Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
acb7b5f7 by security tracker role at 2026-01-14T08:13:11+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,343 @@
+CVE-2026-23478 (Cal.com is open-source scheduling software. From 3.1.6 to
before 6.0.7 ...)
+ TODO: check
+CVE-2026-22871 (GuardDog is a CLI tool to identify malicious PyPI packages.
Prior to 2 ...)
+ TODO: check
+CVE-2026-22870 (GuardDog is a CLI tool to identify malicious PyPI packages.
Prior to 2 ...)
+ TODO: check
+CVE-2026-22869 (Eigent is a multi-agent Workforce. A critical security
vulnerability i ...)
+ TODO: check
+CVE-2026-22868 (go-ethereum (geth) is a golang execution layer implementation
of the E ...)
+ TODO: check
+CVE-2026-22862 (go-ethereum (geth) is a golang execution layer implementation
of the E ...)
+ TODO: check
+CVE-2026-22861 (iccDEV provides a set of libraries and tools that allow for
the intera ...)
+ TODO: check
+CVE-2026-22718 (The VSCode extension for Spring CLI are vulnerable to command
injectio ...)
+ TODO: check
+CVE-2026-22686 (Enclave is a secure JavaScript sandbox designed for safe AI
agent code ...)
+ TODO: check
+CVE-2026-21308 (Substance3D - Designer versions 15.0.3 and earlier are
affected by an ...)
+ TODO: check
+CVE-2026-21307 (Substance3D - Designer versions 15.0.3 and earlier are
affected by an ...)
+ TODO: check
+CVE-2026-21303 (Substance3D - Modeler versions 1.22.4 and earlier are affected
by an O ...)
+ TODO: check
+CVE-2026-21302 (Substance3D - Modeler versions 1.22.4 and earlier are affected
by an O ...)
+ TODO: check
+CVE-2026-21301 (Substance3D - Modeler versions 1.22.4 and earlier are affected
by a NU ...)
+ TODO: check
+CVE-2026-21300 (Substance3D - Modeler versions 1.22.4 and earlier are affected
by a NU ...)
+ TODO: check
+CVE-2026-21299 (Substance3D - Modeler versions 1.22.4 and earlier are affected
by an o ...)
+ TODO: check
+CVE-2026-21298 (Substance3D - Modeler versions 1.22.4 and earlier are affected
by an o ...)
+ TODO: check
+CVE-2026-0813 (The Short Link plugin for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2026-0812 (The LinkedIn SC plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
+ TODO: check
+CVE-2026-0741 (The Electric Studio Download Counter plugin for WordPress is
vulnerabl ...)
+ TODO: check
+CVE-2026-0739 (The WMF Mobile Redirector plugin for WordPress is vulnerable to
Stored ...)
+ TODO: check
+CVE-2026-0734 (The WP Allowed Hosts plugin for WordPress is vulnerable to
Stored Cros ...)
+ TODO: check
+CVE-2026-0717 (The LottieFiles \u2013 Lottie block for Gutenberg plugin for
WordPress ...)
+ TODO: check
+CVE-2026-0694 (The SearchWiz plugin for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2026-0680 (The Real Post Slider Lite plugin for WordPress is vulnerable to
Stored ...)
+ TODO: check
+CVE-2026-0678 (The Flat Shipping Rate by City for WooCommerce plugin for
WordPress is ...)
+ TODO: check
+CVE-2026-0635 (The Responsive Accordion Slider plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2026-0594 (The List Site Contributors plugin for WordPress is vulnerable
to Refle ...)
+ TODO: check
+CVE-2026-0543 (Improper Input Validation (CWE-20) in Kibana's Email Connector
can all ...)
+ TODO: check
+CVE-2026-0531 (Allocation of Resources Without Limits or Throttling (CWE-770)
in Kiba ...)
+ TODO: check
+CVE-2026-0530 (Allocation of Resources Without Limits or Throttling (CWE-770)
in Kiba ...)
+ TODO: check
+CVE-2026-0528 (Improper Validation of Array Index (CWE-129) exists in
Metricbeat can ...)
