Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9c302da7 by security tracker role at 2026-01-22T20:13:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,897 @@
+CVE-2026-24390 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2026-24389 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-24388 (Missing Authorization vulnerability in Ludwig You
WPMasterToolKit wpma ...)
+ TODO: check
+CVE-2026-24387 (Missing Authorization vulnerability in Arul Prasad J WP Quick
Post Dup ...)
+ TODO: check
+CVE-2026-24386 (Missing Authorization vulnerability in Element Invader Element
Invader ...)
+ TODO: check
+CVE-2026-24384 (Cross-Site Request Forgery (CSRF) vulnerability in
launchinteractive M ...)
+ TODO: check
+CVE-2026-24383 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-24381 (Server-Side Request Forgery (SSRF) vulnerability in ThemeGoods
PhotoMe ...)
+ TODO: check
+CVE-2026-24380 (Missing Authorization vulnerability in Metagauss EventPrime
eventprime ...)
+ TODO: check
+CVE-2026-24379 (Authorization Bypass Through User-Controlled Key vulnerability
in wpjo ...)
+ TODO: check
+CVE-2026-24377 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
+ TODO: check
+CVE-2026-24374 (Cross-Site Request Forgery (CSRF) vulnerability in Metagauss
Registrat ...)
+ TODO: check
+CVE-2026-24371 (Missing Authorization vulnerability in bookingalgorithms BA
Book Every ...)
+ TODO: check
+CVE-2026-24368 (Missing Authorization vulnerability in Theme-one The Grid
the-grid all ...)
+ TODO: check
+CVE-2026-24367 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2026-24366 (Missing Authorization vulnerability in YITHEMES YITH
WooCommerce Reque ...)
+ TODO: check
+CVE-2026-24365 (Cross-Site Request Forgery (CSRF) vulnerability in storeapps
Stock Man ...)
+ TODO: check
+CVE-2026-24361 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-24360 (Server-Side Request Forgery (SSRF) vulnerability in Craig
Hewitt Serio ...)
+ TODO: check
+CVE-2026-24358 (Missing Authorization vulnerability in ExpressTech Systems
Quiz And Su ...)
+ TODO: check
+CVE-2026-24357 (Missing Authorization vulnerability in Brecht WP Recipe Maker
wp-recip ...)
+ TODO: check
+CVE-2026-24356 (Missing Authorization vulnerability in Roxnor GetGenie
getgenie allows ...)
+ TODO: check
+CVE-2026-24355 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-24354 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-24353 (Missing Authorization vulnerability in wpeverest User
Registration use ...)
+ TODO: check
+CVE-2026-24332 (Discord through 2026-01-16 allows gathering information about
whether ...)
+ TODO: check
+CVE-2026-24055 (Langfuse is an open source large language model engineering
platform. ...)
+ TODO: check
+CVE-2026-24049 (wheel is a command line tool for manipulating Python wheel
files, as d ...)
+ TODO: check
+CVE-2026-24048 (Backstage is an open framework for building developer portals,
and @ba ...)
+ TODO: check
+CVE-2026-24047 (Backstage is an open framework for building developer portals,
and @ba ...)
+ TODO: check
+CVE-2026-24046 (Backstage is an open framework for building developer portals.
Multipl ...)
+ TODO: check
+CVE-2026-24042 (Appsmith is a platform to build admin panels, internal tools,
and dash ...)
+ TODO: check
+CVE-2026-24039 (Horilla is a free and open source Human Resource Management
System (HR ...)
+ TODO: check
+CVE-2026-24038 (Horilla is a free and open source Human Resource Management
System (HR ...)
+ TODO: check
+CVE-2026-24037 (Horilla is a free and open source Human Resource Management
System (HR ...)
+ TODO: check
+CVE-2026-24036 (Horilla is a free and open source Human Resource Management
System (HR ...)
+ TODO: check
+CVE-2026-24035 (Horilla is a free and open source Human Resource Management
System (HR ...)
+ TODO: check
+CVE-2026-24034 (Horilla is a free and open source Human Resource Management
System (HR ...)
+ TODO: check
+CVE-2026-24010 (Horilla is a free and open source Human Resource Management
System (HR ...)
+ TODO: check
+CVE-2026-24009 (Docling Core (or docling-core) is a library that defines core
data typ ...)
+ TODO: check
+CVE-2026-24006 (Seroval facilitates JS value stringification, including
complex struct ...)
+ TODO: check
+CVE-2026-24002 (Grist is spreadsheet software using Python as its formula
language. Gr ...)
+ TODO: check
+CVE-2026-24001 (jsdiff is a JavaScript text differencing implementation. Prior
to vers ...)
+ TODO: check
+CVE-2026-23996 (FastAPI Api Key provides a backend-agnostic library that
provides an A ...)
+ TODO: check
+CVE-2026-23992 (go-tuf is a Go implementation of The Update Framework (TUF).
Starting ...)
+ TODO: check
+CVE-2026-23991 (go-tuf is a Go implementation of The Update Framework (TUF).
Starting ...)
+ TODO: check
+CVE-2026-23990 (The Flux Operator is a Kubernetes CRD controller that manages
the life ...)
+ TODO: check
+CVE-2026-23986 (Copier is a library and CLI app for rendering project
templates. Prior ...)
+ TODO: check
+CVE-2026-23978 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2026-23976 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-23975 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2026-23974 (Missing Authorization vulnerability in uxper Golo golo allows
Exploiti ...)
+ TODO: check
+CVE-2026-23968 (Copier is a library and CLI app for rendering project
templates. Prior ...)
+ TODO: check
+CVE-2026-23967 (sm-crypto provides JavaScript implementations of the Chinese
cryptogra ...)
+ TODO: check
+CVE-2026-23966 (sm-crypto provides JavaScript implementations of the Chinese
cryptogra ...)
+ TODO: check
+CVE-2026-23965 (sm-crypto provides JavaScript implementations of the Chinese
cryptogra ...)
+ TODO: check
+CVE-2026-23964 (Mastodon is a free, open-source social network server based on
Activit ...)
+ TODO: check
+CVE-2026-23963 (Mastodon is a free, open-source social network server based on
Activit ...)
+ TODO: check
+CVE-2026-23962 (Mastodon is a free, open-source social network server based on
Activit ...)
+ TODO: check
+CVE-2026-23961 (Mastodon is a free, open-source social network server based on
Activit ...)
+ TODO: check
+CVE-2026-23960 (Argo Workflows is an open source container-native workflow
engine for ...)
