[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8a67a281 by security tracker role at 2026-03-07T08:13:08+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,151 @@
+CVE-2026-3352 (The Easy PHP Settings plugin for WordPress is vulnerable to PHP 
Code I ...)
+       TODO: check
+CVE-2026-3233
+       REJECTED
+CVE-2026-30842 (Wallos is an open-source, self-hostable personal subscription 
tracker. ...)
+       TODO: check
+CVE-2026-30841 (Wallos is an open-source, self-hostable personal subscription 
tracker. ...)
+       TODO: check
+CVE-2026-30840 (Wallos is an open-source, self-hostable personal subscription 
tracker. ...)
+       TODO: check
+CVE-2026-30839 (Wallos is an open-source, self-hostable personal subscription 
tracker. ...)
+       TODO: check
+CVE-2026-30835 (Parse Server is an open source backend that can be deployed to 
any inf ...)
+       TODO: check
+CVE-2026-30830 (Defuddle cleans up HTML pages. Prior to version 0.9.0, the 
_findConten ...)
+       TODO: check
+CVE-2026-30829 (Checkmate is an open-source, self-hosted tool designed to 
track and mo ...)
+       TODO: check
+CVE-2026-30828 (Wallos is an open-source, self-hostable personal subscription 
tracker. ...)
+       TODO: check
+CVE-2026-30827 (express-rate-limit is a basic rate-limiting middleware for 
Express. In ...)
+       TODO: check
+CVE-2026-30825 (hoppscotch is an open source API development ecosystem. Prior 
to versi ...)
+       TODO: check
+CVE-2026-30824 (Flowise is a drag & drop user interface to build a customized 
large la ...)
+       TODO: check
+CVE-2026-30823 (Flowise is a drag & drop user interface to build a customized 
large la ...)
+       TODO: check
+CVE-2026-30822 (Flowise is a drag & drop user interface to build a customized 
large la ...)
+       TODO: check
+CVE-2026-30821 (Flowise is a drag & drop user interface to build a customized 
large la ...)
+       TODO: check
+CVE-2026-30820 (Flowise is a drag & drop user interface to build a customized 
large la ...)
+       TODO: check
+CVE-2026-30247 (WeKnora is an LLM-powered framework designed for deep document 
underst ...)
+       TODO: check
+CVE-2026-30244 (Plane is an an open-source project management tool. Prior to 
version 1 ...)
+       TODO: check
+CVE-2026-30242 (Plane is an an open-source project management tool. Prior to 
version 1 ...)
+       TODO: check
+CVE-2026-30241 (Mercurius is a GraphQL adapter for Fastify. Prior to version 
16.8.0, M ...)
+       TODO: check
+CVE-2026-30238 (Group-Office is an enterprise customer relationship management 
and gro ...)
+       TODO: check
+CVE-2026-30237 (Group-Office is an enterprise customer relationship management 
and gro ...)
+       TODO: check
+CVE-2026-30233 (OliveTin gives access to predefined shell commands from a web 
interfac ...)
+       TODO: check
+CVE-2026-30231 (Flare is a Next.js-based, self-hostable file sharing platform 
that int ...)
+       TODO: check
+CVE-2026-30230 (Flare is a Next.js-based, self-hostable file sharing platform 
that int ...)
+       TODO: check
+CVE-2026-30229 (Parse Server is an open source backend that can be deployed to 
any inf ...)
+       TODO: check
+CVE-2026-30228 (Parse Server is an open source backend that can be deployed to 
any inf ...)
+       TODO: check
+CVE-2026-30227 (MimeKit is a C# library which may be used for the creation and 
parsing ...)
+       TODO: check
+CVE-2026-30225 (OliveTin gives access to predefined shell commands from a web 
interfac ...)
+       TODO: check
+CVE-2026-30224 (OliveTin gives access to predefined shell commands from a web 
interfac ...)
+       TODO: check
+CVE-2026-30223 (OliveTin gives access to predefined shell commands from a web 
interfac ...)
+       TODO: check
+CVE-2026-2722 (The Stock Ticker plugin for WordPress is vulnerable to Stored 
Cross-Si ...)
+       TODO: check
+CVE-2026-2721 (The MailArchiver plugin for WordPress is vulnerable to Stored 
Cross-Si ...)
+       TODO: check
+CVE-2026-2494 (The ProfileGrid \u2013 User Profiles, Groups and Communities 
plugin fo ...)
