Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2a381282 by security tracker role at 2026-02-03T20:13:10+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,24 +1,414 @@
-CVE-2026-1312 [Potential SQL injection via QuerySet.order_by and
FilteredRelation]
+CVE-2026-25616 (Blesta 3.x through 5.x before 5.13.3 mishandles input
validation, aka ...)
+ TODO: check
+CVE-2026-25615 (Blesta 3.x through 5.x before 5.13.3 allows object injection,
aka CORE ...)
+ TODO: check
+CVE-2026-25614 (Blesta 3.x through 5.x before 5.13.3 allows object injection,
aka CORE ...)
+ TODO: check
+CVE-2026-25522 (Craft Commerce is an ecommerce platform for Craft CMS. In
versions fro ...)
+ TODO: check
+CVE-2026-25503 (iccDEV provides a set of libraries and tools that allow for
the intera ...)
+ TODO: check
+CVE-2026-25502 (iccDEV provides a set of libraries and tools that allow for
the intera ...)
+ TODO: check
+CVE-2026-25490 (Craft Commerce is an ecommerce platform for Craft CMS. In
versions fro ...)
+ TODO: check
+CVE-2026-25489 (Craft Commerce is an ecommerce platform for Craft CMS. In
versions fro ...)
+ TODO: check
+CVE-2026-25488 (Craft Commerce is an ecommerce platform for Craft CMS. In
versions fro ...)
+ TODO: check
+CVE-2026-25487 (Craft Commerce is an ecommerce platform for Craft CMS. In
versions fro ...)
+ TODO: check
+CVE-2026-25486 (Craft Commerce is an ecommerce platform for Craft CMS. From
version 5. ...)
+ TODO: check
+CVE-2026-25485 (Craft Commerce is an ecommerce platform for Craft CMS. In
versions fro ...)
+ TODO: check
+CVE-2026-25484 (Craft Commerce is an ecommerce platform for Craft CMS. In
versions fro ...)
+ TODO: check
+CVE-2026-25483 (Craft Commerce is an ecommerce platform for Craft CMS. In
versions fro ...)
+ TODO: check
+CVE-2026-25482 (Craft Commerce is an ecommerce platform for Craft CMS. In
versions fro ...)
+ TODO: check
+CVE-2026-25241 (PEAR is a framework and distribution system for reusable PHP
component ...)
+ TODO: check
+CVE-2026-25240 (PEAR is a framework and distribution system for reusable PHP
component ...)
+ TODO: check
+CVE-2026-25239 (PEAR is a framework and distribution system for reusable PHP
component ...)
+ TODO: check
+CVE-2026-25238 (PEAR is a framework and distribution system for reusable PHP
component ...)
+ TODO: check
+CVE-2026-25237 (PEAR is a framework and distribution system for reusable PHP
component ...)
+ TODO: check
+CVE-2026-25236 (PEAR is a framework and distribution system for reusable PHP
component ...)
+ TODO: check
+CVE-2026-25235 (PEAR is a framework and distribution system for reusable PHP
component ...)
+ TODO: check
+CVE-2026-25234 (PEAR is a framework and distribution system for reusable PHP
component ...)
+ TODO: check
+CVE-2026-25233 (PEAR is a framework and distribution system for reusable PHP
component ...)
+ TODO: check
+CVE-2026-25036 (Missing Authorization vulnerability in WP Chill Passster
content-prote ...)
+ TODO: check
+CVE-2026-25028 (Missing Authorization vulnerability in Element Invader
ElementInvader ...)
+ TODO: check
+CVE-2026-25027 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2026-25024 (Cross-Site Request Forgery (CSRF) vulnerability in Blair
Williams Thir ...)
+ TODO: check
+CVE-2026-25023 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
+ TODO: check
+CVE-2026-25022 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2026-25021 (Missing Authorization vulnerability in Mizan Themes Mizan Demo
Importe ...)
+ TODO: check
+CVE-2026-25020 (Missing Authorization vulnerability in WP connect WP Sync for
Notion w ...)
+ TODO: check
+CVE-2026-25019 (Missing Authorization vulnerability in Vito Peleg Atarim
atarim-visual ...)
