Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a44dee91 by security tracker role at 2026-01-28T08:13:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,142 @@
-CVE-2026-1504
+CVE-2026-24910 (In Bun before 1.3.5, the default trusted dependencies list
(aka trust ...)
+ TODO: check
+CVE-2026-24909 (vlt before 1.0.0-rc.10 mishandles path sanitization for tar,
leading t ...)
+ TODO: check
+CVE-2026-24867
+ REJECTED
+CVE-2026-24866
+ REJECTED
+CVE-2026-24865
+ REJECTED
+CVE-2026-24864
+ REJECTED
+CVE-2026-24863
+ REJECTED
+CVE-2026-24862
+ REJECTED
+CVE-2026-24861
+ REJECTED
+CVE-2026-24860
+ REJECTED
+CVE-2026-24859
+ REJECTED
+CVE-2026-24852 (iccDEV provides a set of libraries and tools that allow for
the intera ...)
+ TODO: check
+CVE-2026-24850 (The ML-DSA crate is a Rust implementation of the
Module-Lattice-Based ...)
+ TODO: check
+CVE-2026-24842 (node-tar,a Tar for Node.js, contains a vulnerability in
versions prior ...)
+ TODO: check
+CVE-2026-24841 (Dokploy is a free, self-hostable Platform as a Service (PaaS).
In vers ...)
+ TODO: check
+CVE-2026-24840 (Dokploy is a free, self-hostable Platform as a Service (PaaS).
In vers ...)
+ TODO: check
+CVE-2026-24839 (Dokploy is a free, self-hostable Platform as a Service (PaaS).
In vers ...)
+ TODO: check
+CVE-2026-24838 (DNN (formerly DotNetNuke) is an open-source web content
management pla ...)
+ TODO: check
+CVE-2026-24837 (DNN (formerly DotNetNuke) is an open-source web content
management pla ...)
+ TODO: check
+CVE-2026-24836 (DNN (formerly DotNetNuke) is an open-source web content
management pla ...)
+ TODO: check
+CVE-2026-24833 (DNN (formerly DotNetNuke) is an open-source web content
management pla ...)
+ TODO: check
+CVE-2026-24785 (Clatter is a no_std compatible, pure Rust implementation of
the Noise ...)
+ TODO: check
+CVE-2026-24784 (DNN (formerly DotNetNuke) is an open-source web content
management pla ...)
+ TODO: check
+CVE-2026-24783 (soroban-fixed-point-math is a fixed-point math library for
Soroban sma ...)
+ TODO: check
+CVE-2026-24779 (vLLM is an inference and serving engine for large language
models (LLM ...)
+ TODO: check
+CVE-2026-24778 (Ghost is an open source content management system. In Ghost
versions 5 ...)
+ TODO: check
+CVE-2026-24770 (RAGFlow is an open-source RAG (Retrieval-Augmented Generation)
engine. ...)
+ TODO: check
+CVE-2026-24765 (PHPUnit is a testing framework for PHP. A vulnerability has
been disco ...)
+ TODO: check
+CVE-2026-24748 (Kargo manages and automates the promotion of software
artifacts. Prior ...)
+ TODO: check
+CVE-2026-24747 (PyTorch is a Python package that provides tensor computation.
Prior to ...)
+ TODO: check
+CVE-2026-24741 (ConvertXis a self-hosted online file converter. In versions
prior to 0 ...)
+ TODO: check
+CVE-2026-24740 (Dozzle is a realtime log viewer for docker containers. Prior
to versio ...)
+ TODO: check
+CVE-2026-24738 (gmrtd is a Go library for reading Machine Readable Travel
Documents (M ...)
+ TODO: check
+CVE-2026-24736 (Squidex is an open source headless content management system
and conte ...)
+ TODO: check
+CVE-2026-24134 (StudioCMS is a server-side-rendered, Astro native, headless
content ma ...)
+ TODO: check
+CVE-2026-23830 (SandboxJS is a JavaScript sandboxing library. Versions prior
to 0.8.26 ...)
+ TODO: check
+CVE-2026-21569 (This High severity XXE (XML External Entity Injection)
vulnerability w ...)
+ TODO: check
+CVE-2026-1514 (Official Document Management System developed by 2100
Technology has a ...)
+ TODO: check
+CVE-2026-1513 (billboard.js before 3.18.0 allows an attacker to execute
malicious Jav ...)
+ TODO: check
+CVE-2026-1506 (A vulnerability was determined in D-Link DIR-615 4.10. Impacted
is an ...)
