Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3ac004df by security tracker role at 2026-02-18T08:12:51+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,173 @@
+CVE-2026-2644 (A weakness has been identified in niklasso minisat up to 2.2.0.
This i ...)
+ TODO: check
+CVE-2026-2642 (A security vulnerability has been detected in ggreer
the_silver_search ...)
+ TODO: check
+CVE-2026-2641 (A weakness has been identified in universal-ctags ctags up to
6.2.1. T ...)
+ TODO: check
+CVE-2026-2633 (The Gutenberg Blocks with AI by Kadence WP plugin for WordPress
is vul ...)
+ TODO: check
+CVE-2026-2629 (A weakness has been identified in jishi node-sonos-http-api up
to 3776 ...)
+ TODO: check
+CVE-2026-2627 (A security flaw has been discovered in Softland FBackup up to
9.9. Thi ...)
+ TODO: check
+CVE-2026-2623 (A flaw has been found in Blossom up to 1.17.1. This issue
affects the ...)
+ TODO: check
+CVE-2026-2622 (A vulnerability was detected in Blossom up to 1.17.1. This
vulnerabili ...)
+ TODO: check
+CVE-2026-2621 (A security vulnerability has been detected in Sciyon Koyuan
Thermoelec ...)
+ TODO: check
+CVE-2026-2576 (The Business Directory Plugin \u2013 Easy Listing Directories
for Word ...)
+ TODO: check
+CVE-2026-2570
+ REJECTED
+CVE-2026-2419 (The WP-DownloadManager plugin for WordPress is vulnerable to
Path Trav ...)
+ TODO: check
+CVE-2026-2296 (The Product Addons for Woocommerce \u2013 Product Options with
Custom ...)
+ TODO: check
+CVE-2026-2281 (The Private Comment plugin for WordPress is vulnerable to
Stored Cross ...)
+ TODO: check
+CVE-2026-2112 (The Dam Spam plugin for WordPress is vulnerable to Cross-Site
Request ...)
+ TODO: check
+CVE-2026-2023 (The WP Plugin Info Card plugin for WordPress is vulnerable to
Cross-Si ...)
+ TODO: check
+CVE-2026-2019 (The Cart All In One For WooCommerce plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2026-27171 (zlib before 1.3.2 allows CPU consumption via crc32_combine64
and crc32 ...)
+ TODO: check
+CVE-2026-27038
+ REJECTED
+CVE-2026-27037
+ REJECTED
+CVE-2026-27036
+ REJECTED
+CVE-2026-27035
+ REJECTED
+CVE-2026-27034
+ REJECTED
+CVE-2026-27033
+ REJECTED
+CVE-2026-27032
+ REJECTED
+CVE-2026-27031
+ REJECTED
+CVE-2026-26357 (Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an
Imprope ...)
+ TODO: check
+CVE-2026-26119 (Improper authentication in Windows Admin Center allows an
authorized a ...)
+ TODO: check
+CVE-2026-25421
+ REJECTED
+CVE-2026-23599 (A local privilege-escalation vulnerability has been discovered
in the ...)
+ TODO: check
+CVE-2026-23598 (Vulnerabilities in the API error handling of an HPE Aruba
Networking ...)
+ TODO: check
+CVE-2026-23597 (Vulnerabilities in the API error handling of an HPE Aruba
Networking ...)
+ TODO: check
+CVE-2026-23596 (A vulnerability in the management API of the affected product
could al ...)
+ TODO: check
+CVE-2026-23595 (An authentication bypass in the application API allows an
unauthorized ...)
+ TODO: check
+CVE-2026-22762 (Dell Avamar Server and Avamar Virtual Edition, versions prior
to 19.10 ...)
+ TODO: check
+CVE-2026-22284 (Dell SmartFabric OS10 Software, versions prior to 10.5.6.12,
contains ...)
+ TODO: check
+CVE-2026-22048 (StorageGRID (formerly StorageGRID Webscale) versions prior to
11.9.0.1 ...)
+ TODO: check
+CVE-2026-1943 (The YayMail \u2013 WooCommerce Email Customizer plugin for
WordPress i ...)
+ TODO: check
+CVE-2026-1938 (The YayMail \u2013 WooCommerce Email Customizer plugin for
WordPress i ...)
+ TODO: check
+CVE-2026-1937 (The YayMail \u2013 WooCommerce Email Customizer plugin for
WordPress i ...)
+ TODO: check
+CVE-2026-1931 (The Rent Fetch plugin for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2026-1925 (The EmailKit \u2013 Email Customizer for WooCommerce & WP
plugin for W ...)