+ TODO: check
+CVE-2026-25016 (Missing Authorization vulnerability in Nelio Software Nelio
Popups nel ...)
+ TODO: check
+CVE-2026-25015 (Cross-Site Request Forgery (CSRF) vulnerability in Stiofan
UsersWP use ...)
+ TODO: check
+CVE-2026-25014 (Cross-Site Request Forgery (CSRF) vulnerability in themelooks
Enter Ad ...)
+ TODO: check
+CVE-2026-25012 (Missing Authorization vulnerability in gfazioli WP Bannerize
Pro wp-ba ...)
+ TODO: check
+CVE-2026-25011 (Missing Authorization vulnerability in Northern Beaches
Websites WP Cu ...)
+ TODO: check
+CVE-2026-25010 (Missing Authorization vulnerability in ILLID Share This Image
share-th ...)
+ TODO: check
+CVE-2026-24998 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
+ TODO: check
+CVE-2026-24997 (Missing Authorization vulnerability in Wired Impact Wired
Impact Volun ...)
+ TODO: check
+CVE-2026-24996 (Missing Authorization vulnerability in wpelemento WPElemento
Importer ...)
+ TODO: check
+CVE-2026-24995 (Missing Authorization vulnerability in Iulia Cazan Latest Post
Shortco ...)
+ TODO: check
+CVE-2026-24994 (Missing Authorization vulnerability in sunshinephotocart
Sunshine Phot ...)
+ TODO: check
+CVE-2026-24992 (Insertion of Sensitive Information Into Sent Data
vulnerability in WPF ...)
+ TODO: check
+CVE-2026-24991 (Authorization Bypass Through User-Controlled Key vulnerability
in HT P ...)
+ TODO: check
+CVE-2026-24990 (Missing Authorization vulnerability in Fahad Mahmood WP Docs
wp-docs a ...)
+ TODO: check
+CVE-2026-24988 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-24986 (Cross-Site Request Forgery (CSRF) vulnerability in wp.insider
Simple M ...)
+ TODO: check
+CVE-2026-24985 (Missing Authorization vulnerability in approveme WP Forms
Signature Co ...)
+ TODO: check
+CVE-2026-24984 (Missing Authorization vulnerability in Brecht Visual Link
Preview visu ...)
+ TODO: check
+CVE-2026-24982 (Missing Authorization vulnerability in Brainstorm Force
Spectra ultima ...)
+ TODO: check
+CVE-2026-24967 (Missing Authorization vulnerability in ameliabooking Amelia
ameliabook ...)
+ TODO: check
+CVE-2026-24966 (Cross-Site Request Forgery (CSRF) vulnerability in Copyscape
Copyscape ...)
+ TODO: check
+CVE-2026-24965 (Missing Authorization vulnerability in Wasiliy Strecker /
ContestGalle ...)
+ TODO: check
+CVE-2026-24962 (Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm
Force Si ...)
+ TODO: check
+CVE-2026-24961 (Server-Side Request Forgery (SSRF) vulnerability in ThemeGoods
Grand B ...)
+ TODO: check
+CVE-2026-24958 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-24957 (Missing Authorization vulnerability in WP Chill Strong
Testimonials st ...)
+ TODO: check
+CVE-2026-24954 (Deserialization of Untrusted Data vulnerability in
magepeopleteam WpEv ...)
+ TODO: check
+CVE-2026-24952 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-24951 (Missing Authorization vulnerability in Saad Iqbal myCred
mycred allows ...)
+ TODO: check
+CVE-2026-24947 (Missing Authorization vulnerability in LA-Studio LA-Studio
Element Kit ...)
+ TODO: check
+CVE-2026-24945 (Missing Authorization vulnerability in Themefic Ultimate
Addons for Co ...)
+ TODO: check
+CVE-2026-24942 (Cross-Site Request Forgery (CSRF) vulnerability in
magepeopleteam WpEv ...)
+ TODO: check
+CVE-2026-24940 (Missing Authorization vulnerability in Themefic Travelfic
Toolkit trav ...)
+ TODO: check
+CVE-2026-24939 (Missing Authorization vulnerability in WP Chill Modula Image
Gallery m ...)