+ TODO: check
+CVE-2025-68970 (Permission verification bypass vulnerability in the media
library modu ...)
+ TODO: check
+CVE-2025-68969 (Multi-thread race condition vulnerability in the thermal
management mo ...)
+ TODO: check
+CVE-2025-68968 (Double free vulnerability in the multi-mode input module.
Impact: Succ ...)
+ TODO: check
+CVE-2025-68967 (Vulnerability of improper permission control in the print
module. Impa ...)
+ TODO: check
+CVE-2025-68966 (Permission control vulnerability in the Notepad module.
Impact: Succes ...)
+ TODO: check
+CVE-2025-68965 (Permission control vulnerability in the Notepad module.
Impact: Succes ...)
+ TODO: check
+CVE-2025-68964 (Data verification vulnerability in the HiView module. Impact:
Successf ...)
+ TODO: check
+CVE-2025-68963 (Man-in-the-middle attack vulnerability in the Clone module.
Impact: Su ...)
+ TODO: check
+CVE-2025-68962 (Multi-thread race condition vulnerability in the camera
framework modu ...)
+ TODO: check
+CVE-2025-68961 (Multi-thread race condition vulnerability in the camera
framework modu ...)
+ TODO: check
+CVE-2025-68960 (Multi-thread race condition vulnerability in the video
framework modul ...)
+ TODO: check
+CVE-2025-68959 (Permission verification bypass vulnerability in the media
library modu ...)
+ TODO: check
+CVE-2025-68958 (Multi-thread race condition vulnerability in the card
framework module ...)
+ TODO: check
+CVE-2025-68957 (Multi-thread race condition vulnerability in the card
framework module ...)
+ TODO: check
+CVE-2025-68956 (Multi-thread race condition vulnerability in the card
framework module ...)
+ TODO: check
+CVE-2025-68955 (Multi-thread race condition vulnerability in the card
framework module ...)
+ TODO: check
+CVE-2025-68947 (NSecsoft 'NSecKrnl' is a Windows driver that allows a local,
authentic ...)
+ TODO: check
+CVE-2025-68658 (Open Source Point of Sale (opensourcepos) is a web based point
of sale ...)
+ TODO: check
+CVE-2025-68492 (Chainlit versions prior to 2.8.5 contain an authorization
bypass throu ...)
+ TODO: check
+CVE-2025-37186 (A local privilege-escalation vulnerability has been discovered
in the ...)
+ TODO: check
+CVE-2025-37179 (Multiple out-of-bounds read vulnerabilities were identified in
a syste ...)
+ TODO: check
+CVE-2025-37178 (Multiple out-of-bounds read vulnerabilities were identified in
a syste ...)
+ TODO: check
+CVE-2025-37177 (An arbitrary file deletion vulnerability has been identified
in the co ...)
+ TODO: check
+CVE-2025-37176 (A command injection vulnerability in AOS-8 allows an
authenticated pri ...)
+ TODO: check
+CVE-2025-37175 (Arbitrary file upload vulnerability exists in the web-based
management ...)
+ TODO: check
+CVE-2025-37174 (Authenticated arbitrary file write vulnerability exists in the
web-bas ...)
+ TODO: check
+CVE-2025-37173 (An improper input handling vulnerability exists in the
web-based manag ...)
+ TODO: check
+CVE-2025-37172 (Authenticated command injection vulnerabilities exist in the
web-based ...)
+ TODO: check
+CVE-2025-37171 (Authenticated command injection vulnerabilities exist in the
web-based ...)
+ TODO: check
+CVE-2025-37170 (Authenticated command injection vulnerabilities exist in the
web-based ...)
+ TODO: check
+CVE-2025-15513 (The Float Payment Gateway plugin for WordPress is vulnerable
to unauth ...)
+ TODO: check
+CVE-2025-15512 (The Aplazo Payment Gateway plugin for WordPress is vulnerable
to unaut ...)
+ TODO: check
+CVE-2025-15486 (The Kunze Law plugin for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2025-15475 (The PayHere Payment Gateway Plugin for WooCommerce plugin for
WordPres ...)
