Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
868f60e1 by security tracker role at 2026-03-20T20:19:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,28 +1,232 @@
-CVE-2026-23278 [netfilter: nf_tables: always walk all pending catchall
elements]
+CVE-2026-4519 (The webbrowser.open() API would accept leading dashes in the
URL which ...)
+ TODO: check
+CVE-2026-4505 (A vulnerability has been found in eosphoros-ai DB-GPT up to
0.7.5. Thi ...)
+ TODO: check
+CVE-2026-4504 (A flaw has been found in eosphoros-ai db-gpt up to 0.7.5. This
vulnera ...)
+ TODO: check
+CVE-2026-4500 (A vulnerability was identified in bagofwords1 bagofwords up to
0.0.297 ...)
+ TODO: check
+CVE-2026-4499 (A vulnerability was determined in D-Link DIR-820LW 2.03.
Affected is t ...)
+ TODO: check
+CVE-2026-4497 (A vulnerability was determined in Totolink WA300
5.2cu.7112_B20190227. ...)
+ TODO: check
+CVE-2026-4496 (A vulnerability was found in sigmade Git-MCP-Server up to
785aa159f262 ...)
+ TODO: check
+CVE-2026-4495 (A security flaw has been discovered in atjiu pybbs 6.0.0. This
impacts ...)
+ TODO: check
+CVE-2026-4494 (A vulnerability was identified in atjiu pybbs 6.0.0. This
affects the ...)
+ TODO: check
+CVE-2026-4493 (A vulnerability was determined in Tenda A18 Pro 02.03.02.28.
The impac ...)
+ TODO: check
+CVE-2026-4492 (A vulnerability was found in Tenda A18 Pro 02.03.02.28. The
affected e ...)
+ TODO: check
+CVE-2026-4491 (A vulnerability has been found in Tenda A18 Pro 02.03.02.28.
Impacted ...)
+ TODO: check
+CVE-2026-4490 (A flaw has been found in Tenda A18 Pro 02.03.02.28. This issue
affects ...)
+ TODO: check
+CVE-2026-4489 (A vulnerability was detected in Tenda A18 Pro 02.03.02.28. This
vulner ...)
+ TODO: check
+CVE-2026-4488 (A vulnerability was identified in UTT HiPER 1250GW up to
3.2.7-210907- ...)
+ TODO: check
+CVE-2026-4487 (A vulnerability was determined in UTT HiPER 1200GW up to
2.5.3-170306. ...)
+ TODO: check
+CVE-2026-4486 (A vulnerability was found in D-Link DIR-513 1.10. This affects
the fun ...)
+ TODO: check
+CVE-2026-4485 (A vulnerability has been found in itsourcecode College
Management Syst ...)
+ TODO: check
+CVE-2026-4438 (Calling gethostbyaddr or gethostbyaddr_r with a configured
nsswitch.co ...)
+ TODO: check
+CVE-2026-4437 (Calling gethostbyaddr or gethostbyaddr_r with a configured
nsswitch.co ...)
+ TODO: check
+CVE-2026-4434 (Improper certificate validation in the PAM propagation WinRM
connectio ...)
+ TODO: check
+CVE-2026-3550 (The RockPress plugin for WordPress is vulnerable to Missing
Authorizat ...)
+ TODO: check
+CVE-2026-33372 (An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and
10.1. A ...)
+ TODO: check
+CVE-2026-33371 (An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and
10.1. A ...)
+ TODO: check
+CVE-2026-33370 (An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and
10.1. A ...)
+ TODO: check
+CVE-2026-33369 (Zimbra Collaboration (ZCS) 10.0 and 10.1 contains an LDAP
injection vu ...)
+ TODO: check
+CVE-2026-33368 (Zimbra Collaboration Suite (ZCS) 10.0 and 10.1 contains a
reflected cr ...)
+ TODO: check
+CVE-2026-33312 (Vikunja is an open-source self-hosted task management
platform. Starti ...)
