Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
92375c04 by security tracker role at 2026-03-06T20:13:53+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,183 @@
+CVE-2026-3653
+ REJECTED
+CVE-2026-3589 (The WooCommerce WordPress plugin from versions 5.4.0 to 10.5.2
does no ...)
+ TODO: check
+CVE-2026-3419 (Fastify incorrectly accepts malformed `Content-Type` headers
containin ...)
+ TODO: check
+CVE-2026-30847 (Wekan is an open source kanban tool built with Meteor. In
versions 8.3 ...)
+ TODO: check
+CVE-2026-30846 (Wekan is an open source kanban tool built with Meteor. In
versions 8.3 ...)
+ TODO: check
+CVE-2026-30845 (Wekan is an open source kanban tool built with Meteor. In
versions 8.3 ...)
+ TODO: check
+CVE-2026-30844 (Wekan is an open source kanban tool built with Meteor.
Versions 8.32 a ...)
+ TODO: check
+CVE-2026-30843 (Wekan is an open source kanban tool built with Meteor.
Versions 8.32 a ...)
+ TODO: check
+CVE-2026-30833 (Rocket.Chat is an open-source, secure, fully customizable
communicatio ...)
+ TODO: check
+CVE-2026-30831 (Rocket.Chat is an open-source, secure, fully customizable
communicatio ...)
+ TODO: check
+CVE-2026-2754 (Navtor NavBox exposes sensitive configuration and operational
data due ...)
+ TODO: check
+CVE-2026-2753 (An Absolute Path Traversal vulnerability exists in Navtor
NavBox. The ...)
+ TODO: check
+CVE-2026-2752 (Navtor NavBox allows information disclosure via the
/api/ais-data endp ...)
+ TODO: check
+CVE-2026-29783 (The shell tool within GitHub Copilot CLI versions prior to and
includi ...)
+ TODO: check
+CVE-2026-29178 (Lemmy, a link aggregator and forum for the fediverse, is
vulnerable to ...)
+ TODO: check
+CVE-2026-29110 (Cryptomator encrypts data being stored on cloud
infrastructure. Prior ...)
+ TODO: check
+CVE-2026-29091 (Locutus brings stdlibs of other programming languages to
JavaScript fo ...)
+ TODO: check
+CVE-2026-29089 (TimescaleDB is a time-series database for high-performance
real-time a ...)
+ TODO: check
+CVE-2026-29087 (@hono/node-server allows running the Hono application on
Node.js. Prio ...)
+ TODO: check
+CVE-2026-29082 (Kestra is an event-driven orchestration platform. In versions
from 1.1 ...)
+ TODO: check
+CVE-2026-29075 (Mesa is an open-source Python library for agent-based
modeling, simula ...)
+ TODO: check
+CVE-2026-29064 (Zarf is an Airgap Native Packager Manager for Kubernetes. From
version ...)
+ TODO: check
+CVE-2026-29063 (Immutable.js provides many Persistent Immutable data
structures. Prior ...)
+ TODO: check
+CVE-2026-28514 (Rocket.Chat is an open-source, secure, fully customizable
communicatio ...)
+ TODO: check
+CVE-2026-28106 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in K ...)
+ TODO: check
+CVE-2026-28080 (Missing Authorization vulnerability in Rank Math Rank Math SEO
PRO all ...)
+ TODO: check
+CVE-2026-27777 (Charging station authentication identifiers are publicly
accessible vi ...)
+ TODO: check
+CVE-2026-27764 (The WebSocket backend uses charging station identifiers to
uniquely as ...)
+ TODO: check
+CVE-2026-27123
+ REJECTED
+CVE-2026-27027 (Charging station authentication identifiers are publicly
accessible vi ...)
+ TODO: check
+CVE-2026-26288 (WebSocket endpoints lack proper authentication mechanisms,
enabling at ...)
+ TODO: check
+CVE-2026-26051 (WebSocket endpoints lack proper authentication mechanisms,
enabling at ...)
+ TODO: check
+CVE-2026-26018 (CoreDNS is a DNS server that chains plugins. Prior to version
1.14.2, ...)
+ TODO: check
+CVE-2026-26017 (CoreDNS is a DNS server that chains plugins. Prior to version
1.14.2, ...)
+ TODO: check
+CVE-2026-24696 (The WebSocket Application Programming Interface lacks
restrictions on ...)
+ TODO: check
+CVE-2026-23925 (An authenticated Zabbix user (User role) with template/host
write perm ...)
