Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
426f85df by security tracker role at 2026-01-09T08:13:07+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,121 @@
+CVE-2026-22714 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2026-22713 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2026-22712 (Improper Encoding or Escaping of Outputdue to magic word
replacement i ...)
+ TODO: check
+CVE-2026-22710 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2026-22636
+ REJECTED
+CVE-2026-22635
+ REJECTED
+CVE-2026-22634
+ REJECTED
+CVE-2026-22633
+ REJECTED
+CVE-2026-22632
+ REJECTED
+CVE-2026-22631
+ REJECTED
+CVE-2026-22630
+ REJECTED
+CVE-2026-22588 (Spree is an open source e-commerce solution built with Ruby on
Rails. ...)
+ TODO: check
+CVE-2026-21409 (Improper authorization vulnerability exists in RICOH
Streamline NX 3.5 ...)
+ TODO: check
+CVE-2026-20976 (Improper input validation in Galaxy Store prior to version
4.6.02 allo ...)
+ TODO: check
+CVE-2026-20975 (Improper handling of insufficient permission in Samsung Cloud
prior to ...)
+ TODO: check
+CVE-2026-20974 (Improper input validation in data related to network
restrictions prio ...)
+ TODO: check
+CVE-2026-20973 (Out-of-bounds read in libimagecodec.quram.so prior to SMR
Jan-2026 Rel ...)
+ TODO: check
+CVE-2026-20972 (Improper Export of Android Application Components in UwbTest
prior to ...)
+ TODO: check
+CVE-2026-20971 (Use After Free in PROCA driver prior to SMR Jan-2026 Release 1
allows ...)
+ TODO: check
+CVE-2026-20970 (Improper access control in SLocation prior to SMR Jan-2026
Release 1 a ...)
+ TODO: check
+CVE-2026-20969 (Improper input validation in SecSettings prior to SMR Jan-2026
Release ...)
+ TODO: check
+CVE-2026-20968 (Use after free in DualDAR prior to SMR Jan-2026 Release 1
allows local ...)
+ TODO: check
+CVE-2026-0733 (A vulnerability was determined in PHPGurukul Online Course
Registratio ...)
+ TODO: check
+CVE-2026-0732 (A vulnerability was found in D-Link DI-8200G 17.12.20A1. This
affects ...)
+ TODO: check
+CVE-2026-0731 (A vulnerability has been found in TOTOLINK WA1200 5.9c.2914.
The impac ...)
+ TODO: check
+CVE-2026-0730 (A flaw has been found in PHPGurukul Staff Leave Management
System 1.0. ...)
+ TODO: check
+CVE-2026-0729 (A vulnerability was detected in code-projects Intern Membership
Manage ...)
+ TODO: check
+CVE-2026-0728 (A security vulnerability has been detected in code-projects
Intern Mem ...)
+ TODO: check
+CVE-2026-0563 (The WP Google Street View (with 360\xb0 virtual tour) & Google
maps + ...)
+ TODO: check
+CVE-2025-70974 (Fastjson before 1.2.48 mishandles autoType because, when an
@type key ...)
+ TODO: check
+CVE-2025-68719 (KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 mishandle
configurati ...)
+ TODO: check
+CVE-2025-68718 (KAYSUS KS-WR1200 routers with firmware 107 expose SSH and
TELNET servi ...)
+ TODO: check
+CVE-2025-68717 (KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 allow
authentication ...)
+ TODO: check
+CVE-2025-68716 (KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 enable the
SSH servic ...)
+ TODO: check
+CVE-2025-66315 (There is a configuration defect vulnerability in the version
server of ...)
+ TODO: check
+CVE-2025-15464 (Exported Activity allows external applications to gain
application con ...)
+ TODO: check
+CVE-2025-15057 (The SlimStat Analytics plugin for WordPress is vulnerable to
Stored Cr ...)
+ TODO: check
+CVE-2025-15055 (The SlimStat Analytics plugin for WordPress is vulnerable to
Stored Cr ...)
+ TODO: check
+CVE-2025-15019 (The BIALTY - Bulk Image Alt Text (Alt tag, Alt Attribute) with
Yoast S ...)
+ TODO: check
+CVE-2025-14980 (The BetterDocs plugin for WordPress is vulnerable to Sensitive
Informa ...)
+ TODO: check
+CVE-2025-14937 (The Frontend Admin by DynamiApps plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2025-14893 (The IndieWeb plugin for WordPress is vulnerable to Stored
Cross-Site S ...)
+ TODO: check
+CVE-2025-14886 (The Japanized for WooCommerce plugin for WordPress is
vulnerable to un ...)
+ TODO: check
+CVE-2025-14803 (The NEX-Forms WordPress plugin before 9.1.8 does not sanitise
and esc ...)
