Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
11f0d8ac by security tracker role at 2026-03-16T20:13:06+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,249 @@
+CVE-2026-4276 (LibreChat RAG API, version 0.7.0, contains a log-injection
vulnerabili ...)
+ TODO: check
+CVE-2026-4270 (Improper Protection of Alternate Path exists in the no-access
and work ...)
+ TODO: check
+CVE-2026-4269 (A missing S3 ownership verification in the Bedrock AgentCore
Starter T ...)
+ TODO: check
+CVE-2026-4265 (Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x
<= 10. ...)
+ TODO: check
+CVE-2026-4254 (A weakness has been identified in Tenda AC8 up to 16.03.50.11.
This vu ...)
+ TODO: check
+CVE-2026-4253 (A security flaw has been discovered in Tenda AC8 16.03.50.11.
This aff ...)
+ TODO: check
+CVE-2026-4252 (A vulnerability was identified in Tenda AC8 16.03.50.11.
Affected by t ...)
+ TODO: check
+CVE-2026-4251 (A vulnerability was determined in CityData CityChat up to
0.12.6 on An ...)
+ TODO: check
+CVE-2026-4250 (A vulnerability was found in Albert Sa\u011fl\u0131k Hizmetleri
ve Tic ...)
+ TODO: check
+CVE-2026-4243 (A weakness has been identified in La Nacion App 10.2.25 on
Android. Th ...)
+ TODO: check
+CVE-2026-4242 (A security flaw has been discovered in BabyChakra Pregnancy &
Parentin ...)
+ TODO: check
+CVE-2026-4241 (A vulnerability was identified in itsourcecode College
Management Syst ...)
+ TODO: check
+CVE-2026-4240 (A vulnerability was determined in Open5GS up to 2.7.6. The
affected el ...)
+ TODO: check
+CVE-2026-4239 (A vulnerability was found in Lagom WHMCS Template up to 2.3.7.
Impacte ...)
+ TODO: check
+CVE-2026-4238 (A vulnerability has been found in itsourcecode College
Management Syst ...)
+ TODO: check
+CVE-2026-4237 (A flaw has been found in itsourcecode Free Hotel Reservation
System 1. ...)
+ TODO: check
+CVE-2026-4236 (A security vulnerability has been detected in itsourcecode
Online Enro ...)
+ TODO: check
+CVE-2026-4235 (A weakness has been identified in itsourcecode Online
Enrollment Syste ...)
+ TODO: check
+CVE-2026-4234 (A security flaw has been discovered in SSCMS 7.4.0. This
vulnerability ...)
+ TODO: check
+CVE-2026-4233 (A vulnerability was identified in ThingsGateway 12. This
affects an un ...)
+ TODO: check
+CVE-2026-4232 (A vulnerability was determined in Tiandy Integrated Management
Platfor ...)
+ TODO: check
+CVE-2026-4231 (A vulnerability was found in vanna-ai vanna up to 2.0.2.
Affected by t ...)
+ TODO: check
+CVE-2026-4230 (A vulnerability has been found in vanna-ai vanna up to 2.0.2.
Affected ...)
+ TODO: check
+CVE-2026-4229 (A flaw has been found in vanna-ai vanna up to 2.0.2. This
impacts the ...)
+ TODO: check
+CVE-2026-4228 (A vulnerability was detected in LB-LINK BL-WR9000 2.4.9. This
affects ...)
+ TODO: check
+CVE-2026-4227 (A security vulnerability has been detected in LB-LINK BL-WR9000
2.4.9. ...)
+ TODO: check
+CVE-2026-4224 (When an Expat parser with a registered ElementDeclHandler
parses an in ...)
+ TODO: check
+CVE-2026-3644 (The fix for CVE-2026-0672, which rejected control characters in
http.c ...)
+ TODO: check
+CVE-2026-3476 (A Code Injection vulnerability affecting SOLIDWORKS Desktop
from Relea ...)
