Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
049ac4e5 by security tracker role at 2026-03-21T08:13:42+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,389 @@
+CVE-2026-4510 (A weakness has been identified in PbootCMS up to 3.2.12. This
impacts ...)
+ TODO: check
+CVE-2026-4509 (A security flaw has been discovered in PbootCMS up to 3.2.12.
This aff ...)
+ TODO: check
+CVE-2026-4508 (A vulnerability was identified in PbootCMS up to 3.2.12. The
impacted ...)
+ TODO: check
+CVE-2026-4507 (A vulnerability was determined in Mindinventory MindSQL up to
0.2.1. T ...)
+ TODO: check
+CVE-2026-4506 (A vulnerability was found in Mindinventory MindSQL up to 0.2.1.
Impact ...)
+ TODO: check
+CVE-2026-4373 (The JetFormBuilder plugin for WordPress is vulnerable to
arbitrary fil ...)
+ TODO: check
+CVE-2026-4302 (The WowOptin: Next-Gen Popup Maker plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2026-4261 (The Expire Users plugin for WordPress is vulnerable to
Privilege Escal ...)
+ TODO: check
+CVE-2026-4161 (The Review Map by RevuKangaroo plugin for WordPress is
vulnerable to S ...)
+ TODO: check
+CVE-2026-4143 (The Neos Connector for Fakturama plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2026-4127 (The Speedup Optimization plugin for WordPress is vulnerable to
Missing ...)
+ TODO: check
+CVE-2026-4087 (The Pre* Party Resource Hints plugin for WordPress is
vulnerable to SQ ...)
+ TODO: check
+CVE-2026-4086 (The WP Random Button plugin for WordPress is vulnerable to
Stored Cros ...)
+ TODO: check
+CVE-2026-4084 (The fyyd podcast shortcodes plugin for WordPress is vulnerable
to Stor ...)
+ TODO: check
+CVE-2026-4083 (The Scoreboard for HTML5 Games Lite plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2026-4077 (The Ecover Builder For Dummies plugin for WordPress is
vulnerable to S ...)
+ TODO: check
+CVE-2026-4072 (The WordPress PayPal Donation plugin for WordPress is
vulnerable to St ...)
+ TODO: check
+CVE-2026-4069 (The Alfie \u2013 Feed Plugin plugin for WordPress is vulnerable
to Sto ...)
+ TODO: check
+CVE-2026-4067 (The Ad Short plugin for WordPress is vulnerable to Stored
Cross-Site S ...)
+ TODO: check
+CVE-2026-4022 (The Show Posts list \u2013 Easy designs, filters and more
plugin for W ...)
+ TODO: check
+CVE-2026-4004 (The Task Manager plugin for WordPress is vulnerable to
arbitrary short ...)
+ TODO: check
+CVE-2026-3997 (The Text Toggle plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
+ TODO: check
+CVE-2026-3996 (The WP Games Embed plugin for WordPress is vulnerable to Stored
Cross- ...)
+ TODO: check
+CVE-2026-3864 (A vulnerability was discovered in the Kubernetes CSI Driver for
NFS wh ...)
+ TODO: check
+CVE-2026-3651 (The Build App Online plugin for WordPress is vulnerable to
unauthorize ...)
+ TODO: check
+CVE-2026-3645 (The Punnel \u2013 Landing Page Builder plugin for WordPress is
vulnera ...)
+ TODO: check
+CVE-2026-3641 (The Appmax plugin for WordPress is vulnerable to Improper Input
Valida ...)
+ TODO: check
+CVE-2026-3619 (The Sheets2Table plugin for WordPress is vulnerable to Stored
Cross-Si ...)
+ TODO: check
+CVE-2026-3617 (The Paypal Shortcode plugin for WordPress is vulnerable to
Stored Cros ...)
+ TODO: check
+CVE-2026-3584 (The Kali Forms plugin for WordPress is vulnerable to Remote
Code Execu ...)
+ TODO: check
+CVE-2026-3577 (The Keep Backup Daily plugin for WordPress is vulnerable to
Stored Cro ...)
+ TODO: check
+CVE-2026-3572 (The iTracker360 plugin for WordPress is vulnerable to
Cross-Site Reque ...)