+ TODO: check
+CVE-2026-23959 (CoreShop is a Pimcore enhanced eCommerce solution. An
error-based SQL ...)
+ TODO: check
+CVE-2026-23958 (Dataease is an open source data visualization analysis tool.
Prior to ...)
+ TODO: check
+CVE-2026-23957 (seroval facilitates JS value stringification, including
complex struct ...)
+ TODO: check
+CVE-2026-23956 (seroval facilitates JS value stringification, including
complex struct ...)
+ TODO: check
+CVE-2026-23951 (SumatraPDF is a multi-format reader for Windows. All versions
contain ...)
+ TODO: check
+CVE-2026-23946 (Tendenci is an open source content management system built for
non-pro ...)
+ TODO: check
+CVE-2026-23893 (openCryptoki is a PKCS#11 library and provides tooling for
Linux and A ...)
+ TODO: check
+CVE-2026-23887 (Group-Office is an enterprise customer relationship management
and gro ...)
+ TODO: check
+CVE-2026-23873 (hustoj is an open source online judge based on
PHP/C++/MySQL/Linux for ...)
+ TODO: check
+CVE-2026-23764 (VB-Audio Voicemeeter, Voicemeeter Banana, and Voicemeeter
Potato (vers ...)
+ TODO: check
+CVE-2026-23763 (VB-Audio Matrix and Matrix Coconut (versions ending in 1.0.2.2
and 2.0 ...)
+ TODO: check
+CVE-2026-23762 (VB-Audio Voicemeeter, Voicemeeter Banana, and Voicemeeter
Potato (vers ...)
+ TODO: check
+CVE-2026-23761 (VB-Audio Voicemeeter, Voicemeeter Banana, and Voicemeeter
Potato (vers ...)
+ TODO: check
+CVE-2026-23760 (SmarterTools SmarterMail versions prior to build 9511 contain
an authe ...)
+ TODO: check
+CVE-2026-23737 (seroval facilitates JS value stringification, including
complex struct ...)
+ TODO: check
+CVE-2026-23736 (seroval facilitates JS value stringification, including
complex struct ...)
+ TODO: check
+CVE-2026-23699 (AP180 series with firmware versions prior to AP_RGOS
11.9(4)B1P8 conta ...)
+ TODO: check
+CVE-2026-23630 (Docmost is open-source collaborative wiki and documentation
software. ...)
+ TODO: check
+CVE-2026-23526 (CVAT is an open source interactive video and image annotation
tool for ...)
+ TODO: check
+CVE-2026-23524 (Laravel Reverb provides a real-time WebSocket communication
backend fo ...)
+ TODO: check
+CVE-2026-23518 (Fleet is open source device management software. In versions
prior to ...)
+ TODO: check
+CVE-2026-23517 (Fleet is open source device management software. A broken
access contr ...)
+ TODO: check
+CVE-2026-23516 (CVAT is an open source interactive video and image annotation
tool for ...)
+ TODO: check
+CVE-2026-23499 (Saleor is an e-commerce platform. Starting in version 3.0.0
and prior ...)
+ TODO: check
+CVE-2026-22849 (Saleor is an e-commerce platform. Starting in version 3.0.0
and prior ...)
+ TODO: check
+CVE-2026-22822 (External Secrets Operator reads information from a third-party
service ...)
+ TODO: check
+CVE-2026-22808 (fleetdm/fleet is open source device management software. Prior
to vers ...)
+ TODO: check
+CVE-2026-22807 (vLLM is an inference and serving engine for large language
models (LLM ...)
+ TODO: check
+CVE-2026-22793 (5ire is a cross-platform desktop artificial intelligence
assistant and ...)
+ TODO: check
+CVE-2026-22792 (5ire is a cross-platform desktop artificial intelligence
assistant and ...)
+ TODO: check
+CVE-2026-22598 (ManageIQ is an open-source management platform. A flaw was
found in th ...)
+ TODO: check
+CVE-2026-22483 (Cross-Site Request Forgery (CSRF) vulnerability in winkm89
teachPress ...)
+ TODO: check
+CVE-2026-22482 (Server-Side Request Forgery (SSRF) vulnerability in wbolt.com
IMGspide ...)
+ TODO: check
+CVE-2026-22481 (Missing Authorization vulnerability in Rasedul Haque Rumi BD
Courier O ...)
+ TODO: check
+CVE-2026-22472 (Missing Authorization vulnerability in hassantafreshi Easy
Form Builde ...)
+ TODO: check
+CVE-2026-22470 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2026-22469 (Improper Neutralization of Script-Related HTML Tags in a Web
Page (Bas ...)
+ TODO: check
+CVE-2026-22468 (Missing Authorization vulnerability in AbsolutePlugins
Absolute Addons ...)
+ TODO: check
+CVE-2026-22466 (Missing Authorization vulnerability in Chandni Patel WP MapIt
wp-mapit ...)
+ TODO: check
+CVE-2026-22464 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2026-22463 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-22462 (Cross-Site Request Forgery (CSRF) vulnerability in
richardevcom Add Po ...)
+ TODO: check
+CVE-2026-22461 (Missing Authorization vulnerability in WebAppick CTX Feed
webappick-pr ...)
+ TODO: check
+CVE-2026-22458 (Missing Authorization vulnerability in Mikado-Themes
Wanderland wander ...)
+ TODO: check
+CVE-2026-22450 (Missing Authorization vulnerability in Select-Themes Don Peppe
donpepp ...)
+ TODO: check
+CVE-2026-22447 (Missing Authorization vulnerability in Select-Themes Prowess
prowess a ...)
+ TODO: check
+CVE-2026-22445 (Missing Authorization vulnerability in Proptech Plugin Apimo
Connector ...)
+ TODO: check
+CVE-2026-22430 (Authorization Bypass Through User-Controlled Key vulnerability
in Mika ...)
+ TODO: check
+CVE-2026-22426 (Authorization Bypass Through User-Controlled Key vulnerability
in Elat ...)
+ TODO: check
+CVE-2026-22411 (Authorization Bypass Through User-Controlled Key vulnerability
in Mika ...)
+ TODO: check
+CVE-2026-22409 (Authorization Bypass Through User-Controlled Key vulnerability
in Mika ...)
+ TODO: check
+CVE-2026-22407 (Authorization Bypass Through User-Controlled Key vulnerability
in Mika ...)
+ TODO: check
+CVE-2026-22406 (Authorization Bypass Through User-Controlled Key vulnerability
in Mika ...)