+       TODO: check
+CVE-2026-2488 (The ProfileGrid \u2013 User Profiles, Groups and Communities 
plugin fo ...)
+       TODO: check
+CVE-2026-2433 (The RSS Aggregator \u2013 RSS Import, News Feeds, Feed to Post, 
and Au ...)
+       TODO: check
+CVE-2026-2431 (The CM Custom Reports plugin for WordPress is vulnerable to 
Reflected  ...)
+       TODO: check
+CVE-2026-2429 (The Community Events plugin for WordPress is vulnerable to SQL 
Injecti ...)
+       TODO: check
+CVE-2026-2420 (The LotekMedia Popup Form plugin for WordPress is vulnerable to 
Stored ...)
+       TODO: check
+CVE-2026-2371 (The Greenshift \u2013 animation and page builder blocks plugin 
for Wor ...)
+       TODO: check
+CVE-2026-2020 (The JS Archive List plugin for WordPress is vulnerable to PHP 
Object I ...)
+       TODO: check
+CVE-2026-29795 (stellar-xdr is a library and CLI containing types and 
functionality fo ...)
+       TODO: check
+CVE-2026-29791 (Agentgateway is an open source data plane for agentic AI 
connectivity  ...)
+       TODO: check
+CVE-2026-29790 (dbt-common is the shared common utilities for dbt-core and 
adapter imp ...)
+       TODO: check
+CVE-2026-29789 (Vito is a self-hosted web application that helps manage 
servers and de ...)
+       TODO: check
+CVE-2026-29788 (TSPortal is the WikiTide Foundation\u2019s in-house platform 
used by t ...)
+       TODO: check
+CVE-2026-29182 (Parse Server is an open source backend that can be deployed to 
any inf ...)
+       TODO: check
+CVE-2026-27797 (Homarr is an open-source dashboard. Prior to version 1.54.0, 
an unauth ...)
+       TODO: check
+CVE-2026-27796 (Homarr is an open-source dashboard. Prior to version 1.54.0, 
the integ ...)
+       TODO: check
+CVE-2026-25073 (XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 
and prio ...)
+       TODO: check
+CVE-2026-25072 (XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 
and prio ...)
+       TODO: check
+CVE-2026-25071 (XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 
and prio ...)
+       TODO: check
+CVE-2026-25070 (XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 
and prio ...)
+       TODO: check
+CVE-2026-1981 (The HUMN-1 AI Website Scanner & Human Certification by Winston 
AI plug ...)
+       TODO: check
+CVE-2026-1902 (The Hammas Calendar plugin for WordPress is vulnerable to 
Stored Cross ...)
+       TODO: check
+CVE-2026-1825 (The Show YouTube video plugin for WordPress is vulnerable to 
Stored Cr ...)
+       TODO: check
+CVE-2026-1824 (The Infomaniak Connect for OpenID plugin for WordPress is 
vulnerable t ...)
+       TODO: check
+CVE-2026-1823 (The Consensus Embed plugin for WordPress is vulnerable to 
Stored Cross ...)
+       TODO: check
+CVE-2026-1820 (The Media Library Alt Text Editor plugin for WordPress is 
vulnerable t ...)
+       TODO: check
+CVE-2026-1805 (The DA Media GigList plugin for WordPress is vulnerable to 
Stored Cros ...)
+       TODO: check
+CVE-2026-1650 (The MDJM Event Management plugin for WordPress is vulnerable to 
unauth ...)
+       TODO: check
+CVE-2026-1644 (The WP Frontend Profile plugin for WordPress is vulnerable to 
Cross-Si ...)
+       TODO: check
+CVE-2026-1574 (The MyQtip \u2013 easy qTip2 plugin for WordPress is vulnerable 
to Sto ...)
+       TODO: check
+CVE-2026-1569 (The Wueen plugin for WordPress is vulnerable to Stored 
Cross-Site Scri ...)
+       TODO: check
+CVE-2026-1087 (The Guardian News Feed plugin for WordPress is vulnerable to 
Cross-Sit ...)
+       TODO: check
+CVE-2026-1086 (The Font Pairing Preview For Landing Pages plugin for WordPress 
is vul ...)
+       TODO: check
+CVE-2026-1085 (The True Ranker plugin for WordPress is vulnerable to 
Cross-Site Reque ...)
+       TODO: check
+CVE-2026-1074 (The WP App Bar plugin for WordPress is vulnerable to Stored 
Cross-Site ...)