+ TODO: check
+CVE-2026-3570 (The Smarter Analytics plugin for WordPress is vulnerable to
unauthoriz ...)
+ TODO: check
+CVE-2026-3567 (The RepairBuddy \u2013 Repair Shop CRM & Booking Plugin for
WordPress ...)
+ TODO: check
+CVE-2026-3554 (The Sherk Custom Post Type Displays plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2026-3546 (The e-shot form builder plugin for WordPress is vulnerable to
Sensitiv ...)
+ TODO: check
+CVE-2026-3516 (The Contact List plugin for WordPress is vulnerable to Stored
Cross-Si ...)
+ TODO: check
+CVE-2026-3506 (The WP-Chatbot for Messenger plugin for WordPress is vulnerable
to aut ...)
+ TODO: check
+CVE-2026-3478 (The Content Syndication Toolkit plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2026-3474 (The EmailKit \u2013 Email Customizer for WooCommerce & WP
plugin for W ...)
+ TODO: check
+CVE-2026-3460 (The REST API TO MiniProgram plugin for WordPress is vulnerable
to Inse ...)
+ TODO: check
+CVE-2026-3368 (The Injection Guard plugin for WordPress is vulnerable to
Stored Cross ...)
+ TODO: check
+CVE-2026-3354 (The Wikilookup plugin for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2026-3353 (The Comment SPAM Wiper plugin for WordPress is vulnerable to
Stored Cr ...)
+ TODO: check
+CVE-2026-3350 (The Image Alt Text Manager plugin for WordPress is vulnerable
to Store ...)
+ TODO: check
+CVE-2026-3347 (The Multi Functional Flexi Lightbox plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2026-3339 (The Keep Backup Daily plugin for WordPress is vulnerable to
Limited Pa ...)
+ TODO: check
+CVE-2026-3335 (The Canto plugin for WordPress is vulnerable to Missing
Authorization ...)
+ TODO: check
+CVE-2026-3334 (The CMS Commander plugin for WordPress is vulnerable to SQL
Injection ...)
+ TODO: check
+CVE-2026-3333 (The MinhNhut Link Gateway plugin for WordPress is vulnerable to
Stored ...)
+ TODO: check
+CVE-2026-3332 (The Xhanch - My Advanced Settings plugin for WordPress is
vulnerable t ...)
+ TODO: check
+CVE-2026-3331 (The Lobot Slider Administrator plugin for WordPress is
vulnerable to C ...)
+ TODO: check
+CVE-2026-3003 (The Vagaro Booking Widget plugin for WordPress is vulnerable to
Stored ...)
+ TODO: check
+CVE-2026-33476 (SiYuan is a personal knowledge management system. Prior to
version 3.6 ...)
+ TODO: check
+CVE-2026-33428 (Discourse is an open-source discussion platform. Prior to
versions 202 ...)
+ TODO: check
+CVE-2026-33427 (Discourse is an open-source discussion platform. Prior to
versions 202 ...)
+ TODO: check
+CVE-2026-33426 (Discourse is an open-source discussion platform. Prior to
versions 202 ...)
+ TODO: check
+CVE-2026-33425 (Discourse is an open-source discussion platform. Prior to
versions 202 ...)
+ TODO: check
+CVE-2026-33424 (Discourse is an open-source discussion platform. Prior to
versions 202 ...)
+ TODO: check
+CVE-2026-33423 (Discourse is an open-source discussion platform. Prior to
versions 202 ...)
+ TODO: check
+CVE-2026-33422 (Discourse is an open-source discussion platform. Prior to
versions 202 ...)
+ TODO: check
+CVE-2026-33411 (Discourse is an open-source discussion platform. Versions
prior to 202 ...)
+ TODO: check
+CVE-2026-33291 (Discourse is an open-source discussion platform. Prior to
versions 202 ...)
+ TODO: check
+CVE-2026-33251 (Discourse is an open-source discussion platform. Prior to
versions 202 ...)
+ TODO: check
+CVE-2026-33243 (barebox is a bootloader. In barebox from version 2016.03.0 to
before v ...)
+ TODO: check
+CVE-2026-33238 (WWBN AVideo is an open source video platform. Prior to version
26.0, t ...)