+ TODO: check
+CVE-2025-15378 (The AJS Footnotes plugin for WordPress is vulnerable to Stored
Cross-S ...)
+ TODO: check
+CVE-2025-15377 (The Sosh Share Buttons plugin for WordPress is vulnerable to
Cross-Sit ...)
+ TODO: check
+CVE-2025-15376 (The Stopwords for comments plugin for WordPress is vulnerable
to Cross ...)
+ TODO: check
+CVE-2025-15283 (The Name Directory plugin for WordPress is vulnerable to
Stored Cross- ...)
+ TODO: check
+CVE-2025-15266 (The GeekyBot \u2014 Generate AI Content Without Prompt,
Chatbot and Le ...)
+ TODO: check
+CVE-2025-15056 (A lack of data validation vulnerability in the HTML export
feature in ...)
+ TODO: check
+CVE-2025-15021 (The Gotham Block Extra Light plugin for WordPress is
vulnerable to Sto ...)
+ TODO: check
+CVE-2025-15020 (The Gotham Block Extra Light plugin for WordPress is
vulnerable to Arb ...)
+ TODO: check
+CVE-2025-14880 (The Netcash WooCommerce Payment Gateway plugin for WordPress
is vulner ...)
+ TODO: check
+CVE-2025-14854 (The WP-CRM System plugin for WordPress is vulnerable to
unauthorized a ...)
+ TODO: check
+CVE-2025-14846 (The SocialChamp with WordPress plugin for WordPress is
vulnerable to C ...)
+ TODO: check
+CVE-2025-14770 (The Shipping Rate By Cities plugin for WordPress is vulnerable
to SQL ...)
+ TODO: check
+CVE-2025-14725 (The Internal Link Builder plugin for WordPress is vulnerable
to Stored ...)
+ TODO: check
+CVE-2025-14615 (The DASHBOARD BUILDER \u2013 WordPress plugin for Charts and
Graphs pl ...)
+ TODO: check
+CVE-2025-14613 (The GetContentFromURL plugin for WordPress is vulnerable to
Server-Sid ...)
+ TODO: check
+CVE-2025-14502 (The News and Blog Designer Bundle plugin for WordPress is
vulnerable t ...)
+ TODO: check
+CVE-2025-14482 (The Crush.pics Image Optimizer - Image Compression and
Optimization pl ...)
+ TODO: check
+CVE-2025-14464 (The PDF Resume Parser plugin for WordPress is vulnerable to
Sensitive ...)
+ TODO: check
+CVE-2025-14389 (The WPBlogSyn plugin for WordPress is vulnerable to Cross-Site
Request ...)
+ TODO: check
+CVE-2025-14379 (The Testimonials Creator plugin for WordPress is vulnerable to
Stored ...)
+ TODO: check
+CVE-2025-14301 (The Integration Opvius AI for WooCommerce plugin for WordPress
is vuln ...)
+ TODO: check
+CVE-2025-14173 (The Perfit WooCommerce plugin for WordPress is vulnerable to
Missing A ...)
+ TODO: check
+CVE-2025-13627 (The Makesweat plugin for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2025-12178 (The SpiceForms Form Builder plugin for WordPress is vulnerable
to Stor ...)
+ TODO: check
+CVE-2025-12053 (The drivers in the tool packages use RTL_QUERY_REGISTRY_DIRECT
flag to ...)
+ TODO: check
+CVE-2025-12052 (The drivers in the tool packages use RTL_QUERY_REGISTRY_DIRECT
flag to ...)
+ TODO: check
+CVE-2025-12051 (The drivers in the tool packages use RTL_QUERY_REGISTRY_DIRECT
flag to ...)
+ TODO: check
+CVE-2025-12050 (The drivers in the tool packages use RTL_QUERY_REGISTRY_DIRECT
flag to ...)
+ TODO: check
+CVE-2023-54341 (Webgrind 1.1 and before contains a reflected cross-site
scripting vuln ...)
+ TODO: check
+CVE-2023-54340 (WorkOrder CMS 0.1.0 contains a SQL injection vulnerability
that allows ...)
