Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3e551a1a by security tracker role at 2026-01-10T08:12:57+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,145 @@
+CVE-2026-22777 (ComfyUI-Manager is an extension designed to enhance the
usability of C ...)
+ TODO: check
+CVE-2026-22773 (vLLM is an inference and serving engine for large language
models (LLM ...)
+ TODO: check
+CVE-2026-22705 (RustCrypto: Signatures offers support for digital signatures,
which pr ...)
+ TODO: check
+CVE-2026-22704 (HAX CMS helps manage microsite universe with PHP or NodeJs
backends. I ...)
+ TODO: check
+CVE-2026-22703 (Cosign provides code signing and transparency for containers
and binar ...)
+ TODO: check
+CVE-2026-22702 (virtualenv is a tool for creating isolated virtual python
environments ...)
+ TODO: check
+CVE-2026-22701 (filelock is a platform-independent file lock for Python. Prior
to vers ...)
+ TODO: check
+CVE-2026-22700 (RustCrypto: Elliptic Curves is general purpose Elliptic Curve
Cryptogr ...)
+ TODO: check
+CVE-2026-22699 (RustCrypto: Elliptic Curves is general purpose Elliptic Curve
Cryptogr ...)
+ TODO: check
+CVE-2026-22698 (RustCrypto: Elliptic Curves is general purpose Elliptic Curve
Cryptogr ...)
+ TODO: check
+CVE-2026-22697 (CryptoLib provides a software-only solution using the CCSDS
Space Data ...)
+ TODO: check
+CVE-2026-22693 (HarfBuzz is a text shaping engine. Prior to version 12.3.0, a
null poi ...)
+ TODO: check
+CVE-2026-22691 (pypdf is a free and open-source pure-python PDF library. Prior
to vers ...)
+ TODO: check
+CVE-2026-22690 (pypdf is a free and open-source pure-python PDF library. Prior
to vers ...)
+ TODO: check
+CVE-2026-22689 (Mailpit is an email testing tool and API for developers. Prior
to vers ...)
+ TODO: check
+CVE-2026-22688 (WeKnora is an LLM-powered framework designed for deep document
underst ...)
+ TODO: check
+CVE-2026-22687 (WeKnora is an LLM-powered framework designed for deep document
underst ...)
+ TODO: check
+CVE-2026-22685 (DevToys is a desktop app for developers. In versions from
2.0.0.0 to b ...)
+ TODO: check
+CVE-2026-22612 (Fickling is a Python pickling decompiler and static analyzer.
Prior to ...)
+ TODO: check
+CVE-2026-22611 (AWS SDK for .NET works with Amazon Web Services to help build
scalable ...)
+ TODO: check
+CVE-2026-22610 (Angular is a development platform for building mobile and
desktop web ...)
+ TODO: check
+CVE-2026-22609 (Fickling is a Python pickling decompiler and static analyzer.
Prior to ...)
+ TODO: check
+CVE-2026-22608 (Fickling is a Python pickling decompiler and static analyzer.
Prior to ...)
+ TODO: check
+CVE-2026-22607 (Fickling is a Python pickling decompiler and static analyzer.
Fickling ...)
+ TODO: check
+CVE-2026-22606 (Fickling is a Python pickling decompiler and static analyzer.
Fickling ...)
+ TODO: check
+CVE-2026-22605 (OpenProject is an open-source, web-based project management
software. ...)
+ TODO: check
+CVE-2026-22604 (OpenProject is an open-source, web-based project management
software. ...)
+ TODO: check
+CVE-2026-22603 (OpenProject is an open-source, web-based project management
software. ...)
+ TODO: check
+CVE-2026-22602 (OpenProject is an open-source, web-based project management
software. ...)
+ TODO: check
+CVE-2026-22601 (OpenProject is an open-source, web-based project management
software. ...)
+ TODO: check
+CVE-2026-22600 (OpenProject is an open-source, web-based project management
software. ...)
+ TODO: check
+CVE-2026-22597 (Ghost is a Node.js content management system. In versions
5.38.0 throu ...)
+ TODO: check
+CVE-2026-22596 (Ghost is a Node.js content management system. In versions
5.90.0 throu ...)
+ TODO: check
+CVE-2026-22595 (Ghost is a Node.js content management system. In versions
5.121.0 thro ...)
+ TODO: check
+CVE-2026-22594 (Ghost is a Node.js content management system. In versions
5.105.0 thro ...)
+ TODO: check
+CVE-2026-22589 (Spree is an open source e-commerce solution built with Ruby on
Rails. ...)
+ TODO: check
+CVE-2026-22584 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+ TODO: check
+CVE-2026-22030 (React Router is a router for React. In
@remix-run/server-runtime versi ...)
+ TODO: check
+CVE-2026-22029 (React Router is a router for React. In @remix-run/router
version prior ...)
+ TODO: check
+CVE-2026-22027 (CryptoLib provides a software-only solution using the CCSDS
Space Data ...)