+ TODO: check
+CVE-2026-1906 (The PDF Invoices & Packing Slips for WooCommerce plugin for
WordPress ...)
+ TODO: check
+CVE-2026-1860 (The Kali Forms plugin for WordPress is vulnerable to Insecure
Direct O ...)
+ TODO: check
+CVE-2026-1857 (The Gutenberg Blocks with AI by Kadence WP plugin for WordPress
is vul ...)
+ TODO: check
+CVE-2026-1831 (The YayMail - WooCommerce Email Customizer plugin for WordPress
is vul ...)
+ TODO: check
+CVE-2026-1807 (The InteractiveCalculator for WordPress plugin for WordPress is
vulner ...)
+ TODO: check
+CVE-2026-1714 (The ShopLentor \u2013 WooCommerce Builder for Elementor &
Gutenberg +2 ...)
+ TODO: check
+CVE-2026-1670 (The affected products are vulnerable to an unauthenticated API
endpoin ...)
+ TODO: check
+CVE-2026-1666 (The Download Manager plugin for WordPress is vulnerable to
Reflected C ...)
+ TODO: check
+CVE-2026-1655 (The EventPrime plugin for WordPress is vulnerable to
unauthorized post ...)
+ TODO: check
+CVE-2026-1640 (The Taskbuilder \u2013 WordPress Project Management & Task
Management ...)
+ TODO: check
+CVE-2026-1639 (The Taskbuilder \u2013 WordPress Project Management & Task
Management ...)
+ TODO: check
+CVE-2026-1368 (The Video Conferencing with Zoom WordPress plugin before 4.6.6
contain ...)
+ TODO: check
+CVE-2026-1344 (Tanium addressed an insecure file permissions vulnerability in
Enforce ...)
+ TODO: check
+CVE-2026-1304 (The Membership Plugin \u2013 Restrict Content for WordPress is
vulnera ...)
+ TODO: check
+CVE-2026-1296 (The Frontend Post Submission Manager Lite plugin for WordPress
is vuln ...)
+ TODO: check
+CVE-2026-1277 (The URL Shortify plugin for WordPress is vulnerable to Open
Redirect i ...)
+ TODO: check
+CVE-2026-1072 (The Keybase.io Verification plugin for WordPress is vulnerable
to Cros ...)
+ TODO: check
+CVE-2025-6460 (The Display During Conditional Shortcode plugin for WordPress
is vulne ...)
+ TODO: check
+CVE-2025-67102 (A SQL injection vulnerability in the alldayoffs feature in
Jorani up t ...)
+ TODO: check
+CVE-2025-62183 (Pega Platform versions 8.1.0 through 25.1.1 are affected by a
Stored C ...)
+ TODO: check
+CVE-2025-36379 (IBM Security QRadar EDR 3.12 through 3.12.23 IBM Security
ReaQta uses ...)
+ TODO: check
+CVE-2025-36377 (IBM Security QRadar EDR 3.12 through 3.12.23 does not
invalidate sessi ...)
+ TODO: check
+CVE-2025-36376 (IBM Security QRadar EDR 3.12 through 3.12.23 does not
invalidate sessi ...)
+ TODO: check
+CVE-2025-36348 (IBM Sterling B2B Integrator versions 6.1.0.0 through
6.1.2.7_2, 6.2.0. ...)
+ TODO: check
+CVE-2025-36183 (IBM watsonx.data 2.2 through 2.2.1 IBM Lakehouse could allow a
privile ...)
+ TODO: check
+CVE-2025-33135 (IBM Financial Transaction Manager for ACH Services and Check
Services ...)
+ TODO: check
+CVE-2025-33088 (IBM Concert 1.0.0 through 2.1.0 could allow a local user with
specific ...)
+ TODO: check
+CVE-2025-27900 (IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 could
allow a remo ...)
+ TODO: check
+CVE-2025-27899 (IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 discloses
sensitiv ...)
+ TODO: check
+CVE-2025-27898 (IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 does not
invalidat ...)
+ TODO: check
+CVE-2025-14289 (IBM webMethods Integration Server 12.0 is vulnerable to HTML
injection ...)
+ TODO: check
+CVE-2025-13959 (The Filestack plugin for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2025-13691 (IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0
returns sensit ...)
+ TODO: check
+CVE-2025-13689 (IBM DataStage on Cloud Pak for Data could allow an
authenticated user ...)
+ TODO: check
+CVE-2025-13333 (IBM WebSphere Application Server 9.0, and 8.5 could provide
weaker tha ...)
+ TODO: check
+CVE-2025-12356 (The Tickera \u2013 Sell Tickets & Manage Events plugin for
WordPress i ...)