+ TODO: check
+CVE-2026-1505 (A vulnerability was found in D-Link DIR-615 4.10. This issue
affects s ...)
+ TODO: check
+CVE-2026-1466 (Jirafeau normally prevents browser preview for text files due
to the p ...)
+ TODO: check
+CVE-2026-1389 (The Document Embedder \u2013 Embed PDFs, Word, Excel, and Other
Files ...)
+ TODO: check
+CVE-2026-1310 (The Simple calendar for Elementor plugin for WordPress is
vulnerable t ...)
+ TODO: check
+CVE-2026-1298 (The Easy Replace Image plugin for WordPress is vulnerable to
Missing A ...)
+ TODO: check
+CVE-2026-1295 (The Buy Now Plus \u2013 Buy Now buttons for Stripe plugin for
WordPres ...)
+ TODO: check
+CVE-2026-1244 (The Forms Bridge \u2013 Infinite integrations plugin for
WordPress is ...)
+ TODO: check
+CVE-2026-1083 (The Appointment Hour Booking \u2013 Booking Calendar plugin for
WordPr ...)
+ TODO: check
+CVE-2026-1054 (The RegistrationMagic plugin for WordPress is vulnerable to
Missing Au ...)
+ TODO: check
+CVE-2026-0832 (The New User Approve plugin for WordPress is vulnerable to
unauthorize ...)
+ TODO: check
+CVE-2026-0825 (The Database for Contact Form 7, WPforms, Elementor forms
plugin for W ...)
+ TODO: check
+CVE-2026-0818 (CSS-based exfiltration of the content from partially encrypted
emails ...)
+ TODO: check
+CVE-2025-9082 (The WPBITS Addons For Elementor plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2025-8072 (The Target Video Easy Publish plugin for WordPress is
vulnerable to St ...)
+ TODO: check
+CVE-2025-67645 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2025-55292 (Meshtastic is an open source mesh networking solution. In the
current ...)
+ TODO: check
+CVE-2025-54373 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2025-40554 (SolarWinds Web Help Desk was found to be susceptible to an
authenticat ...)
+ TODO: check
+CVE-2025-40553 (SolarWinds Web Help Desk was found to be susceptible to an
untrusted d ...)
+ TODO: check
+CVE-2025-40552 (SolarWinds Web Help Desk was found to be susceptible to an
authenticat ...)
+ TODO: check
+CVE-2025-40551 (SolarWinds Web Help Desk was found to be susceptible to an
untrusted d ...)
+ TODO: check
+CVE-2025-40537 (SolarWinds Web Help Desk was found to be susceptible to a
hardcoded cr ...)
+ TODO: check
+CVE-2025-40536 (SolarWinds Web Help Desk was found to be susceptible to a
security con ...)
+ TODO: check
+CVE-2025-21589 (An Authentication Bypass Using an Alternate Path or Channel
vulnerabil ...)
+ TODO: check
+CVE-2025-14988 (A security issue has been identified in ibaPDA that could
allow unauth ...)
+ TODO: check
+CVE-2025-14610 (The TableMaster for Elementor plugin for WordPress is
vulnerable to Se ...)
+ TODO: check
+CVE-2025-14039 (The Simple Folio plugin for WordPress is vulnerable to Stored
Cross-Si ...)
+ TODO: check
+CVE-2025-13471 (The User Activity Log WordPress plugin through 2.2 does not
properly h ...)
+ TODO: check
+CVE-2025-12709 (The Interactions \u2013 Create Interactive Experiences in the
Block Ed ...)
+ TODO: check
+CVE-2026-1504 (Inappropriate implementation in Background Fetch API in Google
Chrome ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-XXXX [RUSTSEC-2025-0143]
@@ -77633,7 +77771,7 @@ CVE-2025-34040 (An arbitrary file upload vulnerability
exists in the Zhiyuan OA
NOT-FOR-US: Zhiyuan OA
CVE-2025-34039 (A code injection vulnerability exists in Yonyou UFIDA NC v6.5
and prio ...)
NOT-FOR-US: Yonyou UFIDA NC
-CVE-2025-34038 (A SQL injection vulnerability exists in Fanwei e-cology 8.0
via the ge ...)
+CVE-2025-34038 (A SQL injection vulnerability exists in Weaver E-cology 8.0
via the ge ...)
NOT-FOR-US: Fanwei e-cology
CVE-2025-34037 (An OS command injection vulnerability exists in various models
of E-Se ...)
NOT-FOR-US: Linksys
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a44dee918de1606ce77b4d24de373bf636147c42
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a44dee918de1606ce77b4d24de373bf636147c42
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
