Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d3ec16ec by security tracker role at 2026-03-19T08:13:36+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,8 +1,154 @@
-CVE-2026-31973
+CVE-2026-4407 (Out-of-bounds array write in Xpdf 4.06 and earlier, due to
incorrect v ...)
+ TODO: check
+CVE-2026-4120 (The Info Cards \u2013 Add Text and Media in Card Layouts plugin
for Wo ...)
+ TODO: check
+CVE-2026-4068 (The Add Custom Fields to Media plugin for WordPress is
vulnerable to C ...)
+ TODO: check
+CVE-2026-4006 (The Simple Draft List plugin for WordPress is vulnerable to
Stored Cro ...)
+ TODO: check
+CVE-2026-3475 (The Instant Popup Builder plugin for WordPress is vulnerable to
Unauth ...)
+ TODO: check
+CVE-2026-3181
+ REJECTED
+CVE-2026-33163 (Parse Server is an open source backend that can be deployed to
any inf ...)
+ TODO: check
+CVE-2026-33042 (Parse Server is an open source backend that can be deployed to
any inf ...)
+ TODO: check
+CVE-2026-32944 (Parse Server is an open source backend that can be deployed to
any inf ...)
+ TODO: check
+CVE-2026-32943 (Parse Server is an open source backend that can be deployed to
any inf ...)
+ TODO: check
+CVE-2026-32886 (Parse Server is an open source backend that can be deployed to
any inf ...)
+ TODO: check
+CVE-2026-32878 (Parse Server is an open source backend that can be deployed to
any inf ...)
+ TODO: check
+CVE-2026-32805 (Romeo gives the capability to reach high code coverage of Go
\u22651.2 ...)
+ TODO: check
+CVE-2026-32770 (Parse Server is an open source backend that can be deployed to
any inf ...)
+ TODO: check
+CVE-2026-32743 (PX4 is an open-source autopilot stack for drones and unmanned
vehicles ...)
+ TODO: check
+CVE-2026-32742 (Parse Server is an open source backend that can be deployed to
any inf ...)
+ TODO: check
+CVE-2026-32737 (Romeo gives the capability to reach high code coverage of Go
\u22651.2 ...)
+ TODO: check
+CVE-2026-32736 (The Hytale Modding Wiki is a free service for Hytale mods to
host thei ...)
+ TODO: check
+CVE-2026-32735 (openapi-to-java-records-mustache-templates allows users to
generate Ja ...)
+ TODO: check
+CVE-2026-32731 (ApostropheCMS is an open-source content management framework.
Prior to ...)
+ TODO: check
+CVE-2026-32730 (ApostropheCMS is an open-source content management framework.
Prior to ...)
+ TODO: check
+CVE-2026-32728 (Parse Server is an open source backend that can be deployed to
any inf ...)
+ TODO: check
+CVE-2026-32723 (SandboxJS is a JavaScript sandboxing library. Prior to 0.8.35,
Sandbox ...)
+ TODO: check
+CVE-2026-32722 (Memray is a memory profiler for Python. Prior to Memray
1.19.2, Memray ...)
+ TODO: check
+CVE-2026-32703 (OpenProject is an open-source, web-based project management
software. ...)
+ TODO: check
+CVE-2026-32700 (Devise is an authentication solution for Rails based on
Warden. Prior ...)
+ TODO: check
+CVE-2026-32698 (OpenProject is an open-source, web-based project management
software. ...)
+ TODO: check
+CVE-2026-32638 (StudioCMS is a server-side-rendered, Astro native, headless
content ma ...)
+ TODO: check
+CVE-2026-32636 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2026-32321 (ClipBucket v5 is an open source video sharing platform. An
authenticat ...)
+ TODO: check
+CVE-2026-32255 (Kan is an open-source project management tool. In versions
0.5.4 and b ...)
+ TODO: check
+CVE-2026-32000 (OpenClaw versions prior to 2026.2.19 contain a command
injection vulne ...)
+ TODO: check
+CVE-2026-31999 (OpenClaw versions 2026.2.26 prior to 2026.3.1 on Windows
contain a cur ...)
+ TODO: check
+CVE-2026-31998 (OpenClaw versions 2026.2.22 and 2026.2.23 contain an
authorization byp ...)
+ TODO: check
+CVE-2026-31997 (OpenClaw versions prior to 2026.3.1 fail to pin executable
identity fo ...)
+ TODO: check
+CVE-2026-31996 (OpenClaw versions prior to 2026.2.19 tools.exec.safeBins
contains an i ...)
+ TODO: check
+CVE-2026-31995 (OpenClaw versions 2026.1.21 prior to 2026.2.19 contain a
command injec ...)
+ TODO: check
+CVE-2026-31994 (OpenClaw versions prior to 2026.2.19 contain a local command
injection ...)
+ TODO: check
+CVE-2026-31993 (OpenClaw versions prior to 2026.2.22 contain an allowlist
parsing mism ...)
+ TODO: check
+CVE-2026-31992 (OpenClaw versions prior to 2026.2.23 contain an allowlist
bypass vulne ...)
+ TODO: check
+CVE-2026-31991 (OpenClaw versions prior to 2026.2.26 contain an authorization
bypass v ...)