+ TODO: check
+CVE-2023-54339 (Webgrind 1.1 contains a remote command execution vulnerability
that al ...)
+ TODO: check
+CVE-2023-54338 (Tftpd32 SE 4.60 contains an unquoted service path
vulnerability that a ...)
+ TODO: check
+CVE-2023-54337 (Sysax Multi Server 6.95 contains a denial of service
vulnerability in ...)
+ TODO: check
+CVE-2023-54336 (Mediconta 3.7.27 contains an unquoted service path
vulnerability in th ...)
+ TODO: check
+CVE-2023-54335 (eXtplorer 2.1.14 contains an authentication bypass
vulnerability that ...)
+ TODO: check
+CVE-2023-54334 (Explorer32++ 1.3.5.531 contains a buffer overflow
vulnerability in Str ...)
+ TODO: check
+CVE-2023-54333 (Social-Share-Buttons 2.2.3 contains a critical SQL injection
vulnerabi ...)
+ TODO: check
+CVE-2023-54332 (Jetpack 11.4 contains a cross-site scripting vulnerability in
the cont ...)
+ TODO: check
+CVE-2023-54331 (Outline 1.6.0 contains an unquoted service path vulnerability
that all ...)
+ TODO: check
+CVE-2023-54330 (Inbit Messenger versions 4.6.0 to 4.9.0 contain a remote
stack-based b ...)
+ TODO: check
+CVE-2023-54329 (Inbit Messenger 4.6.0 - 4.9.0 contains a remote command
execution vuln ...)
+ TODO: check
+CVE-2023-54328 (AimOne Video Converter 2.04 Build 103 contains a buffer
overflow vulne ...)
+ TODO: check
+CVE-2023-53985 (Zstore, now referred to as Zippy CRM, 6.5.4 contains a
reflected cross ...)
+ TODO: check
+CVE-2023-53984 (Clevo HotKey Clipboard 2.1.0.6 contains an unquoted service
path vulne ...)
+ TODO: check
+CVE-2022-50939 (e107 CMS version 3.2.1 contains a critical file upload
vulnerability t ...)
+ TODO: check
+CVE-2022-50938 (CONTPAQi AdminPAQ 14.0.0 contains an unquoted service path
vulnerabili ...)
+ TODO: check
+CVE-2022-50937 (Ametys CMS v4.4.1 contains a persistent cross-site scripting
vulnerabi ...)
+ TODO: check
+CVE-2022-50936 (WBCE CMS version 1.5.2 contains an authenticated remote code
execution ...)
+ TODO: check
+CVE-2022-50935 (Flame II HSPA USB Modem contains an unquoted service path
vulnerabilit ...)
+ TODO: check
+CVE-2022-50934 (Wing FTP Server versions 4.3.8 and below contain an
authenticated remo ...)
+ TODO: check
+CVE-2022-50933 (Cain & Abel 4.9.56 contains an unquoted service path
vulnerability tha ...)
+ TODO: check
+CVE-2022-50932 (Kyocera Command Center RX ECOSYS M2035dn contains a directory
traversa ...)
+ TODO: check
+CVE-2022-50931 (TeamSpeak 3.5.6 contains an insecure file permissions
vulnerability th ...)
+ TODO: check
+CVE-2022-50930 (Emerson PAC Machine Edition 9.80 contains an unquoted service
path vul ...)
+ TODO: check
+CVE-2022-50929 (Connectify Hotspot 2018 contains an unquoted service path
vulnerabilit ...)
+ TODO: check
+CVE-2022-50928 (BlueSoleilCS 5.4.277 contains an unquoted service path
vulnerability i ...)
+ TODO: check
+CVE-2022-50927 (Cyclades Serial Console Server 3.3.0 contains a local
privilege escala ...)
+ TODO: check
+CVE-2022-50926 (WAGO 750-8212 PFC200 G2 2ETH RS firmware contains a privilege
escalati ...)
+ TODO: check
+CVE-2022-50925 (Prowise Reflect version 1.0.9 contains a remote keystroke
injection vu ...)
