[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Sat, 17 Jan 2026 00:14:39 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b162dcc4 by security tracker role at 2026-01-17T08:13:01+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,85 @@
+CVE-2026-23800 (Incorrect Privilege Assignment vulnerability in Modular DS 
modular-con ...)
+       TODO: check
+CVE-2026-23745 (node-tar is a Tar for Node.js. The node-tar library (<= 7.5.2) 
fails t ...)
+       TODO: check
+CVE-2026-23744 (MCPJam inspector is the local-first development platform for 
MCP serve ...)
+       TODO: check
+CVE-2026-23742 (Skipper is an HTTP router and reverse proxy for service 
composition. T ...)
+       TODO: check
+CVE-2026-23735 (GraphQL Modules is a toolset of libraries and guidelines 
dedicated to  ...)
+       TODO: check
+CVE-2026-23643 (CakePHP is a rapid development framework for PHP. The 
PaginatorHelper: ...)
+       TODO: check
+CVE-2026-22865 (Gradle is a build automation tool, and its native-platform 
tool provid ...)
+       TODO: check
+CVE-2026-22816 (Gradle is a build automation tool, and its native-platform 
tool provid ...)
+       TODO: check
+CVE-2026-21223 (Microsoft Edge Elevation Service exposes a privileged COM 
interface th ...)
+       TODO: check
+CVE-2026-20960 (Improper authorization in Microsoft Power Apps allows an 
authorized at ...)
+       TODO: check
+CVE-2026-0833 (The Team Section Block plugin for WordPress is vulnerable to 
Stored Cr ...)
+       TODO: check
+CVE-2026-0820 (The RepairBuddy \u2013 Repair Shop CRM & Booking Plugin for 
WordPress  ...)
+       TODO: check
+CVE-2026-0808 (The Spin Wheel plugin for WordPress is vulnerable to 
client-side prize ...)
+       TODO: check
+CVE-2026-0691 (The CM E-Mail Blacklist \u2013 Simple email filtering for safer 
regist ...)
+       TODO: check
+CVE-2026-0682 (The Church Admin plugin for WordPress is vulnerable to 
Server-Side Req ...)
+       TODO: check
+CVE-2026-0519 (In Secure Access 12.70 and prior to 14.20, the logging  
subsystem may  ...)
+       TODO: check
+CVE-2026-0518 (CVE-2026-0518 is a cross-site scripting vulnerability in 
versions of   ...)
+       TODO: check
+CVE-2026-0517 (CVE-2026-0517 is a denial-of-service vulnerability in versions 
of Secu ...)
+       TODO: check
+CVE-2025-5489
+       REJECTED
+CVE-2025-5102
+       REJECTED
+CVE-2025-56451 (Cross site scripting vulnerability in seeyon Zhiyuan A8+ 
Collaborative ...)
+       TODO: check
+CVE-2025-15529 (A vulnerability was found in Open5GS up to 2.7.6. Affected by 
this iss ...)
+       TODO: check
+CVE-2025-15528 (A vulnerability has been found in Open5GS up to 2.7.6. 
Affected by thi ...)
+       TODO: check
+CVE-2025-15403 (The RegistrationMagic plugin for WordPress is vulnerable to 
Privilege  ...)
+       TODO: check
+CVE-2025-14632 (The Filr \u2013 Secure document library plugin for WordPress 
is vulner ...)
+       TODO: check
+CVE-2025-14478 (The Demo Importer Plus plugin for WordPress is vulnerable to 
XML Exter ...)
+       TODO: check
+CVE-2025-14463 (The Payment Button for PayPal plugin for WordPress is 
vulnerable to un ...)
+       TODO: check
+CVE-2025-14450 (The Wallet System for WooCommerce plugin for WordPress is 
vulnerable t ...)
+       TODO: check
+CVE-2025-14075 (The WP Hotel Booking plugin for WordPress is vulnerable to 
Sensitive I ...)
+       TODO: check
+CVE-2025-14029 (The Community Events plugin for WordPress is vulnerable to 
unauthorize ...)
+       TODO: check
+CVE-2025-13725 (The Gutenberg Thim Blocks \u2013 Page Builder, Gutenberg 
Blocks for th ...)
+       TODO: check
+CVE-2025-12984 (The Advanced Ads \u2013Ad Manager & AdSense plugin for 
WordPress is vu ...)
+       TODO: check
+CVE-2025-12825 (The User Registration Using Contact Form 7 plugin for 
WordPress is vul ...)
+       TODO: check
+CVE-2025-12718 (The Quick Contact Form plugin for WordPress is vulnerable to 
Open Mail ...)
+       TODO: check
+CVE-2025-12168 (The Phrase TMS Integration for WordPress plugin for WordPress 
is vulne ...)
+       TODO: check
+CVE-2025-12129 (The CubeWP \u2013 All-in-One Dynamic Content Framework plugin 
for Word ...)
+       TODO: check
+CVE-2025-12002 (The Feeds for YouTube Pro plugin for WordPress is vulnerable 
to arbitr ...)
+       TODO: check
+CVE-2024-8506
+       REJECTED
+CVE-2024-8491
+       REJECTED
+CVE-2019-25297 (Poll, Survey & Quiz Maker Plugin by Opinion Stage Wordpress 
plugin ver ...)
+       TODO: check
+CVE-2012-10064 (Omni Secure Files plugin versions prior to 0.1.14 contain an 
arbitrary ...)
+       TODO: check
 CVE-2026-23731 (WeGIA is a web manager for charitable institutions. Prior to 
3.6.2, Th ...)