+ TODO: check
+CVE-2026-22404 (Authorization Bypass Through User-Controlled Key vulnerability
in Mika ...)
+ TODO: check
+CVE-2026-22402 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2026-22401 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2026-22400 (Authorization Bypass Through User-Controlled Key vulnerability
in Mika ...)
+ TODO: check
+CVE-2026-22398 (Authorization Bypass Through User-Controlled Key vulnerability
in Mika ...)
+ TODO: check
+CVE-2026-22396 (Authorization Bypass Through User-Controlled Key vulnerability
in Mika ...)
+ TODO: check
+CVE-2026-22393 (Authorization Bypass Through User-Controlled Key vulnerability
in Mika ...)
+ TODO: check
+CVE-2026-22391 (Authorization Bypass Through User-Controlled Key vulnerability
in Mika ...)
+ TODO: check
+CVE-2026-22388 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-22382 (Cross-Site Request Forgery (CSRF) vulnerability in
Mikado-Themes PawFr ...)
+ TODO: check
+CVE-2026-22360 (Cross-Site Request Forgery (CSRF) vulnerability in AA-Team
SearchAzon ...)
+ TODO: check
+CVE-2026-22359 (Cross-Site Request Forgery (CSRF) vulnerability in AA-Team
Wordpress M ...)
+ TODO: check
+CVE-2026-22358 (Server-Side Request Forgery (SSRF) vulnerability in
SmartDataSoft Elec ...)
+ TODO: check
+CVE-2026-22355 (Cross-Site Request Forgery (CSRF) vulnerability in gregmolnar
Simple X ...)
+ TODO: check
+CVE-2026-22353 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-22349 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-22348 (Missing Authorization vulnerability in Tasos Fel Civic Cookie
Control ...)
+ TODO: check
+CVE-2026-22347 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-22281 (Dell PowerScale OneFS, versions 9.5.0.0 through 9.5.1.5,
versions 9.6. ...)
+ TODO: check
+CVE-2026-22280 (Dell PowerScale OneFS, versions 9.5.0.0 through 9.5.1.5,
versions 9.6. ...)
+ TODO: check
+CVE-2026-22279 (Dell PowerScale OneFS, versions prior 9.13.0.0, contains an
insufficie ...)
+ TODO: check
+CVE-2026-22278 (Dell PowerScale OneFS versions prior to 9.13.0.0 contains an
improper ...)
+ TODO: check
+CVE-2026-21852 (Claude Code is an agentic coding tool. Prior to version
2.0.65, vulner ...)
+ TODO: check
+CVE-2026-1332 (MeetingHub developed by HAMASTAR Technology has a Missing
Authenticati ...)
+ TODO: check
+CVE-2026-1331 (MeetingHub developed by HAMASTAR Technology has an Arbitrary
File Uplo ...)
+ TODO: check
+CVE-2026-1330 (MeetingHub developed by HAMASTAR Technology has an Arbitrary
File Read ...)
+ TODO: check
+CVE-2026-1329 (A flaw has been found in Tenda AX1803 1.0.0.1. The affected
element is ...)
+ TODO: check
+CVE-2026-1328 (A vulnerability was detected in Totolink NR1800X
9.1.0u.6279_B20210910 ...)
+ TODO: check
+CVE-2026-1327 (A security vulnerability has been detected in Totolink NR1800X
9.1.0u. ...)
+ TODO: check
+CVE-2026-1326 (A weakness has been identified in Totolink NR1800X
9.1.0u.6279_B202109 ...)
+ TODO: check
+CVE-2026-1325 (A security flaw has been discovered in Sangfor Operation and
Maintenan ...)
+ TODO: check
+CVE-2026-1324 (A vulnerability was identified in Sangfor Operation and
Maintenance Ma ...)
+ TODO: check
+CVE-2026-1260 (Invalid memory access in Sentencepiece versions less than 0.2.1
when u ...)
+ TODO: check
+CVE-2026-1225 (ACE vulnerability in configuration file processing by QOS.CH
logback- ...)
+ TODO: check
+CVE-2026-1036 (The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery
plugin ...)
+ TODO: check
+CVE-2026-0920 (The LA-Studio Element Kit for Elementor plugin for WordPress is
vulner ...)
+ TODO: check
+CVE-2026-0535 (A maliciously crafted HTML payload, stored in a
component\u2019s descr ...)
+ TODO: check
+CVE-2026-0534 (A maliciously crafted HTML payload, stored in a part\u2019s
attribute ...)
+ TODO: check
+CVE-2026-0533 (A maliciously crafted HTML payload in a design name, when
displayed du ...)
+ TODO: check
+CVE-2025-71176 (pytest through 9.0.2 on UNIX relies on directories with the
/tmp/pytes ...)
+ TODO: check
+CVE-2025-70899 (PHPgurukul Online Course Registration v3.1 lacks Cross-Site
Request Fo ...)
+ TODO: check
+CVE-2025-69828 (File Upload vulnerability in TMS Global Software TMS
Management Consol ...)
+ TODO: check
+CVE-2025-69822 (An issue in Atomberg Atomberg Erica Smart Fan Firmware
Version: V1.0.3 ...)
+ TODO: check
+CVE-2025-69821 (An issue in Beat XP VEGA Smartwatch (Firmware Version -
RB303ATV006229 ...)
+ TODO: check
+CVE-2025-69820 (Directory Traversal vulnerability in Beam beta9 v.0.1.552
allows a rem ...)
+ TODO: check
+CVE-2025-69764 (Tenda AX3 firmware v16.03.12.11 contains a stack-based buffer
overflow ...)
+ TODO: check
+CVE-2025-69612 (A path traversal vulnerability exists in TMS Management
Console (versi ...)
+ TODO: check
+CVE-2025-69321 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-69320 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-69319 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+ TODO: check
+CVE-2025-69318 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-69317 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-69316 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-69315 (Missing Authorization vulnerability in NSquared Simply
Schedule Appoin ...)
+ TODO: check
+CVE-2025-69314 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-69313 (Missing Authorization vulnerability in WPXPO PostX
ultimate-post allow ...)
+ TODO: check
+CVE-2025-69312 (Unrestricted Upload of File with Dangerous Type vulnerability
in Xpro ...)
+ TODO: check
+CVE-2025-69311 (Missing Authorization vulnerability in Broadstreet Broadstreet
Ads bro ...)
+ TODO: check
+CVE-2025-69300 (Missing Authorization vulnerability in Leap13 Premium Addons
for Eleme ...)
