Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
819612d5 by security tracker role at 2026-01-09T20:13:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,6 +1,143 @@
+CVE-2026-22198 (GestSup versions up to and including 3.2.56 contain a
pre-authenticati ...)
+ TODO: check
+CVE-2026-22197 (GestSup versions up to and including 3.2.56 contain multiple
SQL injec ...)
+ TODO: check
+CVE-2026-22196 (GestSup versions up to and including 3.2.56 contain a SQL
injection vu ...)
+ TODO: check
+CVE-2026-22195 (GestSup versions up to and including 3.2.56 contain a SQL
injection vu ...)
+ TODO: check
+CVE-2026-22194 (GestSup versions up to and including 3.2.56 contain a
cross-site reque ...)
+ TODO: check
+CVE-2026-22082 (This vulnerability exists in Tenda wireless routers (300Mbps
Wireless ...)
+ TODO: check
+CVE-2026-22081 (This vulnerability exists in Tenda wireless routers (300Mbps
Wireless ...)
+ TODO: check
+CVE-2026-22080 (This vulnerability exists in Tenda wireless routers (300Mbps
Wireless ...)
+ TODO: check
+CVE-2026-22079 (This vulnerability exists in Tenda wireless routers (300Mbps
Wireless ...)
+ TODO: check
+CVE-2026-0817 (Missing Authorization vulnerability in Wikimedia Foundation
MediaWiki ...)
+ TODO: check
+CVE-2026-0803 (A vulnerability was found in PHPGurukul Online Course
Registration Sys ...)
+ TODO: check
+CVE-2026-0627 (The AMP for WP plugin for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2025-7072 (The firmware in KAON CG3000TCand CG3000T routers contains
hard-coded c ...)
+ TODO: check
+CVE-2025-70161 (EDIMAX BR-6208AC V2_1.02 is vulnerable to Command Injection.
This aris ...)
+ TODO: check
+CVE-2025-69542 (A Command Injection Vulnerability has been discovered in the
DHCP daem ...)
+ TODO: check
+CVE-2025-69426 (The Ruckus vRIoT IoT Controller firmware versions prior to
3.0.0.0 (GA ...)
+ TODO: check
+CVE-2025-69425 (The Ruckus vRIoT IoT Controllerfirmware versions prior to
3.0.0.0 (GA) ...)
+ TODO: check
+CVE-2025-67811 (Area9 Rhapsode 1.47.3 allows SQL Injection via multiple API
endpoints ...)
+ TODO: check
+CVE-2025-67810 (In Area9 Rhapsode 1.47.3, an authenticated attacker can
exploit the op ...)
+ TODO: check
+CVE-2025-67282 (In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple
Authorization Bypass ...)
+ TODO: check
+CVE-2025-67281 (In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple SQL
injection vulner ...)
+ TODO: check
+CVE-2025-67280 (In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Hibernate
Query Lang ...)
+ TODO: check
+CVE-2025-67279 (An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before
v.9.1.2 ...)
+ TODO: check
+CVE-2025-67278 (An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before
v.9.1.2 ...)
+ TODO: check
+CVE-2025-67133 (An issue in Hero Motocorp Vida V1 Pro 2.0.7 allows a local
attacker to ...)
+ TODO: check
+CVE-2025-67070 (A vulnerability exists in Intelbras CFTV IP NVD 9032 R Ftd
V2.800.00IB ...)
+ TODO: check
+CVE-2025-67004 (An Information Disclosure vulnerability in CouchCMS 2.4 allow
an Admin ...)
+ TODO: check
+CVE-2025-66744 (In Yonyou YonBIP v3 and before, the LoginWithV8 interface in
the serie ...)
+ TODO: check
+CVE-2025-66715 (A DLL hijacking vulnerability in Axtion ODISSAAS ODIS v1.8.4
allows at ...)
+ TODO: check
+CVE-2025-66052 (Vivotek IP7137 camera with firmware version 0200a is
vulnerable to com ...)
+ TODO: check
+CVE-2025-66051 (Vivotek IP7137 camera with firmware version 0200a is
vulnerable to pat ...)
