Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7b4f1ef7 by security tracker role at 2026-02-19T20:13:11+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,491 @@
+CVE-2026-2817 (Use of insecure directory in Spring Data Geode snapshot import
extract ...)
+ TODO: check
+CVE-2026-2744
+ REJECTED
+CVE-2026-2736 (Reflected Cross-site Scripting (XSS) in Alkacon's OpenCms
v18.0, which ...)
+ TODO: check
+CVE-2026-2735 (Stored Cross-Site Scripting (XSS) in Alkacon's OpenCms v18.0,
which oc ...)
+ TODO: check
+CVE-2026-2718 (The Dealia \u2013 Request a Quote plugin for WordPress is
vulnerable t ...)
+ TODO: check
+CVE-2026-2716 (The Client Testimonial Slider plugin for WordPress is
vulnerable to St ...)
+ TODO: check
+CVE-2026-2409 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2026-2274 (A SSRF and Arbitrary File Read vulnerability in AppSheet Core
in Googl ...)
+ TODO: check
+CVE-2026-2243 (A flaw was found in QEMU. A specially crafted VMDK image could
trigger ...)
+ TODO: check
+CVE-2026-2232 (The Product Table and List Builder for WooCommerce Lite plugin
for Wor ...)
+ TODO: check
+CVE-2026-27475 (SPIP before 4.4.9 allows Insecure Deserialization in the
public area t ...)
+ TODO: check
+CVE-2026-27474 (SPIP before 4.4.9 allows Cross-Site Scripting (XSS) in the
private are ...)
+ TODO: check
+CVE-2026-27473 (SPIP before 4.4.9 allows Stored Cross-Site Scripting (XSS) via
syndica ...)
+ TODO: check
+CVE-2026-27472 (SPIP before 4.4.9 allows Blind Server-Side Request Forgery
(SSRF) via ...)
+ TODO: check
+CVE-2026-27094 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-27092 (Missing Authorization vulnerability in Greg Winiarski
WPAdverts wpadve ...)
+ TODO: check
+CVE-2026-27090 (Cross-Site Request Forgery (CSRF) vulnerability in WP Moose
Kenta Comp ...)
+ TODO: check
+CVE-2026-27074 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-27069 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-27066 (Missing Authorization vulnerability in PI Web Solution Live
sales noti ...)
+ TODO: check
+CVE-2026-27059 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-27058 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-27057 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-27056 (Missing Authorization vulnerability in StellarWP iThemes Sync
ithemes- ...)
+ TODO: check
+CVE-2026-27055 (Missing Authorization vulnerability in PenciDesign Penci AI
SmartConte ...)
+ TODO: check
+CVE-2026-27052 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2026-27050 (Cross-Site Request Forgery (CSRF) vulnerability in ThimPress
RealPress ...)
+ TODO: check
+CVE-2026-27042 (Missing Authorization vulnerability in WPDeveloper
NotificationX notif ...)
+ TODO: check
+CVE-2026-27013 (Fabric.js is a Javascript HTML5 canvas library. Prior to
version 7.2.0 ...)
+ TODO: check
+CVE-2026-26362 (Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a
Relative Pa ...)
+ TODO: check
+CVE-2026-26361 (Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an
External C ...)
+ TODO: check
+CVE-2026-26360 (Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an
External C ...)
+ TODO: check
+CVE-2026-26359 (Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an
External C ...)
+ TODO: check
+CVE-2026-26358 (Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a
Missing Aut ...)
+ TODO: check
+CVE-2026-26345 (SPIP before 4.4.8 allows Cross-Site Scripting (XSS) in the
public area ...)
+ TODO: check
+CVE-2026-26339 (Hyland Alfresco Transformation Service allows unauthenticated
attacker ...)
+ TODO: check
+CVE-2026-26338 (Hyland Alfresco Transformation Service allows unauthenticated
attacker ...)
+ TODO: check
+CVE-2026-26337 (Hyland Alfresco Transformation Service allows unauthenticated
attacker ...)
+ TODO: check
+CVE-2026-26336 (Hyland Alfresco allows unauthenticated attackers to read
arbitrary fil ...)
+ TODO: check
+CVE-2026-26318 (systeminformation is a System and OS information library for
node.js. ...)