+ TODO: check
+CVE-2026-24938 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-24774 (The Open eClass platform (formerly known as GUnet eClass) is a
complet ...)
+ TODO: check
+CVE-2026-24773 (The Open eClass platform (formerly known as GUnet eClass) is a
complet ...)
+ TODO: check
+CVE-2026-24762 (RustFS is a distributed object storage system built in Rust.
From vers ...)
+ TODO: check
+CVE-2026-24674 (The Open eClass platform (formerly known as GUnet eClass) is a
complet ...)
+ TODO: check
+CVE-2026-24673 (The Open eClass platform (formerly known as GUnet eClass) is a
complet ...)
+ TODO: check
+CVE-2026-24672 (The Open eClass platform (formerly known as GUnet eClass) is a
complet ...)
+ TODO: check
+CVE-2026-24671 (The Open eClass platform (formerly known as GUnet eClass) is a
complet ...)
+ TODO: check
+CVE-2026-24670 (The Open eClass platform (formerly known as GUnet eClass) is a
complet ...)
+ TODO: check
+CVE-2026-24669 (The Open eClass platform (formerly known as GUnet eClass) is a
complet ...)
+ TODO: check
+CVE-2026-24668 (The Open eClass platform (formerly known as GUnet eClass) is a
complet ...)
+ TODO: check
+CVE-2026-24667 (The Open eClass platform (formerly known as GUnet eClass) is a
complet ...)
+ TODO: check
+CVE-2026-24666 (The Open eClass platform (formerly known as GUnet eClass) is a
complet ...)
+ TODO: check
+CVE-2026-24665 (The Open eClass platform (formerly known as GUnet eClass) is a
complet ...)
+ TODO: check
+CVE-2026-24664 (The Open eClass platform (formerly known as GUnet eClass) is a
complet ...)
+ TODO: check
+CVE-2026-24441 (Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior
expose a ...)
+ TODO: check
+CVE-2026-24434 (Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior
does not ...)
+ TODO: check
+CVE-2026-24427 (Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior
expose s ...)
+ TODO: check
+CVE-2026-24426 (Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior
containa ...)
+ TODO: check
+CVE-2026-24149 (NVIDIA Megatron-LM for all platforms contains a vulnerability
in a scr ...)
+ TODO: check
+CVE-2026-23795 (Improper Restriction of XML External Entity Reference
vulnerability in ...)
+ TODO: check
+CVE-2026-23794 (Reflected XSS in Apache Syncope's Enduser Login page. An
attacker that ...)
+ TODO: check
+CVE-2026-22228 (An authenticated user with high privileges may trigger a
denial\u2011o ...)
+ TODO: check
+CVE-2026-22220 (A lack of proper input validation in the HTTP processing path
in TP-Li ...)
+ TODO: check
+CVE-2026-21862 (RustFS is a distributed object storage system built in Rust.
Prior to ...)
+ TODO: check
+CVE-2026-1846
+ REJECTED
+CVE-2026-1814 (Rapid7 Nexpose versions 6.4.50 and later are vulnerable to an
insuffic ...)
+ TODO: check
+CVE-2026-1803 (A weakness has been identified in Ziroom ZHOME A0101 1.0.1.0.
Impacted ...)
+ TODO: check
+CVE-2026-1802 (A security flaw has been discovered in Ziroom ZHOME A0101
1.0.1.0. Thi ...)
+ TODO: check
+CVE-2026-1664 (Summary An Insecure Direct Object Reference has been found to
exist i ...)
+ TODO: check
+CVE-2026-1568 (Rapid7 InsightVM versions before8.34.0 contain a signature
verificatio ...)
+ TODO: check
+CVE-2026-1432 (SQL injection vulnerability in the Buroweb platform version
2505.0.12, ...)
+ TODO: check
+CVE-2026-0620 (When configured as L2TP/IPSec VPN server, Archer AXE75 V1 may
accept c ...)
+ TODO: check
+CVE-2025-8461 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2025-8456 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2025-7760 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2025-71179 (Creativeitem Academy LMS 7.0 contains reflected Cross-Site
Scripting ( ...)
