Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
159bad89 by security tracker role at 2026-02-10T08:13:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,205 @@
+CVE-2026-2260 (A vulnerability was found in D-Link DCS-931L up to 1.13.0. This
affect ...)
+ TODO: check
+CVE-2026-2259 (A vulnerability has been found in aardappel lobster up to
2025.4. Affe ...)
+ TODO: check
+CVE-2026-2258 (A flaw has been found in aardappel lobster up to 2025.4.
Affected by t ...)
+ TODO: check
+CVE-2026-2099 (AgentFlow developed by Flowring has a Stored Cross-Site
Scripting vuln ...)
+ TODO: check
+CVE-2026-2098 (AgentFlow developed by Flowring has a Reflected Cross-site
Scripting v ...)
+ TODO: check
+CVE-2026-2097 (Agentflow developed by Flowring has an Arbitrary File Upload
vulnerabi ...)
+ TODO: check
+CVE-2026-2096 (Agentflow developed by Flowring has a Missing Authentication
vulnerabi ...)
+ TODO: check
+CVE-2026-2095 (Agentflow developed by Flowring has an Authentication Bypass
vulnerabi ...)
+ TODO: check
+CVE-2026-2094 (Docpedia developed by Flowring has a SQL Injection
vulnerability, allo ...)
+ TODO: check
+CVE-2026-2093 (Docpedia developed by Flowring has a SQL Injection
vulnerability, allo ...)
+ TODO: check
+CVE-2026-25981
+ REJECTED
+CVE-2026-25980
+ REJECTED
+CVE-2026-25979
+ REJECTED
+CVE-2026-25978
+ REJECTED
+CVE-2026-25977
+ REJECTED
+CVE-2026-25976
+ REJECTED
+CVE-2026-25975
+ REJECTED
+CVE-2026-25974
+ REJECTED
+CVE-2026-25973
+ REJECTED
+CVE-2026-25961 (SumatraPDF is a multi-format reader for Windows. In 3.5.0
through 3.5. ...)
+ TODO: check
+CVE-2026-25958 (Cube is a semantic layer for building data applications. From
0.27.19 ...)
+ TODO: check
+CVE-2026-25957 (Cube is a semantic layer for building data applications. From
1.1.17 t ...)
+ TODO: check
+CVE-2026-25951 (FUXA is a web-based Process Visualization
(SCADA/HMI/Dashboard) softwa ...)
+ TODO: check
+CVE-2026-25939 (FUXA is a web-based Process Visualization
(SCADA/HMI/Dashboard) softwa ...)
+ TODO: check
+CVE-2026-25938 (FUXA is a web-based Process Visualization
(SCADA/HMI/Dashboard) softwa ...)
+ TODO: check
+CVE-2026-25934 (go-git is a highly extensible git implementation library
written in pu ...)
+ TODO: check
+CVE-2026-25931 (vscode-spell-checker is a basic spell checker that works well
with cod ...)
+ TODO: check
+CVE-2026-25925 (PowerDocu contains a Windows GUI executable to perform
technical docum ...)
+ TODO: check
+CVE-2026-25923 (my little forum is a PHP and MySQL based internet forum that
displays ...)
+ TODO: check
+CVE-2026-25920 (SumatraPDF is a multi-format reader for Windows. In 3.5.2 and
earlier, ...)
+ TODO: check
+CVE-2026-25918 (unity-cli is a command line utility for the Unity Game Engine.
Prior t ...)
+ TODO: check
+CVE-2026-25895 (FUXA is a web-based Process Visualization
(SCADA/HMI/Dashboard) softwa ...)
+ TODO: check
+CVE-2026-25894 (FUXA is a web-based Process Visualization
(SCADA/HMI/Dashboard) softwa ...)
+ TODO: check
+CVE-2026-25893 (FUXA is a web-based Process Visualization
(SCADA/HMI/Dashboard) softwa ...)
+ TODO: check
+CVE-2026-25892 (Adminer is open-source database management software. Adminer
v5.4.1 an ...)
+ TODO: check
+CVE-2026-25890 (File Browser provides a file managing interface within a
specified dir ...)
+ TODO: check
+CVE-2026-25889 (File Browser provides a file managing interface within a
specified dir ...)
+ TODO: check
+CVE-2026-25885 (PolarLearn is a free and open-source learning program. In
0-PRERELEASE ...)
+ TODO: check
+CVE-2026-25881 (SandboxJS is a JavaScript sandboxing library. Prior to 0.8.31,
a sandb ...)
+ TODO: check
+CVE-2026-25880 (SumatraPDF is a multi-format reader for Windows. In 3.5.2 and
earlier, ...)
+ TODO: check
+CVE-2026-25878 (FroshAdminer is the Adminer plugin for Shopware Platform.