+ TODO: check
+CVE-2026-3111 (Insecure Direct Object Reference (IDOR) vulnerability in Campus
Educat ...)
+ TODO: check
+CVE-2026-3110 (Insecure Direct Object Reference (IDOR) vulnerability in Campus
Educat ...)
+ TODO: check
+CVE-2026-3024 (Stored Cross-Site Scripting (XSS) vulnerability in the Wakyma
web appl ...)
+ TODO: check
+CVE-2026-3023 (Non-relational SQL injection vulnerability (NoSQLi) in the
Wakyma web ...)
+ TODO: check
+CVE-2026-3022 (Non-relational SQL injection vulnerability (NoSQLi) in the
Wakyma web ...)
+ TODO: check
+CVE-2026-3021 (Non-relational SQL injection vulnerability (NoSQLi) in the
Wakyma web ...)
+ TODO: check
+CVE-2026-3020 (Identity based authorization bypass vulnerability (IDOR) that
allows a ...)
+ TODO: check
+CVE-2026-32587 (Missing Authorization vulnerability in Saad Iqbal WP EasyPay
allows Ex ...)
+ TODO: check
+CVE-2026-32583 (Missing Authorization vulnerability in Webnus Inc. Modern
Events Calen ...)
+ TODO: check
+CVE-2026-32267 (Craft CMS is a content management system (CMS). From version
4.0.0-RC1 ...)
+ TODO: check
+CVE-2026-32264 (Craft CMS is a content management system (CMS). From version
4.0.0-RC1 ...)
+ TODO: check
+CVE-2026-32263 (Craft CMS is a content management system (CMS). From version
5.6.0 to ...)
+ TODO: check
+CVE-2026-32262 (Craft CMS is a content management system (CMS). From version
4.0.0-RC1 ...)
+ TODO: check
+CVE-2026-32261 (Webhooks for Craft CMS plugin adds the ability to manage
\u201cwebhook ...)
+ TODO: check
+CVE-2026-30882 (Chamilo LMS is a learning management system. Chamilo LMS
version 1.11. ...)
+ TODO: check
+CVE-2026-30881 (Chamilo LMS is a learning management system. Version 1.11.34
and prior ...)
+ TODO: check
+CVE-2026-30876 (Chamilo LMS is a learning management system. Prior to version
1.11.36, ...)
+ TODO: check
+CVE-2026-30875 (Chamilo LMS is a learning management system. Prior to version
1.11.36, ...)
+ TODO: check
+CVE-2026-30405 (An issue in GoBGP gobgpd v.4.2.0 allows a remote attacker to
cause a d ...)
+ TODO: check
+CVE-2026-2578 (Mattermost versions 11.3.x <= 11.3.0 fail to preserve the
redacted sta ...)
+ TODO: check
+CVE-2026-2476 (Mattermost Plugins versions <=2.0.3.0 fail to properly mask
sensitive ...)
+ TODO: check
+CVE-2026-2463 (Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x
<= 10. ...)
+ TODO: check
+CVE-2026-2462 (Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x
<= 10. ...)
+ TODO: check
+CVE-2026-2461 (Mattermost Plugins versions <=11.3 11.0.3 11.2.2 10.10.11.0
fail to im ...)
+ TODO: check
+CVE-2026-2458 (Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x
<= 10. ...)
+ TODO: check
+CVE-2026-2457 (Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x
<= 10. ...)
+ TODO: check
+CVE-2026-2456 (Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x
<= 10. ...)
+ TODO: check
+CVE-2026-2455 (Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x
<= 10. ...)
+ TODO: check
+CVE-2026-2326
+ REJECTED
+CVE-2026-29521 (Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a
cross-s ...)
+ TODO: check
+CVE-2026-29520 (Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a
reflect ...)
+ TODO: check
+CVE-2026-29516 (Buffalo TeraStation NAS TS5400R firmware version 4.02-0.06 and
prior c ...)
+ TODO: check
+CVE-2026-29513 (Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a
stored ...)
+ TODO: check
+CVE-2026-29510 (Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a
stored ...)