+ TODO: check
+CVE-2022-50924 (Private Internet Access 3.3 contains an unquoted service path
vulnerab ...)
+ TODO: check
+CVE-2022-50923 (Cobian Backup 0.9 contains an unquoted service path
vulnerability that ...)
+ TODO: check
+CVE-2022-50922 (Audio Conversion Wizard v2.01 contains a buffer overflow
vulnerability ...)
+ TODO: check
+CVE-2022-50921 (WOW21 5.0.1.9 contains an unquoted service path vulnerability
that all ...)
+ TODO: check
+CVE-2022-50920 (Sandboxie-Plus 5.50.2 contains an unquoted service path
vulnerability ...)
+ TODO: check
+CVE-2022-50919 (Tdarr 2.00.15 contains an unauthenticated remote code
execution vulner ...)
+ TODO: check
+CVE-2022-50918 (VIVE Runtime Service 1.0.0.4 contains an unquoted service path
vulnera ...)
+ TODO: check
+CVE-2022-50917 (ProtonVPN 1.26.0 contains an unquoted service path
vulnerability in it ...)
+ TODO: check
+CVE-2022-50916 (e107 CMS version 3.2.1 contains a file upload vulnerability
that allow ...)
+ TODO: check
+CVE-2022-50915 (PTPublisher 2.3.4 contains an unquoted service path
vulnerability in t ...)
+ TODO: check
+CVE-2022-50914 (EaseUS Data Recovery 15.1.0.0 contains an unquoted service
path vulner ...)
+ TODO: check
+CVE-2022-50913 (ITeC ITeCProteccioAppServer contains an unquoted service path
vulnerab ...)
+ TODO: check
+CVE-2022-50912 (ImpressCMS 1.4.4 contains a file upload vulnerability with
weak extens ...)
+ TODO: check
+CVE-2022-50911 (Bitrix24 contains an authenticated remote code execution
vulnerability ...)
+ TODO: check
+CVE-2022-50910 (Beehive Forum 1.5.2 contains a host header injection
vulnerability in ...)
+ TODO: check
+CVE-2022-50909 (Algo 8028 Control Panel version 3.3.3 contains a command
injection vul ...)
+ TODO: check
+CVE-2022-50908 (Mailhog 1.0.1 contains a stored cross-site scripting
vulnerability tha ...)
+ TODO: check
+CVE-2022-50907 (e107 CMS version 3.2.1 contains a file upload vulnerability
that allow ...)
+ TODO: check
+CVE-2022-50906 (e107 CMS 3.2.1 contains an upload restriction bypass
vulnerability tha ...)
+ TODO: check
+CVE-2022-50905 (e107 CMS version 3.2.1 contains multiple vulnerabilities that
allow cr ...)
+ TODO: check
+CVE-2022-50904 (Wondershare UBackit 2.0.5 contains an unquoted service path
vulnerabil ...)
+ TODO: check
+CVE-2022-50903 (Wondershare MobileTrans 3.5.9 contains an unquoted service
path vulner ...)
+ TODO: check
+CVE-2022-50902 (Wondershare FamiSafe 1.0 contains an unquoted service path
vulnerabili ...)
+ TODO: check
+CVE-2022-50901 (Wondershare Dr.Fone 11.4.9 contains an unquoted service path
vulnerabi ...)
+ TODO: check
+CVE-2022-50900 (Wondershare Dr.Fone 12.0.18 contains an unquoted service path
vulnerab ...)
+ TODO: check
+CVE-2022-50899 (Geonetwork 3.10 through 4.2.0 contains an XML external entity
vulnerab ...)
+ TODO: check
+CVE-2022-50898 (NanoCMS 0.4 contains an authenticated file upload
vulnerability that a ...)
+ TODO: check
+CVE-2022-50897 (mPDF 7.0 contains a local file inclusion vulnerability that
allows att ...)
+ TODO: check
+CVE-2022-50896 (Testa 3.5.1 contains a reflected cross-site scripting
vulnerability in ...)
+ TODO: check
+CVE-2022-50895 (Aero CMS 0.0.1 contains a SQL injection vulnerability in the
author pa ...)