+ TODO: check
+CVE-2026-33237 (WWBN AVideo is an open source video platform. Prior to version
26.0, t ...)
+ TODO: check
+CVE-2026-33236 (NLTK (Natural Language Toolkit) is a suite of open source
Python modul ...)
+ TODO: check
+CVE-2026-33231 (NLTK (Natural Language Toolkit) is a suite of open source
Python modul ...)
+ TODO: check
+CVE-2026-33230 (NLTK (Natural Language Toolkit) is a suite of open source
Python modul ...)
+ TODO: check
+CVE-2026-33228 (flatted is a circular JSON parser. Prior to version 3.4.2, the
parse() ...)
+ TODO: check
+CVE-2026-33226 (Budibase is a low code platform for creating internal tools,
workflows ...)
+ TODO: check
+CVE-2026-33221 (Nhost is an open source Firebase alternative with GraphQL.
Prior to ve ...)
+ TODO: check
+CVE-2026-33210 (Ruby JSON is a JSON implementation for Ruby. From version
2.14.0 to be ...)
+ TODO: check
+CVE-2026-33209 (Avo is a framework to create admin panels for Ruby on Rails
apps. Prio ...)
+ TODO: check
+CVE-2026-33204 (SimpleJWT is a simple JSON web token library written in PHP.
Prior to ...)
+ TODO: check
+CVE-2026-33203 (SiYuan is a personal knowledge management system. Prior to
version 3.6 ...)
+ TODO: check
+CVE-2026-33194 (SiYuan is a personal knowledge management system. Prior to
version 3.6 ...)
+ TODO: check
+CVE-2026-33186 (gRPC-Go is the Go language implementation of gRPC. Versions
prior to 1 ...)
+ TODO: check
+CVE-2026-33180 (HAPI FHIR is a complete implementation of the HL7 FHIR
standard for he ...)
+ TODO: check
+CVE-2026-33179 (libfuse is the reference implementation of the Linux FUSE.
From versio ...)
+ TODO: check
+CVE-2026-33177 (Statamic is a Laravel and Git powered content management
system (CMS). ...)
+ TODO: check
+CVE-2026-33172 (Statamic is a Laravel and Git powered content management
system (CMS). ...)
+ TODO: check
+CVE-2026-33171 (Statamic is a Laravel and Git powered content management
system (CMS). ...)
+ TODO: check
+CVE-2026-33166 (Allure 2 is the version 2.x branch of Allure Report, a
multi-language ...)
+ TODO: check
+CVE-2026-33165 (libde265 is an open source implementation of the h.265 video
codec. Pr ...)
+ TODO: check
+CVE-2026-33164 (libde265 is an open source implementation of the h.265 video
codec. Pr ...)
+ TODO: check
+CVE-2026-33156 (ScreenToGif is a screen recording tool. In versions from
2.42.1 and pr ...)
+ TODO: check
+CVE-2026-33155 (DeepDiff is a project focused on Deep Difference and search of
any Pyt ...)
+ TODO: check
+CVE-2026-33154 (dynaconf is a configuration management tool for Python. Prior
to versi ...)
+ TODO: check
+CVE-2026-33151 (Socket.IO is an open source, real-time, bidirectional,
event-based, co ...)
+ TODO: check
+CVE-2026-33150 (libfuse is the reference implementation of the Linux FUSE.
From versio ...)
+ TODO: check
+CVE-2026-33147 (GMT is an open source collection of command-line tools for
manipulatin ...)
+ TODO: check
+CVE-2026-33144 (GPAC is an open-source multimedia framework. Prior to commit
86b0e36, ...)
+ TODO: check
+CVE-2026-33143 (OneUptime is a solution for monitoring and managing online
services. P ...)
+ TODO: check
+CVE-2026-33142 (OneUptime is a solution for monitoring and managing online
services. P ...)
+ TODO: check
+CVE-2026-32899 (OpenClaw versions prior to 2026.2.25 fail to consistently
apply sender ...)
+ TODO: check
+CVE-2026-32898 (OpenClaw versions prior to 2026.2.23 contain an authorization
bypass v ...)