+ TODO: check
+CVE-2026-20882 (The WebSocket Application Programming Interface lacks
restrictions on ...)
+ TODO: check
+CVE-2026-20748 (The WebSocket backend uses charging station identifiers to
uniquely as ...)
+ TODO: check
+CVE-2026-1799
+ REJECTED
+CVE-2026-1468 (QuickCMS is vulnerable to Cross-Site Request Forgery across
multiple e ...)
+ TODO: check
+CVE-2025-70363 (Incorrect access control in the REST API of Ibexa & Ciril
GROUP eZ Pla ...)
+ TODO: check
+CVE-2025-69654 (A crafted JavaScript input executed with the QuickJS release
2025-09-1 ...)
+ TODO: check
+CVE-2025-69653 (A crafted JavaScript input can trigger an internal assertion
failure i ...)
+ TODO: check
+CVE-2025-69652 (GNU Binutils thru 2.46 readelf contains a vulnerability that
leads to ...)
+ TODO: check
+CVE-2025-69651 (GNU Binutils thru 2.46 readelf contains a vulnerability that
leads to ...)
+ TODO: check
+CVE-2025-69650 (GNU Binutils thru 2.46 readelf contains a double free
vulnerability wh ...)
+ TODO: check
+CVE-2025-69649 (GNU Binutils thru 2.46 readelf contains a null pointer
dereference vul ...)
+ TODO: check
+CVE-2025-69646 (Binutils objdump contains a denial-of-service vulnerability
when proce ...)
+ TODO: check
+CVE-2025-69645 (Binutils objdump contains a denial-of-service vulnerability
when proce ...)
+ TODO: check
+CVE-2025-69644 (An issue was discovered in Binutils before 2.46. The objdump
contains ...)
+ TODO: check
+CVE-2025-15602 (Snipe-IT versions prior to 8.3.7 contain sensitive user
attributes rel ...)
+ TODO: check
+CVE-2024-35644 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2022-4947
+ REJECTED
+CVE-2018-25200 (OOP CMS BLOG 1.0 contains a cross-site request forgery
vulnerability t ...)
+ TODO: check
+CVE-2018-25199 (OOP CMS BLOG 1.0 contains SQL injection vulnerabilities that
allow una ...)
+ TODO: check
+CVE-2018-25198 (eToolz 3.4.8.0 contains a denial of service vulnerability that
allows ...)
+ TODO: check
+CVE-2018-25197 (PlayJoom 0.10.1 contains an SQL injection vulnerability that
allows un ...)
+ TODO: check
+CVE-2018-25196 (ServerZilla 1.0 contains an SQL injection vulnerability that
allows un ...)
+ TODO: check
+CVE-2018-25194 (Nominas 0.27 contains an SQL injection vulnerability that
allows unaut ...)
+ TODO: check
+CVE-2018-25193 (Mongoose Web Server 6.9 contains a denial of service
vulnerability tha ...)
+ TODO: check
+CVE-2018-25192 (GPS Tracking System 2.12 contains an SQL injection
vulnerability that ...)
+ TODO: check
+CVE-2018-25191 (Facturation System 1.0 contains an SQL injection vulnerability
that al ...)
+ TODO: check
+CVE-2018-25190 (Easyndexer 1.0 contains a cross-site request forgery
vulnerability tha ...)
+ TODO: check
+CVE-2018-25189 (Data Center Audit 2.6.2 contains an SQL injection
vulnerability in the ...)
+ TODO: check
+CVE-2018-25188 (Webiness Inventory 2.3 contains an SQL injection vulnerability
that al ...)
+ TODO: check
+CVE-2018-25187 (Tina4 Stack 1.0.3 contains multiple vulnerabilities allowing
unauthent ...)
+ TODO: check
+CVE-2018-25186 (Tina4 Stack 1.0.3 contains a cross-site request forgery
vulnerability ...)
+ TODO: check
+CVE-2018-25184 (Surreal ToDo 0.6.1.2 contains a local file inclusion
vulnerability tha ...)
+ TODO: check
+CVE-2018-25182 (Silurus Classifieds Script 2.0 contains an SQL injection
vulnerability ...)
+ TODO: check
+CVE-2018-25181 (Musicco 2.0.0 contains a path traversal vulnerability that
allows unau ...)
+ TODO: check
+CVE-2018-25180 (Maitra 1.7.2 contains an sql injection vulnerability that
allows authe ...)
