Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a77110f7 by security tracker role at 2026-01-30T20:13:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,105 @@
+CVE-2026-25128 (fast-xml-parser allows users to validate XML, parse XML to JS
object, ...)
+ TODO: check
+CVE-2026-25050 (Vendure is an open-source headless commerce platform. Prior to
version ...)
+ TODO: check
+CVE-2026-24855 (ChurchCRM is an open-source church management system. Versions
prior t ...)
+ TODO: check
+CVE-2026-24854 (ChurchCRM is an open-source church management system. A SQL
Injection ...)
+ TODO: check
+CVE-2026-23835 (LobeHub is an open source human-and-AI-agent network. Prior to
version ...)
+ TODO: check
+CVE-2026-22626 (Due to insufficient input parameter validation on the
interface, authe ...)
+ TODO: check
+CVE-2026-22625 (Improper handling of filenames in certain HIKSEMI NAS products
may lea ...)
+ TODO: check
+CVE-2026-22624 (Due to inadequate access control, authenticated users of
certain HIKSE ...)
+ TODO: check
+CVE-2026-22623 (Due to insufficient input parameter validation on the
interface, authe ...)
+ TODO: check
+CVE-2026-22277 (Dell UnityVSA, version(s) 5.4 and prior, contain(s) an
Improper Neutra ...)
+ TODO: check
+CVE-2026-21418 (Dell Unity, version(s) 5.5.2 and prior, contain(s) an Improper
Neutral ...)
+ TODO: check
+CVE-2026-1702 (A vulnerability was detected in SourceCodester Pet Grooming
Management ...)
+ TODO: check
+CVE-2026-1701 (A security vulnerability has been detected in itsourcecode
Student Man ...)
+ TODO: check
+CVE-2026-1700 (A weakness has been identified in projectworlds House Rental
and Prope ...)
+ TODO: check
+CVE-2026-1699 (In the Eclipse Theia Website repository, the GitHub Actions
workflow . ...)
+ TODO: check
+CVE-2026-1691 (A vulnerability has been found in bolo-solo up to 2.6.4. This
impacts ...)
+ TODO: check
+CVE-2026-1690 (A flaw has been found in Tenda HG10
US_HG7_HG9_HG10re_300001138_en_xpo ...)
+ TODO: check
+CVE-2026-1689 (A vulnerability was detected in Tenda HG10
US_HG7_HG9_HG10re_300001138 ...)
+ TODO: check
+CVE-2026-1688 (A security vulnerability has been detected in itsourcecode
Directory M ...)
+ TODO: check
+CVE-2026-1687 (A weakness has been identified in Tenda HG10
US_HG7_HG9_HG10re_3000011 ...)
+ TODO: check
+CVE-2026-1686 (A security flaw has been discovered in Totolink A3600R
5.9c.4959. This ...)
+ TODO: check
+CVE-2026-1685 (A vulnerability was identified in D-Link DIR-823X 250416. This
vulnera ...)
+ TODO: check
+CVE-2026-1684 (A vulnerability was found in Free5GC SMF up to 4.1.0. Affected
by this ...)
+ TODO: check
+CVE-2026-1683 (A vulnerability has been found in Free5GC SMF up to 4.1.0.
Affected by ...)
+ TODO: check
+CVE-2026-1682 (A flaw has been found in Free5GC SMF up to 4.1.0. Affected is
the func ...)
+ TODO: check
+CVE-2026-1498 (An LDAP Injection vulnerability in WatchGuard Fireware OS may
allow a ...)
+ TODO: check
+CVE-2026-0709 (Some Hikvision Wireless Access Points are vulnerable to
authenticated ...)
+ TODO: check
+CVE-2025-9226 (Zohocorp ManageEngine OpManager, NetFlow Analyzer, and OpUtils
version ...)
+ TODO: check
+CVE-2025-7964 (After receiving a malformed 802.15.4 MAC Data Request the
Zigbee C ...)
+ TODO: check
+CVE-2025-6723 (Chef InSpec up to version 5.23 creates named pipes with overly
permiss ...)
+ TODO: check
+CVE-2025-69662 (SQL injection vulnerability in geopandas before v.1.1.2 allows
an atta ...)
+ TODO: check
+CVE-2025-62349 (Salt contains an authentication protocol version downgrade
weakness th ...)
+ TODO: check
+CVE-2025-62348 (Salt's junos execution module contained an unsafe YAML
decode/load usa ...)
+ TODO: check
+CVE-2025-51958 (aelsantex runcommand 2014-04-01, a plugin for DokuWiki, allows
unauthe ...)