+ TODO: check
+CVE-2025-69293 (Incorrect Privilege Assignment vulnerability in e-plugins
Final User f ...)
+ TODO: check
+CVE-2025-69292 (Incorrect Privilege Assignment vulnerability in e-plugins WP
Membershi ...)
+ TODO: check
+CVE-2025-69285 (SQLBot is an intelligent data query system based on a large
language m ...)
+ TODO: check
+CVE-2025-69193 (Missing Authorization vulnerability in e-plugins WP Membership
wp-memb ...)
+ TODO: check
+CVE-2025-69192 (Missing Authorization vulnerability in e-plugins Real Estate
Pro real- ...)
+ TODO: check
+CVE-2025-69191 (Missing Authorization vulnerability in e-plugins ListingHub
listinghub ...)
+ TODO: check
+CVE-2025-69190 (Missing Authorization vulnerability in e-plugins Listihub
listihub all ...)
+ TODO: check
+CVE-2025-69188 (Missing Authorization vulnerability in e-plugins
fitness-trainer fitne ...)
+ TODO: check
+CVE-2025-69187 (Missing Authorization vulnerability in e-plugins Final User
final-user ...)
+ TODO: check
+CVE-2025-69186 (Missing Authorization vulnerability in e-plugins Hospital
Doctor Direc ...)
+ TODO: check
+CVE-2025-69185 (Missing Authorization vulnerability in e-plugins Hotel Listing
hotel-l ...)
+ TODO: check
+CVE-2025-69184 (Missing Authorization vulnerability in e-plugins Institutions
Director ...)
+ TODO: check
+CVE-2025-69183 (Incorrect Privilege Assignment vulnerability in e-plugins
Hospital Doc ...)
+ TODO: check
+CVE-2025-69182 (Incorrect Privilege Assignment vulnerability in e-plugins
Institutions ...)
+ TODO: check
+CVE-2025-69181 (Missing Authorization vulnerability in e-plugins Lawyer
Directory lawy ...)
+ TODO: check
+CVE-2025-69180 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-69102 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-69101 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
+ TODO: check
+CVE-2025-69100 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-69099 (Deserialization of Untrusted Data vulnerability in fuelthemes
North no ...)
+ TODO: check
+CVE-2025-69098 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-69097 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2025-69095 (Missing Authorization vulnerability in designthemes
Reservation Plugin ...)
+ TODO: check
+CVE-2025-69079 (Deserialization of Untrusted Data vulnerability in ThemeREX
Sound | Mu ...)
+ TODO: check
+CVE-2025-69078 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-69077 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-69076 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-69075 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-69074 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-69073 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-69072 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-69071 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-69070 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-69068 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-69067 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-69066 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-69065 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-69064 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-69062 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-69061 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-69060 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-69059 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-69058 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-69057 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-69056 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-69055 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2025-69054 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-69053 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-69052 (Missing Authorization vulnerability in FmeAddons Registration
& Login ...)
+ TODO: check
+CVE-2025-69051 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-69050 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-69049 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-69048 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-69047 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-69046 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-69045 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-69044 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-69043 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-69042 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-69041 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-69040 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-69039 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-69038 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-69037 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-69036 (Deserialization of Untrusted Data vulnerability in
strongholdthemes Te ...)
+ TODO: check
+CVE-2025-69035 (Deserialization of Untrusted Data vulnerability in
strongholdthemes De ...)
+ TODO: check
+CVE-2025-69005 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-69004 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-69003 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-69002 (Deserialization of Untrusted Data vulnerability in
designthemes OneLif ...)
+ TODO: check
+CVE-2025-69001 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+ TODO: check
+CVE-2025-68999 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-68986 (Unrestricted Upload of File with Dangerous Type vulnerability
in zozot ...)
+ TODO: check
+CVE-2025-68913 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-68912 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2025-68911 (Missing Authorization vulnerability in solacewp Solace solace
allows E ...)
+ TODO: check
+CVE-2025-68910 (Unrestricted Upload of File with Dangerous Type vulnerability
in blaze ...)
+ TODO: check
+CVE-2025-68909 (Unrestricted Upload of File with Dangerous Type vulnerability
in blaze ...)
+ TODO: check
+CVE-2025-68908 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-68907 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2025-68906 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-68905 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-68904 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-68903 (Deserialization of Untrusted Data vulnerability in AivahThemes
Anona a ...)
+ TODO: check
+CVE-2025-68902 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2025-68901 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2025-68900 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-68899 (Deserialization of Untrusted Data vulnerability in
designthemes Vivagh ...)
+ TODO: check
+CVE-2025-68898 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-68896 (Missing Authorization vulnerability in vrpr WDV One Page Docs
wdv-one- ...)
+ TODO: check
+CVE-2025-68894 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-68884 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-68883 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-68882 (Missing Authorization vulnerability in Scalenut Scalenut
scalenut allo ...)
+ TODO: check
+CVE-2025-68881 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-68871 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-68869 (Incorrect Privilege Assignment vulnerability in LazyCoders LLC
LazyTas ...)
+ TODO: check
+CVE-2025-68866 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-68864 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-68859 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-68858 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-68857 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-68849 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-68839 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-68838 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-68835 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-68609 (A vulnerability in Palantir's Aries service allowed
unauthenticated ac ...)
+ TODO: check
+CVE-2025-68558 (Missing Authorization vulnerability in averta Depicter Slider
depicter ...)
+ TODO: check
+CVE-2025-68538 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-68520 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-68518 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-68510 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-68507 (Missing Authorization vulnerability in Icegram Icegram icegram
allows ...)
+ TODO: check
+CVE-2025-68073 (Missing Authorization vulnerability in Ninja Team GDPR CCPA
Compliance ...)
+ TODO: check
+CVE-2025-68072 (Missing Authorization vulnerability in Merv Barrett Easy
Property List ...)
+ TODO: check
+CVE-2025-68059 (Missing Authorization vulnerability in e-plugins Hotel Listing
hotel-l ...)
+ TODO: check
+CVE-2025-68058 (Missing Authorization vulnerability in e-plugins Institutions
Director ...)
+ TODO: check
+CVE-2025-68057 (Missing Authorization vulnerability in e-plugins Hospital
Doctor Direc ...)
+ TODO: check
+CVE-2025-68047 (Deserialization of Untrusted Data vulnerability in Arraytics
Eventin w ...)
+ TODO: check
+CVE-2025-68046 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
+ TODO: check
+CVE-2025-68041 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-68039 (Missing Authorization vulnerability in Chris Simmons WP
BackItUp wp-ba ...)