Prior to 2.2 ...)
+ TODO: check
+CVE-2026-25876 (PlaciPy is a placement management system designed for
educational inst ...)
+ TODO: check
+CVE-2026-25875 (PlaciPy is a placement management system designed for
educational inst ...)
+ TODO: check
+CVE-2026-25814 (PlaciPy is a placement management system designed for
educational inst ...)
+ TODO: check
+CVE-2026-25813 (PlaciPy is a placement management system designed for
educational inst ...)
+ TODO: check
+CVE-2026-25812 (PlaciPy is a placement management system designed for
educational inst ...)
+ TODO: check
+CVE-2026-25811 (PlaciPy is a placement management system designed for
educational inst ...)
+ TODO: check
+CVE-2026-25810 (PlaciPy is a placement management system designed for
educational inst ...)
+ TODO: check
+CVE-2026-25809 (PlaciPy is a placement management system designed for
educational inst ...)
+ TODO: check
+CVE-2026-25808 (Hollo is a federated single-user microblogging software
designed to be ...)
+ TODO: check
+CVE-2026-25807 (ZAI Shell is an autonomous SysOps agent designed to navigate,
repair, ...)
+ TODO: check
+CVE-2026-25806 (PlaciPy is a placement management system designed for
educational inst ...)
+ TODO: check
+CVE-2026-25791 (Sliver is a command and control framework that uses a custom
Wireguard ...)
+ TODO: check
+CVE-2026-25765 (Faraday is an HTTP client library abstraction layer that
provides a co ...)
+ TODO: check
+CVE-2026-25761 (Super-linter is a combination of multiple linters to run as a
GitHub A ...)
+ TODO: check
+CVE-2026-25740 (captive browser, a dedicated Chrome instance to log into
captive porta ...)
+ TODO: check
+CVE-2026-25639 (Axios is a promise based HTTP client for the browser and
Node.js. Prio ...)
+ TODO: check
+CVE-2026-25528 (LangSmith Client SDKs provide SDK's for interacting with the
LangSmith ...)
+ TODO: check
+CVE-2026-24328 (SAP TAF_APPLAUNCHER within Business Server Pages allows
unauthenticate ...)
+ TODO: check
+CVE-2026-24327 (Due to missing authorization check in SAP Strategic Enterprise
Managem ...)
+ TODO: check
+CVE-2026-24326 (Due to a missing authorization check in the Disconnected
Operations of ...)
+ TODO: check
+CVE-2026-24325 (SAP BusinessObjects Enterprise does not sufficiently encode
user-contr ...)
+ TODO: check
+CVE-2026-24324 (SAP BusinessObjects Business Intelligence Platform
(AdminTools) allows ...)
+ TODO: check
+CVE-2026-24323 (The BSP applications allow an unauthenticated user to inject
malicious ...)
+ TODO: check
+CVE-2026-24322 (SAP Solution Tools Plug-In (ST-PI) contains a function module
that doe ...)
+ TODO: check
+CVE-2026-24321 (SAP Commerce Cloud exposes multiple API endpoints to
unauthenticated u ...)
+ TODO: check
+CVE-2026-24320 (Due to improper memory management in SAP NetWeaver and ABAP
Platform ( ...)
+ TODO: check
+CVE-2026-24319 (In SAP Business One, sensitive information is written to the
applicati ...)
+ TODO: check
+CVE-2026-24312 (An erroneous authorization check in SAP Business Workflow
leads to pri ...)
+ TODO: check
+CVE-2026-23689 (Due to an uncontrolled resource consumption (Denial of
Service) vulner ...)
+ TODO: check
+CVE-2026-23688 (SAP Fiori App Manage Service Entry Sheets does not perform
necessary a ...)
+ TODO: check
+CVE-2026-23687 (SAP NetWeaver Application Server ABAP and ABAP Platform allows
an auth ...)
+ TODO: check
+CVE-2026-23686 (Due to a CRLF Injection vulnerability in SAP NetWeaver
Application Ser ...)
+ TODO: check
+CVE-2026-23685 (Due to a Deserialization vulnerability in SAP NetWeaver (JMS
service), ...)
+ TODO: check
+CVE-2026-23684 (A race condition vulnerability exists in the SAP Commerce
cloud. Becau ...)
+ TODO: check
+CVE-2026-23681 (Due to missing authorization check in a function module in SAP
Support ...)
+ TODO: check
+CVE-2026-1722 (The WCFM Marketplace \u2013 Multivendor Marketplace for
WooCommerce pl ...)
+ TODO: check
+CVE-2026-0996 (The Fluent Forms plugin for WordPress is vulnerable to Stored
Cross-Si ...)
+ TODO: check
+CVE-2026-0845 (The WCFM \u2013 Frontend Manager for WooCommerce along with
Bookings S ...)