+ TODO: check
+CVE-2026-33192 (Free5GC is an open-source Linux Foundation project for 5th
generation ...)
+ TODO: check
+CVE-2026-33140 (PySpector is a static analysis security testing (SAST)
Framework engin ...)
+ TODO: check
+CVE-2026-33139 (PySpector is a static analysis security testing (SAST)
Framework engin ...)
+ TODO: check
+CVE-2026-33136 (WeGIA is a web manager for charitable institutions. Versions
3.6.6 and ...)
+ TODO: check
+CVE-2026-33135 (WeGIA is a web manager for charitable institutions. Versions
3.6.6 and ...)
+ TODO: check
+CVE-2026-33134 (WeGIA is a web manager for charitable institutions. Versions
3.6.5 and ...)
+ TODO: check
+CVE-2026-33133 (WeGIA is a web manager for charitable institutions. In
versions 3.6.5 ...)
+ TODO: check
+CVE-2026-33132 (ZITADEL is an open source identity management platform.
Versions prior ...)
+ TODO: check
+CVE-2026-33131 (H3 is a minimal H(TTP) framework. Versions 2.0.0-0 through
2.0.1-rc.14 ...)
+ TODO: check
+CVE-2026-33130 (Uptime Kuma is an open source, self-hosted monitoring tool. In
version ...)
+ TODO: check
+CVE-2026-33129 (H3 is a minimal H(TTP) framework. Versions 2.0.1-beta.0
through 2.0.0- ...)
+ TODO: check
+CVE-2026-33128 (H3 is a minimal H(TTP) framework. In versions prior to 1.15.6
and betw ...)
+ TODO: check
+CVE-2026-33126 (Frigate is a network video recorder (NVR) with realtime local
object d ...)
+ TODO: check
+CVE-2026-33125 (Frigate is a network video recorder (NVR) with realtime local
object d ...)
+ TODO: check
+CVE-2026-33124 (Frigate is a network video recorder (NVR) with realtime local
object d ...)
+ TODO: check
+CVE-2026-33123 (pypdf is a free and open-source pure-python PDF library.
Versions prio ...)
+ TODO: check
+CVE-2026-33081 (PinchTab is a standalone HTTP server that gives AI agents
direct contr ...)
+ TODO: check
+CVE-2026-33080 (Filament is a collection of full-stack components for
accelerated Lara ...)
+ TODO: check
+CVE-2026-33075 (FastGPT is an AI Agent building platform. In versions 4.14.8.3
and bel ...)
+ TODO: check
+CVE-2026-33072 (FileRise is a self-hosted web file manager / WebDAV server. In
version ...)
+ TODO: check
+CVE-2026-33071 (FileRise is a self-hosted web file manager / WebDAV server. In
version ...)
+ TODO: check
+CVE-2026-33070 (FileRise is a self-hosted web file manager / WebDAV server. In
version ...)
+ TODO: check
+CVE-2026-33069 (PJSIP is a free and open source multimedia communication
library writt ...)
+ TODO: check
+CVE-2026-33068 (Claude Code is an agentic coding tool. Versions prior to
2.1.53 resolv ...)
+ TODO: check
+CVE-2026-33067 (SiYuan is a personal knowledge management system. Versions
3.6.0 and b ...)
+ TODO: check
+CVE-2026-33066 (SiYuan is a personal knowledge management system. In versions
3.6.0 an ...)
+ TODO: check
+CVE-2026-33010 (mcp-memory-service is an open-source memory backend for
multi-agent sy ...)
+ TODO: check
+CVE-2026-32989 (Precurio Intranet Portal 4.4 contains a cross-site request
forgery vul ...)
+ TODO: check
+CVE-2026-32986 (Textpattern CMS version 4.9.0 contains a second-order
cross-site scrip ...)
+ TODO: check
+CVE-2026-32844 (XinLiangCoder php_api_doc through commit 1ce5bbf contains a
reflected ...)