+ TODO: check
+CVE-2025-70849 (Arbitrary File Upload in podinfo thru 6.9.0 allows
unauthenticated att ...)
+ TODO: check
+CVE-2025-70841 (Dokans Multi-Tenancy Based eCommerce Platform SaaS 3.9.2
allows unauth ...)
+ TODO: check
+CVE-2025-70758 (chetans9 core-php-admin-panel through commit a94a780d6
contains an aut ...)
+ TODO: check
+CVE-2025-70560 (Boltz 2.0.0 contains an insecure deserialization vulnerability
in its ...)
+ TODO: check
+CVE-2025-70559 (pdfminer.six before 20251230 contains an insecure
deserialization vuln ...)
+ TODO: check
+CVE-2025-70311 (JEEWMS 1.0 is vulnerable to SQL Injection. Attackers can
inject malici ...)
+ TODO: check
+CVE-2025-6397 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2025-69983 (FUXA v1.2.7 allows Remote Code Execution (RCE) via the project
import ...)
+ TODO: check
+CVE-2025-69981 (FUXA v1.2.7 contains an Unrestricted File Upload vulnerability
in the ...)
+ TODO: check
+CVE-2025-69971 (FUXA v1.2.7 contains a hard-coded credential vulnerability in
server/a ...)
+ TODO: check
+CVE-2025-69970 (FUXA v1.2.7 contains an insecure default configuration
vulnerability i ...)
+ TODO: check
+CVE-2025-69875 (A vulnerability exists in Quick Heal Total Security 23.0.0 in
the quar ...)
+ TODO: check
+CVE-2025-69848 (NetBox is an open-source infrastructure resource modeling and
IP addre ...)
+ TODO: check
+CVE-2025-69431 (The ZSPACE Q2C NAS contains a vulnerability related to
incorrect symbo ...)
+ TODO: check
+CVE-2025-69430 (An Incorrect Symlink Follow vulnerability exists in multiple
Yottamast ...)
+ TODO: check
+CVE-2025-69429 (The ORICO NAS CD3510 (version V1.9.12 and below) contains an
Incorrect ...)
+ TODO: check
+CVE-2025-67857 (A flaw was found in moodle. During anonymous assignment
submissions, u ...)
+ TODO: check
+CVE-2025-67856 (A flaw was found in Moodle. An authorization logic flaw,
specifically ...)
+ TODO: check
+CVE-2025-67855 (A flaw was found in mooodle. A remote attacker could exploit a
reflect ...)
+ TODO: check
+CVE-2025-67853 (A flaw was found in Moodle. A remote attacker could exploit a
lack of ...)
+ TODO: check
+CVE-2025-67852 (A flaw was found in Moodle. An open redirect vulnerability in
the OAut ...)
+ TODO: check
+CVE-2025-67851 (A flaw was found in moodle. This formula injection
vulnerability occur ...)
+ TODO: check
+CVE-2025-67850 (A flaw was found in moodle. This vulnerability, known as
Cross-Site Sc ...)
+ TODO: check
+CVE-2025-67849 (A flaw was found in Moodle. This cross-site scripting (XSS)
vulnerabil ...)
+ TODO: check
+CVE-2025-67848 (A flaw was found in Moodle. This authentication bypass
vulnerability a ...)
+ TODO: check
+CVE-2025-67189 (A buffer overflow vulnerability exists in the setParentalRules
interfa ...)
+ TODO: check
+CVE-2025-67188 (A buffer overflow vulnerability exists in TOTOLINK A950RG
V4.1.2cu.520 ...)
+ TODO: check
+CVE-2025-67187 (A stack-based buffer overflow vulnerability was identified in
TOTOLINK ...)
+ TODO: check
+CVE-2025-67186 (TOTOLINK A950RG V4.1.2cu.5204_B20210112 contains a buffer
overflow vul ...)
+ TODO: check
+CVE-2025-66374 (CyberArk Endpoint Privilege Manager Agent through 25.10.0
allows a loc ...)
+ TODO: check
+CVE-2025-65924 (ERPNext thru 15.88.1 does not sanitize or remove certain HTML
tags spe ...)
+ TODO: check
+CVE-2025-65923 (A Stored Cross-Site Scripting (XSS) vulnerability was
discovered withi ...)