+ TODO: check
+CVE-2025-68035 (Insertion of Sensitive Information Into Sent Data
vulnerability in tab ...)
+ TODO: check
+CVE-2025-68034 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-68030 (Server-Side Request Forgery (SSRF) vulnerability in WP Messiah
Frontis ...)
+ TODO: check
+CVE-2025-68027 (Incorrect Privilege Assignment vulnerability in Themefic Hydra
Booking ...)
+ TODO: check
+CVE-2025-68020 (Missing Authorization vulnerability in WANotifier WANotifier
notifier ...)
+ TODO: check
+CVE-2025-68019 (Missing Authorization vulnerability in cleverplugins SEO
Booster seo-b ...)
+ TODO: check
+CVE-2025-68018 (Missing Authorization vulnerability in ilmosys Order Listener
for WooC ...)
+ TODO: check
+CVE-2025-68017 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-68016 (Missing Authorization vulnerability in Onepay Sri Lanka onepay
Payment ...)
+ TODO: check
+CVE-2025-68015 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+ TODO: check
+CVE-2025-68013 (Missing Authorization vulnerability in cardpaysolutions
Payment Gatewa ...)
+ TODO: check
+CVE-2025-68012 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-68011 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-68010 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-68009 (Missing Authorization vulnerability in Codeless Slider
Templates slide ...)
+ TODO: check
+CVE-2025-68008 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-68007 (Missing Authorization vulnerability in Event Espresso Event
Espresso 4 ...)
+ TODO: check
+CVE-2025-68006 (Insertion of Sensitive Information Into Sent Data
vulnerability in Dee ...)
+ TODO: check
+CVE-2025-68004 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-68003 (Missing Authorization vulnerability in renatoatshown Shown
Connector s ...)
+ TODO: check
+CVE-2025-68001 (Unrestricted Upload of File with Dangerous Type vulnerability
in garid ...)
+ TODO: check
+CVE-2025-67968 (Unrestricted Upload of File with Dangerous Type vulnerability
in Inspi ...)
+ TODO: check
+CVE-2025-67967 (Missing Authorization vulnerability in e-plugins Lawyer
Directory lawy ...)
+ TODO: check
+CVE-2025-67966 (Incorrect Privilege Assignment vulnerability in e-plugins
Lawyer Direc ...)
+ TODO: check
+CVE-2025-67964 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-67963 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2025-67961 (Server-Side Request Forgery (SSRF) vulnerability in Marco van
Wieren W ...)
+ TODO: check
+CVE-2025-67960 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-67959 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-67958 (Missing Authorization vulnerability in Taxcloud TaxCloud for
WooCommer ...)
+ TODO: check
+CVE-2025-67957 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-67956 (Missing Authorization vulnerability in wpeverest User
Registration use ...)
+ TODO: check
+CVE-2025-67955 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-67954 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
+ TODO: check
+CVE-2025-67953 (Incorrect Privilege Assignment vulnerability in Booking
Activities Tea ...)
+ TODO: check
+CVE-2025-67952 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-67949 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-67947 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-67946 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-67945 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-67944 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+ TODO: check
+CVE-2025-67943 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-67942 (Missing Authorization vulnerability in peachpayments Peach
Payments Ga ...)
+ TODO: check
+CVE-2025-67941 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-67940 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-67939 (Missing Authorization vulnerability in Tickera Tickera
tickera-event-t ...)
+ TODO: check
+CVE-2025-67938 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-67923 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-67684 (Quick.Cart is vulnerable to Local File Inclusion and Path
Traversal is ...)
+ TODO: check
+CVE-2025-67683 (Quick.Cart is vulnerable to reflected XSS via the sSort
parameter. An ...)
+ TODO: check
+CVE-2025-67626 (Cross-Site Request Forgery (CSRF) vulnerability in Angel Costa
WP SEO ...)
+ TODO: check
+CVE-2025-67620 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-67619 (Deserialization of Untrusted Data vulnerability in
designthemes Kids H ...)
+ TODO: check
+CVE-2025-67617 (Deserialization of Untrusted Data vulnerability in themeton
Consult Ai ...)
+ TODO: check
+CVE-2025-67616 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-67615 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-67614 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-67221 (The orjson.dumps function in orjson thru 3.11.4 does not limit
recursi ...)
+ TODO: check
+CVE-2025-66428 (An issue with WordPress directory names in WebPros WordPress
Toolkit b ...)
+ TODO: check
+CVE-2025-66143 (Missing Authorization vulnerability in merkulove Crumber
crumber-eleme ...)
+ TODO: check
+CVE-2025-66142 (Missing Authorization vulnerability in merkulove Comparimager
for Elem ...)
+ TODO: check
+CVE-2025-66141 (Missing Authorization vulnerability in merkulove Scroller
scroller all ...)
+ TODO: check
+CVE-2025-66140 (Missing Authorization vulnerability in merkulove Uper for
Elementor up ...)
+ TODO: check
+CVE-2025-66139 (Missing Authorization vulnerability in merkulove Audier For
Elementor ...)
+ TODO: check
+CVE-2025-66138 (Missing Authorization vulnerability in merkulove Motionger for
Element ...)
+ TODO: check
+CVE-2025-66137 (Missing Authorization vulnerability in merkulove Searcher for
Elemento ...)
+ TODO: check
+CVE-2025-66136 (Missing Authorization vulnerability in merkulove Carter for
Elementor ...)
+ TODO: check
+CVE-2025-66135 (Missing Authorization vulnerability in merkulove Imager for
Elementor ...)
+ TODO: check
+CVE-2025-65098 (Typebot is an open-source chatbot builder. In versions prior
to 3.13.2 ...)
+ TODO: check
+CVE-2025-64252 (Server-Side Request Forgery (SSRF) vulnerability in Marco
Milesi ANAC ...)
+ TODO: check
+CVE-2025-64097 (NervesHub is a web service that allows users to manage
over-the-air (O ...)
+ TODO: check
+CVE-2025-63051 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
+ TODO: check
+CVE-2025-63026 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-63019 (Insertion of Sensitive Information Into Sent Data
vulnerability in Joh ...)
+ TODO: check
+CVE-2025-63018 (Missing Authorization vulnerability in wproyal Bard bard
allows Exploi ...)
+ TODO: check
+CVE-2025-63017 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-62754 (Missing Authorization vulnerability in Kapil Paul Payment
Gateway bKas ...)
