Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
56dd1172 by security tracker role at 2026-01-24T20:13:10+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,45 @@
+CVE-2026-1302 (The Meta-box GalleryMeta plugin for WordPress is vulnerable to
Stored ...)
+ TODO: check
+CVE-2026-1300 (The Responsive Header plugin for WordPress is vulnerable to
Stored Cro ...)
+ TODO: check
+CVE-2026-1266 (The Postalicious plugin for WordPress is vulnerable to Stored
Cross-Si ...)
+ TODO: check
+CVE-2026-1208 (The Friendly Functions for Welcart plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2026-1191 (The JavaScript Notifier plugin for WordPress is vulnerable to
Stored C ...)
+ TODO: check
+CVE-2026-1189 (The LeadBI Plugin for WordPress plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2026-1127 (The Timeline Event History plugin for WordPress is vulnerable
to Refle ...)
+ TODO: check
+CVE-2026-1098 (The CM CSS Columns plugin for WordPress is vulnerable to Stored
Cross- ...)
+ TODO: check
+CVE-2026-0911 (The Hustle \u2013 Email Marketing, Lead Generation, Optins,
Popups plu ...)
+ TODO: check
+CVE-2026-0862 (The Save as PDF Plugin by PDFCrowd plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2026-0800 (The User Submitted Posts \u2013 Enable Users to Submit Posts
from the ...)
+ TODO: check
+CVE-2026-0687 (The Meta-box GalleryMeta plugin for WordPress is vulnerable to
unautho ...)
+ TODO: check
+CVE-2026-0633 (The MetForm \u2013 Contact Form, Survey, Quiz, & Custom Form
Builder f ...)
+ TODO: check
+CVE-2026-0593 (The WP Go Maps (formerly WP Google Maps) plugin for WordPress
is vulne ...)
+ TODO: check
+CVE-2025-15516 (The All-in-One Video Gallery plugin for WordPress is
vulnerable to una ...)
+ TODO: check
+CVE-2025-14907 (The Moderate Selected Posts plugin for WordPress is vulnerable
to Cros ...)
+ TODO: check
+CVE-2025-14630 (The AdminQuickbar plugin for WordPress is vulnerable to
Cross-Site Req ...)
+ TODO: check
+CVE-2025-13920 (The WP Directory Kit plugin for WordPress is vulnerable to
Sensitive I ...)
+ TODO: check
+CVE-2025-13205 (The SurveyJS: Drag & Drop WordPress Form Builder to create,
style and ...)
+ TODO: check
+CVE-2025-13194 (The SurveyJS: Drag & Drop WordPress Form Builder to create,
style and ...)
+ TODO: check
+CVE-2025-13139 (The SurveyJS: Drag & Drop WordPress Form Builder plugin for
WordPress ...)
+ TODO: check
CVE-2026-24649
REJECTED
CVE-2026-24648
@@ -2511,6 +2553,7 @@ CVE-2026-22022 (Deployments of Apache Solr 5.3.0 through
9.10.0 that rely on Sol
CVE-2026-22444 (The "create core" API of Apache Solr 8.6 through 9.10.0 lacks
sufficie ...)
- lucene-solr <not-affected> (Vulnerable code introduced later)
CVE-2026-23952 (ImageMagick is free and open-source software used for editing
and mani ...)
+ {DLA-4448-1}
- imagemagick 8:7.1.2.13+dfsg1-1 (bug #1126077)
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5vx3-wx4q-6cj8
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/1eefab41bc0ab1c6c2c1fd3e4a49e3ee1849751d
(7.1.2-13)
@@ -2562,6 +2605,7 @@ CVE-2026-23880 (OnboardLite is a comprehensive membership
lifecycle platform bui
CVE-2026-23877 (Swing Music is a self-hosted music player for local audio
files. Prior ...)
NOT-FOR-US: Swing Music
CVE-2026-23876 (ImageMagick is free and open-source software used for editing
and mani ...)
+ {DLA-4448-1}
- imagemagick 8:7.1.2.13+dfsg1-1 (bug #1126076)
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r49w-jqq3-3gx8
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/2fae24192b78fdfdd27d766fd21d90aeac6ea8b8
(7.1.2-13)
@@ -2569,6 +2613,7 @@ CVE-2026-23876 (ImageMagick is free and open-source
software used for editing an
CVE-2026-23875 (CrawlChat is an open-source, AI-powered platform that
transforms techn ...)
NOT-FOR-US: CrawlChat
CVE-2026-23874 (ImageMagick is free and open-source software used for editing
and mani ...)