+ TODO: check
+CVE-2025-65875 (An arbitrary file upload vulnerability in the AddFont()
function of FP ...)
+ TODO: check
+CVE-2025-65017 (Decidim is a participatory democracy framework. In versions
from 0.30. ...)
+ TODO: check
+CVE-2025-63624 (SQL Injection vulnerability in Shandong Kede Electronics Co.,
Ltd IoT ...)
+ TODO: check
+CVE-2025-63372 (Articentgroup Zip Rar Extractor Tool 1.345.93.0 is vulnerable
to Direc ...)
+ TODO: check
+CVE-2025-62673 (Heap-based Buffer Overflow vulnerability in TP-Link Archer
AX53 v1.0 ( ...)
+ TODO: check
+CVE-2025-62501 (SSH Hostkey misconfiguration vulnerability in TP-Link Archer
AX53 v1.0 ...)
+ TODO: check
+CVE-2025-62405 (Heap-based Buffer Overflow vulnerability in TP-Link Archer
AX53 v1.0 ( ...)
+ TODO: check
+CVE-2025-62404 (Heap-based Buffer Overflow vulnerability in TP-Link Archer
AX53 v1.0 ( ...)
+ TODO: check
+CVE-2025-61983 (Heap-based Buffer Overflow vulnerability in TP-Link Archer
AX53 v1.0 ( ...)
+ TODO: check
+CVE-2025-61944 (Heap-based Buffer Overflow vulnerability in TP-Link Archer
AX53 v1.0 ( ...)
+ TODO: check
+CVE-2025-61506 (An issue was discovered in MediaCrush thru 1.0.1 allowing
remote unaut ...)
+ TODO: check
+CVE-2025-60865 (Insecure Permissions vulnerability in avanquest Driver Updater
v.9.1.5 ...)
+ TODO: check
+CVE-2025-5319 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-59902 (HTML injection vulnerability in NICE Chat. This vulnerability
allows a ...)
+ TODO: check
+CVE-2025-59487 (Heap-based Buffer Overflow vulnerability in TP-Link Archer
AX53 v1.0 ( ...)
+ TODO: check
+CVE-2025-59482 (Heap-based Buffer Overflow vulnerability in TP-Link Archer
AX53 v1.0 ( ...)
+ TODO: check
+CVE-2025-59439 (An issue was discovered in Samsung Modem Exynos through
2025-08-29. In ...)
+ TODO: check
+CVE-2025-58455 (Heap-based Buffer Overflow vulnerability in TP-Link Archer
AX53 v1.0 ( ...)
+ TODO: check
+CVE-2025-58348 (An issue was discovered in the Wi-Fi driver in Samsung Mobile
Processo ...)
+ TODO: check
+CVE-2025-58347 (An issue was discovered in the Wi-Fi driver in Samsung Mobile
Processo ...)
+ TODO: check
+CVE-2025-58346 (An issue was discovered in the Wi-Fi driver in Samsung Mobile
Processo ...)
+ TODO: check
+CVE-2025-58345 (An issue was discovered in the Wi-Fi driver in Samsung Mobile
Processo ...)
+ TODO: check
+CVE-2025-58344 (An issue was discovered in the Wi-Fi driver in Samsung Mobile
Processo ...)
+ TODO: check
+CVE-2025-58343 (An issue was discovered in the Wi-Fi driver in Samsung Mobile
Processo ...)
+ TODO: check
+CVE-2025-58342 (An issue was discovered in the Wi-Fi driver in Samsung Mobile
Processo ...)
+ TODO: check
+CVE-2025-58341 (An issue was discovered in the Wi-Fi driver in Samsung Mobile
Processo ...)
+ TODO: check
+CVE-2025-58340 (An issue was discovered in the Wi-Fi driver in Samsung Mobile
Processo ...)
+ TODO: check
+CVE-2025-58077 (Heap-based Buffer Overflow vulnerability in TP-Link Archer
AX53 v1.0 ( ...)
+ TODO: check
+CVE-2025-57529 (YouDataSum CPAS Audit Management System <=v4.9 is vulnerable
to SQL In ...)
