[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Sat, 07 Feb 2026 00:13:19 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
058e8980 by security tracker role at 2026-02-07T08:12:58+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,171 @@
+CVE-2026-2077 (A security vulnerability has been detected in yeqifu warehouse 
up to a ...)
+       TODO: check
+CVE-2026-2076 (A weakness has been identified in yeqifu warehouse up to 
aaf29962ba407 ...)
+       TODO: check
+CVE-2026-2075 (A security flaw has been discovered in yeqifu warehouse up to 
aaf29962 ...)
+       TODO: check
+CVE-2026-2074 (A vulnerability was identified in O2OA up to 9.0.0. This 
impacts an un ...)
+       TODO: check
+CVE-2026-2073 (A vulnerability was determined in itsourcecode School 
Management Syste ...)
+       TODO: check
+CVE-2026-2071 (A vulnerability was found in UTT \u8fdb\u53d6 520W 
1.7.7-180627. The i ...)
+       TODO: check
+CVE-2026-2070 (A vulnerability has been found in UTT \u8fdb\u53d6 520W 
1.7.7-180627.  ...)
+       TODO: check
+CVE-2026-2069 (A flaw has been found in ggml-org llama.cpp up to 55abc39. 
Impacted is ...)
+       TODO: check
+CVE-2026-2068 (A vulnerability was detected in UTT \u8fdb\u53d6 520W 
1.7.7-180627. Th ...)
+       TODO: check
+CVE-2026-2067 (A security vulnerability has been detected in UTT \u8fdb\u53d6 
520W 1. ...)
+       TODO: check
+CVE-2026-2066 (A weakness has been identified in UTT \u8fdb\u53d6 520W 
1.7.7-180627.  ...)
+       TODO: check
+CVE-2026-25845
+       REJECTED
+CVE-2026-25844
+       REJECTED
+CVE-2026-25843
+       REJECTED
+CVE-2026-25842
+       REJECTED
+CVE-2026-25841
+       REJECTED
+CVE-2026-25840
+       REJECTED
+CVE-2026-25839
+       REJECTED
+CVE-2026-25838
+       REJECTED
+CVE-2026-25837
+       REJECTED
+CVE-2026-25804 (Antrea is a Kubernetes networking solution intended to be 
Kubernetes n ...)
+       TODO: check
+CVE-2026-25803 (3DP-MANAGER is an inbound generator for 3x-ui. In version 
2.0.1 and pr ...)
+       TODO: check
+CVE-2026-25793 (Nebula is a scalable overlay networking tool. In versions from 
1.7.0 t ...)
+       TODO: check
+CVE-2026-25764 (OpenProject is an open-source, web-based project management 
software.  ...)
+       TODO: check
+CVE-2026-25763 (OpenProject is an open-source, web-based project management 
software.  ...)
+       TODO: check
+CVE-2026-25762 (AdonisJS is a TypeScript-first web framework. Prior to 
versions 10.1.3 ...)
+       TODO: check
+CVE-2026-25760 (Sliver is a command and control framework that uses a custom 
Wireguard ...)
+       TODO: check
+CVE-2026-25758 (Spree is an open source e-commerce solution built with Ruby on 
Rails.  ...)
+       TODO: check
+CVE-2026-25757 (Spree is an open source e-commerce solution built with Ruby on 
Rails.  ...)
+       TODO: check
+CVE-2026-25754 (AdonisJS is a TypeScript-first web framework. Prior to 
versions 10.1.3 ...)
+       TODO: check
+CVE-2026-25749 (Vim is an open source, command line text editor. Prior to 
version 9.1. ...)
+       TODO: check
+CVE-2026-25732 (NiceGUI is a Python-based UI framework. Prior to 3.7.0, 
NiceGUI's File ...)
+       TODO: check
+CVE-2026-25731 (calibre is an e-book manager. Prior to 9.2.0, a Server-Side 
Template I ...)
+       TODO: check
+CVE-2026-25729 (DeepAudit is a multi-agent system for code vulnerability 
discovery. In ...)
+       TODO: check
+CVE-2026-25644 (DataHub is an open-source metadata platform. Prior to version 
1.3.1.8, ...)
+       TODO: check
+CVE-2026-25636 (calibre is an e-book manager. In 9.1.0 and earlier, a path 
traversal v ...)