+ {DLA-4448-1}
- imagemagick 8:7.1.2.13+dfsg1-1 (bug #1126075)
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9vj4-wc7r-p844
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/2a09644b10a5b146e0a7c63b778bd74a112ebec3
(7.1.2-13)
@@ -16547,7 +16592,7 @@ CVE-2025-14180 (In PHP versions 8.1.* before 8.1.34,
8.2.* before 8.2.30, 8.3.*
NOTE: Fixed by:
https://github.com/php/php-src/commit/d521259e44288146aa3dc692bdf234cf45a4bd86
(php-8.4.16)
NOTE: Introduced by:
https://github.com/php/php-src/commit/d521259e44288146aa3dc692bdf234cf45a4bd86
(php-8.1.0RC1)
CVE-2025-14178 (In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30,
8.3.* before ...)
- {DSA-6088-1}
+ {DSA-6088-1 DLA-4447-1}
- php8.4 8.4.16-1 (bug #1123574)
- php8.2 <removed>
- php7.4 <removed>
@@ -86082,6 +86127,7 @@ CVE-2024-13928 (SQL injection vulnerabilities in ASPECT
allow unintended access
CVE-2024-12093 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- gitlab <unfixed>
CVE-2023-47466 (TagLib before 2.0 allows a segmentation violation and
application cras ...)
+ {DLA-4450-1}
- taglib 2.0.2-1
[bookworm] - taglib <no-dsa> (Minor issue)
NOTE: https://github.com/taglib/taglib/issues/1163
@@ -111085,25 +111131,30 @@ CVE-2023-37933 (An improper neutralization of input
during web page generation (
CVE-2025-2190 (The mobile application (com.transsnet.store) has a
man-in-the-middle a ...)
NOT-FOR-US: com.transsnet.store
CVE-2025-2177 (A vulnerability classified as critical was found in libzvbi up
to 0.2. ...)
+ {DLA-4449-1}
- zvbi 0.2.44-1
[bookworm] - zvbi <no-dsa> (Minor issue)
NOTE:
https://github.com/zapping-vbi/zvbi/security/advisories/GHSA-g7cg-7gw9-v8cf
NOTE:
https://github.com/zapping-vbi/zvbi/commit/ca1672134b3e2962cd392212c73f44f8f4cb489f
(v0.2.44)
CVE-2025-2176 (A vulnerability classified as critical has been found in
libzvbi up to ...)
+ {DLA-4449-1}
- zvbi 0.2.44-1
[bookworm] - zvbi <no-dsa> (Minor issue)
NOTE:
https://github.com/zapping-vbi/zvbi/security/advisories/GHSA-g7cg-7gw9-v8cf
NOTE:
https://github.com/zapping-vbi/zvbi/commit/ca1672134b3e2962cd392212c73f44f8f4cb489f
(v0.2.44)
CVE-2025-2175 (A vulnerability was found in libzvbi up to 0.2.43. It has been
rated a ...)
+ {DLA-4449-1}
- zvbi 0.2.44-1
[bookworm] - zvbi <no-dsa> (Minor issue)
NOTE:
https://github.com/zapping-vbi/zvbi/security/advisories/GHSA-g7cg-7gw9-v8cf
CVE-2025-2174 (A vulnerability was found in libzvbi up to 0.2.43. It has been
declare ...)
+ {DLA-4449-1}
- zvbi 0.2.44-1
[bookworm] - zvbi <no-dsa> (Minor issue)
NOTE:
https://github.com/zapping-vbi/zvbi/security/advisories/GHSA-g7cg-7gw9-v8cf
NOTE:
https://github.com/zapping-vbi/zvbi/commit/ca1672134b3e2962cd392212c73f44f8f4cb489f
(v0.2.44)
CVE-2025-2173 (A vulnerability was found in libzvbi up to 0.2.43. It has been
classif ...)
+ {DLA-4449-1}
- zvbi 0.2.44-1
[bookworm] - zvbi <no-dsa> (Minor issue)
NOTE:
https://github.com/zapping-vbi/zvbi/security/advisories/GHSA-g7cg-7gw9-v8cf
@@ -368395,6 +368446,7 @@ CVE-2022-0701 (The SEO 301 Meta WordPress plugin
through 1.9.1 does not escape i
CVE-2022-0700 (The Simple Tracking WordPress plugin before 1.7 does not
sanitise and ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0699 (A double-free condition exists in contrib/shpsort.c of shapelib
1.5.0 ...)
+ {DLA-4451-1}
- shapelib 1.5.0-3 (bug #1022557)
[buster] - shapelib <no-dsa> (Minor issue)
NOTE:
https://github.com/OSGeo/shapelib/commit/c75b9281a5b9452d92e1682bdfe6019a13ed819f
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56dd117299e8cf553569b15174f92187f73f9f3e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56dd117299e8cf553569b15174f92187f73f9f3e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
