Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d431c210 by security tracker role at 2026-03-05T20:13:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,161 @@
+CVE-2026-3598 (Use of a Broken or Risky Cryptographic Algorithm vulnerability
in rust ...)
+ TODO: check
+CVE-2026-3459 (The Drag and Drop Multiple File Upload - Contact Form 7 plugin
for Wor ...)
+ TODO: check
+CVE-2026-3236 (In affected versions of Octopus Server it was possible to
create a new ...)
+ TODO: check
+CVE-2026-3047 (A flaw was found in org.keycloak.broker.saml. When a disabled
Security ...)
+ TODO: check
+CVE-2026-3009 (A security flaw in the IdentityBrokerService.performLogin
endpoint of ...)
+ TODO: check
+CVE-2026-30798 (Insufficient Verification of Data Authenticity, Improper
Handling of E ...)
+ TODO: check
+CVE-2026-30797 (Missing Authorization vulnerability in rustdesk-client
RustDesk Client ...)
+ TODO: check
+CVE-2026-30796 (Cleartext Transmission of Sensitive Information vulnerability
in rustd ...)
+ TODO: check
+CVE-2026-30795 (Cleartext Transmission of Sensitive Information vulnerability
in rustd ...)
+ TODO: check
+CVE-2026-30794 (Improper Certificate Validation vulnerability in
rustdesk-client RustD ...)
+ TODO: check
+CVE-2026-30793 (Cross-Site Request Forgery (CSRF) vulnerability in
rustdesk-client Rus ...)
+ TODO: check
+CVE-2026-30792 (A vulnerability in rustdesk-client RustDesk Client
rustdesk-client on ...)
+ TODO: check
+CVE-2026-30791 (Use of a Broken or Risky Cryptographic Algorithm vulnerability
in rust ...)
+ TODO: check
+CVE-2026-30790 (Improper Restriction of Excessive Authentication Attempts, Use
of Pass ...)
+ TODO: check
+CVE-2026-30789 (Authentication Bypass by Capture-replay, Use of Password Hash
With Ins ...)
+ TODO: check
+CVE-2026-30785 (Improperly Controlled Modification of Object Prototype
Attributes ('Pr ...)
+ TODO: check
+CVE-2026-30784 (Missing Authorization, Missing Authentication for Critical
Function vu ...)
+ TODO: check
+CVE-2026-30783 (A vulnerability in rustdesk-client RustDesk Client
rustdesk-client on ...)
+ TODO: check
+CVE-2026-2599 (The Database for Contact Form 7, WPforms, Elementor forms
plugin for W ...)
+ TODO: check
+CVE-2026-29054 (Traefik is an HTTP reverse proxy and load balancer. From
version 2.11. ...)
+ TODO: check
+CVE-2026-28790 (OliveTin gives access to predefined shell commands from a web
interfac ...)
+ TODO: check
+CVE-2026-28789 (OliveTin gives access to predefined shell commands from a web
interfac ...)
+ TODO: check
+CVE-2026-28551 (Race condition vulnerability in the device security management
module. ...)
+ TODO: check
+CVE-2026-28549 (Race condition vulnerability in the permission management
service.Impa ...)
+ TODO: check
+CVE-2026-28548 (Vulnerability of improper verification in the email
application.Impact ...)
+ TODO: check
+CVE-2026-28547 (Vulnerability of uninitialized pointer access in the scanning
module.I ...)
+ TODO: check
+CVE-2026-28546 (Buffer overflow vulnerability in the scanning module.Impact:
Successfu ...)
+ TODO: check
+CVE-2026-28542 (Permission bypass vulnerability in the system service
framework.Impact ...)
+ TODO: check
+CVE-2026-28353 (Trivy Vulnerability Scanner is a VS Code extension that helps
find vul ...)
+ TODO: check
+CVE-2026-28350 (lxml_html_clean is a project for HTML cleaning functionalities
copied ...)
+ TODO: check
+CVE-2026-28348 (lxml_html_clean is a project for HTML cleaning functionalities
copied ...)
+ TODO: check
+CVE-2026-28343 (CKEditor 5 is a modern JavaScript rich-text editor with an MVC
archite ...)
+ TODO: check
+CVE-2026-28342 (OliveTin gives access to predefined shell commands from a web
interfac ...)
+ TODO: check
+CVE-2026-28287 (FreePBX is an open source IP PBX. From versions 16.0.17.2 to
before 16 ...)
+ TODO: check
+CVE-2026-28284 (FreePBX is an open source IP PBX. Prior to versions 16.0.10
and 17.0.5 ...)
+ TODO: check
+CVE-2026-28277 (LangGraph SQLite Checkpoint is an implementation of LangGraph
Checkpoi ...)
+ TODO: check
+CVE-2026-28223 (Wagtail is an open source content management system built on
Django. P ...)
+ TODO: check
+CVE-2026-28222 (Wagtail is an open source content management system built on
Django. P ...)
+ TODO: check
+CVE-2026-28210 (FreePBX is an open source IP PBX. Prior to versions 16.0.49
and 17.0.7 ...)
+ TODO: check
+CVE-2026-28209 (FreePBX is an open source IP PBX. From versions 16.0.17.2 to
before 16 ...)
+ TODO: check
+CVE-2026-27944 (Nginx UI is a web user interface for the Nginx web server.
