Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
dc814795 by security tracker role at 2026-03-23T20:13:10+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,215 @@
+CVE-2026-4647 (A flaw was found in the GNU Binutils BFD library, a widely used
compon ...)
+ TODO: check
+CVE-2026-4645 (A flaw was found in the `github.com/antchfx/xpath` component. A
remote ...)
+ TODO: check
+CVE-2026-4633 (A flaw was found in Keycloak. A remote attacker can exploit
differenti ...)
+ TODO: check
+CVE-2026-4628 (A flaw was found in Keycloak. An improper Access Control
vulnerability ...)
+ TODO: check
+CVE-2026-4596 (A vulnerability was identified in projectworlds Lawyer
Management Syst ...)
+ TODO: check
+CVE-2026-4595 (A vulnerability was determined in code-projects Exam Form
Submission 1 ...)
+ TODO: check
+CVE-2026-4594 (A vulnerability has been found in erupts erupt up to 1.13.3.
Affected ...)
+ TODO: check
+CVE-2026-4593 (A flaw has been found in erupts erupt bis 1.13.3. Affected by
this vul ...)
+ TODO: check
+CVE-2026-4592 (A security vulnerability has been detected in kalcaddle kodbox
1.64. T ...)
+ TODO: check
+CVE-2026-4591 (A weakness has been identified in kalcaddle kodbox 1.64. This
affects ...)
+ TODO: check
+CVE-2026-4590 (A security flaw has been discovered in kalcaddle kodbox 1.64.
The impa ...)
+ TODO: check
+CVE-2026-4589 (A vulnerability was identified in kalcaddle kodbox 1.64. The
affected ...)
+ TODO: check
+CVE-2026-4588 (A vulnerability was determined in kalcaddle kodbox 1.64.
Impacted is t ...)
+ TODO: check
+CVE-2026-4587 (A vulnerability was found in HybridAuth up to 3.12.2. This
issue affec ...)
+ TODO: check
+CVE-2026-4586 (A vulnerability was found in CodePhiliaX Chat2DB up to 0.3.7.
This aff ...)
+ TODO: check
+CVE-2026-4585 (A vulnerability has been found in Tiandy Easy7 Integrated
Management P ...)
+ TODO: check
+CVE-2026-4584 (A flaw has been found in Shenzhen HCC Technology MPOS M6 PLUS
1V.31-N. ...)
+ TODO: check
+CVE-2026-4583 (A vulnerability was detected in Shenzhen HCC Technology MPOS M6
PLUS 1 ...)
+ TODO: check
+CVE-2026-4582 (A security vulnerability has been detected in Shenzhen HCC
Technology ...)
+ TODO: check
+CVE-2026-4581 (A weakness has been identified in code-projects Simple Laundry
System ...)
+ TODO: check
+CVE-2026-4580 (A security flaw has been discovered in code-projects Simple
Laundry Sy ...)
+ TODO: check
+CVE-2026-4404 (Use of hard coded credentials in GoHarbor Harbor version 2.15.0
and be ...)
+ TODO: check
+CVE-2026-3635 (Summary When trustProxy is configured with a restrictive trust
functio ...)
+ TODO: check
+CVE-2026-33723 (WWBN AVideo is an open source video platform. In versions up
to and in ...)
+ TODO: check
+CVE-2026-33719 (WWBN AVideo is an open source video platform. In versions up
to and in ...)
+ TODO: check
+CVE-2026-33717 (WWBN AVideo is an open source video platform. In versions up
to and in ...)
+ TODO: check
+CVE-2026-33716 (WWBN AVideo is an open source video platform. In versions up
to and in ...)
+ TODO: check
+CVE-2026-33690 (WWBN AVideo is an open source video platform. In versions up
to and in ...)
+ TODO: check
+CVE-2026-33688 (WWBN AVideo is an open source video platform. In versions up
to and in ...)
+ TODO: check
+CVE-2026-33685 (WWBN AVideo is an open source video platform. In versions up
to and in ...)
+ TODO: check
+CVE-2026-33683 (WWBN AVideo is an open source video platform. In versions up
to and in ...)
+ TODO: check
+CVE-2026-33681 (WWBN AVideo is an open source video platform. In versions up
to and in ...)
+ TODO: check
+CVE-2026-33651 (WWBN AVideo is an open source video platform. In versions up
to and in ...)
+ TODO: check
+CVE-2026-33650 (WWBN AVideo is an open source video platform. In versions up
to and in ...)
+ TODO: check
+CVE-2026-33649 (WWBN AVideo is an open source video platform. In versions up
to and in ...)
+ TODO: check
+CVE-2026-33648 (WWBN AVideo is an open source video platform. In versions up
to and in ...)
+ TODO: check
+CVE-2026-33647 (WWBN AVideo is an open source video platform. In versions up
to and in ...)
+ TODO: check
+CVE-2026-33548 (Mantis Bug Tracker (MantisBT) is an open source issue tracker.
In vers ...)
+ TODO: check
+CVE-2026-33517 (Mantis Bug Tracker (MantisBT) is an open source issue tracker.
In vers ...)
+ TODO: check
+CVE-2026-33513 (WWBN AVideo is an open source video platform. In versions up
to and in ...)
+ TODO: check
+CVE-2026-33512 (WWBN AVideo is an open source video platform. In versions up
to and in ...)
+ TODO: check
+CVE-2026-33507 (WWBN AVideo is an open source video platform. In versions up
to and in ...)
+ TODO: check
+CVE-2026-33502 (WWBN AVideo is an open source video platform. In versions up
to and in ...)
+ TODO: check
+CVE-2026-33501 (WWBN AVideo is an open source video platform. In versions up
to and in ...)