+ TODO: check
+CVE-2026-22026 (CryptoLib provides a software-only solution using the CCSDS
Space Data ...)
+ TODO: check
+CVE-2026-22025 (CryptoLib provides a software-only solution using the CCSDS
Space Data ...)
+ TODO: check
+CVE-2026-22024 (CryptoLib provides a software-only solution using the CCSDS
Space Data ...)
+ TODO: check
+CVE-2026-22023 (CryptoLib provides a software-only solution using the CCSDS
Space Data ...)
+ TODO: check
+CVE-2026-21900 (CryptoLib provides a software-only solution using the CCSDS
Space Data ...)
+ TODO: check
+CVE-2026-21899 (CryptoLib provides a software-only solution using the CCSDS
Space Data ...)
+ TODO: check
+CVE-2026-21898 (CryptoLib provides a software-only solution using the CCSDS
Space Data ...)
+ TODO: check
+CVE-2026-21897 (CryptoLib provides a software-only solution using the CCSDS
Space Data ...)
+ TODO: check
+CVE-2026-21884 (React Router is a router for React. In @remix-run/react
version prior ...)
+ TODO: check
+CVE-2026-0830 (Processing specially crafted workspace folder names could allow
for ar ...)
+ TODO: check
+CVE-2025-68470 (React Router is a router for React. In versions 6.0.0 through
6.30.1 a ...)
+ TODO: check
+CVE-2025-65091 (XWiki Full Calendar Macro displays objects from the wiki on
the calend ...)
+ TODO: check
+CVE-2025-65090 (XWiki Full Calendar Macro displays objects from the wiki on
the calend ...)
+ TODO: check
+CVE-2025-62487 (### Details On October 1, 2025, Palantir discovered that
images upload ...)
+ TODO: check
+CVE-2025-61686 (React Router is a router for React. In @react-router/node
versions 7.0 ...)
+ TODO: check
+CVE-2025-61676 (October is a Content Management System (CMS) and web platform.
Prior t ...)
+ TODO: check
+CVE-2025-61674 (October is a Content Management System (CMS) and web platform.
Prior t ...)
+ TODO: check
+CVE-2025-60538 (A lack of rate limiting in the login page of shiori v1.7.4 and
below a ...)
+ TODO: check
+CVE-2025-59057 (React Router is a router for React. In @remix-run/react
versions 1.15. ...)
+ TODO: check
+CVE-2025-51626 (SQL injection vulnerability in pss.sale.com 1.0 via the id
parameter t ...)
+ TODO: check
+CVE-2025-46299 (A memory initialization issue was addressed with improved
memory handl ...)
+ TODO: check
+CVE-2025-46298 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2025-46297 (A permissions issue was addressed with additional
restrictions. This i ...)
+ TODO: check
+CVE-2025-46286 (A logic issue was addressed with improved validation. This
issue is fi ...)
+ TODO: check
+CVE-2025-15502 (A vulnerability was identified in Sangfor Operation and
Maintenance Ma ...)
+ TODO: check
+CVE-2025-15501 (A vulnerability was determined in Sangfor Operation and
Maintenance Ma ...)
+ TODO: check
+CVE-2025-15500 (A vulnerability was found in Sangfor Operation and Maintenance
Managem ...)
+ TODO: check
+CVE-2025-15499 (A vulnerability has been found in Sangfor Operation and
Maintenance Ma ...)
+ TODO: check
+CVE-2025-14948 (The miniOrange OTP Verification and SMS Notification for
WooCommerce p ...)
+ TODO: check
+CVE-2025-14943 (The Blog2Social: Social Media Auto Post & Scheduler plugin for
WordPre ...)
+ TODO: check
+CVE-2025-13457 (The WooCommerce Square plugin for WordPress is vulnerable to
Insecure ...)
+ TODO: check
CVE-2026-22198 (GestSup versions up to and including 3.2.56 contain a
pre-authenticati ...)
NOT-FOR-US: GestSup
CVE-2026-22197 (GestSup versions up to and including 3.2.56 contain multiple
SQL injec ...)
@@ -1269,6 +1411,7 @@ CVE-2025-13034 (When using `CURLOPT_PINNEDPUBLICKEY`
option with libcurl or `--p
NOTE: Introduced with:
https://github.com/curl/curl/commit/3210101088dfa3d6a125d213226b092f2f866722
(curl-8_8_0)
NOTE: Fixed by:
https://github.com/curl/curl/commit/3d91ca8cdb3b434226e743946d428b4dd3acf2c9
(rc-8_18_0-1, curl-8_18_0)
CVE-2026-0628 (Insufficient policy enforcement in WebView tag in Google Chrome
prior ...)
+ {DSA-6097-1}
- chromium 143.0.7499.192-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-21494 (iccDEV provides a set of libraries and tools that allow for
the intera ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e551a1a5b63fafafb1beff71ce378d4ddeba716
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e551a1a5b63fafafb1beff71ce378d4ddeba716
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