+ TODO: check
+CVE-2025-12122 (The Popup Box \u2013 Easily Create WordPress Popups plugin for
WordPre ...)
+ TODO: check
+CVE-2025-12075 (The Order Splitter for WooCommerce plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2025-12074 (The Context Blog theme for WordPress is vulnerable to
Information Expo ...)
+ TODO: check
+CVE-2025-12071 (The Frontend User Notes plugin for WordPress is vulnerable to
Insecure ...)
+ TODO: check
+CVE-2025-12037 (The WP 404 Auto Redirect to Similar Post plugin for WordPress
is vulne ...)
+ TODO: check
+CVE-2025-11737 (The VK All in One Expansion Unit plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2023-38005 (IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and
2.3.5.0 c ...)
+ TODO: check
CVE-2026-2630 (A Command Injection vulnerability exists where an
authenticated, remot ...)
NOT-FOR-US: Tenable
CVE-2026-2620 (A weakness has been identified in Huace Monitoring and Early
Warning S ...)
@@ -23,12 +193,14 @@ CVE-2026-26731 (TOTOLINK A3002RU V2.1.1-B20211108.1455 was
discovered to contain
CVE-2026-25903 (Apache NiFi 1.1.0 through 2.7.2 are missing authorization when
updatin ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-24734 (Improper Input Validation vulnerability in Apache Tomcat
Native, Apach ...)
+ {DSA-6120-1}
- tomcat11 11.0.18-1
- tomcat10 10.1.52-1
- tomcat9 9.0.70-2
NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server
stack, using that as the fixed version
NOTE: https://lists.apache.org/thread/292dlmx3fz1888v6v16221kpozq56gml
CVE-2026-24733 (Improper Input Validation vulnerability in Apache Tomcat.
Tomcat did ...)
+ {DSA-6121-1 DSA-6120-1}
- tomcat11 11.0.15-1
- tomcat10 10.1.52-1
- tomcat9 9.0.70-2
@@ -72,6 +244,7 @@ CVE-2025-70397 (jizhicms 2.5.6 is vulnerable to SQL
Injection in Article/deleteA
CVE-2025-67905 (Malwarebytes AdwCleaner before v.8.7.0 runs as Administrator
and perfo ...)
NOT-FOR-US: Malwarebytes AdwCleaner
CVE-2025-66614 (Improper Input Validation vulnerability. This issue affects
Apache To ...)
+ {DSA-6121-1 DSA-6120-1}
- tomcat11 11.0.15-1
- tomcat10 10.1.52-1
- tomcat9 9.0.70-2
@@ -3248,7 +3421,7 @@ CVE-2026-1609
CVE-2025-11537 (A flaw was found in Keycloak. When the logging format is
configured to ...)
- keycloak <itp> (bug #1088287)
CVE-2026-25646 (LIBPNG is a reference library for use in applications that
read, creat ...)
- {DLA-4481-1}
+ {DSA-6138-1 DLA-4481-1}
- libpng1.6 1.6.55-1 (bug #1127566)
NOTE:
https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3
NOTE: Fixed by:
https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88
(v1.6.55)
@@ -6689,7 +6862,7 @@ CVE-2026-21418 (Dell Unity, version(s) 5.5.2 and prior,
contain(s) an Improper N
NOT-FOR-US: Dell / EMC
CVE-2026-1702 (A vulnerability was detected in SourceCodester Pet Grooming
Management ...)
NOT-FOR-US: SourceCodester
-CVE-2026-1701 (A security vulnerability has been detected in itsourcecode
Student Man ...)
+CVE-2026-1701 (A security vulnerability has been detected in itsourcecode
School Mana ...)
NOT-FOR-US: itsourcecode System
CVE-2026-1700 (A weakness has been identified in projectworlds House Rental
and Prope ...)
NOT-FOR-US: projectworlds House Rental and Property Listing
@@ -10424,6 +10597,7 @@ CVE-2026-23953 (Incus is a system container and virtual
machine manager. In vers
- lxd <removed>
NOTE:
https://github.com/lxc/incus/security/advisories/GHSA-x6jc-phwx-hp32
CVE-2024-31884
+ {DLA-4482-1}
- ceph <unfixed> (bug #1126573)
NOTE: https://www.openwall.com/lists/oss-security/2026/01/21/6
NOTE:
https://github.com/ceph/ceph/security/advisories/GHSA-xj9f-7g59-m4jx
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ac004dfccdf6e2729e8892c15141fa492302998
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ac004dfccdf6e2729e8892c15141fa492302998
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