+ TODO: check
+CVE-2026-28498 (Authlib is a Python library which builds OAuth and OpenID
Connect serv ...)
+ TODO: check
+CVE-2026-28490 (Authlib is a Python library which builds OAuth and OpenID
Connect serv ...)
+ TODO: check
+CVE-2026-28430 (Chamilo LMS is a learning management system. Prior to version
1.11.34, ...)
+ TODO: check
+CVE-2026-27962 (Authlib is a Python library which builds OAuth and OpenID
Connect serv ...)
+ TODO: check
+CVE-2026-26304 (Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2 fail to
verify ...)
+ TODO: check
+CVE-2026-26246 (Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2,
10.11.x <= 10. ...)
+ TODO: check
+CVE-2026-25783 (Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2,
10.11.x <= 10. ...)
+ TODO: check
+CVE-2026-25780 (Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2,
10.11.x <= 10. ...)
+ TODO: check
+CVE-2026-25369 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-24692 (Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2,
10.11.x <= 10. ...)
+ TODO: check
+CVE-2026-24458 (Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2,
10.11.x <= 10. ...)
+ TODO: check
+CVE-2026-23862 (Dell ThinOS 10 versions prior to ThinOS 2602_10.0573, contain
an Impro ...)
+ TODO: check
+CVE-2026-23489 (Fields is a GLPI plugin that allows users to add custom fields
on GLPI ...)
+ TODO: check
+CVE-2026-22545 (Mattermost versions 10.11.x <= 10.11.10 fail to validate
user's authen ...)
+ TODO: check
+CVE-2026-21386 (Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2,
10.11.x <= 10. ...)
+ TODO: check
+CVE-2025-69809 (A write-what-where condition in p2r3 Bareiron commit 8e4d40
allows una ...)
+ TODO: check
+CVE-2025-69808 (An out-of-bounds memory access (OOB) in p2r3 Bareiron commit
8e4d40 al ...)
+ TODO: check
+CVE-2025-69784 (A local, non-privileged attacker can abuse a vulnerable IOCTL
interfac ...)
+ TODO: check
+CVE-2025-69783 (A local attacker can bypass OpenEDR's 2.5.1.0 self-defense
mechanism b ...)
+ TODO: check
+CVE-2025-69768 (SQL Injection vulnerability in Chyrp v.2.5.2 and before allows
a remot ...)
+ TODO: check
+CVE-2025-69727 (An Incorrect Access Control vulnerability exists in
INDEX-EDUCATION PR ...)
+ TODO: check
+CVE-2025-69693 (Out-of-bounds read in FFmpeg 8.0 and 8.0.1 RV60 video decoder
(libavco ...)
+ TODO: check
+CVE-2025-69246 (Raytha CMS does not have any brute force protection mechanism
implemen ...)
+ TODO: check
+CVE-2025-69245 (Raytha CMS is vulnerable to Reflected XSS via
returnUrlparameter in lo ...)
+ TODO: check
+CVE-2025-69243 (Raytha CMS is vulnerable to User Enumeration in password reset
functio ...)
+ TODO: check
+CVE-2025-69242 (Raytha CMS is vulnerable to reflected XSS via the
backToListUrlparamet ...)
+ TODO: check
+CVE-2025-69241 (Raytha CMS is vulnerable to Stored XSS viaFirstName and
LastNameparame ...)
+ TODO: check
+CVE-2025-69240 (Raytha CMS allows an attacker to spoof `X-Forwarded-Host` or
`Host` he ...)
+ TODO: check
+CVE-2025-69239 (Raytha CMS is vulnerable to Server-Side Request Forgery in
the\u201cTh ...)
+ TODO: check
+CVE-2025-69238 (Raytha CMS is vulnerable to Cross-Site Request Forgery across
multiple ...)
+ TODO: check
+CVE-2025-69237 (Raytha CMS is vulnerable to Stored XSS viaFieldValues[0].Value
paramet ...)