+       TODO: check
+CVE-2026-25635 (calibre is an e-book manager. Prior to 9.2.0, Calibre's CHM 
reader con ...)
+       TODO: check
+CVE-2026-25634 (iccDEV provides a set of libraries and tools that allow for 
the intera ...)
+       TODO: check
+CVE-2026-25632 (EPyT-Flow is a Python package designed for the easy generation 
of hydr ...)
+       TODO: check
+CVE-2026-25631 (n8n is an open source workflow automation platform. Prior to 
1.121.0,  ...)
+       TODO: check
+CVE-2026-25628 (Qdrant is a vector similarity search engine and vector 
database. From  ...)
+       TODO: check
+CVE-2026-25597 (PrestaShop is an open source e-commerce web application. Prior 
to 8.2. ...)
+       TODO: check
+CVE-2026-25593 (OpenClaw is a personal AI assistant. Prior to 2026.1.20, an 
unauthenti ...)
+       TODO: check
+CVE-2026-25592 (Semantic Kernel is an SDK used to build, orchestrate, and 
deploy AI ag ...)
+       TODO: check
+CVE-2026-25581 (SCEditor is a lightweight WYSIWYG BBCode and XHTML editor. 
Prior to 3. ...)
+       TODO: check
+CVE-2026-25580 (Pydantic AI is a Python agent framework for building 
applications and  ...)
+       TODO: check
+CVE-2026-25574 (Payload is a free and open source headless content management 
system.  ...)
+       TODO: check
+CVE-2026-25544 (Payload is a free and open source headless content management 
system.  ...)
+       TODO: check
+CVE-2026-25533 (Enclave is a secure JavaScript sandbox designed for safe AI 
agent code ...)
+       TODO: check
+CVE-2026-25516 (NiceGUI is a Python-based UI framework. The ui.markdown() 
component us ...)
+       TODO: check
+CVE-2026-25123 (Homarr is an open-source dashboard. Prior to 1.52.0, a public 
(unauthe ...)
+       TODO: check
+CVE-2026-1731 (BeyondTrust Remote Support (RS) and certain older versions of 
Privileg ...)
+       TODO: check
+CVE-2026-1727 (The Agentspace service was affected by a vulnerability that 
exposed se ...)
+       TODO: check
+CVE-2025-68621 (Trilium Notes is an open-source, cross-platform hierarchical 
note taki ...)
+       TODO: check
+CVE-2025-31990 (Rate limiting for certain API calls is not being enforced, 
making HCL  ...)
+       TODO: check
+CVE-2025-15491 (The Post Slides WordPress plugin through 1.0.1 does not 
validate some  ...)
+       TODO: check
+CVE-2025-15267 (The Bold Page Builder plugin for WordPress is vulnerable to 
Stored Cro ...)
+       TODO: check
+CVE-2025-13463 (The Bold Page Builder plugin for WordPress is vulnerable to 
Stored Cro ...)
+       TODO: check
+CVE-2025-12803 (The Bold Page Builder plugin for WordPress is vulnerable to 
Stored Cro ...)
+       TODO: check
+CVE-2025-12159 (The Bold Page Builder plugin for WordPress is vulnerable to 
Stored Cro ...)
+       TODO: check
+CVE-2023-6763
+       REJECTED
+CVE-2020-37171 (TapinRadio 2.12.3 contains a denial of service vulnerability 
in the ap ...)
+       TODO: check
+CVE-2020-37170 (TapinRadio 2.12.3 contains a denial of service vulnerability 
in the ap ...)
+       TODO: check
+CVE-2020-37166 (AbsoluteTelnet 11.12 contains a denial of service 
vulnerability in the ...)
+       TODO: check
+CVE-2020-37165 (AbsoluteTelnet 11.12 contains a denial of service 
vulnerability that a ...)
+       TODO: check
+CVE-2020-37164 (AbsoluteTelnet 11.12 contains a denial of service 
vulnerability that a ...)
+       TODO: check
+CVE-2020-37163 (QuickDate 1.3.2 contains a SQL injection vulnerability that 
allows rem ...)
+       TODO: check
+CVE-2020-37162 (Wedding Slideshow Studio 1.36 contains a buffer overflow 
vulnerability ...)
+       TODO: check
+CVE-2020-37161 (Wedding Slideshow Studio 1.36 contains a buffer overflow 
vulnerability ...)