+       TODO: check
+CVE-2026-1073 (The Purchase Button For Affiliate Link plugin for WordPress is 
vulnera ...)
+       TODO: check
+CVE-2026-1071 (The Carta Online plugin for WordPress is vulnerable to Stored 
Cross-Si ...)
+       TODO: check
+CVE-2025-8899 (The Paid Videochat Turnkey Site \u2013 HTML5 PPV Live Webcams 
plugin f ...)
+       TODO: check
+CVE-2025-14675 (The Meta Box plugin for WordPress is vulnerable to arbitrary 
file dele ...)
+       TODO: check
+CVE-2025-14353 (The ZIP Code Based Content Protection plugin for WordPress is 
vulnerab ...)
+       TODO: check
 CVE-2026-3653
        REJECTED
 CVE-2026-3589 (The WooCommerce WordPress plugin from versions 5.4.0 to 10.5.2 
does no ...)
@@ -201,7 +349,7 @@ CVE-2018-25162 (2-Plan Team 1.0.4 contains an arbitrary 
file upload vulnerabilit
        NOT-FOR-US: 2-Plan Team
 CVE-2018-25161 (Warranty Tracking System 11.06.3 contains an SQL injection 
vulnerabili ...)
        NOT-FOR-US: Warranty Tracking System
-CVE-2026-27139
+CVE-2026-27139 (On Unix platforms, when listing the contents of a directory 
using File ...)
        - golang-1.26 <unfixed>
        - golang-1.25 <unfixed>
        - golang-1.24 <unfixed>
@@ -210,7 +358,7 @@ CVE-2026-27139
        NOTE: https://github.com/golang/go/issues/77827
        NOTE: Fixed by: 
https://github.com/golang/go/commit/8cce3ab20c49a5c3c9fa8e97ad47335c3ccd2620 
(go1.26.1)
        NOTE: Fixed by: 
https://github.com/golang/go/commit/4091800393d254befde3770fd16f51200ebd5a3d 
(go1.25.8)
-CVE-2026-25679
+CVE-2026-25679 (url.Parse insufficiently validated the host/authority 
component and ac ...)
        - golang-1.26 <unfixed>
        - golang-1.25 <unfixed>
        - golang-1.24 <unfixed>
@@ -219,7 +367,7 @@ CVE-2026-25679
        NOTE: https://github.com/golang/go/issues/77578
        NOTE: Fixed by: 
https://github.com/golang/go/commit/65c7d7a9fb3a9d1fbf1e702a211b8cc3a7bedb53 
(go1.26.1)
        NOTE: fixed by: 
https://github.com/golang/go/commit/d8174a9500d53784594b198f6195d1fae8dfe803 
(go1.25.8)
-CVE-2026-27142
+CVE-2026-27142 (Actions which insert URLs into the content attribute of HTML 
meta tags ...)
        - golang-1.26 <unfixed>
        - golang-1.25 <unfixed>
        - golang-1.24 <unfixed>
@@ -228,7 +376,7 @@ CVE-2026-27142
        NOTE: https://github.com/golang/go/issues/77954
        NOTE: Fixed by: 
https://github.com/golang/go/commit/994692847a2cd3efd319f0cb61a07c0012c8a4ff 
(go1.26.1)
        NOTE: Fixed by: 
https://github.com/golang/go/commit/a9db31e6d9f280418ce441067f3f9dc0a036e770 
(go1.25.8)
-CVE-2026-27138
+CVE-2026-27138 (Certificate verification can panic when a certificate in the 
chain has ...)
        - golang-1.26 <unfixed>
        - golang-1.25 <not-affected> (Vulnerable code not present)
        - golang-1.24 <not-affected> (Vulnerable code not present)
@@ -236,7 +384,7 @@ CVE-2026-27138
        - golang-1.15 <not-affected> (Vulnerable code not present)
        NOTE: https://github.com/golang/go/issues/77953
        NOTE: Fixed by: 
https://github.com/golang/go/commit/e792d6aa952dbfdd3e8eac6f7abc3efd9df09030 
(go1.26.1)
-CVE-2026-27137
+CVE-2026-27137 (When verifying a certificate chain which contains a 
certificate contai ...)
        - golang-1.26 <unfixed>
        - golang-1.25 <not-affected> (Vulnerable code not present)
        - golang-1.24 <not-affected> (Vulnerable code not present)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a67a281e31caa5372e2aeaf74083985d1a9c328

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a67a281e31caa5372e2aeaf74083985d1a9c328
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits