[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Fri, 06 Feb 2026 12:13:40 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
c50d3795 by security tracker role at 2026-02-06T20:13:26+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,212 @@
-CVE-2026-25727
+CVE-2026-2103 (Infor SyteLine ERP uses hard-coded static cryptographic keys to 
encryp ...)
+       TODO: check
+CVE-2026-2065 (A security flaw has been discovered in Flycatcher Toys smART 
Pixelator ...)
+       TODO: check
+CVE-2026-2064 (A vulnerability was identified in Portabilis i-Educar up to 
2.10. Affe ...)
+       TODO: check
+CVE-2026-2063 (A security flaw has been discovered in D-Link DIR-823X 250416. 
This vu ...)
+       TODO: check
+CVE-2026-2062 (A vulnerability was identified in Open5GS up to 2.7.6. This 
affects th ...)
+       TODO: check
+CVE-2026-2061 (A vulnerability was determined in D-Link DIR-823X 250416. 
Affected by  ...)
+       TODO: check
+CVE-2026-2060 (A vulnerability was found in code-projects Simple Blood Donor 
Manageme ...)
+       TODO: check
+CVE-2026-2059 (A vulnerability has been found in SourceCodester Medical Center 
Portal ...)
+       TODO: check
+CVE-2026-2058 (A flaw has been found in mathurvishal 
CloudClassroom-PHP-Project up to ...)
+       TODO: check
+CVE-2026-2057 (A vulnerability was detected in SourceCodester Medical Center 
Portal M ...)
+       TODO: check
+CVE-2026-2056 (A security vulnerability has been detected in D-Link DIR-605L 
and DIR- ...)
+       TODO: check
+CVE-2026-2055 (A weakness has been identified in D-Link DIR-605L and DIR-619L 
2.06B01 ...)
+       TODO: check
+CVE-2026-2054 (A security flaw has been discovered in D-Link DIR-605L and 
DIR-619L 2. ...)
+       TODO: check
+CVE-2026-2018 (A flaw has been found in itsourcecode School Management System 
1.0. Th ...)
+       TODO: check
+CVE-2026-2017 (A vulnerability was detected in IP-COM W30AP up to 
1.0.0.11(1340). Aff ...)
+       TODO: check
+CVE-2026-2016 (A security vulnerability has been detected in happyfish100 
libfastcomm ...)
+       TODO: check
+CVE-2026-2015 (A weakness has been identified in Portabilis i-Educar up to 
2.10. Affe ...)
+       TODO: check
+CVE-2026-2014 (A security flaw has been discovered in itsourcecode Student 
Management ...)
+       TODO: check
+CVE-2026-2013 (A vulnerability was identified in itsourcecode Student 
Management Syst ...)
+       TODO: check
+CVE-2026-2012 (A vulnerability was determined in itsourcecode Student 
Management Syst ...)
+       TODO: check
+CVE-2026-2011 (A vulnerability was found in itsourcecode Student Management 
System 1. ...)
+       TODO: check
+CVE-2026-25753 (PlaciPy is a placement management system designed for 
educational inst ...)
+       TODO: check
+CVE-2026-25752 (FUXA is a web-based Process Visualization 
(SCADA/HMI/Dashboard) softwa ...)
+       TODO: check
+CVE-2026-25751 (FUXA is a web-based Process Visualization 
(SCADA/HMI/Dashboard) softwa ...)
+       TODO: check
+CVE-2026-25725 (Claude Code is an agentic coding tool. Prior to version 2.1.2, 
Claude  ...)
+       TODO: check
+CVE-2026-25724 (Claude Code is an agentic coding tool. Prior to version 2.1.7, 
Claude  ...)
+       TODO: check
+CVE-2026-25723 (Claude Code is an agentic coding tool. Prior to version 
2.0.55, Claude ...)
+       TODO: check
+CVE-2026-25722 (Claude Code is an agentic coding tool. Prior to version 
2.0.57, Claude ...)
+       TODO: check
+CVE-2026-25651 (client-certificate-auth is middleware for Node.js implementing 
client  ...)
+       TODO: check
+CVE-2026-25650 (MCP Salesforce Connector is a Model Context Protocol (MCP) 
server impl ...)
+       TODO: check
+CVE-2026-25647 (Lute is a structured Markdown engine supporting Go and 
JavaScript. Lut ...)
+       TODO: check
+CVE-2026-25643 (Frigate is a network video recorder (NVR) with realtime local 
object d ...)
+       TODO: check
+CVE-2026-25642 (HedgeDoc is an open source, real-time, collaborative, markdown 
notes a ...)
+       TODO: check
+CVE-2026-25641 (SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, 
there i ...)
+       TODO: check
+CVE-2026-25640 (Pydantic AI is a Python agent framework for building 
applications and  ...)
+       TODO: check
+CVE-2026-25587 (SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, 
as Map  ...)