+ TODO: check
+CVE-2026-26280 (systeminformation is a System and OS information library for
node.js. ...)
+ TODO: check
+CVE-2026-26278 (fast-xml-parser allows users to validate XML, parse XML to JS
object, ...)
+ TODO: check
+CVE-2026-26267 (soroban-sdk is a Rust SDK for Soroban contracts. Prior to
versions 22. ...)
+ TODO: check
+CVE-2026-26223 (SPIP before 4.4.8 allows Cross-Site Scripting (XSS) in the
private are ...)
+ TODO: check
+CVE-2026-26205 (opa-envoy-plugun is a plugin to enforce OPA policies with
Envoy. Versi ...)
+ TODO: check
+CVE-2026-26203 (PJSIP is a free and open source multimedia communication
library. Vers ...)
+ TODO: check
+CVE-2026-26202 (Penpot is an open-source design tool for design and code
collaboration ...)
+ TODO: check
+CVE-2026-26201 (emp3r0r is a C2 designed by Linux users for Linux
environments. Prior ...)
+ TODO: check
+CVE-2026-26200 (HDF5 is software for managing data. Prior to version 1.14.4-2,
an atta ...)
+ TODO: check
+CVE-2026-26193 (Open WebUI is a self-hosted artificial intelligence platform
designed ...)
+ TODO: check
+CVE-2026-26192 (Open WebUI is a self-hosted artificial intelligence platform
designed ...)
+ TODO: check
+CVE-2026-26189 (Trivy Action runs Trivy as GitHub action to scan a Docker
container im ...)
+ TODO: check
+CVE-2026-26063 (CediPay is a crypto-to-fiat app for the Ghanaian market. A
vulnerabili ...)
+ TODO: check
+CVE-2026-26059 (ChurchCRM is an open-source church management system. In
versions prio ...)
+ TODO: check
+CVE-2026-26057 (Skill Scanner is a security scanner for AI Agent Skills that
detects p ...)
+ TODO: check
+CVE-2026-26030 (Semantic Kernel, Microsoft's semantic kernel Python SDK, has a
remote ...)
+ TODO: check
+CVE-2026-26016 (Wings is the server control plane for Pterodactyl, a free,
open-source ...)
+ TODO: check
+CVE-2026-25998 (strongMan is a management interface for strongSwan, an
OpenSource IPse ...)
+ TODO: check
+CVE-2026-25940 (jsPDF is a library to generate PDFs in JavaScript. Prior to
4.2.0, use ...)
+ TODO: check
+CVE-2026-25766 (Echo is a Go web framework. In versions 5.0.0 through 5.0.2 on
Windows ...)
+ TODO: check
+CVE-2026-25755 (jsPDF is a library to generate PDFs in JavaScript. Prior to
4.2.0, use ...)
+ TODO: check
+CVE-2026-25739 (Indico is an event management system that uses
Flask-Multipass, a mult ...)
+ TODO: check
+CVE-2026-25738 (Indico is an event management system that uses
Flask-Multipass, a mult ...)
+ TODO: check
+CVE-2026-25535 (jsPDF is a library to generate PDFs in JavaScript. Prior to
4.2.0, use ...)
+ TODO: check
+CVE-2026-25527 (changedetection.io is a free open source web page change
detection too ...)
+ TODO: check
+CVE-2026-25473 (Missing Authorization vulnerability in AA-Team WZone woozone
allows Ex ...)
+ TODO: check
+CVE-2026-25472 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-25463 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-25459 (Missing Authorization vulnerability in uixthemes Sober sober
allows Ex ...)
+ TODO: check
+CVE-2026-25453 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-25451 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-25441 (Missing Authorization vulnerability in LeadConnector
LeadConnector lea ...)
+ TODO: check
+CVE-2026-25432 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-25428 (Server-Side Request Forgery (SSRF) vulnerability in totalsoft
TS Poll ...)
+ TODO: check
+CVE-2026-25423 (Missing Authorization vulnerability in
creativeinteractivemedia Real 3 ...)
+ TODO: check
+CVE-2026-25422 (Cross-Site Request Forgery (CSRF) vulnerability in Themes4WP
Popularis ...)
+ TODO: check
+CVE-2026-25420 (Missing Authorization vulnerability in MailerLite MailerLite
official- ...)