+ TODO: check
+CVE-2026-32897 (OpenClaw versions prior to 2026.2.22 reuse gateway.auth.token
as a fal ...)
+ TODO: check
+CVE-2026-32896 (OpenClaw versions prior to 2026.2.21 BlueBubbles webhook
handler conta ...)
+ TODO: check
+CVE-2026-32895 (OpenClaw versions prior to 2026.2.26 fail to enforce sender
authorizat ...)
+ TODO: check
+CVE-2026-32887 (Effect is a TypeScript framework that consists of several
packages tha ...)
+ TODO: check
+CVE-2026-32810 (Halloy is an IRC application written in Rust. In versions on
\*nix and ...)
+ TODO: check
+CVE-2026-32733 (Halloy is an IRC application written in Rust. Prior to commit
0f77b2cf ...)
+ TODO: check
+CVE-2026-32666 (WebCTRL systems that communicate over BACnet inherit the
protocol's la ...)
+ TODO: check
+CVE-2026-32663 (The WebSocket backend uses charging station identifiers to
uniquely as ...)
+ TODO: check
+CVE-2026-32067 (OpenClaw versions prior to 2026.2.26 contains an authorization
bypass ...)
+ TODO: check
+CVE-2026-32065 (OpenClaw versions prior to 2026.2.25 contain an
approval-integrity byp ...)
+ TODO: check
+CVE-2026-32064 (OpenClaw versions prior to 2026.2.21 sandbox browser
entrypoint launch ...)
+ TODO: check
+CVE-2026-32058 (OpenClaw versions prior to 2026.2.26 contain an approval
context-bindi ...)
+ TODO: check
+CVE-2026-32057 (OpenClaw versions prior to 2026.2.25 contain an authentication
bypass ...)
+ TODO: check
+CVE-2026-32056 (OpenClaw versions prior to 2026.2.22 fail to sanitize shell
startup en ...)
+ TODO: check
+CVE-2026-32055 (OpenClaw versions prior to 2026.2.26 contain a path traversal
vulnerab ...)
+ TODO: check
+CVE-2026-32054 (OpenClaw versions prior to 2026.2.25 contain a symlink
traversal vulne ...)
+ TODO: check
+CVE-2026-32053 (OpenClaw versions prior to 2026.2.23 contain a vulnerability
in Twilio ...)
+ TODO: check
+CVE-2026-32052 (OpenClaw versions prior to 2026.2.24 contain a command
injection vulne ...)
+ TODO: check
+CVE-2026-32051 (OpenClaw versions prior to 2026.3.1 contain an authorization
mismatch ...)
+ TODO: check
+CVE-2026-32050 (OpenClaw versions prior to 2026.2.25 contain an access control
vulnera ...)
+ TODO: check
+CVE-2026-32049 (OpenClaw versions prior to 2026.2.22 fail to consistently
enforce conf ...)
+ TODO: check
+CVE-2026-32048 (OpenClaw versions prior to 2026.3.1 fail to enforce sandbox
inheritanc ...)
+ TODO: check
+CVE-2026-32046 (OpenClaw versions prior to 2026.2.21 contain an improper
sandbox confi ...)
+ TODO: check
+CVE-2026-32045 (OpenClaw versions prior to 2026.2.21 incorrectly apply
tokenless Tails ...)
+ TODO: check
+CVE-2026-32044 (OpenClaw versions prior to 2026.3.2 contain an archive
extraction vuln ...)
+ TODO: check
+CVE-2026-32043 (OpenClaw versions prior to 2026.2.25 contain a
time-of-check-time-of-u ...)
+ TODO: check
+CVE-2026-32042 (OpenClaw versions 2026.2.22 prior to 2026.2.25 contain a
privilege esc ...)
+ TODO: check
+CVE-2026-31926 (Charging station authentication identifiers are publicly
accessible vi ...)
+ TODO: check
+CVE-2026-31904 (The WebSocket Application Programming Interface lacks
restrictions on ...)
+ TODO: check
+CVE-2026-31903 (The WebSocket Application Programming Interface lacks
restrictions on ...)
+ TODO: check
+CVE-2026-2941 (The Linksy Search and Replace plugin for WordPress is
vulnerable to un ...)
+ TODO: check
+CVE-2026-2837 (The Ricerca \u2013 advanced search plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2026-2723 (The Post Snippits plugin for WordPress is vulnerable to
Cross-Site Req ...)
+ TODO: check
+CVE-2026-2720 (The Hr Press Lite plugin for WordPress is vulnerable to
unauthorized a ...)
+ TODO: check
+CVE-2026-2598
+ REJECTED
+CVE-2026-2503 (The ElementCamp plugin for WordPress is vulnerable to
time-based SQL I ...)
+ TODO: check
+CVE-2026-2501 (The Ed's Social Share plugin for WordPress is vulnerable to
Stored Cro ...)
+ TODO: check
+CVE-2026-2496 (The Ed's Font Awesome plugin for WordPress is vulnerable to
Stored Cro ...)
+ TODO: check
+CVE-2026-2468 (The Quentn WP plugin for WordPress is vulnerable to SQL
Injection via ...)
+ TODO: check
+CVE-2026-2440 (The SurveyJS plugin for WordPress is vulnerable to Stored
Cross-Site S ...)
+ TODO: check
+CVE-2026-2430 (The Autoptimize plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
+ TODO: check
+CVE-2026-2427 (The itsukaita plugin for WordPress is vulnerable to Reflected
Cross-Si ...)
+ TODO: check
+CVE-2026-2424 (The Reward Video Ad for WordPress plugin for WordPress is
vulnerable t ...)
+ TODO: check
+CVE-2026-2378 (ArcSearch for Android versions prior to 1.12.7 could display a
differe ...)
+ TODO: check
+CVE-2026-2375 (The App Builder \u2013 Create Native Android & iOS Apps On The
Flight ...)
+ TODO: check
+CVE-2026-2352 (The Autoptimize plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
+ TODO: check
+CVE-2026-2351 (The Task Manager plugin for WordPress is vulnerable to
Arbitrary File ...)
+ TODO: check
+CVE-2026-2294 (The UiPress lite | Effortless custom dashboards, admin themes
and page ...)
+ TODO: check
+CVE-2026-2290 (The Post Affiliate Pro plugin for WordPress is vulnerable to
Server-Si ...)
+ TODO: check
+CVE-2026-2279 (The myLinksDump plugin for WordPress is vulnerable to SQL
Injection vi ...)
+ TODO: check
+CVE-2026-2277 (The rexCrawler plugin for WordPress is vulnerable to Reflected
Cross-S ...)
+ TODO: check
+CVE-2026-2121 (The Weaver Show Posts plugin for WordPress is vulnerable to
Stored Cro ...)
+ TODO: check
+CVE-2026-29796 (WebSocket endpoints lack proper authentication mechanisms,
enabling at ...)
+ TODO: check
+CVE-2026-28204 (Charging station authentication identifiers are publicly
accessible vi ...)
+ TODO: check
+CVE-2026-27649 (The WebSocket backend uses charging station identifiers to
uniquely as ...)
+ TODO: check
+CVE-2026-25192 (WebSocket endpoints lack proper authentication mechanisms,
enabling at ...)
+ TODO: check
+CVE-2026-25086 (Under certain conditions, an attacker could bind to the same
port used ...)
+ TODO: check
+CVE-2026-24060 (Service information is not encrypted when transmitted as
BACnet packet ...)
+ TODO: check
+CVE-2026-23536 (A security issue was discovered in the Feast Feature Server's
`/read-d ...)
+ TODO: check
+CVE-2026-22163 (Requires malware code to misuse the DDK kernel module IOCTL
interface. ...)
+ TODO: check
+CVE-2026-21732 (A web page that contains unusual GPU shader code is loaded
into the GP ...)
+ TODO: check
+CVE-2026-1935 (The Company Posts for LinkedIn plugin for WordPress is
vulnerable to M ...)
+ TODO: check
+CVE-2026-1914 (The FuseDesk plugin for WordPress is vulnerable to Stored
Cross-Site S ...)
+ TODO: check
+CVE-2026-1911 (The Twitter Feeds plugin for WordPress is vulnerable to Stored
Cross-S ...)