+ TODO: check
+CVE-2025-62741 (Server-Side Request Forgery (SSRF) vulnerability in
SmartDataSoft Pool ...)
+ TODO: check
+CVE-2025-62106 (Missing Authorization vulnerability in Mario Peshev WP-CRM
System wp-c ...)
+ TODO: check
+CVE-2025-62077 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-62056 (Unrestricted Upload of File with Dangerous Type vulnerability
in blaze ...)
+ TODO: check
+CVE-2025-62050 (Unrestricted Upload of File with Dangerous Type vulnerability
in blaze ...)
+ TODO: check
+CVE-2025-5805 (Missing Authorization vulnerability in Ninetheme Electron
electron all ...)
+ TODO: check
+CVE-2025-56590 (An issue was discovered in the InsertFromURL() function of the
Apryse ...)
+ TODO: check
+CVE-2025-56589 (A Local File Inclusion (LFI) and a Server-Side Request Forgery
(SSRF) ...)
+ TODO: check
+CVE-2025-54003 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-54002 (Missing Authorization vulnerability in Jthemes xSmart xsmart
allows Ex ...)
+ TODO: check
+CVE-2025-53240 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-52762 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-52746 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-50007 (Incorrect Privilege Assignment vulnerability in Jthemes xSmart
xsmart ...)
+ TODO: check
+CVE-2025-50006 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-50005 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-50004 (Deserialization of Untrusted Data vulnerability in artbees
JupiterX Co ...)
+ TODO: check
+CVE-2025-50003 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-50002 (Unrestricted Upload of File with Dangerous Type vulnerability
in Faros ...)
+ TODO: check
+CVE-2025-4764 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-4763 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2025-49994 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-49375 (Missing Authorization vulnerability in cozythemes HomeLancer
homelance ...)
+ TODO: check
+CVE-2025-49336 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-49249 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-49066 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-49055 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-49050 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-49049 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-49046 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-49045 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-49043 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-48094 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47666 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47600 (Improper Neutralization of Script-Related HTML Tags in a Web
Page (Bas ...)
+ TODO: check
+CVE-2025-47555 (Authorization Bypass Through User-Controlled Key vulnerability
in Them ...)
+ TODO: check
+CVE-2025-47500 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47474 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-36588 (Dell Unisphere for PowerMax, version(s) 10.2.0.x, contain(s)
an Improp ...)
+ TODO: check
+CVE-2025-32123 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-32057 (The Infotainment ECU manufactured by Bosch which is installed
in Nissa ...)
+ TODO: check
+CVE-2025-32056 (The anti-theft protection mechanism can be bypassed by
attackers due t ...)
+ TODO: check
+CVE-2025-31413 (Cross-Site Request Forgery (CSRF) vulnerability in bdthemes
Element Pa ...)
+ TODO: check
+CVE-2025-27380 (HTML injection in Project Release in Altium Enterprise Server
(AES) 7. ...)
+ TODO: check
+CVE-2025-27379 (A stored cross-site scripting (XSS) vulnerability in the BOM
Viewer in ...)
+ TODO: check
+CVE-2025-27378 (AES contains a SQL injection vulnerability due to an inactive
configur ...)
+ TODO: check
+CVE-2025-27377 (Altium Designer version 24.9.0 does not validate self-signed
server ce ...)
+ TODO: check
+CVE-2025-27005 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-15523 (MacOS version of Inkscape bundles a Python interpreter that
inherits t ...)
+ TODO: check
+CVE-2025-14295 (Storing Passwords in a Recoverable Format vulnerability in
Automated L ...)
+ TODO: check
+CVE-2025-12738 (Neo4j Enterprise edition versions prior to 2025.11.2 and
5.26.17 are v ...)
+ TODO: check
+CVE-2025-10856 (Unrestricted Upload of File with Dangerous Type vulnerability
in Solve ...)
+ TODO: check
+CVE-2025-10855 (Authorization Bypass Through User-Controlled Key vulnerability
in Solv ...)
+ TODO: check
+CVE-2025-10024 (Authorization Bypass Through User-Controlled Key vulnerability
in EXER ...)
+ TODO: check
+CVE-2024-53252
+ REJECTED
+CVE-2024-53251
+ REJECTED
+CVE-2024-53250
+ REJECTED
+CVE-2024-53249
+ REJECTED
+CVE-2024-53248
+ REJECTED
+CVE-2024-45743
+ REJECTED
+CVE-2024-45742
+ REJECTED
+CVE-2024-45730
+ REJECTED
+CVE-2024-45729
+ REJECTED
+CVE-2024-45728
+ REJECTED
+CVE-2024-45727
+ REJECTED
+CVE-2024-45726
+ REJECTED
+CVE-2024-45725
+ REJECTED
+CVE-2024-45724
+ REJECTED
+CVE-2024-36998
+ REJECTED
+CVE-2024-36988
+ REJECTED
+CVE-2024-22166
+ REJECTED
+CVE-2023-7335 (EduSoho versions prior to 22.4.7 contain an arbitrary file read
vulner ...)
+ TODO: check
+CVE-2023-32720
+ REJECTED
+CVE-2023-32719
+ REJECTED
+CVE-2023-32718
+ REJECTED
CVE-2026-23954 [Container image templating arbitrary host file read and write]
- incus <unfixed>
- lxd <removed>
@@ -83,6 +977,7 @@ CVE-2025-66959 (An issue in ollama v.0.12.10 allows a remote
attacker to cause a
CVE-2025-57681 (The WorklogPRO - Timesheets for Jira plugin in Jira Data
Center before ...)
NOT-FOR-US: WorklogPRO Timesheets for Jira plugin
CVE-2025-13878 (Malformed BRID/HHIT records can cause `named` to terminate
unexpectedl ...)