+ TODO: check
+CVE-2026-25419 (Missing Authorization vulnerability in flycart UpsellWP
checkout-upsel ...)
+ TODO: check
+CVE-2026-25418 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2026-25416 (Missing Authorization vulnerability in blazethemes News Kit
Elementor ...)
+ TODO: check
+CVE-2026-25415 (Missing Authorization vulnerability in iqonicdesign WPBookit
Pro wpboo ...)
+ TODO: check
+CVE-2026-25412 (Missing Authorization vulnerability in mdempfle Advanced
iFrame advanc ...)
+ TODO: check
+CVE-2026-25411 (Cross-Site Request Forgery (CSRF) vulnerability in
themastercut Revisi ...)
+ TODO: check
+CVE-2026-25410 (Missing Authorization vulnerability in tstephenson WP-CORS
wp-cors all ...)
+ TODO: check
+CVE-2026-25409 (Missing Authorization vulnerability in crgeary JAMstack
Deployments wp ...)
+ TODO: check
+CVE-2026-25408 (Missing Authorization vulnerability in PluginRx Broken Link
Notifier b ...)
+ TODO: check
+CVE-2026-25407 (Missing Authorization vulnerability in cookiebot Cookiebot
cookiebot a ...)
+ TODO: check
+CVE-2026-25404 (Missing Authorization vulnerability in Automattic WP Job
Manager wp-jo ...)
+ TODO: check
+CVE-2026-25402 (Missing Authorization vulnerability in echoplugins Knowledge
Base for ...)
+ TODO: check
+CVE-2026-25399 (Missing Authorization vulnerability in CryoutCreations Serious
Slider ...)
+ TODO: check
+CVE-2026-25395 (Missing Authorization vulnerability in ikreatethemes Business
Roy busi ...)
+ TODO: check
+CVE-2026-25394 (Missing Authorization vulnerability in sparklewpthemes Fitness
FSE fit ...)
+ TODO: check
+CVE-2026-25393 (Missing Authorization vulnerability in sparklewpthemes Hello
FSE hello ...)
+ TODO: check
+CVE-2026-25392 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in K ...)
+ TODO: check
+CVE-2026-25391 (Missing Authorization vulnerability in WP Grids WP Wand
ai-content-gen ...)
+ TODO: check
+CVE-2026-25389 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
+ TODO: check
+CVE-2026-25388 (Missing Authorization vulnerability in scripteo Ads Pro
ap-plugin-scri ...)
+ TODO: check
+CVE-2026-25387 (Missing Authorization vulnerability in Elementor Image
Optimizer by El ...)
+ TODO: check
+CVE-2026-25386 (Missing Authorization vulnerability in Elementor Ally
pojo-accessibili ...)
+ TODO: check
+CVE-2026-25385 (Server-Side Request Forgery (SSRF) vulnerability in
KaizenCoders URL S ...)
+ TODO: check
+CVE-2026-25384 (Missing Authorization vulnerability in WP Lab WP-Lister Lite
for eBay ...)
+ TODO: check
+CVE-2026-25378 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2026-25375 (Missing Authorization vulnerability in WP Chill Image Photo
Gallery Fi ...)
+ TODO: check
+CVE-2026-25374 (Missing Authorization vulnerability in raratheme Spa and Salon
spa-and ...)
+ TODO: check
+CVE-2026-25372 (Missing Authorization vulnerability in Kodezen LLC Academy LMS
academy ...)
+ TODO: check
+CVE-2026-25370 (Missing Authorization vulnerability in AresIT WP Compress
wp-compress- ...)
+ TODO: check
+CVE-2026-25368 (Missing Authorization vulnerability in codepeople Calculated
Fields Fo ...)
+ TODO: check
+CVE-2026-25367 (Missing Authorization vulnerability in NooTheme CitiLights
noo-citilig ...)
+ TODO: check
+CVE-2026-25364 (Missing Authorization vulnerability in BoldGrid Client
Invoicing by Sp ...)
+ TODO: check
+CVE-2026-25363 (Missing Authorization vulnerability in FooPlugins FooGallery
foogaller ...)
+ TODO: check
+CVE-2026-25362 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-25348 (Missing Authorization vulnerability in alttextai Download Alt
Text AI ...)
+ TODO: check
+CVE-2026-25343 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-25338 (Missing Authorization vulnerability in Ays Pro AI ChatBot with
ChatGPT ...)
+ TODO: check
+CVE-2026-25337 (Cross-Site Request Forgery (CSRF) vulnerability in wpcoachify
Coachify ...)
+ TODO: check
+CVE-2026-25336 (Missing Authorization vulnerability in wpcoachify Coachify
coachify al ...)
+ TODO: check
+CVE-2026-25335 (Missing Authorization vulnerability in Ays Pro Secure Copy
Content Pro ...)
+ TODO: check
+CVE-2026-25333 (Missing Authorization vulnerability in peregrinethemes
Shopwell shopwe ...)
+ TODO: check
+CVE-2026-25332 (Missing Authorization vulnerability in Fahad Mahmood Endless
Posts Nav ...)
+ TODO: check
+CVE-2026-25331 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-25330 (Missing Authorization vulnerability in PublishPress
PublishPress Autho ...)
+ TODO: check
+CVE-2026-25329 (Missing Authorization vulnerability in ExpressTech Systems
Quiz And Su ...)
+ TODO: check
+CVE-2026-25326 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2026-25325 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
+ TODO: check
+CVE-2026-25324 (Authorization Bypass Through User-Controlled Key vulnerability
in Expr ...)
+ TODO: check
+CVE-2026-25323 (Missing Authorization vulnerability in MiKa OSM osm allows
Exploiting ...)
+ TODO: check
+CVE-2026-25322 (Cross-Site Request Forgery (CSRF) vulnerability in
PublishPress Publis ...)
+ TODO: check
+CVE-2026-25321 (Missing Authorization vulnerability in PSM Plugins
SupportCandy suppor ...)
+ TODO: check
+CVE-2026-25320 (Missing Authorization vulnerability in Cool Plugins Elementor
Contact ...)
+ TODO: check
+CVE-2026-25319 (Cross-Site Request Forgery (CSRF) vulnerability in wpzita Zita
Element ...)
+ TODO: check
+CVE-2026-25318 (Missing Authorization vulnerability in Wisernotify team
WiserReview Pr ...)
+ TODO: check
+CVE-2026-25316 (Deserialization of Untrusted Data vulnerability in Brainstorm
Force Ca ...)
+ TODO: check
+CVE-2026-25315 (Missing Authorization vulnerability in hcaptcha hCaptcha for
WP hcaptc ...)
+ TODO: check
+CVE-2026-25314 (Missing Authorization vulnerability in WP Messiah TOP Table Of
Content ...)
+ TODO: check
+CVE-2026-25313 (Missing Authorization vulnerability in Shahjahan Jewel
FluentForm flue ...)
+ TODO: check
+CVE-2026-25311 (Missing Authorization vulnerability in 10up Autoshare for
Twitter auto ...)
+ TODO: check
+CVE-2026-25310 (Server-Side Request Forgery (SSRF) vulnerability in Alobaidi
Extend Li ...)
+ TODO: check
+CVE-2026-25308 (Missing Authorization vulnerability in wp.insider Simple
Membership si ...)
+ TODO: check
+CVE-2026-25307 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-25305 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-25008 (Insertion of Sensitive Information Into Sent Data
vulnerability in Sha ...)
+ TODO: check
+CVE-2026-25006 (Improper Neutralization of Script-Related HTML Tags in a Web
Page (Bas ...)
+ TODO: check
+CVE-2026-25005 (Authorization Bypass Through User-Controlled Key vulnerability
in N-Me ...)
+ TODO: check
+CVE-2026-25004 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-25003 (Missing Authorization vulnerability in madalin.ungureanu
Client Portal ...)
+ TODO: check
+CVE-2026-25000 (Missing Authorization vulnerability in Kraft Plugins Wheel of
Life whe ...)
+ TODO: check
+CVE-2026-24999 (Missing Authorization vulnerability in Alma Alma
alma-gateway-for-wooc ...)
+ TODO: check
+CVE-2026-24834 (Kata Containers is an open source project focusing on a
standard imple ...)
+ TODO: check
+CVE-2026-24392 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-24375 (Missing Authorization vulnerability in WP Swings Ultimate Gift
Cards F ...)