+       TODO: check
+CVE-2026-25586 (SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, 
a sandb ...)
+       TODO: check
+CVE-2026-25556 (MuPDF versions 1.23.0 through 1.27.0 contain a double-free 
vulnerabili ...)
+       TODO: check
+CVE-2026-25520 (SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, 
The ret ...)
+       TODO: check
+CVE-2026-24931 (Vulnerability of improper criterion security check in the card 
module. ...)
+       TODO: check
+CVE-2026-24930 (UAF concurrency vulnerability in the graphics module. Impact: 
Successf ...)
+       TODO: check
+CVE-2026-24929 (Out-of-bounds read vulnerability in the graphics module. 
Impact: Succe ...)
+       TODO: check
+CVE-2026-24928 (Out-of-bounds write vulnerability in the file system module. 
Impact: S ...)
+       TODO: check
+CVE-2026-24927 (Out-of-bounds access vulnerability in the frequency modulation 
module. ...)
+       TODO: check
+CVE-2026-24926 (Out-of-bounds write vulnerability in the camera module. 
Impact: Succes ...)
+       TODO: check
+CVE-2026-24925 (Heap-based buffer overflow vulnerability in the image module. 
Impact:  ...)
+       TODO: check
+CVE-2026-24924 (Vulnerability of improper permission control in the print 
module. Impa ...)
+       TODO: check
+CVE-2026-24923 (Permission control vulnerability in the HDC module. Impact: 
Successful ...)
+       TODO: check
+CVE-2026-24922 (Buffer overflow vulnerability in the HDC module. Impact: 
Successful ex ...)
+       TODO: check
+CVE-2026-24921 (Address read vulnerability in the HDC module. Impact: 
Successful explo ...)
+       TODO: check
+CVE-2026-24920 (Permission control vulnerability in the AMS module. Impact: 
Successful ...)
+       TODO: check
+CVE-2026-24919 (Out-of-bounds write vulnerability in the DFX module. Impact: 
Successfu ...)
+       TODO: check
+CVE-2026-24918 (Address read vulnerability in the communication module. 
Impact: Succes ...)
+       TODO: check
+CVE-2026-24917 (UAF vulnerability in the security module. Impact: Successful 
exploitat ...)
+       TODO: check
+CVE-2026-24916 (Identity authentication bypass vulnerability in the window 
module. Imp ...)
+       TODO: check
+CVE-2026-24915 (Out-of-bounds read issue in the media subsystem. Impact: 
Successful ex ...)
+       TODO: check
+CVE-2026-24914 (Type confusion vulnerability in the camera module. Impact: 
Successful  ...)
+       TODO: check
+CVE-2026-24903 (OrcaStatLLM Researcher is an LLM Based Research Paper 
Generator. A Sto ...)
+       TODO: check
+CVE-2026-24851 (OpenFGA is a high-performance and flexible 
authorization/permission en ...)
+       TODO: check
+CVE-2026-24776 (OpenProject is an open-source, web-based project management 
software.  ...)
+       TODO: check
+CVE-2026-24419 (OpenSTAManager is an open source management software for 
technical ass ...)
+       TODO: check
+CVE-2026-24418 (OpenSTAManager is an open source management software for 
technical ass ...)
+       TODO: check
+CVE-2026-24417 (OpenSTAManager is an open source management software for 
technical ass ...)
+       TODO: check
+CVE-2026-24416 (OpenSTAManager is an open source management software for 
technical ass ...)
+       TODO: check
+CVE-2026-24135 (Gogs is an open source self-hosted Git service. In version 
0.13.3 and  ...)
+       TODO: check
+CVE-2026-24050 (Zulip is an open-source team collaboration tool. From 5.0 to 
before 11 ...)
+       TODO: check
+CVE-2026-23989 (REVA is an interoperability platform. Prior to 2.42.3 and 
2.40.3, a bu ...)
+       TODO: check
+CVE-2026-23741 (Asterisk is an open source private branch exchange and 
telephony toolk ...)
+       TODO: check
+CVE-2026-23740 (Asterisk is an open source private branch exchange and 
telephony toolk ...)
+       TODO: check
+CVE-2026-23739 (Asterisk is an open source private branch exchange and 
telephony toolk ...)
+       TODO: check
+CVE-2026-23738 (Asterisk is an open source private branch exchange and 
telephony toolk ...)
+       TODO: check
+CVE-2026-23633 (Gogs is an open source self-hosted Git service. In version 
0.13.3 and  ...)
+       TODO: check
+CVE-2026-23632 (Gogs is an open source self-hosted Git service. In version 
0.13.3 and  ...)
+       TODO: check
+CVE-2026-22592 (Gogs is an open source self-hosted Git service. In version 
0.13.3 and  ...)
+       TODO: check
+CVE-2026-22254 (Winter is a free, open-source content management system (CMS) 
based on ...)