+ TODO: check
+CVE-2026-0509 (SAP NetWeaver Application Server ABAP and ABAP Platform allows
an auth ...)
+ TODO: check
+CVE-2026-0508 (The SAP BusinessObjects Business Intelligence Platform allows
an authe ...)
+ TODO: check
+CVE-2026-0505 (The BSP applications allow an unauthenticated user to
manipulate user- ...)
+ TODO: check
+CVE-2026-0490 (SAP BusinessObjects BI Platform allows an unauthenticated
attacker to ...)
+ TODO: check
+CVE-2026-0488 (An authenticated attacker in SAP CRM and SAP S/4HANA (Scripting
Editor ...)
+ TODO: check
+CVE-2026-0486 (In ABAP based SAP systems a remote enabled function module does
not pe ...)
+ TODO: check
+CVE-2026-0485 (SAP BusinessObjects BI Platform allows an unauthenticated
attacker to ...)
+ TODO: check
+CVE-2026-0484 (Due to missing authorization check in SAP NetWeaver Application
Server ...)
+ TODO: check
+CVE-2025-15319 (Tanium addressed a local privilege escalation vulnerability in
Patch E ...)
+ TODO: check
+CVE-2025-15318 (Tanium addressed an arbitrary file deletion vulnerability in
End-User ...)
+ TODO: check
+CVE-2025-15317 (Tanium addressed an uncontrolled resource consumption
vulnerability in ...)
+ TODO: check
+CVE-2025-15316 (Tanium addressed a local privilege escalation vulnerability in
Tanium ...)
+ TODO: check
+CVE-2025-15315 (Tanium addressed a local privilege escalation vulnerability in
Tanium ...)
+ TODO: check
+CVE-2025-15314 (Tanium addressed an arbitrary file deletion vulnerability in
end-user- ...)
+ TODO: check
+CVE-2025-15313 (Tanium addressed an arbitrary file deletion vulnerability in
Tanium EU ...)
+ TODO: check
+CVE-2025-15310 (Tanium addressed a local privilege escalation vulnerability in
Patch E ...)
+ TODO: check
+CVE-2025-15147 (The WCFM Membership \u2013 WooCommerce Memberships for
Multivendor Mar ...)
+ TODO: check
+CVE-2025-13064 (A server-side injection was possible for a malicious admin to
manipula ...)
+ TODO: check
+CVE-2025-12757 (An AXIS Camera Station Pro feature can be exploited in a way
that allo ...)
+ TODO: check
+CVE-2025-12063 (An insecure direct object reference allowed a non-admin user
to modify ...)
+ TODO: check
+CVE-2025-11547 (AXIS Camera Station Pro contained a flaw toperform a privilege
escalat ...)
+ TODO: check
+CVE-2025-11142 (The VAPIX API mediaclip.cgi that did not have a sufficient
input valid ...)
+ TODO: check
CVE-2026-2239 [PSD loader: heap-buffer-overflow in fread_pascal_string() (no
null terminator)]
- gimp <unfixed>
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/15812
@@ -147,7 +349,7 @@ CVE-2026-23901 [shiro: Brute force attack possible to
determine valid user names
[trixie] - shiro <no-dsa> (Minor issue)
[bookworm] - shiro <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2026/02/08/2
-CVE-2026-25916 [remote image blocking bypass via SVG content]
+CVE-2026-25916 (Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when
"Block rem ...)
- roundcube 1.6.13+dfsg-1 (bug #1127447)
NOTE: Fixed by:
https://github.com/roundcube/roundcubemail/commit/036e851b683333205813f70acda2dc047b4891c8
(1.6.13)
NOTE:
https://roundcube.net/news/2026/02/08/security-updates-1.6.13-and-1.5.13
@@ -75716,7 +75918,7 @@ CVE-2025-30483 (Dell ECS versions prior to 3.8.1.5/
ObjectScale version 4.0.0.0
NOT-FOR-US: Dell / EMC
CVE-2025-26186 (SQL Injection vulnerability in openSIS v.9.1 allows a remote
attacker ...)
NOT-FOR-US: openSIS
-CVE-2025-24477 (A heap-based buffer overflow in Fortinet FortiOS 7.6.0 through
7.6.2, ...)
+CVE-2025-24477 (A heap-based buffer overflow vulnerability in Fortinet FortiOS
7.6.0 t ...)
NOT-FOR-US: Fortinet
CVE-2025-0831 (Out-Of-Bounds Read vulnerability exists in the JT file reading
procedu ...)
NOT-FOR-US: Dassault Systemes
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/159bad89c9809b9b2f0d3a1b1dcc8f253c1aa141
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/159bad89c9809b9b2f0d3a1b1dcc8f253c1aa141
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