+ TODO: check
+CVE-2025-14782 (The Forminator Forms \u2013 Contact Form, Payment Form &
Custom Form B ...)
+ TODO: check
+CVE-2025-14741 (The Frontend Admin by DynamiApps plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2025-14736 (The Frontend Admin by DynamiApps plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2025-14720 (The Booking for Appointments and Events Calendar \u2013 Amelia
plugin ...)
+ TODO: check
+CVE-2025-14718 (The Schedule Post Changes With PublishPress Future plugin for
WordPres ...)
+ TODO: check
+CVE-2025-14657 (The Eventin \u2013 Event Manager, Events Calendar, Event
Tickets and R ...)
+ TODO: check
+CVE-2025-14574 (The weDocs plugin for WordPress is vulnerable to Sensitive
Information ...)
+ TODO: check
+CVE-2025-14505 (The ECDSA implementation of the Elliptic package generates
incorrect s ...)
+ TODO: check
+CVE-2025-14436 (The Brevo for WooCommerce plugin for WordPress is vulnerable
to Stored ...)
+ TODO: check
+CVE-2025-14146 (The Booking Calendar plugin for WordPress is vulnerable to
Sensitive I ...)
+ TODO: check
+CVE-2025-13935 (The Tutor LMS \u2013 eLearning and online course solution
plugin for W ...)
+ TODO: check
+CVE-2025-13934 (The Tutor LMS \u2013 eLearning and online course solution
plugin for W ...)
+ TODO: check
+CVE-2025-13753 (The WP Table Builder \u2013 Drag & Drop Table Builder plugin
for WordP ...)
+ TODO: check
+CVE-2025-13749 (The Clearfy Cache \u2013 WordPress optimization plugin, Minify
HTML, C ...)
+ TODO: check
+CVE-2025-13628 (The Tutor LMS \u2013 eLearning and online course solution
plugin for W ...)
+ TODO: check
CVE-2026-0716
- libsoup3 <unfixed>
- libsoup2.4 <removed>
@@ -111,7 +229,7 @@ CVE-2026-21638 (A malicious actor in Wi-Fi range of the
affected product could l
NOT-FOR-US: UBB
CVE-2026-0747 (Exposure of sensitive information in the TeamViewer entry
dashboard co ...)
NOT-FOR-US: Devolutions
-CVE-2026-0719 (A flaw was found in libsoup's NTLM (NT LAN Manager)
authentication mod ...)
+CVE-2026-0719 (A flaw was identified in the NTLM authentication handling of
the libso ...)
- libsoup3 <unfixed> (bug #1125083)
- libsoup2.4 <removed>
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/477
@@ -379,7 +497,7 @@ CVE-2026-21868 (Flag Forge is a Capture The Flag (CTF)
platform. Versions 2.3.2
NOT-FOR-US: Flag Forge
CVE-2026-21859 (Mailpit is an email testing tool and API for developers.
Versions 1.28 ...)
NOT-FOR-US: Mailpit
-CVE-2026-21858 (n8n is an open source workflow automation platform. Versions
below 1.1 ...)
+CVE-2026-21858 (n8n is an open source workflow automation platform. Versions
starting ...)
NOT-FOR-US: n8n
CVE-2026-21857 (REDAXO is a PHP-based content management system. Prior to
version 5.20 ...)
NOT-FOR-US: REDAXO
@@ -3883,13 +4001,13 @@ CVE-2022-50692 (SOUND4 IMPACT/FIRST/PULSE/Eco versions
2.x and below contain an
NOT-FOR-US: SOUND4 IMPACT/FIRST/PULSE/Eco
CVE-2022-50691 (MiniDVBLinux 5.4 contains a remote command execution
vulnerability tha ...)
NOT-FOR-US: MiniDVBLinux
-CVE-2025-69195
+CVE-2025-69195 (A flaw was found in GNU Wget2. This vulnerability, a
stack-based buffe ...)
- wget2 <unfixed> (bug #1124377)
[bookworm] - wget2 <not-affected> (Vulnerable code introduced later)
[bullseye] - wget2 <not-affected> (Vulnerable code introduced later)
NOTE: Introduced with:
https://gitlab.com/gnuwget/wget2/-/commit/3dc30f5f0c6f8feae97f866c537324f821ea05d6
(v2.1.0)
NOTE: Fixed by:
https://gitlab.com/gnuwget/wget2/-/commit/fc7fcbc00e0a2c8606d44ab216195afb3f08cc98
(v2.2.1)
-CVE-2025-69194
+CVE-2025-69194 (A security issue was discovered in GNU Wget2 when handling
Metalink do ...)