+ TODO: check
+CVE-2025-52633 (HCL AION is affected by a Permanent Cookie Containing
Sensitive Sessio ...)
+ TODO: check
+CVE-2025-52631 (HCL AION is affected by a Missing or Insecure HTTP
Strict-Transport-Se ...)
+ TODO: check
+CVE-2025-52629 (HCL AION is susceptible to Missing Content-Security-Policy.
An The ab ...)
+ TODO: check
+CVE-2025-52628 (HCL AION is affected by a Cookie with Insecure, Improper, or
Missing S ...)
+ TODO: check
+CVE-2025-52627 (Root File System Not Mounted as Read-Only configuration
vulnerability. ...)
+ TODO: check
+CVE-2025-52626 (A Potential Command Injection vulnerability in HCL AION. An
This can ...)
+ TODO: check
+CVE-2025-52623 (HCL AION is affected by an Autocomplete HTML Attribute Not
Disabled fo ...)
+ TODO: check
+CVE-2025-46651 (Tiny File Manager through 2.6 contains a server-side request
forgery ( ...)
+ TODO: check
+CVE-2025-41065 (Stored Cross-Site Scripting (XSS) vulnerability type in LUNA
software ...)
+ TODO: check
+CVE-2025-11598 (In mObywatel iOS applicationan unauthorized user can use the
App Switc ...)
+ TODO: check
+CVE-2025-10878 (A SQL injection vulnerability exists in the login
functionality of Fik ...)
+ TODO: check
+CVE-2020-37116 (GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by
default, which ...)
+ TODO: check
+CVE-2020-37115 (GUnet OpenEclass 1.7.3 stores user credentials in plaintext,
allowing ...)
+ TODO: check
+CVE-2020-37114 (GUnet OpenEclass 1.7.3 allows unauthenticated and
authenticated users ...)
+ TODO: check
+CVE-2020-37113 (GUnet OpenEclass 1.7.3 allows authenticated users to bypass
file exten ...)
+ TODO: check
+CVE-2020-37112 (GUnet OpenEclass 1.7.3 contains multiple SQL injection
vulnerabilities ...)
+ TODO: check
+CVE-2020-37111 (60CycleCMS 2.5.2 contains a cross-site scripting (XSS)
vulnerability i ...)
+ TODO: check
+CVE-2020-37110 (60CycleCMS 2.5.2 contains an SQL injection vulnerability in
news.php a ...)
+ TODO: check
+CVE-2020-37108 (PhpIX 2012 Professional contains a SQL injection vulnerability
in the ...)
+ TODO: check
+CVE-2020-37105 (PMB 5.6 contains a SQL injection vulnerability in the
administration d ...)
+ TODO: check
+CVE-2020-37103 (DotNetNuke 9.5 contains a persistent cross-site scripting
vulnerabilit ...)
+ TODO: check
+CVE-2020-37102 (Adaware Web Companion 4.9.2159 contains an unquoted service
path vulne ...)
+ TODO: check
+CVE-2020-37101 (VPN Unlimited 6.1 contains an unquoted service path
vulnerability that ...)
+ TODO: check
+CVE-2020-37100 (Sync Breeze Enterprise 12.4.18 contains an unquoted service
path vulne ...)
+ TODO: check
+CVE-2020-37099 (Disk Savvy Enterprise 12.3.18 contains an unquoted service
path vulner ...)
+ TODO: check
+CVE-2020-37098 (Disk Sorter Enterprise 12.4.16 contains an unquoted service
path vulne ...)
+ TODO: check
+CVE-2019-25265 (Online Inventory Manager 3.2 contains a stored cross-site
scripting vu ...)
+ TODO: check
+CVE-2019-25264 (Snipe-IT 4.7.5 contains a persistent cross-site scripting
vulnerabilit ...)
+ TODO: check
+CVE-2019-25263 (Zendesk SweetHawk Survey 1.6 contains a persistent cross-site
scriptin ...)
+ TODO: check
+CVE-2019-25261 (AnyDesk 5.4.0 contains an unquoted service path vulnerability
in its W ...)
+ TODO: check
+CVE-2026-1312 (An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11,
and 4. ...)
- python-django <unfixed>
NOTE:
https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
NOTE: Fixed by:
https://github.com/django/django/commit/90f5b10784ba5bf369caed87640e2b4394ea3314
(4.2.28)
-CVE-2026-1287 [Potential SQL injection in column aliases via control
characters]
+CVE-2026-1287 (An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11,
and 4. ...)
- python-django <unfixed>
NOTE:
https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
NOTE: Fixed by:
https://github.com/django/django/commit/f75f8f3597e1ce351d5ac08b6ba7ebd9dadd9b5d
(4.2.28)
-CVE-2026-1285 [Potential denial-of-service vulnerability in
django.utils.text.Truncator HTML methods]
+CVE-2026-1285 (An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11,
and 4. ...)
- python-django <unfixed>
NOTE:
https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
NOTE: Fixed by:
https://github.com/django/django/commit/b40cfc6052ced26dcd8166a58ea6f841d0d2cac8
(4.2.28)
-CVE-2026-1207 [Potential SQL injection via raster lookups on PostGIS]
+CVE-2026-1207 (An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11,
and 4. ...)
- python-django <unfixed>
NOTE:
https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
NOTE: Fixed by:
https://github.com/django/django/commit/a14363102d98fa29b8cced578eb3a0fadaa5bcb7
(4.2.28)
-CVE-2025-14550 [Potential denial-of-service vulnerability via repeated headers
when using ASGI]
+CVE-2025-14550 (An issue was discovered in 6.0 before 6.0.2, 5.2 before
5.2.11, and 4. ...)
- python-django <unfixed>
NOTE:
https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
NOTE: Fixed by:
https://github.com/django/django/commit/f578acc8c54530fffabd52d2db654c8669b011af
(4.2.28)
-CVE-2025-13473 [Username enumeration through timing difference in mod_wsgi
authentication handler]
+CVE-2025-13473 (An issue was discovered in 6.0 before 6.0.2, 5.2 before
5.2.11, and 4. ...)
- python-django <unfixed>
NOTE:
https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
NOTE: Fixed by:
https://github.com/django/django/commit/6dc23508f3395e1254c315084c7334ef81c4c09a
(4.2.28)
@@ -705,7 +1095,7 @@ CVE-2025-36387 (IBM Db2 for Linux, UNIX and Windows
(includes DB2 Connect Server
NOT-FOR-US: IBM
CVE-2025-36384 (IBM Db2 for Windows12.1.0 - 12.1.3 could allow a local user
with file ...)
NOT-FOR-US: IBM
-CVE-2025-36366 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 11.5 ...)
+CVE-2025-36366 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) coul ...)
NOT-FOR-US: IBM
CVE-2025-36365 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 11.5 ...)
NOT-FOR-US: IBM
@@ -1731,6 +2121,7 @@ CVE-2026-0832 (The New User Approve plugin for WordPress
is vulnerable to unauth
CVE-2026-0825 (The Database for Contact Form 7, WPforms, Elementor forms
plugin for W ...)
NOT-FOR-US: WordPress plugin
CVE-2026-0818 (When a user explicitly requested Thunderbird to decrypt an
inline Open ...)
+ {DSA-6118-1}
- thunderbird 1:140.7.1esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-08/#CVE-2026-0818
CVE-2025-9082 (The WPBITS Addons For Elementor plugin for WordPress is
vulnerable to ...)
@@ -30133,49 +30524,49 @@ CVE-2025-13086 (Improper validation of source IP
addresses in OpenVPN version 2.
NOTE: Prerequisite:
https://github.com/OpenVPN/openvpn/commit/68c01720eecc1772b3f648b9e043e396d943f632
(v2.6.15)
NOTE: Fixed by:
https://github.com/OpenVPN/openvpn/commit/18c483dd6031d86eb393527855734e8cd62fea19
(v2.7_rc2)
NOTE: Fixed by:
https://github.com/OpenVPN/openvpn/commit/fa6a1824b0f37bff137204156a74ca28cf5b6f83
(v2.6.16)
-CVE-2025-64438
+CVE-2025-64438 (Fast DDS is a C++ implementation of the DDS (Data Distribution
Service ...)