+ TODO: check
+CVE-2026-1908 (The Integration with Hubspot Forms plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2026-1899 (The Any Post Slider plugin for WordPress is vulnerable to
Stored Cross ...)
+ TODO: check
+CVE-2026-1891 (The Simple Football Scoreboard plugin for WordPress is
vulnerable to S ...)
+ TODO: check
+CVE-2026-1889 (The Outgrow plugin for WordPress is vulnerable to Stored
Cross-Site Sc ...)
+ TODO: check
+CVE-2026-1886 (The Go Night Pro | WordPress Dark Mode Plugin for WordPress is
vulnera ...)
+ TODO: check
+CVE-2026-1854 (The Post Flagger plugin for WordPress is vulnerable to Stored
Cross-Si ...)
+ TODO: check
+CVE-2026-1851 (The iVysilani Shortcode plugin for WordPress is vulnerable to
Stored C ...)
+ TODO: check
+CVE-2026-1822 (The WP NG Weather plugin for WordPress is vulnerable to Stored
Cross-S ...)
+ TODO: check
+CVE-2026-1806 (The Tour & Activity Operator Plugin for TourCMS plugin for
WordPress i ...)
+ TODO: check
+CVE-2026-1800 (The Fonts Manager | Custom Fonts plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2026-1648 (The Performance Monitor plugin for WordPress is vulnerable to
Server-S ...)
+ TODO: check
+CVE-2026-1647 (The Comment Genius plugin for WordPress is vulnerable to
Reflected Cro ...)
+ TODO: check
+CVE-2026-1575 (The Schema Shortcode plugin for WordPress is vulnerable to
Stored Cros ...)
+ TODO: check
+CVE-2026-1503 (The login_register plugin for WordPress is vulnerable to
Cross-Site Re ...)
+ TODO: check
+CVE-2026-1397 (The PQ Addons \u2013 Creative Elementor Widgets plugin for
WordPress i ...)
+ TODO: check
+CVE-2026-1393 (The Add Google Social Profiles to Knowledge Graph Box plugin
for WordP ...)
+ TODO: check
+CVE-2026-1392 (The SR WP Minify HTML plugin for WordPress is vulnerable to
Cross-Site ...)
+ TODO: check
+CVE-2026-1390 (The Redirect countdown plugin for WordPress is vulnerable to
Cross-Sit ...)
+ TODO: check
+CVE-2026-1378 (The WP Posts Re-order plugin for WordPress is vulnerable to
Cross-Site ...)
+ TODO: check
+CVE-2026-1313 (The MimeTypes Link Icons plugin for WordPress is vulnerable to
Server- ...)
+ TODO: check
+CVE-2026-1278 (The Mandatory Field plugin for WordPress is vulnerable to
Stored Cross ...)
+ TODO: check
+CVE-2026-1275 (The Multi Post Carousel by Category plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2026-1253 (The Group Chat & Video Chat by AtomChat plugin for WordPress is
vulner ...)
+ TODO: check
+CVE-2026-1247 (The Survey plugin for WordPress is vulnerable to Stored
Cross-Site Scr ...)
+ TODO: check
+CVE-2026-1093 (The WPFAQBlock\u2013 FAQ & Accordion Plugin For Gutenberg
plugin for W ...)
+ TODO: check
+CVE-2026-0609 (The Logo Slider \u2013 Logo Carousel, Logo Showcase & Client
Logo Slid ...)
+ TODO: check
+CVE-2025-63261 (AWStats 8.0 is vulnerable to Command Injection via the open
function)
+ TODO: check
+CVE-2025-55988 (An issue in the component /Controllers/RestController.php of
DreamFact ...)
+ TODO: check
+CVE-2025-14037 (The Invelity Product Feeds plugin for WordPress is vulnerable
to arbit ...)
+ TODO: check
+CVE-2025-13910 (The WP-WebAuthn plugin for WordPress is vulnerable to
Unauthenticated ...)
+ TODO: check
+CVE-2024-13785 (The The Contact Form, Survey, Quiz & Popup Form Builder \u2013
ARForms ...)
+ TODO: check
CVE-2026-4519 (The webbrowser.open() API would accept leading dashes in the
URL which ...)
