 (Insufficient Session Expiration vulnerability in ABB WebPro
SNMP Card ...)
+ TODO: check
+CVE-2025-4676 (Incorrect Implementation of Authentication Algorithm
vulnerability in ...)
+ TODO: check
+CVE-2025-4675 (Improper Check for Unusual or Exceptional Conditions
vulnerability in ...)
+ TODO: check
+CVE-2025-49335 (Server-Side Request Forgery (SSRF) vulnerability in minnur
External Me ...)
+ TODO: check
+CVE-2025-47552 (Deserialization of Untrusted Data vulnerability in Digital
zoom studio ...)
+ TODO: check
+CVE-2025-46494 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46434 (Missing Authorization vulnerability in POSIMYTH Innovation The
Plus Ad ...)
+ TODO: check
+CVE-2025-46256 (Path Traversal: '.../...//' vulnerability in SigmaPlugin
Advanced Data ...)
+ TODO: check
+CVE-2025-32303 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-32300 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-31643 (Incorrect Privilege Assignment vulnerability in Dasinfomedia
WPCHURCH ...)
+ TODO: check
+CVE-2025-15479 (Stored cross-site scripting (XSS, CWE-79) in the survey
content and ad ...)
+ TODO: check
+CVE-2025-15158 (The WP Enable WebP plugin for WordPress is vulnerable to
arbitrary fil ...)
+ TODO: check
+CVE-2025-15058 (The Responsive Pricing Table plugin for WordPress is
vulnerable to Sto ...)
+ TODO: check
+CVE-2025-15018 (The Optional Email plugin for WordPress is vulnerable to
Privilege Esc ...)
+ TODO: check
+CVE-2025-15000 (The Page Keys plugin for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2025-14999 (The Latest Tabs plugin for WordPress is vulnerable to
Cross-Site Reque ...)
+ TODO: check
+CVE-2025-14796 (The My Album Gallery plugin for WordPress is vulnerable to
Stored Cros ...)
+ TODO: check
+CVE-2025-14626 (The QR Code for WooCommerce order emails, PDF invoices,
packing slips ...)
+ TODO: check
+CVE-2025-14465 (The Sticky Action Buttons plugin for WordPress is vulnerable
to Cross- ...)
+ TODO: check
+CVE-2025-14460 (The Piraeus Bank WooCommerce Payment Gateway plugin for
WordPress is v ...)
+ TODO: check
+CVE-2025-14453 (The My Album Gallery plugin for WordPress is vulnerable to
Stored Cros ...)
+ TODO: check
+CVE-2025-14352 (The Awesome Hotel Booking plugin for WordPress is vulnerable
to unauth ...)
+ TODO: check
+CVE-2025-14147 (The Easy GitHub Gist Shortcodes plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2025-14145 (The Niche Hero | Beautifully-designed blocks in seconds plugin
for Wor ...)
+ TODO: check
+CVE-2025-14144 (The Mstoic Shortcodes plugin for WordPress is vulnerable to
Stored Cro ...)
+ TODO: check
+CVE-2025-14131 (The WP Widget Changer plugin for WordPress is vulnerable to
Reflected ...)
+ TODO: check
+CVE-2025-14130 (The Post Like Dislike plugin for WordPress is vulnerable to
Reflected ...)
+ TODO: check
+CVE-2025-14128 (The Stumble! for WordPress plugin for WordPress is vulnerable
to Refle ...)
+ TODO: check
+CVE-2025-14127 (The Testimonial Master plugin for WordPress is vulnerable to
Reflected ...)
+ TODO: check
+CVE-2025-14122 (The AD Sliding FAQ plugin for WordPress is vulnerable to
Stored Cross- ...)
+ TODO: check
+CVE-2025-14121 (The EDD Download Info plugin for WordPress is vulnerable to
Stored Cro ...)
+ TODO: check
+CVE-2025-14118 (The Starred Review plugin for WordPress is vulnerable to
Reflected Cro ...)
+ TODO: check
+CVE-2025-14114 (The 1180px Shortcodes plugin for WordPress is vulnerable to
Stored Cro ...)