- fastdds <unfixed> (bug #1121096)
[trixie] - fastdds <no-dsa> (Minor issue)
[bookworm] - fastdds <no-dsa> (Minor issue)
[bullseye] - fastdds <postponed> (Minor issue)
NOTE: Fixed by:
https://github.com/eProsima/Fast-DDS/commit/0b0cb308eaeeb2175694aa0a0a723106824ce9a7
(v3.4.1)
-CVE-2025-62799
+CVE-2025-62799 (Fast DDS is a C++ implementation of the DDS (Data Distribution
Service ...)
- fastdds <unfixed> (bug #1121097)
[trixie] - fastdds <no-dsa> (Minor issue)
[bookworm] - fastdds <no-dsa> (Minor issue)
[bullseye] - fastdds <postponed> (Minor issue)
NOTE: Fixed by:
https://github.com/eProsima/Fast-DDS/commit/d6dd58f4ecd28cd1c3bc4ef0467be9110fa94659
(v3.4.1)
-CVE-2025-62599
+CVE-2025-62599 (Fast DDS is a C++ implementation of the DDS (Data Distribution
Service ...)
- fastdds <unfixed> (bug #1121094)
[trixie] - fastdds <no-dsa> (Minor issue)
[bookworm] - fastdds <no-dsa> (Minor issue)
[bullseye] - fastdds <postponed> (Minor issue)
NOTE: Fixed by:
https://github.com/eProsima/Fast-DDS/commit/354218514d32beac963ff5c306f1cf159ee37c5f
(v3.4.1)
-CVE-2025-62600
+CVE-2025-62600 (Fast DDS is a C++ implementation of the DDS (Data Distribution
Service ...)
- fastdds <unfixed> (bug #1121094)
[trixie] - fastdds <no-dsa> (Minor issue)
[bookworm] - fastdds <no-dsa> (Minor issue)
[bullseye] - fastdds <postponed> (Minor issue)
NOTE: Fixed by:
https://github.com/eProsima/Fast-DDS/commit/354218514d32beac963ff5c306f1cf159ee37c5f
(v3.4.1)
-CVE-2025-62601
+CVE-2025-62601 (Fast DDS is a C++ implementation of the DDS (Data Distribution
Service ...)
- fastdds <unfixed> (bug #1121094)
[trixie] - fastdds <no-dsa> (Minor issue)
[bookworm] - fastdds <no-dsa> (Minor issue)
[bullseye] - fastdds <postponed> (Minor issue)
NOTE: Fixed by:
https://github.com/eProsima/Fast-DDS/commit/354218514d32beac963ff5c306f1cf159ee37c5f
(v3.4.1)
-CVE-2025-62602
+CVE-2025-62602 (Fast DDS is a C++ implementation of the DDS (Data Distribution
Service ...)
- fastdds <unfixed> (bug #1121094)
[trixie] - fastdds <no-dsa> (Minor issue)
[bookworm] - fastdds <no-dsa> (Minor issue)
[bullseye] - fastdds <postponed> (Minor issue)
NOTE: Fixed by:
https://github.com/eProsima/Fast-DDS/commit/354218514d32beac963ff5c306f1cf159ee37c5f
(v3.4.1)
-CVE-2025-62603
+CVE-2025-62603 (Fast DDS is a C++ implementation of the DDS (Data Distribution
Service ...)
- fastdds <unfixed> (bug #1121094)
[trixie] - fastdds <no-dsa> (Minor issue)
[bookworm] - fastdds <no-dsa> (Minor issue)
[bullseye] - fastdds <postponed> (Minor issue)
NOTE: Fixed by:
https://github.com/eProsima/Fast-DDS/commit/354218514d32beac963ff5c306f1cf159ee37c5f
(v3.4.1)
-CVE-2025-64098
+CVE-2025-64098 (Fast DDS is a C++ implementation of the DDS (Data Distribution
Service ...)
- fastdds <unfixed> (bug #1121094)
[trixie] - fastdds <no-dsa> (Minor issue)
[bookworm] - fastdds <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a38128254ea42f75ce60038417d838fecfa196f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a38128254ea42f75ce60038417d838fecfa196f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