- python3.14 <unfixed>
- python3.13 <unfixed>
@@ -744,81 +1130,107 @@ CVE-2026-30872 (OpenWrt Project is a Linux operating
system targeting embedded d
CVE-2026-30871 (OpenWrt Project is a Linux operating system targeting embedded
devices ...)
NOT-FOR-US: mdns deamon in OpenWrt
CVE-2026-4464 (Integer overflow in ANGLE in Google Chrome prior to
146.0.7680.153 all ...)
+ {DSA-6171-1}
- chromium 146.0.7680.153-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-4463 (Heap buffer overflow in WebRTC in Google Chrome prior to
146.0.7680.15 ...)
+ {DSA-6171-1}
- chromium 146.0.7680.153-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-4462 (Out of bounds read in Blink in Google Chrome prior to
146.0.7680.153 a ...)
+ {DSA-6171-1}
- chromium 146.0.7680.153-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-4461 (Inappropriate implementation in V8 in Google Chrome prior to
146.0.768 ...)
+ {DSA-6171-1}
- chromium 146.0.7680.153-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-4460 (Out of bounds read in Skia in Google Chrome prior to
146.0.7680.153 al ...)
+ {DSA-6171-1}
- chromium 146.0.7680.153-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-4459 (Out of bounds read and write in WebAudio in Google Chrome prior
to 146 ...)
+ {DSA-6171-1}
- chromium 146.0.7680.153-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-4458 (Use after free in Extensions in Google Chrome prior to
146.0.7680.153 ...)
+ {DSA-6171-1}
- chromium 146.0.7680.153-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-4457 (Type Confusion in V8 in Google Chrome prior to 146.0.7680.153
allowed ...)
+ {DSA-6171-1}
- chromium 146.0.7680.153-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-4456 (Use after free in Digital Credentials API in Google Chrome
prior to 14 ...)
+ {DSA-6171-1}
- chromium 146.0.7680.153-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-4455 (Heap buffer overflow in PDFium in Google Chrome prior to
146.0.7680.15 ...)
+ {DSA-6171-1}
- chromium 146.0.7680.153-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-4454 (Use after free in Network in Google Chrome prior to
146.0.7680.153 all ...)
+ {DSA-6171-1}
- chromium 146.0.7680.153-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-4453 (Integer overflow in Dawn in Google Chrome on Mac prior to
146.0.7680.1 ...)
+ {DSA-6171-1}
- chromium 146.0.7680.153-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-4452 (Integer overflow in ANGLE in Google Chrome on Windows prior to
146.0.7 ...)
+ {DSA-6171-1}
- chromium 146.0.7680.153-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-4451 (Insufficient validation of untrusted input in Navigation in
Google Chr ...)
+ {DSA-6171-1}
- chromium 146.0.7680.153-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-4450 (Out of bounds write in V8 in Google Chrome prior to
146.0.7680.153 all ...)
+ {DSA-6171-1}
- chromium 146.0.7680.153-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-4449 (Use after free in Blink in Google Chrome prior to
146.0.7680.153 allow ...)
+ {DSA-6171-1}
- chromium 146.0.7680.153-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-4448 (Heap buffer overflow in ANGLE in Google Chrome prior to
146.0.7680.153 ...)
+ {DSA-6171-1}
- chromium 146.0.7680.153-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-4447 (Inappropriate implementation in V8 in Google Chrome prior to
146.0.768 ...)
+ {DSA-6171-1}
- chromium 146.0.7680.153-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-4446 (Use after free in WebRTC in Google Chrome prior to
146.0.7680.153 allo ...)
+ {DSA-6171-1}
- chromium 146.0.7680.153-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-4445 (Use after free in WebRTC in Google Chrome prior to
146.0.7680.153 allo ...)
+ {DSA-6171-1}
- chromium 146.0.7680.153-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-4444 (Stack buffer overflow in WebRTC in Google Chrome prior to
146.0.7680.1 ...)
+ {DSA-6171-1}
- chromium 146.0.7680.153-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-4443 (Heap buffer overflow in WebAudio in Google Chrome prior to
146.0.7680. ...)
+ {DSA-6171-1}
- chromium 146.0.7680.153-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-4442 (Heap buffer overflow in CSS in Google Chrome prior to
146.0.7680.153 a ...)