+ TODO: check
+CVE-2026-23805 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2026-23804 (Missing Authorization vulnerability in BBR Plugins Better
Business Rev ...)
+ TODO: check
+CVE-2026-23803 (Server-Side Request Forgery (SSRF) vulnerability in Burhan
Nasir Smart ...)
+ TODO: check
+CVE-2026-23621 (GFI MailEssentials AI versions prior to22.4 contain an
arbitrary direc ...)
+ TODO: check
+CVE-2026-23620 (GFI MailEssentials AI versions prior to22.4 contain an
arbitrary file ...)
+ TODO: check
+CVE-2026-23619 (GFI MailEssentials AI versions prior to22.4 contain a stored
cross-sit ...)
+ TODO: check
+CVE-2026-23618 (GFI MailEssentials AI versions prior to22.4 contain a stored
cross-sit ...)
+ TODO: check
+CVE-2026-23617 (GFI MailEssentials AI versions prior to22.4 contain a stored
cross-sit ...)
+ TODO: check
+CVE-2026-23616 (GFI MailEssentials AI versions prior to22.4 contain a stored
cross-sit ...)
+ TODO: check
+CVE-2026-23615 (GFI MailEssentials AI versions prior to22.4 contain a stored
cross-sit ...)
+ TODO: check
+CVE-2026-23614 (GFI MailEssentials AI versions prior to22.4 contain a stored
cross-sit ...)
+ TODO: check
+CVE-2026-23613 (GFI MailEssentials AI versions prior to22.4 contain a stored
cross-sit ...)
+ TODO: check
+CVE-2026-23612 (GFI MailEssentials AI versions prior to22.4 contain a stored
cross-sit ...)
+ TODO: check
+CVE-2026-23611 (GFI MailEssentials AI versions prior to22.4 contain a stored
cross-sit ...)
+ TODO: check
+CVE-2026-23610 (GFI MailEssentials AI versions prior to22.4 contain a stored
cross-sit ...)
+ TODO: check
+CVE-2026-23609 (GFI MailEssentials AI versions prior to22.4 contain a stored
cross-sit ...)
+ TODO: check
+CVE-2026-23608 (GFI MailEssentials AI versions prior to22.4 contain a stored
cross-sit ...)
+ TODO: check
+CVE-2026-23607 (GFI MailEssentials AI versions prior to22.4 contain a stored
cross-sit ...)
+ TODO: check
+CVE-2026-23606 (GFI MailEssentials AI versions prior to22.4 contain a stored
cross-sit ...)
+ TODO: check
+CVE-2026-23605 (GFI MailEssentials AI versions prior to22.4 contain a stored
cross-sit ...)
+ TODO: check
+CVE-2026-23604 (GFI MailEssentials AI versions prior to22.4 contain a stored
cross-sit ...)
+ TODO: check
+CVE-2026-23549 (Deserialization of Untrusted Data vulnerability in
magepeopleteam WpEv ...)
+ TODO: check
+CVE-2026-23548 (Missing Authorization vulnerability in designinvento
DirectoryPress di ...)
+ TODO: check
+CVE-2026-23547 (Missing Authorization vulnerability in cmsmasters CMSMasters
Content C ...)
+ TODO: check
+CVE-2026-23545 (Missing Authorization vulnerability in Aruba.it Dev Aruba
HiSpeed Cach ...)
+ TODO: check
+CVE-2026-23544 (Deserialization of Untrusted Data vulnerability in codetipi
Valenti va ...)
+ TODO: check
+CVE-2026-23543 (Missing Authorization vulnerability in WPDeveloper Essential
Addons fo ...)
+ TODO: check
+CVE-2026-23542 (Deserialization of Untrusted Data vulnerability in ThemeGoods
Grand Re ...)
+ TODO: check
+CVE-2026-23541 (Missing Authorization vulnerability in WPFunnels Mail Mint
mail-mint a ...)
+ TODO: check
+CVE-2026-22422 (Improper Neutralization of Script-Related HTML Tags in a Web
Page (Bas ...)
+ TODO: check
+CVE-2026-22333 (Deserialization of Untrusted Data vulnerability in YITHEMES
YITH WooCo ...)
+ TODO: check
+CVE-2026-22269 (Dell PowerProtect Data Manager, version(s) prior to 19.22,
contain(s) ...)