+ TODO: check
+CVE-2026-32710 (MariaDB server is a community developed fork of MySQL server.
An authe ...)
+ TODO: check
+CVE-2026-32701 (Qwik is a performance-focused JavaScript framework. Versions
prior to ...)
+ TODO: check
+CVE-2026-32595 (Traefik is an HTTP reverse proxy and load balancer. Versions
2.11.40 a ...)
+ TODO: check
+CVE-2026-32318 (Cryptomator for IOS offers multi-platform transparent
client-side encr ...)
+ TODO: check
+CVE-2026-32317 (Cryptomator for Android offers multi-platform transparent
client-side ...)
+ TODO: check
+CVE-2026-32310 (Cryptomator encrypts data being stored on cloud
infrastructure. From v ...)
+ TODO: check
+CVE-2026-32309 (Cryptomator encrypts data being stored on cloud
infrastructure. Prior ...)
+ TODO: check
+CVE-2026-32305 (Traefik is an HTTP reverse proxy and load balancer. Versions
2.11.40 a ...)
+ TODO: check
+CVE-2026-32303 (Cryptomator encrypts data being stored on cloud
infrastructure. Prior ...)
+ TODO: check
+CVE-2026-31836 (Checkmate is an open-source, self-hosted tool designed to
track and mo ...)
+ TODO: check
+CVE-2026-31382 (The error_description parameter is vulnerable to Reflected
XSS. An att ...)
+ TODO: check
+CVE-2026-31381 (An attacker can extract user email addresses (PII) exposed in
base64 e ...)
+ TODO: check
+CVE-2026-30580 (File Thingie 2.5.7 is vulnerable to Directory Traversal. A
malicious u ...)
+ TODO: check
+CVE-2026-30579 (File Thingie 2.5.7 is vulnerable to Cross Site Scripting
(XSS). A mali ...)
+ TODO: check
+CVE-2026-30578 (File Thinghie 2.5.7 is vulnerable to Cross Site Scripting
(XSS). A mal ...)
+ TODO: check
+CVE-2026-2432 (The CM Custom Reports \u2013 Flexible reporting to track what
matters ...)
+ TODO: check
+CVE-2026-2421 (The ilGhera Carta Docente for WooCommerce plugin for WordPress
is vuln ...)
+ TODO: check
+CVE-2026-29828 (DooTask v1.6.27 has a Cross-Site Scripting (XSS) vulnerability
in the ...)
+ TODO: check
+CVE-2026-29794 (Vikunja is an open-source self-hosted task management
platform. Starti ...)
+ TODO: check
+CVE-2026-27625 (Stirling-PDF is a locally hosted web application that performs
various ...)
+ TODO: check
+CVE-2026-25792 (Greenshot is an open source Windows screenshot utility.
Versions 1.3.3 ...)
+ TODO: check
+CVE-2026-22902 (A command injection vulnerability has been reported to affect
QuNetSwi ...)
+ TODO: check
+CVE-2026-22901 (A command injection vulnerability has been reported to affect
QuNetSwi ...)
+ TODO: check
+CVE-2026-22900 (A use of hard-coded credentials vulnerability has been
reported to aff ...)
+ TODO: check
+CVE-2026-22898 (A missing authentication for critical function vulnerability
has been ...)
+ TODO: check
+CVE-2026-22897 (A command injection vulnerability has been reported to affect
QuNetSwi ...)
+ TODO: check
+CVE-2026-22895 (A cross-site scripting (XSS) vulnerability has been reported
to affect ...)
+ TODO: check
+CVE-2026-22324 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2026-22172 (OpenClaw versions prior to 2026.3.12 contain an authorization
bypass v ...)
+ TODO: check
+CVE-2026-0677 (Deserialization of Untrusted Data vulnerability in TotalSuite
TotalCon ...)
+ TODO: check
+CVE-2025-67260 (The Terrapack software, from ASTER TEC / ASTER S.p.A., with
the indica ...)