+ TODO: check
+CVE-2025-69236 (Raytha CMS is vulnerable to Stored XSS via
FieldValues[1].Value parame ...)
+ TODO: check
+CVE-2025-69196 (FastMCP is the standard framework for building MCP
applications. Prior ...)
+ TODO: check
+CVE-2025-68971 (In Forgejo through 13.0.3, the attachment component allows a
denial of ...)
+ TODO: check
+CVE-2025-66687 (Doom Launcher 3.8.1.0 is vulnerable to Directory Traversal due
to miss ...)
+ TODO: check
+CVE-2025-65734 (An authenticated arbitrary file upload vulnerability in the
Courses/Wo ...)
+ TODO: check
+CVE-2025-62319 (Boolean-Based SQL Injection is a type of blind SQL injection
where an ...)
+ TODO: check
+CVE-2025-57543 (Cross Site scripting vulnerability (XSS) in NetBox 4.3.5
"comment" fie ...)
+ TODO: check
+CVE-2025-54758
+ REJECTED
+CVE-2025-53815
+ REJECTED
+CVE-2025-53517
+ REJECTED
+CVE-2025-52649 (HCL AION is affected by a vulnerability where certain
identifiers may ...)
+ TODO: check
+CVE-2025-52648 (HCL AION is affected by a vulnerability where offering images
are not ...)
+ TODO: check
+CVE-2025-52646 (HCL AION is affected by a vulnerability where certain offering
configu ...)
+ TODO: check
+CVE-2025-52645 (HCL AION is affected by a vulnerability where model packaging
and dist ...)
+ TODO: check
+CVE-2025-52644 (HCL AION is affected by a vulnerability where certain user
actions are ...)
+ TODO: check
+CVE-2025-52643 (HCL AION is affected by a vulnerability where untrusted file
parsing o ...)
+ TODO: check
+CVE-2025-52642 (HCL AION is affected by a vulnerability where internal
filesystem path ...)
+ TODO: check
+CVE-2025-52638 (HCL AION is affected by a vulnerability where container base
images ar ...)
+ TODO: check
+CVE-2025-52637 (HCL AION is affected by a vulnerability where certain offering
configu ...)
+ TODO: check
+CVE-2025-52636 (HCL AION is affected by a vulnerability related to the
handling of upl ...)
+ TODO: check
+CVE-2025-2274 (Improper Neutralization of Input During Web Page Generation in
Forcepo ...)
+ TODO: check
+CVE-2025-15587 (Tinycontrol devices such as tcPDU and LAN Controllers LK3.5,
LK3.9 and ...)
+ TODO: check
+CVE-2025-15554 (Browser caching of LAPS passwords in Truesec\u2019s LAPSWebUI
before v ...)
+ TODO: check
+CVE-2025-15553 (Non-working logout functionality in Truesec\u2019s LAPSWebUI
before ve ...)
+ TODO: check
+CVE-2025-15552 (Insufficient Session Expiration in Truesec\u2019s LAPSWebUI
before ver ...)
+ TODO: check
+CVE-2025-15540 ("Functions" module in Raytha CMS allows privileged users
towrite custo ...)
+ TODO: check
+CVE-2025-11500 (Tinycontrol devices such as tcPDU andLAN Controllers LK3.5,
LK3.9 and ...)
+ TODO: check
+CVE-2025-10685 (Heap-based buffer overflow vulnerability in Softing Industrial
Automat ...)
+ TODO: check
+CVE-2025-10461 (Global file reads caused by improper URL checks in webserver
in Softin ...)
+ TODO: check
CVE-2026-4255 (A DLL search order hijacking vulnerability in Thermalright
TR-VISION H ...)
NOT-FOR-US: Thermalright TR-VISION
CVE-2026-4226 (A weakness has been identified in LB-LINK BL-WR9000 2.4.9. The
affecte ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11f0d8ac59d35eec5153110bb3fe3ce40f7c83a9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11f0d8ac59d35eec5153110bb3fe3ce40f7c83a9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