+ TODO: check
+CVE-2026-22268 (Dell PowerProtect Data Manager, version(s) prior to 19.22,
contain(s) ...)
+ TODO: check
+CVE-2026-22267 (Dell PowerProtect Data Manager, version(s) prior to 19.22,
contain(s) ...)
+ TODO: check
+CVE-2026-22266 (Dell PowerProtect Data Manager, version(s) prior to 19.22,
contain(s) ...)
+ TODO: check
+CVE-2026-1581 (The wpForo Forum plugin for WordPress is vulnerable to
time-based SQL ...)
+ TODO: check
+CVE-2026-1461 (The Simple Membership plugin for WordPress is vulnerable to
Improper H ...)
+ TODO: check
+CVE-2026-1219 (The MP3 Audio Player \u2013 Music Player, Podcast Player &
Radio by So ...)
+ TODO: check
+CVE-2025-9953 (Authorization Bypass Through User-Controlled SQL Primary Key
vulnerabi ...)
+ TODO: check
+CVE-2025-9062 (Authorization Bypass Through User-Controlled Key vulnerability
in MeCO ...)
+ TODO: check
+CVE-2025-8350 (Execution After Redirect (EAR), Missing Authentication for
Critical Fu ...)
+ TODO: check
+CVE-2025-71250
+ REJECTED
+CVE-2025-71249
+ REJECTED
+CVE-2025-71248
+ REJECTED
+CVE-2025-71247
+ REJECTED
+CVE-2025-71246
+ REJECTED
+CVE-2025-71245
+ REJECTED
+CVE-2025-71244 (SPIP before 4.4.5 and 4.3.9 allows an Open Redirect via the
login form ...)
+ TODO: check
+CVE-2025-71243 (The 'Saisies pour formulaire' (Saisies) plugin for SPIP
versions 5.4.0 ...)
+ TODO: check
+CVE-2025-71242 (SPIP before 4.3.6, 4.2.17, and 4.1.20 allows unauthorized
content disc ...)
+ TODO: check
+CVE-2025-71241 (SPIP before 4.3.6, 4.2.17, and 4.1.20 allows Cross-Site
Scripting (XSS ...)
+ TODO: check
+CVE-2025-71240 (SPIP before 4.2.15 allows Cross-Site Scripting (XSS) via
crafted conte ...)
+ TODO: check
+CVE-2025-69725 (An Open Redirect vulnerability in the go-chi/chi >=5.2.2
RedirectSlash ...)
+ TODO: check
+CVE-2025-69674 (Buffer Overflow vulnerability in CDATA FD614GS3-R850
V3.2.7_P161006 (B ...)
+ TODO: check
+CVE-2025-67304 (In Ruckus Network Director (RND) < 4.5.0.54, the OVA appliance
contain ...)
+ TODO: check
+CVE-2025-55853 (SoftVision webPDF before 10.0.2 is vulnerable to Server-Side
Request F ...)
+ TODO: check
+CVE-2025-41023 (An authentication bypass vulnerability has been found in
Thesamur's Au ...)
+ TODO: check
+CVE-2025-40697 (Reflected Cross-Site Scripting (XSS) vulnerability in
'/index.php' in ...)
+ TODO: check
+CVE-2025-15563 (Any unauthenticated user can reset the WorkTime on-prem
database confi ...)
+ TODO: check
+CVE-2025-15562 (The server API endpoint/report/internet/urls reflects received
data in ...)
+ TODO: check
+CVE-2025-15561 (An attacker can exploit the update behavior of the WorkTime
monitoring ...)
+ TODO: check
+CVE-2025-15560 (An authenticated attacker with minimal permissions can exploit
a SQL i ...)
+ TODO: check
+CVE-2025-15559 (An unauthenticated attacker can inject OS commands when
calling a serv ...)
+ TODO: check
+CVE-2025-13590 (A malicious actor with administrative privileges can upload an
arbitra ...)
+ TODO: check
+CVE-2025-12107 (Due to the use of a vulnerable third-party Velocity template
engine, a ...)
+ TODO: check
+CVE-2019-25430 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site
scripting v ...)
+ TODO: check
+CVE-2019-25429 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site
scripting v ...)