+ TODO: check
+CVE-2025-4686 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-26385 (Johnson Controls Metasys component listed below have Improper
Neutral ...)
+ TODO: check
+CVE-2025-1395 (Generation of Error Message Containing Sensitive Information
vulnerabi ...)
+ TODO: check
+CVE-2025-13176 (Planting a custom configuration file in ESET Inspect
Connectorallow ...)
+ TODO: check
+CVE-2024-9432 (Cleartext Storage of Sensitive Information vulnerability in
OpenText\u ...)
+ TODO: check
+CVE-2024-4027 (A flaw was found in Undertow. Servlets using a method that
calls HttpS ...)
+ TODO: check
+CVE-2020-37060 (Atomic Alarm Clock 6.3 contains a local privilege escalation
vulnerabi ...)
+ TODO: check
+CVE-2020-37059 (Popcorn Time 6.2.1.14 contains an unquoted service path
vulnerability ...)
+ TODO: check
+CVE-2020-37058 (Andrea ST Filters Service 1.0.64.7 contains an unquoted
service path v ...)
+ TODO: check
+CVE-2020-37030 (Outline Service 1.3.3 contains an unquoted service path
vulnerability ...)
+ TODO: check
+CVE-2020-37022 (OpenZ ERP 3.6.60 contains a persistent cross-site scripting
vulnerabil ...)
+ TODO: check
+CVE-2020-37019 (Orchard Core RC1 contains a persistent cross-site scripting
vulnerabil ...)
+ TODO: check
+CVE-2020-37014 (Tryton 5.4 contains a persistent cross-site scripting
vulnerability in ...)
+ TODO: check
+CVE-2020-37003 (Sellacious eCommerce 4.6 contains a persistent cross-site
scripting vu ...)
+ TODO: check
+CVE-2020-36998 (Forma.lms The E-Learning Suite 2.3.0.2 contains a persistent
cross-sit ...)
+ TODO: check
+CVE-2020-36996 (PHPFusion 9.03.50 contains a persistent cross-site scripting
vulnerabi ...)
+ TODO: check
+CVE-2020-36966 (Dolibarr 11.0.3 contains a persistent cross-site scripting
vulnerabili ...)
+ TODO: check
CVE-2026-25211 (Llama Stack (aka llama-stack) before 0.4.0rc3 does not censor
the pgve ...)
NOT-FOR-US: Llama Stack (aka llama-stack)
CVE-2026-25126 (PolarLearn is a free and open-source learning program. Prior
to versio ...)
@@ -846,6 +948,7 @@ CVE-2025-13471 (The User Activity Log WordPress plugin
through 2.2 does not prop
CVE-2025-12709 (The Interactions \u2013 Create Interactive Experiences in the
Block Ed ...)
NOT-FOR-US: WordPress plugin
CVE-2026-1504 (Inappropriate implementation in Background Fetch API in Google
Chrome ...)
+ {DSA-6116-1}
- chromium 144.0.7559.109-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-XXXX [RUSTSEC-2025-0143]
@@ -5027,7 +5130,7 @@ CVE-2021-47816 (Thecus N4800Eco NAS Server Control Panel
contains a command inje
NOT-FOR-US: Thecus N4800Eco NAS Server Control Panel
CVE-2025-60021 (Remote command injection vulnerability in heap profiler
builtin servic ...)
- brpc <itp> (bug #1060006)
-CVE-2025-15497
+CVE-2025-15497 (Insufficient epoch key slot processing in OpenVPN 2.7_alpha1
through 2 ...)
- openvpn 2.7.0~rc5-1
[trixie] - openvpn <not-affected> (Vulnerable code introduced later)
[bookworm] - openvpn <not-affected> (Vulnerable code introduced later)
@@ -44860,7 +44963,7 @@ CVE-2025-11173
NOTE: https://phabricator.wikimedia.org/T402094
NOTE:
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/OATHAuth/+/1180998
NOTE:
https://gerrit.wikimedia.org/r/c/mediawiki/extensions/OATHAuth/+/1180664
-CVE-2025-11175
+CVE-2025-11175 (Improper Neutralization of Special Elements used in an
Expression Lang ...)
- mediawiki 1:1.43.5+dfsg-1
[trixie] - mediawiki 1:1.43.6+dfsg-1~deb13u1
[bookworm] - mediawiki <not-affected> (Vulnerable code not present)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a77110f767692eab6bd2c1a6238b70d9195e8de9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a77110f767692eab6bd2c1a6238b70d9195e8de9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