- wget2 <unfixed> (bug #1124378)
[trixie] - wget2 <no-dsa> (Minor issue)
[bookworm] - wget2 <no-dsa> (Minor issue)
@@ -75210,7 +75328,7 @@ CVE-2025-5875 (A vulnerability classified as critical
has been found in TP-LINK
NOT-FOR-US: TP-Link
CVE-2025-5874 (A vulnerability was found in Redash up to 10.1.0/25.1.0. It has
been r ...)
NOT-FOR-US: Redash
-CVE-2025-5873 (A vulnerability was found in eCharge Hardy Barth Salia PLCC
2.2.0. It ...)
+CVE-2025-5873 (A vulnerability was detected in eCharge Hardy Barth Salia PLCC
up to 2 ...)
NOT-FOR-US: eCharge Hardy Barth Salia PLCC
CVE-2025-5872 (A vulnerability was found in eGauge EG3000 Energy Monitor
3.6.3. It ha ...)
NOT-FOR-US: eGauge EG3000 Energy Monitor
@@ -136150,13 +136268,13 @@ CVE-2024-XXXX [ruzstd uninit and out-of-bounds
memory reads]
NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0400.html
NOTE: https://github.com/KillingSpark/zstd-rs/issues/75
NOTE: https://github.com/KillingSpark/zstd-rs/pull/76
-CVE-2024-9852 (Uncontrolled Search Path Element vulnerability in ICONICS
GENESIS64 al ...)
+CVE-2024-9852 (Uncontrolled Search Path Element vulnerability in Mitsubishi
Electric ...)
NOT-FOR-US: Mitsubishi Electric
CVE-2024-9044 (A XML External Entity (XXE) vulnerability has been identified
in Easy ...)
NOT-FOR-US: Easy Tax Client Software
-CVE-2024-8300 (Dead Code vulnerability in ICONICS GENESIS64 Version 10.97.2,
10.97.2 ...)
+CVE-2024-8300 (Dead Code vulnerability in Mitsubishi Electric GENESIS64
Version 10.97 ...)
NOT-FOR-US: Mitsubishi Electric
-CVE-2024-8299 (Uncontrolled Search Path Element vulnerability in ICONICS
GENESIS64 al ...)
+CVE-2024-8299 (Uncontrolled Search Path Element vulnerability in Mitsubishi
Electric ...)
NOT-FOR-US: Mitsubishi Electric
CVE-2024-54124 (In Click Studios Passwordstate before build 9920, there is a
potential ...)
NOT-FOR-US: Click Studios Passwordstate
@@ -339153,17 +339271,17 @@ CVE-2022-33322 (Cross-site scripting vulnerability
in Mitsubishi Electric consum
NOT-FOR-US: Mitsubishi Electric
CVE-2022-33321 (Cleartext Transmission of Sensitive Information vulnerability
due to t ...)
NOT-FOR-US: Mitsubishi Electric
-CVE-2022-33320 (Deserialization of Untrusted Data vulnerability in ICONICS
GENESIS64 v ...)
+CVE-2022-33320 (Deserialization of Untrusted Data vulnerability in Mitsubishi
Electric ...)
NOT-FOR-US: ICONICS
-CVE-2022-33319 (Out-of-bounds Read vulnerability in ICONICS GENESIS64 versions
10.97.1 ...)
+CVE-2022-33319 (Out-of-bounds Read vulnerability in Mitsubishi Electric
GENESIS64 vers ...)
NOT-FOR-US: ICONICS
-CVE-2022-33318 (Deserialization of Untrusted Data vulnerability in ICONICS
GENESIS64 v ...)
+CVE-2022-33318 (Deserialization of Untrusted Data vulnerability in Mitsubishi
Electric ...)
NOT-FOR-US: ICONICS
CVE-2022-33317 (Inclusion of Functionality from Untrusted Control Sphere
vulnerability ...)
NOT-FOR-US: ICONICS
-CVE-2022-33316 (Deserialization of Untrusted Data vulnerability in ICONICS
GENESIS64 v ...)
+CVE-2022-33316 (Deserialization of Untrusted Data vulnerability in Mitsubishi
Electric ...)
NOT-FOR-US: ICONICS
-CVE-2022-33315 (Deserialization of Untrusted Data vulnerability in ICONICS
GENESIS64 v ...)
+CVE-2022-33315 (Deserialization of Untrusted Data vulnerability in Mitsubishi
Electric ...)
NOT-FOR-US: ICONICS
CVE-2022-33314 (Multiple command injection vulnerabilities exist in the
web_server act ...)
NOT-FOR-US: Robustel R1510
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/426f85df6f16974fce6caeb3ad6e13329831a521
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/426f85df6f16974fce6caeb3ad6e13329831a521
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