+ TODO: check
+CVE-2019-25428 (Comodo Dome Firewall 2.7.0 contains multiple reflected
cross-site scri ...)
+ TODO: check
+CVE-2019-25427 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site
scripting v ...)
+ TODO: check
+CVE-2019-25426 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site
scripting v ...)
+ TODO: check
+CVE-2019-25425 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site
scripting v ...)
+ TODO: check
+CVE-2019-25424 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site
scripting v ...)
+ TODO: check
+CVE-2019-25423 (Comodo Dome Firewall 2.7.0 contains multiple reflected
cross-site scri ...)
+ TODO: check
+CVE-2019-25422 (Comodo Dome Firewall 2.7.0 contains cross-site scripting
vulnerabiliti ...)
+ TODO: check
+CVE-2019-25421 (Comodo Dome Firewall 2.7.0 contains multiple cross-site
scripting vuln ...)
+ TODO: check
+CVE-2019-25420 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site
scripting v ...)
+ TODO: check
+CVE-2019-25419 (Comodo Dome Firewall 2.7.0 contains a stored cross-site
scripting vuln ...)
+ TODO: check
+CVE-2019-25418 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site
scripting v ...)
+ TODO: check
+CVE-2019-25417 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site
scripting v ...)
+ TODO: check
+CVE-2019-25416 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site
scripting v ...)
+ TODO: check
+CVE-2019-25415 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site
scripting v ...)
+ TODO: check
+CVE-2019-25414 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site
scripting v ...)
+ TODO: check
+CVE-2019-25413 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site
scripting v ...)
+ TODO: check
+CVE-2019-25412 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site
scripting v ...)
+ TODO: check
+CVE-2019-25411 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site
scripting v ...)
+ TODO: check
+CVE-2019-25410 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site
scripting v ...)
+ TODO: check
+CVE-2019-25409 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site
scripting v ...)
+ TODO: check
+CVE-2019-25408 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site
scripting v ...)
+ TODO: check
+CVE-2019-25407 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site
scripting v ...)
+ TODO: check
+CVE-2019-25406 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site
scripting v ...)
+ TODO: check
+CVE-2019-25405 (Comodo Dome Firewall 2.7.0 contains a stored cross-site
scripting vuln ...)
+ TODO: check
+CVE-2019-25404 (Comodo Dome Firewall 2.7.0 contains a stored cross-site
scripting vuln ...)
+ TODO: check
+CVE-2019-25403 (Comodo Dome Firewall 2.7.0 contains a stored cross-site
scripting vuln ...)
+ TODO: check
+CVE-2019-25402 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site
scripting v ...)
+ TODO: check
CVE-2026-XXXX [RUSTSEC-2026-0013]
- rust-pyo3 <unfixed>
NOTE: https://rustsec.org/advisories/RUSTSEC-2026-0013.html
@@ -1148,11 +1636,13 @@ CVE-2019-25379 (Smoothwall Express
3.1-SP4-polar-x86_64-update9 contains stored
CVE-2019-25378 (Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains
multiple cros ...)
NOT-FOR-US: Smoothwall Express
CVE-2026-2050 [ZDI-CAN-28266: New Vulnerability Report at rgbe.c]
+ {DSA-6142-1}
- gegl 1:0.4.66-1
NOTE: https://gitlab.gnome.org/GNOME/gegl/-/issues/446
NOTE: https://gitlab.gnome.org/GNOME/gegl/-/merge_requests/241
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/gegl/-/commit/d32f1badb4bde1d6e8137f687d9ee1195768d4ed
CVE-2026-2049 [ZDI-CAN-28618: New Vulnerability Report at rgbe.c]
+ {DSA-6142-1}
- gegl 1:0.4.66-1
NOTE: https://gitlab.gnome.org/GNOME/gegl/-/issues/450
NOTE: https://gitlab.gnome.org/GNOME/gegl/-/merge_requests/241
@@ -3491,7 +3981,7 @@ CVE-2026-21531 (Deserialization of untrusted data in
Azure SDK allows an unautho
NOT-FOR-US: Microsoft
CVE-2026-21529 (Improper neutralization of input during web page generation
('cross-si ...)
NOT-FOR-US: Microsoft
-CVE-2026-21528 (Binding to an unrestricted ip address in Azure IoT SDK allows
an unaut ...)