+ {DSA-6107-1}
- bind9 <unfixed>
[bullseye] - bind9 <not-affected> (BRID/HHIT rdata types introduced
later)
NOTE: https://kb.isc.org/docs/cve-2025-13878
@@ -193,15 +1088,15 @@ CVE-2026-1190
- keycloak <itp> (bug #1088287)
CVE-2026-0603
NOT-FOR-US: Hibernate Core
-CVE-2026-1102
+CVE-2026-1102 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- gitlab <unfixed>
-CVE-2025-13335
+CVE-2025-13335 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- gitlab <unfixed>
-CVE-2026-0723
+CVE-2026-0723 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- gitlab <not-affected> (Only affects 18.x)
-CVE-2025-13928
+CVE-2025-13928 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- gitlab <unfixed>
-CVE-2025-13927
+CVE-2025-13927 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
- gitlab <unfixed>
CVE-2026-24026
REJECTED
@@ -396,7 +1291,6 @@ CVE-2026-0865 (User-controlled header names and values
containing newlines can a
- python2.7 <removed>
[bullseye] - python2.7 <end-of-life> (EOL in bullseye LTS)
- pypy3 <unfixed>
- - python2.7 <removed>
- jython <unfixed>
NOTE: https://github.com/python/cpython/pull/143917
NOTE: https://github.com/python/cpython/issues/143916
@@ -494,6 +1388,7 @@ CVE-2025-11468 (When folding a long comment in an email
header containing exclus
NOTE: https://github.com/python/cpython/pull/143936
NOTE: Fixed by:
https://github.com/python/cpython/commit/17d1490aa97bd6b98a42b1a9b324ead84e7fd8a2
(main)
CVE-2026-24061 (telnetd in GNU Inetutils through 2.7 allows remote
authentication bypa ...)
+ {DSA-6106-1}
- inetutils 2:2.7-2 (bug #1126047)
NOTE:
https://lists.gnu.org/archive/html/bug-inetutils/2026-01/msg00004.html
NOTE: Introduced with:
https://codeberg.org/inetutils/inetutils/commit/fa3245ac8c288b87139a0da8249d0a408c4dfb87
(inetutils-1_9_3)
@@ -727,7 +1622,7 @@ CVE-2026-22022 (Deployments of Apache Solr 5.3.0 through
9.10.0 that rely on Sol
- lucene-solr <not-affected> (Vulnerable code introduced later)
CVE-2026-22444 (The "create core" API of Apache Solr 8.6 through 9.10.0 lacks
sufficie ...)
- lucene-solr <not-affected> (Vulnerable code introduced later)
-CVE-2026-23952
+CVE-2026-23952 (ImageMagick is free and open-source software used for editing
and mani ...)
- imagemagick 8:7.1.2.13+dfsg1-1 (bug #1126077)
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5vx3-wx4q-6cj8
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/1eefab41bc0ab1c6c2c1fd3e4a49e3ee1849751d
(7.1.2-13)
@@ -914,7 +1809,7 @@ CVE-2026-21696 (Wings is the server control plane for
Pterodactyl, a free, open-
NOT-FOR-US: Wings
CVE-2026-21618 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
NOT-FOR-US: hexpm
-CVE-2026-1181 (A stored cross-site scripting (XSS) vulnerability exists in the
Altium ...)
+CVE-2026-1181 (Altium 365 workspace endpoints were configured with an overly
permissi ...)
NOT-FOR-US: Altium
CVE-2026-1174 (A vulnerability was determined in birkir prime up to
0.4.0.beta.0. Thi ...)
NOT-FOR-US: birkir prime
@@ -1893,19 +2788,26 @@ CVE-2026-22645 (The application discloses all used
components, versions and lice
NOT-FOR-US: SICK AG
CVE-2026-22644 (Certain requests pass the authentication token in the URL as
string qu ...)
NOT-FOR-US: SICK AG
-CVE-2026-22643 (In Grafana, an excessively long dashboard title or panel name
will cau ...)
+CVE-2026-22643
+ REJECTED
NOT-FOR-US: SICK AG
-CVE-2026-22642 (An open redirect vulnerability has been identified in Grafana
OSS orga ...)
+CVE-2026-22642
+ REJECTED
NOT-FOR-US: SICK AG
-CVE-2026-22641 (This vulnerability in Grafana's datasource proxy API allows
authorizat ...)
+CVE-2026-22641
+ REJECTED
NOT-FOR-US: SICK AG
-CVE-2026-22640 (An access control vulnerability was discovered in Grafana OSS
where an ...)
+CVE-2026-22640
+ REJECTED
NOT-FOR-US: SICK AG
-CVE-2026-22639 (Grafana is an open-source platform for monitoring and
observability. T ...)
+CVE-2026-22639
+ REJECTED
NOT-FOR-US: SICK AG
-CVE-2026-22638 (A cross-site scripting (XSS) vulnerability exists in Grafana
caused by ...)
+CVE-2026-22638
+ REJECTED
NOT-FOR-US: SICK AG
-CVE-2026-22637 (The built-in XY Chart plugin is vulnerable to a DOM XSS
vulnerability. ...)
+CVE-2026-22637
+ REJECTED
NOT-FOR-US: SICK AG
CVE-2026-22265 (Roxy-WI is a web interface for managing Haproxy, Nginx, Apache
and Kee ...)
NOT-FOR-US: Roxy-WI
@@ -1942,9 +2844,11 @@ CVE-2026-0897 (Allocation of Resources Without Limits or
Throttling in the HDF5
- keras <removed>
[bullseye] - keras <end-of-life> (EOL in bullseye LTS)
NOTE: https://github.com/keras-team/keras/pull/21880
-CVE-2026-0713 (A security vulnerability in the /apis/dashboard.grafana.app/*
endpoint ...)
+CVE-2026-0713
+ REJECTED
NOT-FOR-US: SICK AG
-CVE-2026-0712 (An open redirect vulnerability has been identified in Grafana
OSS that ...)
+CVE-2026-0712
+ REJECTED
NOT-FOR-US: SICK AG
CVE-2026-0227 (A vulnerability in Palo Alto Networks PAN-OS software enables
an unaut ...)
NOT-FOR-US: Palo Alto Networks
@@ -4703,6 +5607,7 @@ CVE-2026-21885 (Miniflux 2 is an open source feed reader.
Prior to version 2.2.1
NOTE:
https://github.com/miniflux/v2/security/advisories/GHSA-xwh2-742g-w3wp
NOTE: Fixed by:
https://github.com/miniflux/v2/commit/6c83e8c477b4d476aee5fbb87e47472c9ded01de
(v2.2.16)
CVE-2026-21876 (The OWASP core rule set (CRS) is a set of generic attack
detection rul ...)
+ {DSA-6105-1}
- modsecurity-crs 3.3.8-1 (bug #1125084)
NOTE:
https://github.com/coreruleset/coreruleset/security/advisories/GHSA-36fv-25j3-r2c5
NOTE: Fixed by (merge):
https://github.com/coreruleset/coreruleset/commit/80d80473abf71bd49bf6d3c1ab221e3c74e4eb83
(v3.3.8)
@@ -294832,7 +295737,7 @@ CVE-2023-22946 (In Apache Spark versions prior to
3.4.0, applications using spar
CVE-2023-22945 (In the GrowthExperiments extension for MediaWiki through 1.39,
the gro ...)