+ TODO: check
+CVE-2026-31990 (OpenClaw versions prior to 2026.3.2 contain a vulnerability in
the sta ...)
+ TODO: check
+CVE-2026-31989 (OpenClaw versions prior to 2026.3.1 contain a server-side
request forg ...)
+ TODO: check
+CVE-2026-2571 (The Download Manager plugin for WordPress is vulnerable to
unauthorize ...)
+ TODO: check
+CVE-2026-29608 (OpenClaw 2026.3.1 contains an approval integrity vulnerability
in syst ...)
+ TODO: check
+CVE-2026-29607 (OpenClaw versions prior to 2026.2.22 contain an authorization
bypass v ...)
+ TODO: check
+CVE-2026-28461 (OpenClaw versions prior to 2026.3.1 contain an unbounded
memory growth ...)
+ TODO: check
+CVE-2026-28460 (OpenClaw versions prior to 2026.2.22 contain an allowlist
bypass vulne ...)
+ TODO: check
+CVE-2026-28449 (OpenClaw versions prior to 2026.2.25 lack durable replay state
for Nex ...)
+ TODO: check
+CVE-2026-28073 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-28070 (Missing Authorization vulnerability in Tips and Tricks HQ WP
eMember a ...)
+ TODO: check
+CVE-2026-28044 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-27670 (OpenClaw versions prior to 2026.3.2 contain a race condition
vulnerabi ...)
+ TODO: check
+CVE-2026-27566 (OpenClaw versions prior to 2026.2.22 contain an allowlist
bypass vulne ...)
+ TODO: check
+CVE-2026-27542 (Incorrect Privilege Assignment vulnerability in Rymera Web Co
Pty Ltd. ...)
+ TODO: check
+CVE-2026-27540 (Unrestricted Upload of File with Dangerous Type vulnerability
in Rymer ...)
+ TODO: check
+CVE-2026-27413 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2026-27397 (Authorization Bypass Through User-Controlled Key vulnerability
in Real ...)
+ TODO: check
+CVE-2026-27096 (Deserialization of Untrusted Data vulnerability in
BuddhaThemes ColorF ...)
+ TODO: check
+CVE-2026-27093 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2026-27091 (Missing Authorization vulnerability in UiPress UiPress lite
allows Exp ...)
+ TODO: check
+CVE-2026-25873 (OmniGen2-RL contains an unauthenticated remote code execution
vulnerab ...)
+ TODO: check
+CVE-2026-25745 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-25471 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
+ TODO: check
+CVE-2026-25312 (Missing Authorization vulnerability in EventPrime allows
Exploiting In ...)
+ TODO: check
+CVE-2026-22176 (OpenClaw versions prior to 2026.2.19 contain a command
injection vulne ...)
+ TODO: check
+CVE-2026-1276 (IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 is
vulnerable to ...)
+ TODO: check
+CVE-2026-1238 (The SlimStat Analytics plugin for WordPress is vulnerable to
Stored Cr ...)
+ TODO: check
+CVE-2025-36051 (IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 stores
potential ...)
+ TODO: check
+CVE-2025-15051 (IBM QRadar SIEM7.5.0 through 7.5.0 Update Package 14 is
vulnerable to ...)
+ TODO: check
+CVE-2025-15031 (A vulnerability in MLflow's pyfunc extraction process allows
for arbit ...)
+ TODO: check
+CVE-2025-13995 (IBM QRadar SIEM7.5.0 through 7.5.0 Update Package 14 could
allow an at ...)
+ TODO: check
+CVE-2024-42210 (A Stored cross-site scripting (XSS) vulnerability affects HCL
Unica Ma ...)
+ TODO: check
+CVE-2026-31973 (SAMtools is a program for reading, manipulating and writing
bioinforma ...)
- samtools <unfixed>
NOTE:
https://github.com/samtools/samtools/security/advisories/GHSA-x86f-q6fj-cm43
NOTE: Fixed by:
https://github.com/samtools/samtools/commit/06fc2a219b3d7c94d3f412c09f6d1efd51199f2f
-CVE-2026-31972
+CVE-2026-31972 (SAMtools is a program for reading, manipulating and writing
bioinforma ...)
- samtools <unfixed>
NOTE:
https://github.com/samtools/samtools/security/advisories/GHSA-72c8-4jf3-f27p
NOTE: Fixed by:
https://github.com/samtools/samtools/commit/3036eb9af945fcef359427a2d359855553da4adf
@@ -7293,6 +7439,7 @@ CVE-2026-24105 (An issue was discovered in
goform/formsetUsbUnload in Tenda AC15
CVE-2026-24101 (An issue was discovered in goform/formSetIptv in Tenda
AC15V1.0 V15.03 ...)
NOT-FOR-US: Tenda
CVE-2026-23865 (An integer overflow in the tt_var_load_item_variation_store
function o ...)
+ {DSA-6168-1}
- freetype 2.14.2+dfsg-1 (bug #1129606)
[bookworm] - freetype <not-affected> (Vulnerable code introduced later)
[bullseye] - freetype <not-affected> (Vulnerable code introduced later)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3ec16ec646487ba98e914058f2872bc61f1c071
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3ec16ec646487ba98e914058f2872bc61f1c071
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