+CVE-2026-21528 (Binding to an unrestricted ip address in Azure IoT Explorer
allows an ...)
NOT-FOR-US: Microsoft
CVE-2026-21527 (User interface (ui) misrepresentation of critical information
in Micro ...)
NOT-FOR-US: Microsoft
@@ -6696,18 +7186,22 @@ CVE-2019-25263 (Zendesk SweetHawk Survey 1.6 contains a
persistent cross-site sc
CVE-2019-25261 (AnyDesk 5.4.0 contains an unquoted service path vulnerability
in its W ...)
NOT-FOR-US: AnyDesk
CVE-2026-1312 (An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11,
and 4. ...)
+ {DLA-4484-1}
- python-django 3:4.2.28-1 (bug #1126914)
NOTE:
https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
NOTE: Fixed by:
https://github.com/django/django/commit/90f5b10784ba5bf369caed87640e2b4394ea3314
(4.2.28)
CVE-2026-1287 (An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11,
and 4. ...)
+ {DLA-4484-1}
- python-django 3:4.2.28-1 (bug #1126914)
NOTE:
https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
NOTE: Fixed by:
https://github.com/django/django/commit/f75f8f3597e1ce351d5ac08b6ba7ebd9dadd9b5d
(4.2.28)
CVE-2026-1285 (An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11,
and 4. ...)
+ {DLA-4484-1}
- python-django 3:4.2.28-1 (bug #1126914)
NOTE:
https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
NOTE: Fixed by:
https://github.com/django/django/commit/b40cfc6052ced26dcd8166a58ea6f841d0d2cac8
(4.2.28)
CVE-2026-1207 (An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11,
and 4. ...)
+ {DLA-4484-1}
- python-django 3:4.2.28-1 (bug #1126914)
NOTE:
https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
NOTE: Fixed by:
https://github.com/django/django/commit/a14363102d98fa29b8cced578eb3a0fadaa5bcb7
(4.2.28)
@@ -6717,6 +7211,7 @@ CVE-2025-14550 (An issue was discovered in 6.0 before
6.0.2, 5.2 before 5.2.11,
NOTE:
https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
NOTE: Fixed by:
https://github.com/django/django/commit/f578acc8c54530fffabd52d2db654c8669b011af
(4.2.28)
CVE-2025-13473 (An issue was discovered in 6.0 before 6.0.2, 5.2 before
5.2.11, and 4. ...)
+ {DLA-4484-1}
- python-django 3:4.2.28-1 (bug #1126914)
NOTE:
https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
NOTE: Fixed by:
https://github.com/django/django/commit/6dc23508f3395e1254c315084c7334ef81c4c09a
(4.2.28)
@@ -19997,11 +20492,11 @@ CVE-2025-15223 (A vulnerability was found in
Philipinho Simple-PHP-Blog up to 94
NOT-FOR-US: Philipinho Simple-PHP-Blog
CVE-2025-15114 (Ksenia Security lares (legacy model) Home Automation version
1.6 conta ...)
NOT-FOR-US: Ksenia Security Lares
-CVE-2025-15113 (Ksenia Security Lares 4.0 Home Automation version 1.6 contains
an unpr ...)
+CVE-2025-15113 (Ksenia Security lares (legacy model) Home Automation version
1.6 conta ...)
NOT-FOR-US: Ksenia Security Lares
-CVE-2025-15112 (Ksenia Security Lares 4.0 version 1.6 contains a URL
redirection vulne ...)
+CVE-2025-15112 (Ksenia Security lares (legacy model)version 1.6 contains a URL
redirec ...)
NOT-FOR-US: Ksenia Security Lares
-CVE-2025-15111 (Ksenia Security Lares 4.0 Home Automation version 1.6 contains
a defau ...)
+CVE-2025-15111 (Ksenia Security lares (legacy model)version 1.6 contains a
default cre ...)
NOT-FOR-US: Ksenia Security Lares
CVE-2025-15017 (A vulnerability exists in serial device servers where active
debug cod ...)
NOT-FOR-US: Moxa
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b4f1ef7749359a8f0a99d4a306a0a30d6d3bf36
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b4f1ef7749359a8f0a99d4a306a0a30d6d3bf36
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