+ TODO: check
+CVE-2025-63260 (SyncFusion 30.1.37 is vulnerable to Cross Site Scripting (XSS)
via the ...)
+ TODO: check
+CVE-2025-62846 (An SQL injection vulnerability has been reported to affect
QHora. If a ...)
+ TODO: check
+CVE-2025-62845 (An improper neutralization of escape, meta, or control
sequences vulne ...)
+ TODO: check
+CVE-2025-62844 (A weak authentication vulnerability has been reported to
affect QHora. ...)
+ TODO: check
+CVE-2025-62843 (An improper restriction of communication channel to intended
endpoints ...)
+ TODO: check
+CVE-2025-59383 (A buffer overflow vulnerability has been reported to affect
Media Stre ...)
+ TODO: check
+CVE-2025-46598 (Bitcoin Core through 29.0 allows a denial of service via a
crafted tra ...)
+ TODO: check
+CVE-2025-46597 (Bitcoin Core 0.13.0 through 29.x has an integer overflow.)
+ TODO: check
+CVE-2025-15608 (This vulnerability in AX53 v1 results from insufficient input
sanitiza ...)
+ TODO: check
+CVE-2025-15607 (A command injection vulnerability on AX53 v1 occurs in mscd
debug func ...)
+ TODO: check
+CVE-2024-44722 (SysAK v2.0 and before is vulnerable to command execution via
aaa;cat / ...)
+ TODO: check
+CVE-2024-32537 (Cross-Site request forgery (CSRF) vulnerability in joshuae1974
Flash V ...)
+ TODO: check
+CVE-2024-31119 (Improper neutralization of input during web page generation
('cross-si ...)
+ TODO: check
+CVE-2026-23278 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/7cb9a23d7ae40a702577d3d8bacb7026f04ac2a9 (7.0-rc4)
-CVE-2026-23277 [net/sched: teql: fix NULL pointer dereference in iptunnel_xmit
on TEQL slave xmit]
+CVE-2026-23277 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/0cc0c2e661af418bbf7074179ea5cfffc0a5c466 (7.0-rc4)
-CVE-2026-23276 [net: add xmit recursion limit to tunnel xmit functions]
+CVE-2026-23276 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/6f1a9140ecda3baba3d945b9a6155af4268aafc4 (7.0-rc4)
-CVE-2026-23275 [io_uring: ensure ctx->rings is stable for task work flags
manipulation]
+CVE-2026-23275 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux <unfixed>
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/96189080265e6bb5dde3a4afbaf947af493e3f82 (7.0-rc4)
-CVE-2026-23274 [netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer
labels]
+CVE-2026-23274 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/329f0b9b48ee6ab59d1ab72fef55fe8c6463a6cf (7.0-rc4)
-CVE-2026-23273 [macvlan: observe an RCU grace period in
macvlan_common_newlink() error path]
+CVE-2026-23273 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 6.18.14-1
NOTE:
https://git.kernel.org/linus/e3f000f0dee1bfab52e2e61ca6a3835d9e187e35 (7.0-rc1)
-CVE-2026-23272 [netfilter: nf_tables: unconditionally bump set->nelems before
insertion]
+CVE-2026-23272 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.19.8-1
NOTE:
https://git.kernel.org/linus/def602e498a4f951da95c95b1b8ce8ae68aa733a (7.0-rc3)
-CVE-2026-23271 [perf: Fix __perf_event_overflow() vs
perf_remove_from_context() race]
+CVE-2026-23271 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
- linux 6.19.8-1
NOTE:
https://git.kernel.org/linus/c9bc1753b3cc41d0e01fbca7f035258b5f4db0ae (7.0-rc2)
CVE-2026-4478 (A vulnerability was identified in Yi Technology YI Home Camera
2 2.1.1 ...)
@@ -1530,7 +1734,7 @@ CVE-2026-32981 (A path traversal vulnerability was
identified in Ray Dashboard (
CVE-2026-32837 (miniaudio version 0.11.25 and earlier contain a heap
out-of-bounds rea ...)