+ TODO: check
+CVE-2025-66050 (Vivotek IP7137 camera with firmware version 0200a by default
dos not r ...)
+ TODO: check
+CVE-2025-66049 (VivotekIP7137camera with firmware version0200a is vulnerable
to an inf ...)
+ TODO: check
+CVE-2025-64093 (Remote Code Execution vulnerability that allows
unauthenticated attack ...)
+ TODO: check
+CVE-2025-64092 (This vulnerability allows unauthenticated attackers to inject
an SQL r ...)
+ TODO: check
+CVE-2025-64091 (This vulnerability allows authenticated attackers to execute
commands ...)
+ TODO: check
+CVE-2025-64090 (This vulnerability allows authenticated attackers to execute
commands ...)
+ TODO: check
+CVE-2025-56225 (fluidsynth-2.4.6 and earlier versions is vulnerable to Null
pointer de ...)
+ TODO: check
+CVE-2025-46676 (Dell PowerProtect Data Domain with Data Domain Operating
System (DD OS ...)
+ TODO: check
+CVE-2025-46645 (Dell PowerProtect Data Domain with Data Domain Operating
System (DD OS ...)
+ TODO: check
+CVE-2025-46644 (Dell PowerProtect Data Domain with Data Domain Operating
System (DD OS ...)
+ TODO: check
+CVE-2025-46643 (Dell PowerProtect Data Domain with Data Domain Operating
System (DD OS ...)
+ TODO: check
+CVE-2025-15496 (A vulnerability was determined in guchengwuyue yshopmall up to
1.9.1. ...)
+ TODO: check
+CVE-2025-15495 (A vulnerability was found in BiggiDroid Simple PHP CMS 1.0.
This impac ...)
+ TODO: check
+CVE-2025-15494 (A vulnerability has been found in RainyGao DocSys up to
2.02.37. This ...)
+ TODO: check
+CVE-2025-15493 (A flaw has been found in RainyGao DocSys up to 2.02.36. The
impacted e ...)
+ TODO: check
+CVE-2025-15492 (A vulnerability was detected in RainyGao DocSys up to 2.02.36.
The aff ...)
+ TODO: check
+CVE-2025-15035 (Improper Input Validation vulnerability in TP-Link Archer
AXE75 v1.6 ( ...)
+ TODO: check
+CVE-2025-14598 (BeeS Software Solutions BET Portal contains an SQL injection
vulnerabi ...)
+ TODO: check
+CVE-2025-14172 (The WP Page Permalink Extension plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2025-13967 (The Woodpecker for WordPress plugin for WordPress is
vulnerable to Sto ...)
+ TODO: check
+CVE-2025-13908 (The The Tooltip plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
+ TODO: check
+CVE-2025-13903 (The PullQuote plugin for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2025-13900 (The WP Popup Magic plugin for WordPress is vulnerable to
Stored Cross- ...)
+ TODO: check
+CVE-2025-13897 (The Client Testimonial Slider plugin for WordPress is
vulnerable to St ...)
+ TODO: check
+CVE-2025-13895 (The Top Position Google Finance plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2025-13893 (The Lesson Plan Book plugin for WordPress is vulnerable to
Reflected C ...)
+ TODO: check
+CVE-2025-13892 (The MG AdvancedOptions plugin for WordPress is vulnerable to
Reflected ...)
+ TODO: check
+CVE-2025-13862 (The Menu Card plugin for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2025-13854 (The Curved Text plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
+ TODO: check
+CVE-2025-13853 (The Nearby Now Reviews plugin for WordPress is vulnerable to
Stored Cr ...)
+ TODO: check
+CVE-2025-13852 (The Debt.com Business in a Box plugin for WordPress is
vulnerable to S ...)
+ TODO: check
+CVE-2025-13729 (The Entry Views plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
+ TODO: check
+CVE-2025-13717 (The Contact Form vCard Generator plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2025-13704 (The Autogen Headers Menu plugin for WordPress is vulnerable to
Stored ...)
+ TODO: check
+CVE-2025-13701 (The Shabat Keeper plugin for WordPress is vulnerable to
Reflected Cros ...)
+ TODO: check
+CVE-2025-11453 (The Header and Footer Scripts plugin for WordPress is
vulnerable to St ...)