+ {DSA-6171-1}
- chromium 146.0.7680.153-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-4441 (Use after free in Base in Google Chrome prior to 146.0.7680.153
allowe ...)
+ {DSA-6171-1}
- chromium 146.0.7680.153-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-4440 (Out of bounds read and write in WebGL in Google Chrome prior to
146.0. ...)
+ {DSA-6171-1}
- chromium 146.0.7680.153-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-4439 (Out of bounds memory access in WebGL in Google Chrome on
Android prior ...)
+ {DSA-6171-1}
- chromium 146.0.7680.153-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-XXXX [OSSA-2026-004: Server-Side Request Forgery (SSRF)
vulnerabilities inOpenStack Glance image import functionality]
@@ -3858,6 +4270,7 @@ CVE-2025-15038 (An Out-of-Bounds Read vulnerability
exists in the ASUS Business
CVE-2025-15037 (An Incorrect Permission Assignment vulnerability exists in the
ASUS Bu ...)
NOT-FOR-US: ASUS
CVE-2023-43010 (The issue was addressed with improved memory handling. This
issue is f ...)
+ {DSA-5684-1}
- webkit2gtk 2.44.0-1
- wpewebkit 2.44.1-1
[trixie] - wpewebkit <ignored> (wpewebkit not covered by security
support in Trixie)
@@ -55283,6 +55696,7 @@ CVE-2025-43443 (This issue was addressed with improved
checks. This issue is fix
CVE-2025-43442 (A permissions issue was addressed with additional
restrictions. This i ...)
NOT-FOR-US: Apple
CVE-2025-43441 (The issue was addressed with improved memory handling. This
issue is f ...)
+ {DSA-6070-1}
- webkit2gtk 2.50.2-1
- wpewebkit 2.50.2-1
[trixie] - wpewebkit <ignored> (wpewebkit not covered by security
support in Trixie)
@@ -55300,6 +55714,7 @@ CVE-2025-43440 (This issue was addressed with improved
checks This issue is fixe
CVE-2025-43439 (A privacy issue was addressed by removing sensitive data. This
issue i ...)
NOT-FOR-US: Apple
CVE-2025-43438 (A use-after-free issue was addressed with improved memory
management. ...)
+ {DSA-6070-1}
- webkit2gtk 2.50.2-1
- wpewebkit 2.50.2-1
[trixie] - wpewebkit <ignored> (wpewebkit not covered by security
support in Trixie)
@@ -55319,6 +55734,7 @@ CVE-2025-43434 (A use-after-free issue was addressed
with improved memory manage
[bullseye] - wpewebkit <end-of-life> (see #1035997)
NOTE: https://webkitgtk.org/security/WSA-2025-0008.html
CVE-2025-43433 (The issue was addressed with improved memory handling. This
issue is f ...)
+ {DSA-6070-1}
- webkit2gtk 2.50.2-1
- wpewebkit 2.50.2-1
[trixie] - wpewebkit <ignored> (wpewebkit not covered by security
support in Trixie)
@@ -89189,6 +89605,7 @@ CVE-2025-31278 (The issue was addressed with improved
memory handling. This issu
[bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be
sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2025-0005.html
CVE-2025-31277 (The issue was addressed with improved memory handling. This
issue is f ...)
+ {DSA-6042-1}
- webkit2gtk 2.50.0-1
- wpewebkit 2.50.0-1
[trixie] - wpewebkit <ignored> (wpewebkit not covered by security
support in Trixie)
@@ -113301,6 +113718,7 @@ CVE-2025-31225 (A privacy issue was addressed by
removing sensitive data. This i
CVE-2025-31224 (A logic issue was addressed with improved checks. This issue
is fixed ...)
NOT-FOR-US: Apple
CVE-2025-31223 (The issue was addressed with improved checks. This issue is
fixed in w ...)
+ {DSA-6042-1}
- webkit2gtk 2.50.0-1
- wpewebkit 2.50.0-1
[trixie] - wpewebkit <ignored> (wpewebkit not covered by security
support in Trixie)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/049ac4e526db6a3499dc944b3a4896f3f76ce197
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/049ac4e526db6a3499dc944b3a4896f3f76ce197
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