- miniaudio <unfixed>
NOTE: https://github.com/mackron/miniaudio/issues/1101
-CVE-2026-32836 (dr_libs version 0.13.3 and earlier contain an uncontrolled
memory allo ...)
+CVE-2026-32836 (dr_libsdr_flac.h version 0.13.3 and earlier contain an
uncontrolled me ...)
TODO: check
CVE-2026-32586 (Missing Authorization vulnerability in Pluggabl Booster for
WooCommerc ...)
NOT-FOR-US: WordPress plugin or theme
@@ -2926,7 +3130,7 @@ CVE-2026-22215 (wpDiscuz before 7.6.47 contains a
cross-site request forgery vul
NOT-FOR-US: wpDiscuz
CVE-2026-22210 (wpDiscuz before 7.6.47 contains a cross-site scripting
vulnerability t ...)
NOT-FOR-US: wpDiscuz
-CVE-2026-22209 (wpDiscuz before 7.6.47 contains a cross-site scripting
vulnerability i ...)
+CVE-2026-22209 (thingino-firmware up to commit e3f6a41 (published on
2026-03-15) conta ...)
NOT-FOR-US: wpDiscuz
CVE-2026-22204 (wpDiscuz before 7.6.47 contains an email header injection
vulnerabilit ...)
NOT-FOR-US: wpDiscuz
@@ -4972,7 +5176,8 @@ CVE-2026-30918 (facileManager is a modular suite of web
apps built with the sysa
NOT-FOR-US: facileManager
CVE-2026-30917 (Bucket is a MediaWiki extension to store and retrieve
structured data ...)
NOT-FOR-US: Bucket MediaWiki extensiom
-CVE-2026-30916 (Shescape is a simple shell escape library for JavaScript.
Prior to 2.1 ...)
+CVE-2026-30916
+ REJECTED
NOT-FOR-US: Shescape
CVE-2026-30913 (Flarum is open-source forum software. When the
flarum/nicknames extens ...)
NOT-FOR-US: Flarum
@@ -7903,7 +8108,7 @@ CVE-2026-2606 (IBM webMethods API Gateway (on-prem) 10.11
through 10.11_Fix3210.
NOT-FOR-US: IBM
CVE-2026-2568 (The WP Zendesk for Contact Form 7, WPForms, Elementor,
Formidable and ...)
NOT-FOR-US: WordPress plugin
-CVE-2026-29022 (dr_libs version 0.14.4 and earlier (fixed in commit 8a7258c)
contain a ...)
+CVE-2026-29022 (dr_libs dr_wav.h version 0.14.4 and earlier (fixed in commit
8a7258c) ...)
NOTE:
https://github.com/mackron/dr_libs/commit/8a7258cc66b49387ad58cc5b81568982a3560d49
TODO: qtads, dosbox-x, roc-toolkit, octave-ltfat, faudio bundle a copy,
check security impact
CVE-2026-28518 (OpenViking versions 0.2.1 and prior, fixed in commit46b3e76,
contain a ...)
@@ -9811,7 +10016,7 @@ CVE-2026-1916 (The WPGSI: Spreadsheet Integration plugin
for WordPress is vulner
NOT-FOR-US: WordPress plugin
CVE-2026-0704 (In affected version of Octopus Deploy it was possible to remove
files ...)
NOT-FOR-US: Octopus Deploy
-CVE-2025-69771 (An arbitrary file upload vulnerability in the subtitle loading
functio ...)
+CVE-2025-69771 (Cross-Site Scripting (XSS) vulnerability in the subtitle
loading funct ...)
NOT-FOR-US: asbplayer
CVE-2025-67860 (A vulnerability has been identified in the NeuVector scanner
where the ...)
NOT-FOR-US: NeuVector
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/868f60e1853623b62fe1824354805073fe6e4d50
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/868f60e1853623b62fe1824354805073fe6e4d50
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