+       TODO: check
+CVE-2020-37160 (SprintWork 2.3.1 contains multiple local privilege escalation 
vulnerab ...)
+       TODO: check
+CVE-2020-37159 (Parallaxis Cuckoo Clock 5.0 contains a buffer overflow 
vulnerability t ...)
+       TODO: check
+CVE-2020-37157 (DBPower C300 HD Camera contains a configuration disclosure 
vulnerabili ...)
+       TODO: check
+CVE-2020-37155 (Core FTP Lite 1.3 contains a buffer overflow vulnerability in 
the user ...)
+       TODO: check
+CVE-2020-37154 (eLection 2.0 contains an authenticated SQL injection 
vulnerability in  ...)
+       TODO: check
+CVE-2020-37147 (ATutor 2.2.4 contains a SQL injection vulnerability in the 
admin user  ...)
+       TODO: check
+CVE-2020-37146 (ACE Security WiP-90113 HD Camera contains a configuration 
disclosure v ...)
+       TODO: check
+CVE-2020-37141 (AMSS++ version 4.31 contains a SQL injection vulnerability in 
the mail ...)
+       TODO: check
+CVE-2020-37135 (AMSS++ 4.7 contains an authentication bypass vulnerability 
that allows ...)
+       TODO: check
+CVE-2020-37122 (SpotFTP-FTP Password Recover 2.4.8 contains a denial of 
service vulner ...)
+       TODO: check
+CVE-2020-37109 (aSc TimeTables 2020.11.4 contains a denial of service 
vulnerability th ...)
+       TODO: check
+CVE-2020-37107 (Core FTP LE 2.2 contains a denial of service vulnerability 
that allows ...)
+       TODO: check
+CVE-2020-37106 (Business Live Chat Software 1.0 contains a cross-site request 
forgery  ...)
+       TODO: check
+CVE-2020-37095 (Cyberoam Authentication Client 2.1.2.7 contains a buffer 
overflow vuln ...)
+       TODO: check
+CVE-2020-37079 (Wing FTP Server versions prior to 6.2.7 contain a cross-site 
request f ...)
+       TODO: check
 CVE-2026-2100 [NULL dereference via C_DeriveKey with specific NULL parameters]
        - p11-kit <unfixed>
        NOTE: Fixed by: 
https://github.com/p11-glue/p11-kit/commit/39f3b5ed3deccc2772e21ffb7d269329e3ecb600
 (0.26.2)
@@ -3855,7 +4023,7 @@ CVE-2025-69562 (code-projects Mobile Shop Management 
System 1.0 is vulnerable to
 CVE-2025-69559 (code-projects Computer Book Store 1.0 is vulnerable to File 
Upload in  ...)
        NOT-FOR-US: code-projects
 CVE-2025-68670 (xrdp is an open source RDP server. xrdp before v0.10.5 
contains an una ...)
-       {DLA-4464-1}
+       {DSA-6123-1 DLA-4464-1}
        [experimental] - xrdp 0.10.5-1
        - xrdp 0.10.1-4.1 (bug #1126537)
        NOTE: 
https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-rwvg-gp87-gh6f
@@ -284651,11 +284819,11 @@ CVE-2023-28488 (client.c in gdhcp in ConnMan 
through 1.41 could be used by netwo
        NOTE: https://github.com/moehw/poc_exploits/tree/master/CVE-2023-28488
        NOTE: 
https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=99e2c16ea1cced34a5dc450d76287a1c3e762138
 CVE-2023-28487 (Sudo before 1.9.13 does not escape control characters in 
sudoreplay ou ...)
-       {DLA-3732-1}
+       {DLA-4472-1 DLA-3732-1}
        - sudo 1.9.13p1-1
        NOTE: 
https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca
 CVE-2023-28486 (Sudo before 1.9.13 does not escape control characters in log 
messages.)
-       {DLA-3732-1}
+       {DLA-4472-1 DLA-3732-1}
        - sudo 1.9.13p1-1
        NOTE: 
https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca
        NOTE: 
https://github.com/sudo-project/sudo/commit/12648b4e0a8cf486480442efd52f0e0b6cab6e8b
 (fix a regression)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/058e89800b42cb39d9d0aff3636148f2518f4cc1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/058e89800b42cb39d9d0aff3636148f2518f4cc1
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to