+ TODO: check
+CVE-2025-14113 (The Viitor Button Shortcodes plugin for WordPress is
vulnerable to Sto ...)
+ TODO: check
+CVE-2025-14112 (The Snillrik Restaurant plugin for WordPress is vulnerable to
Stored C ...)
+ TODO: check
+CVE-2025-14110 (The WP Js List Pages Shortcodes plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2025-14109 (The AH Shortcodes plugin for WordPress is vulnerable to Stored
Cross-S ...)
+ TODO: check
+CVE-2025-14077 (The Simcast plugin for WordPress is vulnerable to Cross-Site
Request F ...)
+ TODO: check
+CVE-2025-14070 (The Reviewify plugin for WordPress is vulnerable to
unauthorized modif ...)
+ TODO: check
+CVE-2025-14057 (The Multi-column Tag Map plugin for WordPress is vulnerable to
Stored ...)
+ TODO: check
+CVE-2025-14053 (The Wish To Go plugin for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2025-14028 (The Contact Us Simple Form plugin for WordPress is vulnerable
to Store ...)
+ TODO: check
+CVE-2025-13990 (The Mamurjor Employee Info plugin for WordPress is vulnerable
to Cross ...)
+ TODO: check
+CVE-2025-13974 (The Email Customizer for WooCommerce plugin for WordPress is
vulnerabl ...)
+ TODO: check
+CVE-2025-13887 (The AI BotKit \u2013 AI Chatbot & Live Support for WordPress
plugin fo ...)
+ TODO: check
+CVE-2025-13849 (The Cool YT Player plugin for WordPress is vulnerable to
Stored Cross- ...)
+ TODO: check
+CVE-2025-13848 (The STM Gallery 1.9 plugin for WordPress is vulnerable to
Stored Cross ...)
+ TODO: check
+CVE-2025-13847 (The PhotoFade plugin for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2025-13841 (The Smart App Banners plugin for WordPress is vulnerable to
Stored Cro ...)
+ TODO: check
+CVE-2025-13801 (The Yoco Payments plugin for WordPress is vulnerable to Path
Traversal ...)
+ TODO: check
+CVE-2025-13722 (The Fluent Forms \u2013 Customizable Contact Forms, Survey,
Quiz, & Co ...)
+ TODO: check
+CVE-2025-13694 (The AA Block Country plugin for WordPress is vulnerable to IP
Address ...)
+ TODO: check
+CVE-2025-13667 (The WP Recipe Manager plugin for WordPress is vulnerable to
Stored Cro ...)
+ TODO: check
+CVE-2025-13531 (The Stylish Order Form Builder plugin for WordPress is
vulnerable to S ...)
+ TODO: check
+CVE-2025-13529 (The Unify plugin for WordPress is vulnerable to unauthorized
modificat ...)
+ TODO: check
+CVE-2025-13527 (The xShare plugin for WordPress is vulnerable to Cross-Site
Request Fo ...)
+ TODO: check
+CVE-2025-13521 (The WP Status Notifier plugin for WordPress is vulnerable to
Cross-Sit ...)
+ TODO: check
+CVE-2025-13520 (The MTCaptcha WordPress Plugin for WordPress is vulnerable to
Cross-Si ...)
+ TODO: check
+CVE-2025-13519 (The SVG Map Plugin plugin for WordPress is vulnerable to
Cross-Site Re ...)
+ TODO: check
+CVE-2025-13497 (The Recras WordPress plugin for WordPress is vulnerable to
Stored Cros ...)
+ TODO: check
+CVE-2025-13496 (The Moosend Landing Pages plugin for WordPress is vulnerable
to unauth ...)
+ TODO: check
+CVE-2025-13493 (The Latest Registered Users plugin for WordPress is vulnerable
to unau ...)
+ TODO: check
+CVE-2025-13419 (The Guest posting / Frontend Posting / Front Editor \u2013 WP
Front Us ...)
+ TODO: check
+CVE-2025-13418 (The Responsive Pricing Table plugin for WordPress is
vulnerable to Sto ...)