+ TODO: check
+CVE-2022-50894 (VIAVIWEB Wallpaper Admin 1.0 contains an SQL injection
vulnerability t ...)
+ TODO: check
+CVE-2022-50893 (VIAVIWEB Wallpaper Admin 1.0 contains an unauthenticated
remote code e ...)
+ TODO: check
+CVE-2022-50892 (VIAVIWEB Wallpaper Admin 1.0 contains a SQL injection
vulnerability th ...)
+ TODO: check
+CVE-2022-50891 (Owlfiles File Manager 12.0.1 contains a cross-site scripting
vulnerabi ...)
+ TODO: check
+CVE-2022-50890 (Owlfiles File Manager 12.0.1 contains a path traversal
vulnerability i ...)
+ TODO: check
+CVE-2022-50808 (CoolerMaster MasterPlus 1.8.5 contains an unquoted service
path vulner ...)
+ TODO: check
+CVE-2022-50807 (Concrete5 CMS version 9.1.3 contains an XPath injection
vulnerability ...)
+ TODO: check
+CVE-2022-50806 (4images 1.9 contains a remote command execution vulnerability
that all ...)
+ TODO: check
+CVE-2022-50805 (Senayan Library Management System 9.0.0 contains a SQL
injection vulne ...)
+ TODO: check
+CVE-2022-50693 (Splashtop 8.71.12001.0 contains an unquoted service path
vulnerability ...)
+ TODO: check
+CVE-2021-47751 (CuteEditor for PHP (now referred to as Rich Text Editor) 6.6
contains ...)
+ TODO: check
+CVE-2021-47750 (YouPHPTube <= 7.8 contains a cross-site scripting
vulnerability that a ...)
+ TODO: check
+CVE-2021-47749 (YouPHPTube <= 7.8 contains a local file inclusion
vulnerability that a ...)
+ TODO: check
+CVE-2020-36919 (WPForms 1.7.8 contains a cross-site scripting vulnerability in
the sli ...)
+ TODO: check
+CVE-2020-36911 (Covenant 0.1.3 - 0.5 contains a remote code execution
vulnerability th ...)
+ TODO: check
CVE-2025-55132 [fs.futimes() Bypasses Read-Only Permission Model]
- nodejs 22.22.0+dfsg+~cs22.19.6-1
NOTE:
https://nodejs.org/en/blog/vulnerability/december-2025-security-releases#fsfutimes-bypasses-read-only-permission-model-cve-2025-55132---low
@@ -1663,7 +2003,7 @@ CVE-2025-13749 (The Clearfy Cache \u2013 WordPress
optimization plugin, Minify H
NOT-FOR-US: WordPress plugin
CVE-2025-13628 (The Tutor LMS \u2013 eLearning and online course solution
plugin for W ...)
NOT-FOR-US: WordPress plugin
-CVE-2026-0716
+CVE-2026-0716 (A flaw was found in libsoup\u2019s WebSocket frame processing
when han ...)
- libsoup3 <unfixed> (bug #1125156)
[trixie] - libsoup3 <no-dsa> (Minor issue)
[bookworm] - libsoup3 <no-dsa> (Minor issue)
@@ -1749,6 +2089,7 @@ CVE-2026-21895 (The `rsa` crate is an RSA implementation
written in rust. Prior
CVE-2026-21894 (n8n is an open source workflow automation platform. In
versions from 0 ...)
NOT-FOR-US: n8n
CVE-2026-21892 (Parsl is a Python parallel scripting library. A SQL Injection
vulnerab ...)
+ {DSA-6099-1}
- python-parsl 2026.01.05+ds-1 (bug #1125085)
NOTE:
https://github.com/Parsl/parsl/security/advisories/GHSA-f2mf-q878-gh58
NOTE: Fixed by:
https://github.com/Parsl/parsl/commit/013a928461e70f38a33258bd525a351ed828e974
(2026.01.05)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/acb7b5f72b04f56933700f79b821ba3a7969d643
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/acb7b5f72b04f56933700f79b821ba3a7969d643
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