        NOT-FOR-US: WeGIA
 CVE-2026-23730 (WeGIA is a web manager for charitable institutions. Prior to 
3.6.2, an ...)
@@ -12323,7 +12405,7 @@ CVE-2025-64236 (Authentication Bypass Using an 
Alternate Path or Channel vulnera
 CVE-2025-64235 (Improper Limitation of a Pathname to a Restricted Directory 
('Path Tra ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-63757 (Integer overflow vulnerability in the yuv2ya16_X_c_template 
function i ...)
-       {DSA-6079-1 DSA-6073-1}
+       {DSA-6079-1 DSA-6073-1 DLA-4440-1}
        - ffmpeg 7:7.1.3-1
        NOTE: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20698
        NOTE: 
https://code.ffmpeg.org/FFmpeg/FFmpeg/0c6b7f9483a38657c9be824572b4c0c45d4d9fef 
(master)
@@ -48828,7 +48910,7 @@ CVE-2025-39792 (In the Linux kernel, the following 
vulnerability has been resolv
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/2df7168717b7d2d32bcf017c68be16e4aae9dd13 (6.17-rc1)
 CVE-2025-10256
-       {DSA-6007-1}
+       {DSA-6007-1 DLA-4440-1}
        - ffmpeg 7:7.1.2-1
        [bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in 
the 5.1 branch)
        NOTE: Fixed by: 
https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/a25462482c02c004d685a8fcf2fa63955aaa0931
 (n8.0)
@@ -49712,7 +49794,7 @@ CVE-2025-10148 (curl's websocket code did not update 
the 32 bit mask pattern for
 CVE-2025-9994 (The Amp\u2019ed RF BT-AP 111 Bluetooth access point's HTTP 
admin inter ...)
        NOT-FOR-US: Amped RF
 CVE-2025-9951 (A heap-buffer-overflow write exists in jpeg2000dec FFmpeg which 
allows ...)
-       {DSA-6007-1 DSA-5985-1}
+       {DSA-6007-1 DSA-5985-1 DLA-4440-1}
        - ffmpeg 7:7.1.2-1
        NOTE: 
https://github.com/google/security-research/security/advisories/GHSA-39q3-f8jq-v6mg
        NOTE: 
https://github.com/FFmpeg/FFmpeg/commit/01a292c7e36545ddeb3c7f79cd02e2611cd37d73
 (n8.0)
@@ -66034,7 +66116,7 @@ CVE-2025-53644 (OpenCV is an Open Source Computer 
Vision Library. Versions 4.10.
 CVE-2024-6234
        NOT-FOR-US: Ansible Automation Platform
 CVE-2025-7700 (A flaw was found in FFmpeg\u2019s ALS audio decoder, where it 
does not ...)
-       {DSA-6007-1 DSA-5985-1}
+       {DSA-6007-1 DSA-5985-1 DLA-4440-1}
        - ffmpeg 7:7.1.2-1
        NOTE: Introduced with: 
https://git.ffmpeg.org/gitweb/ffmpeg.git/object/dcfd24b10c7eaec4b7b1ec2c4abb46808721a71d
        NOTE: Fixed by: 
https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/35a6de137a39f274d5e01ed0e0e6c4f04d0aaf07
 (n8.0)
@@ -115572,7 +115654,7 @@ CVE-2025-1596 (A vulnerability was found in 
SourceCodester Best Church Managemen
 CVE-2025-1595 (A vulnerability has been found in Anhui Xufan Information 
Technology E ...)
        NOT-FOR-US: Anhui Xufan Information Technology EasyCVR
 CVE-2025-1594 (A vulnerability, which was classified as critical, was found in 
FFmpeg ...)
-       {DSA-6079-1 DSA-6007-1}
+       {DSA-6079-1 DSA-6007-1 DLA-4440-1}
        - ffmpeg 7:7.1.2-1
        NOTE: 
https://ffmpeg.org/pipermail/ffmpeg-devel/2025-February/339544.html
        NOTE: https://trac.ffmpeg.org/ticket/11418
@@ -131349,6 +131431,7 @@ CVE-2023-50850 (Missing Authorization vulnerability 
in Woo WooCommerce Subscript
 CVE-2023-48775 (Missing Authorization vulnerability in Gfazioli WP Cleanfix 
allows Exp ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-6603 (A flaw was found in FFmpeg's HLS playlist parsing. This 
vulnerability  ...)
+       {DLA-4440-1}
        - ffmpeg 7:5.0.1-2
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2334335
        NOTE: Fixed by: 
https://github.com/FFmpeg/FFmpeg/commit/28c83584e8f3cd747c1476a74cc2841d3d1fa7f3
 (n5.0)
@@ -139519,6 +139602,7 @@ CVE-2024-36616 (An integer overflow in the component 
/libavformat/westwood_vqa.c
        NOTE: 
https://github.com/ffmpeg/ffmpeg/commit/a8beef67993aa267de87599007143d9f0ba67c23
 (n5.1.5)
        NOTE: 
https://github.com/FFmpeg/FFmpeg/commit/251b3c3892e79bd9dd93a973d16c28667fde131e
 (n4.3.7)
 CVE-2024-36615 (FFmpeg n7.0 has a race condition vulnerability in the VP9 
decoder. Thi ...)
+       {DLA-4440-1}
        - ffmpeg 7:7.1-3
        [bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
        NOTE: 
https://github.com/ffmpeg/ffmpeg/commit/0ba058579f332b3060d8470a04ddd3fbf305be61
 (n7.1)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b162dcc4609d9a69e50fe67d22f8f71bd92c72f0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b162dcc4609d9a69e50fe67d22f8f71bd92c72f0
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to