Prior to ve ...)
+ TODO: check
+CVE-2026-27750 (Avira Internet Security contains a time-of-check time-of-use
(TOCTOU) ...)
+ TODO: check
+CVE-2026-27749 (Avira Internet Security contains a deserialization of
untrusted data v ...)
+ TODO: check
+CVE-2026-27748 (Avira Internet Security contains an improper link resolution
vulnerabi ...)
+ TODO: check
+CVE-2026-27723 (OpenProject is an open-source, web-based project management
software. ...)
+ TODO: check
+CVE-2026-27023 (Twenty is an open source CRM. Prior to version 1.18, the SSRF
protecti ...)
+ TODO: check
+CVE-2026-26999 (Traefik is an HTTP reverse proxy and load balancer. Prior to
versions ...)
+ TODO: check
+CVE-2026-26998 (Traefik is an HTTP reverse proxy and load balancer. Prior to
versions ...)
+ TODO: check
+CVE-2026-26418 (Missing authentication and authorization in the web API of
Tata Consul ...)
+ TODO: check
+CVE-2026-26417 (A broken access control vulnerability in the password reset
functional ...)
+ TODO: check
+CVE-2026-26416 (An authorization bypass vulnerability in Tata Consultancy
Services Cog ...)
+ TODO: check
+CVE-2026-26377 (Cross Site Scripting vulnerability in Koha 25.11 and before
allows a r ...)
+ TODO: check
+CVE-2026-26276 (Gogs is an open source self-hosted Git service. Prior to
version 0.14. ...)
+ TODO: check
+CVE-2026-26196 (Gogs is an open source self-hosted Git service. Prior to
version 0.14. ...)
+ TODO: check
+CVE-2026-26195 (Gogs is an open source self-hosted Git service. Prior to
version 0.14. ...)
+ TODO: check
+CVE-2026-26194 (Gogs is an open source self-hosted Git service. Prior to
version 0.14. ...)
+ TODO: check
+CVE-2026-26022 (Gogs is an open source self-hosted Git service. Prior to
version 0.14. ...)
+ TODO: check
+CVE-2026-25921 (Gogs is an open source self-hosted Git service. Prior to
version 0.14. ...)
+ TODO: check
+CVE-2026-25048 (xgrammar is an open-source library for efficient, flexible,
and portab ...)
+ TODO: check
+CVE-2026-24457 (An unsafe parsing of OpenMQ's configuration, allows a remote
attacker ...)
+ TODO: check
+CVE-2026-21628 (A improperly secured file management feature allows uploads of
dangero ...)
+ TODO: check
+CVE-2026-21621 (Incorrect Authorization vulnerability in hexpm hexpm/hexpm
('Elixir.He ...)
+ TODO: check
+CVE-2026-1720 (The WowOptin: Next-Gen Popup Maker \u2013 Create Stunning
Popups and O ...)
+ TODO: check
+CVE-2026-1605 (In Eclipse Jetty, versions 12.0.0-12.0.31 and 12.1.0-12.0.5,
class Gzi ...)
+ TODO: check
+CVE-2025-7375 (A denial-of-service (DoS) vulnerability was identified in Omada
EAP610 ...)
+ TODO: check
+CVE-2025-70616 (A stack buffer overflow vulnerability exists in the Wincor
Nixdorf wnB ...)
+ TODO: check
+CVE-2025-70233 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10
via the cu ...)
+ TODO: check
+CVE-2025-70232 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10
via the cu ...)
+ TODO: check
+CVE-2025-70231 (D-Link DIR-513 version 1.10 contains a critical-level
vulnerability. W ...)
+ TODO: check
+CVE-2025-70230 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10
via the cu ...)
+ TODO: check
+CVE-2025-70229 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10
via the cu ...)
+ TODO: check
+CVE-2025-69534 (Python-Markdown version 3.8 contain a vulnerability where
malformed HT ...)
+ TODO: check
+CVE-2025-64166 (Mercurius is a GraphQL adapter for Fastify. Prior to version
16.4.0, a ...)
+ TODO: check
+CVE-2025-45691 (An Arbitrary File Read vulnerability exists in the
ImageTextPromptValu ...)
+ TODO: check
+CVE-2025-29165 (An issue in D-Link DIR-1253 MESH V1.6.1684 allows an attacker
to escal ...)
+ TODO: check
+CVE-2025-13476 (Rakuten Viber Cloak mode in Android v25.7.2.0g and Windows
v25.6.0.0\u ...)
+ TODO: check
+CVE-2025-13350 (Ubuntu Linux 6.8 GA retains the legacy AF_UNIX garbage
collector but b ...)
+ TODO: check
+CVE-2025-11143 (The Jetty URI parser has some key differences to other common
parsers ...)
+ TODO: check
+CVE-2024-43035 (Fonoster 0.5.5 before 0.6.1 allows ../ directory traversal to
read arb ...)
+ TODO: check
CVE-2026-3523 (The Apocalypse Meow plugin for WordPress is vulnerable to SQL
Injectio ...)
NOT-FOR-US: WordPress plugin
CVE-2026-3072 (The Media Library Assistant plugin for WordPress is vulnerable
to unau ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d431c2108dc3f674524175d8a52217323ef686cf
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d431c2108dc3f674524175d8a52217323ef686cf
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