+ TODO: check
+CVE-2018-25179 (Gumbo CMS 0.99 contains an SQL injection vulnerability that
allows una ...)
+ TODO: check
+CVE-2018-25178 (Easyndexer 1.0 contains an arbitrary file download
vulnerability that ...)
+ TODO: check
+CVE-2018-25177 (Data Center Audit 2.6.2 contains a cross-site request forgery
vulnerab ...)
+ TODO: check
+CVE-2018-25176 (Alive Parish 2.0.4 contains an SQL injection vulnerability
that allows ...)
+ TODO: check
+CVE-2018-25175 (Alienor Web Libre 2.0 contains an SQL injection vulnerability
that all ...)
+ TODO: check
+CVE-2018-25174 (ABC ERP 0.6.4 contains a cross-site request forgery
vulnerability that ...)
+ TODO: check
+CVE-2018-25173 (Rmedia SMS 1.0 contains an SQL injection vulnerability that
allows una ...)
+ TODO: check
+CVE-2018-25172 (Pedidos 1.0 contains an SQL injection vulnerability that
allows unauth ...)
+ TODO: check
+CVE-2018-25171 (EdTv 2 contains an SQL injection vulnerability that allows
unauthentic ...)
+ TODO: check
+CVE-2018-25170 (DoceboLMS 1.2 contains an SQL injection vulnerability that
allows unau ...)
+ TODO: check
+CVE-2018-25169 (AMPPS 2.7 contains a denial of service vulnerability that
allows remot ...)
+ TODO: check
+CVE-2018-25168 (Precurio Intranet Portal 2.0 contains a cross-site request
forgery vul ...)
+ TODO: check
+CVE-2018-25167 (Net-Billetterie 2.9 contains an SQL injection vulnerability in
the log ...)
+ TODO: check
+CVE-2018-25166 (Meneame English Pligg 5.8 contains an SQL injection
vulnerability that ...)
+ TODO: check
+CVE-2018-25165 (Galaxy Forces MMORPG 0.5.8 contains an SQL injection
vulnerability tha ...)
+ TODO: check
+CVE-2018-25164 (EverSync 0.5 contains an arbitrary file download vulnerability
that al ...)
+ TODO: check
+CVE-2018-25163 (BitZoom 1.0 contains an SQL injection vulnerability that
allows unauth ...)
+ TODO: check
+CVE-2018-25162 (2-Plan Team 1.0.4 contains an arbitrary file upload
vulnerability that ...)
+ TODO: check
+CVE-2018-25161 (Warranty Tracking System 11.06.3 contains an SQL injection
vulnerabili ...)
+ TODO: check
CVE-2026-27142
- golang-1.26 <unfixed>
- golang-1.25 <unfixed>
@@ -200,7 +380,8 @@ CVE-2026-28486 (OpenClaw versions 2026.1.16-2 prior to
2026.2.14 contain a path
NOT-FOR-US: OpenClaw
CVE-2026-28485 (OpenClaw versions 2026.1.5 prior to 2026.2.12 fail to enforce
mandator ...)
NOT-FOR-US: OpenClaw
-CVE-2026-28484 (OpenClaw versions prior to 2026.2.15 contain an option
injection vulne ...)
+CVE-2026-28484
+ REJECTED
NOT-FOR-US: OpenClaw
CVE-2026-28482 (OpenClaw versions prior to 2026.2.12 construct transcript file
paths u ...)
NOT-FOR-US: OpenClaw
@@ -310,9 +491,9 @@ CVE-2026-27005 (Chartbrew is an open-source web application
that can connect dir
TODO: check
CVE-2026-26125 (Payment Orchestrator Service Elevation of Privilege
Vulnerability)
TODO: check
-CVE-2026-26124 (Microsoft ACI Confidential Containers Elevation of Privilege
Vulnerabi ...)
+CVE-2026-26124 ('.../...//' in Azure Compute Gallery allows an authorized
attacker to ...)
TODO: check
-CVE-2026-26122 (Microsoft ACI Confidential Containers Information Disclosure
Vulnerabi ...)
+CVE-2026-26122 (Initialization of a resource with an insecure default in Azure
Compute ...)
TODO: check
CVE-2026-25962 (MarkUs is a web application for the submission and grading of
student ...)
TODO: check
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92375c04952fba90fc56e9566350f3fbe31cce3b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92375c04952fba90fc56e9566350f3fbe31cce3b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