+ TODO: check
+CVE-2020-36875 (AccessAlly WordPress plugin versions prior to3.3.2 contain an
unauthen ...)
+ TODO: check
CVE-2025-14459
NOT-FOR-US: Red Hat virt-cdi-controller
CVE-2025-51602 [vlc MMS out of bounds read]
+ {DSA-6082-1}
- vlc 3.0.22-1
NOTE: https://www.videolan.org/security/sb-vlc3022.html
CVE-2026-22714 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
@@ -246,7 +383,8 @@ CVE-2026-0701 (A vulnerability was identified in
code-projects Intern Membership
NOT-FOR-US: code-projects
CVE-2026-0676 (Missing Authorization vulnerability in G5Theme Zorka zorka
allows Expl ...)
NOT-FOR-US: WordPress plugin or theme
-CVE-2026-0675 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
+CVE-2026-0675
+ REJECTED
NOT-FOR-US: WordPress plugin or theme
CVE-2026-0674 (Missing Authorization vulnerability in Campaign Monitor
Campaign Monit ...)
NOT-FOR-US: WordPress plugin or theme
@@ -640,19 +778,19 @@ CVE-2017-20212 (FLIR Thermal Camera F/FC/PT/D firmware
version 8.0.0.64 contains
NOT-FOR-US: FLIR Thermal cameras
CVE-2025-69262 (pnpm is a package manager. Versions 6.25.0 through 10.26.2
have a Comm ...)
- pnpm <itp> (bug #985669)
-CVE-2025-3950
+CVE-2025-3950 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- gitlab <unfixed>
-CVE-2025-11246
+CVE-2025-11246 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- gitlab <unfixed>
-CVE-2025-10569
+CVE-2025-10569 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- gitlab <unfixed>
-CVE-2025-13781
+CVE-2025-13781 (GitLab has remediated an issue in GitLab EE affecting all
versions fro ...)
- gitlab <not-affected> (Specific to EE)
-CVE-2025-13772
+CVE-2025-13772 (GitLab has remediated an issue in GitLab EE affecting all
versions fro ...)
- gitlab <not-affected> (Specific to EE)
-CVE-2025-13761
+CVE-2025-13761 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- gitlab <not-affected> (Vulnerable code not present)
-CVE-2025-9222
+CVE-2025-9222 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- gitlab <not-affected> (Vulnerable code not present)
CVE-2025-67859
- tlp 1.9.1-1
@@ -174476,13 +174614,13 @@ CVE-2024-28068 (A vulnerability was discovered in
SS in Samsung Mobile Processor
NOT-FOR-US: Samsung
CVE-2024-28067 (A vulnerability in Samsung Exynos Modem 5300 allows a
Man-in-the-Middl ...)
NOT-FOR-US: Samsung
-CVE-2024-27785 (An improper neutralization of formula elements in a CSV File
vulnerabi ...)
+CVE-2024-27785 (An improper neutralization of formula elements in a CSV File
[CWE-1236 ...)
NOT-FOR-US: FortiGuard
-CVE-2024-27784 (Multiple Exposure of sensitive information to an unauthorized
actor vu ...)
+CVE-2024-27784 (Multiple Exposure of sensitive information to an unauthorized
actor we ...)
NOT-FOR-US: FortiGuard
-CVE-2024-27783 (Multiple cross-site request forgery (CSRF) vulnerabilities
[CWE-352] ...)
+CVE-2024-27783 (Multiple cross-site request forgery (CSRF) weaknesses
[CWE-352] vulner ...)
NOT-FOR-US: FortiGuard
-CVE-2024-27782 (Multiple insufficient session expiration vulnerabilities
[CWE-613] in ...)
+CVE-2024-27782 (Multiple insufficient session expiration weaknesses [CWE-613]
vulnerab ...)
NOT-FOR-US: FortiGuard
CVE-2024-27363 (A vulnerability was discovered in Samsung Mobile Processor
Exynos 850, ...)
NOT-FOR-US: Samsung
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/819612d511c8e1453453de5ee2330cc0acb86776
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/819612d511c8e1453453de5ee2330cc0acb86776
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