+ TODO: check
+CVE-2025-12958 (The Rankology SEO and Analytics Tool plugin for WordPress is
vulnerabl ...)
+ TODO: check
+CVE-2025-12543 (A flaw was found in the Undertow HTTP server core, which is
used in Wi ...)
+ TODO: check
+CVE-2025-12540 (The ShareThis Dashboard for Google Analytics plugin for
WordPress is v ...)
+ TODO: check
+CVE-2025-12030 (The ACF to REST API plugin for WordPress is vulnerable to
Insecure Dir ...)
+ TODO: check
+CVE-2025-11877 (The User Activity Log plugin is vulnerable to a limited
options update ...)
+ TODO: check
CVE-2025-67603 [Add PolicyKit authorization to D-Bus methods]
+ {DSA-6095-1}
- foomuuri 0.31-1
NOTE: Fixed by:
https://github.com/FoobarOy/foomuuri/commit/5944a428f53a132fc343ff6792b1b7539f1c990e
(v0.31)
NOTE: https://www.openwall.com/lists/oss-security/2026/01/07/9
CVE-2025-67858 [Verify interface input parameter on D-Bus methods]
+ {DSA-6095-1}
- foomuuri 0.31-1
NOTE: Fixed by:
https://github.com/FoobarOy/foomuuri/commit/d1961f420600d133e5f1d3125deb17445e7745ac
(v0.31)
NOTE: https://www.openwall.com/lists/oss-security/2026/01/07/9
@@ -2902,7 +3154,7 @@ CVE-2020-36903 (Selea CarPlateServer 4.0.1.6 contains an
unquoted service path v
CVE-2019-25262 (A security vulnerability has been detected in elinicksic
Razgover up t ...)
NOT-FOR-US: elinicksic Razgover
CVE-2025-69277 (libsodium before ad3004e, in atypical use cases involving
certain cust ...)
- {DSA-6094-1}
+ {DSA-6094-1 DLA-4435-1}
- libsodium 1.0.18-2 (bug #1124374)
NOTE: https://00f.net/2025/12/30/libsodium-vulnerability/
NOTE: Fixed by:
https://github.com/jedisct1/libsodium/commit/ad3004ec8731730e93fcfbbc824e67eadc1c1bae
@@ -3064,7 +3316,8 @@ CVE-2022-50800 (H3C SSL VPN contains a user enumeration
vulnerability that allow
NOT-FOR-US: H3C
CVE-2022-50799 (Fetch FTP Client 5.8.2 contains a denial of service
vulnerability that ...)
NOT-FOR-US: Fetch FTP Client
-CVE-2022-50798 (SoX 14.4.2 contains a division by zero vulnerability when
handling WAV ...)
+CVE-2022-50798
+ REJECTED
- sox 14.4.2-2
NOTE: https://www.exploit-db.com/exploits/51034
NOTE: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5712.php
@@ -179137,7 +179390,7 @@ CVE-2024-37182 (Mattermost Desktop App versions
<=5.7.0 fail to correctly prompt
- mattermost-desktop <itp> (bug #831861)
CVE-2024-36656 (In MintHCM 4.0.3, a registered user can execute arbitrary
JavaScript c ...)
NOT-FOR-US: MintHCM
-CVE-2024-36600 (Buffer Overflow Vulnerability in libcdio v2.1.0 allows an
attacker to ...)
+CVE-2024-36600 (Buffer Overflow Vulnerability in libcdio in commit 4c840665
allows an ...)
- libcdio <not-affected> (Vulnerable code introduced later in
development version)
NOTE: https://github.com/gashasbi/My-Reports/tree/main/CVE-2024-36600
NOTE: Introduced by:
https://git.savannah.gnu.org/cgit/libcdio.git/commit/?id=4c840665c6d9cf2ff1cf0cd12f91b25030776c74
(master)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9dcbf9d5c4f0ae93179f22d8f530672451f6f6d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9dcbf9d5c4f0ae93179f22d8f530672451f6f6d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