+       TODO: check
+CVE-2026-21643 (An improper neutralization of special elements used in an sql 
command  ...)
+       TODO: check
+CVE-2026-1785 (The Code Snippets plugin for WordPress is vulnerable to 
Cross-Site Req ...)
+       TODO: check
+CVE-2026-1769 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
+       TODO: check
+CVE-2026-1709 (A flaw was found in Keylime. The Keylime registrar, since 
version 7.12 ...)
+       TODO: check
+CVE-2026-1499 (The WP Duplicate plugin for WordPress is vulnerable to Missing 
Authori ...)
+       TODO: check
+CVE-2026-1337 (Insufficient escaping of unicode characters in query log in 
Neo4j Ente ...)
+       TODO: check
+CVE-2026-1293 (The Yoast SEO \u2013 Advanced SEO with real-time guidance and 
built-in ...)
+       TODO: check
+CVE-2026-1252 (The Events Listing Widget plugin for WordPress is vulnerable to 
Stored ...)
+       TODO: check
+CVE-2025-70963 (Gophish <=0.12.1 is vulnerable to Incorrect Access Control. 
The admini ...)
+       TODO: check
+CVE-2025-69216 (OpenSTAManager is an open source management software for 
technical ass ...)
+       TODO: check
+CVE-2025-69214 (OpenSTAManager is an open source management software for 
technical ass ...)
+       TODO: check
+CVE-2025-69212 (OpenSTAManager is an open source management software for 
technical ass ...)
+       TODO: check
+CVE-2025-64175 (Gogs is an open source self-hosted Git service. In version 
0.13.3 and  ...)
+       TODO: check
+CVE-2025-64111 (Gogs is an open source self-hosted Git service. In version 
0.13.3 and  ...)
+       TODO: check
+CVE-2025-15320 (Tanium addressed a denial of service vulnerability in Tanium 
Client.)
+       TODO: check
+CVE-2025-13818 (Local privilege escalation vulnerability via insecure 
temporary batch  ...)
+       TODO: check
+CVE-2025-13523 (Mattermost Confluence plugin version <1.7.0 fails to properly 
escape u ...)
+       TODO: check
+CVE-2019-25305 (JumpStart 0.6.0.0 contains an unquoted service path 
vulnerability in t ...)
+       TODO: check
+CVE-2019-25304 (SecurOS Enterprise 10.2 contains an unquoted service path 
vulnerabilit ...)
+       TODO: check
+CVE-2019-25303 (TheJshen ContentManagementSystem 1.04 contains a SQL injection 
vulnera ...)
+       TODO: check
+CVE-2019-25302 (Acer Launch Manager 6.1.7600.16385 contains an unquoted 
service path v ...)
+       TODO: check
+CVE-2019-25301 (Millhouse-Project 1.414 contains a persistent cross-site 
scripting vul ...)
+       TODO: check
+CVE-2019-25300 (thejshen Globitek CMS 1.4 contains a SQL injection 
vulnerability that  ...)
+       TODO: check
+CVE-2019-25299 (RimbaLinux AhadPOS 1.11 contains a SQL injection vulnerability 
in the  ...)
+       TODO: check
+CVE-2019-25298 (html5_snmp 1.11 contains multiple SQL injection 
vulnerabilities that a ...)
+       TODO: check
+CVE-2019-25294 (html5_snmp 1.11 contains a persistent cross-site scripting 
vulnerabili ...)
+       TODO: check
+CVE-2019-25293 (BlueStacks App Player 2.4.44.62.57 contains an unquoted 
service path v ...)
+       TODO: check
+CVE-2019-25292 (Alps HID Monitor Service 8.1.0.10 contains an unquoted service 
path vu ...)
+       TODO: check
+CVE-2019-25266 (Wondershare Application Framework Service 2.4.3.231 contains 
an unquot ...)
+       TODO: check
+CVE-2026-25727 (time provides date and time handling in Rust. From 0.3.6 to 
before 0.3 ...)
        - rust-time 0.3.47-1
        [trixie] - rust-time <no-dsa> (Minor issue)
        [bookworm] - rust-time <no-dsa> (Minor issue)
@@ -3229,6 +3437,7 @@ CVE-2026-24778 (Ghost is an open source content 
management system. In Ghost vers
 CVE-2026-24770 (RAGFlow is an open-source RAG (Retrieval-Augmented Generation) 
engine. ...)
        NOT-FOR-US: RAGFlow
 CVE-2026-24765 (PHPUnit is a testing framework for PHP. A vulnerability has 
been disco ...)
+       {DLA-4470-1}
        - phpunit 12.5.8-1
        [trixie] - phpunit <no-dsa> (Minor issue; can be fixed via point 
release)
        [bookworm] - phpunit <no-dsa> (Minor issue; can be fixed via point 
release)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c50d379520cd736e6393f8d650ef167272da5a44

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c50d379520cd736e6393f8d650ef167272da5a44
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to