NOT-FOR-US: GrowthExperiments extension for MediaWiki
CVE-2023-22944
- RESERVED
+ REJECTED
CVE-2023-22943 (In Splunk Add-on Builder (AoB) versions below 4.1.2 and the
Splunk Clo ...)
NOT-FOR-US: Splunk
CVE-2023-22942 (In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4,
a cross ...)
@@ -294860,17 +295765,17 @@ CVE-2023-22932 (In Splunk Enterprise 9.0 versions
before 9.0.4, a View allows fo
CVE-2023-22931 (In Splunk Enterprise versions below 8.1.13 and 8.2.10, the
\u2018creat ...)
NOT-FOR-US: Splunk
CVE-2023-22930
- RESERVED
+ REJECTED
CVE-2023-22929
- RESERVED
+ REJECTED
CVE-2023-22928
- RESERVED
+ REJECTED
CVE-2023-22927
- RESERVED
+ REJECTED
CVE-2023-22926
- RESERVED
+ REJECTED
CVE-2023-22925
- RESERVED
+ REJECTED
CVE-2023-22656 (Out-of-bounds read in Intel(R) Media SDK and some Intel(R)
oneVPL soft ...)
- intel-mediasdk <removed> (bug #1082866)
[bookworm] - intel-mediasdk <ignored> (No specific details published,
development stalled and scheduled for removal from Debian)
@@ -315617,11 +316522,11 @@ CVE-2022-43562 (In Splunk Enterprise versions below
8.1.12, 8.2.9, and 9.0.2, Sp
CVE-2022-43561 (In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2,
a remote ...)
NOT-FOR-US: Splunk Enterprise
CVE-2022-43560
- RESERVED
+ REJECTED
CVE-2022-43559
- RESERVED
+ REJECTED
CVE-2022-43558
- RESERVED
+ REJECTED
CVE-2022-43557 (The BD BodyGuard\u2122 infusion pumps specified allow for
access throu ...)
NOT-FOR-US: BD BodyGuard
CVE-2022-43556 (Concrete CMS (formerly concrete5) below 8.5.10 and between
9.0.0 and 9 ...)
@@ -341592,7 +342497,7 @@ CVE-2022-34216 (Adobe Acrobat Reader versions
22.001.20142 (and earlier), 20.005
CVE-2022-34215 (Adobe Acrobat Reader versions 22.001.20142 (and earlier),
20.005.30334 ...)
NOT-FOR-US: Adobe
CVE-2022-34214
- RESERVED
+ REJECTED
CVE-2022-34213 (Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and
earlier ...)
NOT-FOR-US: Jenkins plugin
CVE-2022-34212 (A missing permission check in Jenkins vRealize Orchestrator
Plugin 3.0 ...)
@@ -347035,7 +347940,7 @@ CVE-2022-32152 (Splunk Enterprise peers in Splunk
Enterprise versions before 9.0
CVE-2022-32151 (The httplib and urllib Python libraries that Splunk shipped
with Splun ...)
NOT-FOR-US: Splunk
CVE-2022-32150
- RESERVED
+ REJECTED
CVE-2022-32149 (An attacker may cause a denial of service by crafting an
Accept-Langua ...)
- golang-golang-x-text 0.3.8-1 (bug #1021785)
[bullseye] - golang-golang-x-text <no-dsa> (Minor issue)
@@ -368635,7 +369540,7 @@ CVE-2022-24917 (An authenticated user can create a
link with reflected Javascrip
NOTE: https://support.zabbix.com/browse/ZBX-20680
NOTE:
https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/ff70e709719e4e9f25f5d187637fd53fd61c8bbe
(5.0.21rc1)
CVE-2022-24911
- RESERVED
+ REJECTED
CVE-2022-0564 (A vulnerability in Qlik Sense Enterprise on Windows could allow
an rem ...)
NOT-FOR-US: Qlik Sense Enterprise
CVE-2022-24916 (Optimism before @eth-optimism/[email protected] allows economic
griefing b ...)
@@ -370209,11 +371114,11 @@ CVE-2022-24410 (Dell BIOS contains an information
exposure vulnerability. An una
CVE-2022-24409 (Dell BSAFE SSL-J contains remediation for a covert timing
channel vuln ...)
NOT-FOR-US: Dell
CVE-2022-24380
- RESERVED
+ REJECTED
CVE-2022-22147
- RESERVED
+ REJECTED
CVE-2022-21130
- RESERVED
+ REJECTED
CVE-2022-0515 (Cross-Site Request Forgery (CSRF) in GitHub repository
crater-invoice/ ...)
NOT-FOR-US: Crater
CVE-2022-0514 (Business Logic Errors in GitHub repository
crater-invoice/crater prior ...)
@@ -388964,7 +389869,7 @@ CVE-2021-43337 (SchedMD Slurm 21.08.* before 21.08.4
has Incorrect Access Contro
CVE-2021-42743 (A misconfiguration in the node default path allows for local
privilege ...)
NOT-FOR-US: Splunk
CVE-2021-3926
- RESERVED
+ REJECTED
CVE-2021-3925
RESERVED
CVE-2021-33845 (The Splunk Enterprise REST API allows enumeration of usernames
via the ...)
@@ -511525,25 +512430,25 @@ CVE-2020-8462 (A cross-site scripting (XSS)
vulnerability in Trend Micro InterSc
CVE-2020-8461 (A CSRF protection bypass vulnerability in Trend Micro InterScan
Web Se ...)
NOT-FOR-US: Trend Micro
CVE-2020-8460
- RESERVED
+ REJECTED
CVE-2020-8459
- RESERVED
+ REJECTED
CVE-2020-8458
- RESERVED
+ REJECTED
CVE-2020-8457
- RESERVED
+ REJECTED
CVE-2020-8456
- RESERVED
+ REJECTED
CVE-2020-8455
- RESERVED
+ REJECTED
CVE-2020-8454
- RESERVED
+ REJECTED
CVE-2020-8453
- RESERVED
+ REJECTED
CVE-2020-8452
- RESERVED
+ REJECTED
CVE-2020-8451
- RESERVED
+ REJECTED
CVE-2020-8450 (An issue was discovered in Squid before 4.10. Due to incorrect
buffer ...)
{DSA-4682-1 DLA-2278-1}
- squid 4.10-1 (bug #950802)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c302da7c69449b9c072276bd0d3dd737a6866ca
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c302da7c69449b9c072276bd0d3dd737a6866ca
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