+ TODO: check
+CVE-2026-33500 (WWBN AVideo is an open source video platform. In versions up
to and in ...)
+ TODO: check
+CVE-2026-33499 (WWBN AVideo is an open source video platform. In versions up
to and in ...)
+ TODO: check
+CVE-2026-33493 (WWBN AVideo is an open source video platform. In versions up
to and in ...)
+ TODO: check
+CVE-2026-33492 (WWBN AVideo is an open source video platform. In versions up
to and in ...)
+ TODO: check
+CVE-2026-33488 (WWBN AVideo is an open source video platform. In versions up
to and in ...)
+ TODO: check
+CVE-2026-33485 (WWBN AVideo is an open source video platform. In versions up
to and in ...)
+ TODO: check
+CVE-2026-33483 (WWBN AVideo is an open source video platform. In versions up
to and in ...)
+ TODO: check
+CVE-2026-33482 (WWBN AVideo is an open source video platform. In versions up
to and in ...)
+ TODO: check
+CVE-2026-33480 (WWBN AVideo is an open source video platform. In versions up
to and in ...)
+ TODO: check
+CVE-2026-33479 (WWBN AVideo is an open source video platform. In versions up
to and in ...)
+ TODO: check
+CVE-2026-33478 (WWBN AVideo is an open source video platform. In versions up
to and in ...)
+ TODO: check
+CVE-2026-33354 (WWBN AVideo is an open source video platform. In versions up
to and in ...)
+ TODO: check
+CVE-2026-33352 (WWBN AVideo is an open source video platform. Prior to version
26.0, a ...)
+ TODO: check
+CVE-2026-33351 (WWBN AVideo is an open source video platform. Prior to version
26.0, a ...)
+ TODO: check
+CVE-2026-33297 (WWBN AVideo is an open source video platform. Prior to version
26.0, t ...)
+ TODO: check
+CVE-2026-32969 (An unauthenticated remote attacker can exploit a Pre-Auth
blind SQL In ...)
+ TODO: check
+CVE-2026-32968 (Due to the improper neutralisation of special elements used in
an OS c ...)
+ TODO: check
+CVE-2026-32879 (New API is a large language mode (LLM) gateway and artificial
intellig ...)
+ TODO: check
+CVE-2026-32852 (MailEnable versions prior to10.55 contain a reflected
cross-site scrip ...)
+ TODO: check
+CVE-2026-32851 (MailEnable versions prior to10.55 contain a reflected
cross-site scrip ...)
+ TODO: check
+CVE-2026-32850 (MailEnable versions prior to10.55 contain a reflected
cross-site scrip ...)
+ TODO: check
+CVE-2026-32845 (cgltf version 1.15 and prior contain an integer overflow
vulnerability ...)
+ TODO: check
+CVE-2026-31851 (Nexxt Solutions Nebula 300+ firmware through version
12.01.01.37 does ...)
+ TODO: check
+CVE-2026-31850 (Nexxt Solutions Nebula 300+ firmware through version
12.01.01.37 store ...)
+ TODO: check
+CVE-2026-31849 (Nexxt Solutions Nebula 300+ firmware through version
12.01.01.37 does ...)
+ TODO: check
+CVE-2026-31848 (Nexxt Solutions Nebula 300+ firmware through version
12.01.01.37 store ...)
+ TODO: check
+CVE-2026-31847 (Hidden functionality in the /goform/setSysTools endpoint in
Nexxt Solu ...)
+ TODO: check
+CVE-2026-31846 (An unauthenticated credential disclosure vulnerability in the
/goform/ ...)
+ TODO: check
+CVE-2026-30886 (New API is a large language mode (LLM) gateway and artificial
intellig ...)
+ TODO: check
+CVE-2026-30849 (Mantis Bug Tracker (MantisBT) is an open source issue tracker.
Version ...)
+ TODO: check
+CVE-2026-30007 (XnSoft NConvert 7.230 is vulnerable to Use-After-Free via a
crafted .t ...)
+ TODO: check
+CVE-2026-30006 (XnSoft NConvert 7.230 is vulnerable to Stack Buffer Overrun
via a craf ...)
+ TODO: check
+CVE-2026-2298 (Improper Neutralization of Argument Delimiters in a Command
('Argument ...)
+ TODO: check
+CVE-2026-28809 (XML External Entity (XXE) vulnerability in esaml (and its
forks) allow ...)
+ TODO: check
+CVE-2026-27131 (The Sprig Plugin for Craft CMS is a reactive Twig component
framework ...)
+ TODO: check
+CVE-2026-26829 (A NULL pointer dereference in the safe_atou64 function
(src/misc.c) of ...)
+ TODO: check
+CVE-2026-26828 (A NULL pointer dereference in the daap_reply_playlists
function (src/h ...)
+ TODO: check
+CVE-2026-26209 (cbor2 provides encoding and decoding for the Concise Binary
Object Rep ...)
+ TODO: check
+CVE-2026-24516 (A command injection vulnerability exists in DigitalOcean
Droplet Agent ...)
+ TODO: check
+CVE-2026-1958 (Use of hard-coded credentials in Klinika XP and KlinikaXP
Insertino al ...)
+ TODO: check
+CVE-2026-0898 (An arbitrary file-write vulnerability in Pega Browser Extension
(PBE) ...)
+ TODO: check
+CVE-2025-52204 (A Cross-Site Scripting (XSS) vulnerability exists in
Znuny::ITSM 6.5.x ...)
+ TODO: check
+CVE-2025-41008 (SQL injection vulnerability in Sinturno. This vulnerability
allows an ...)
+ TODO: check
+CVE-2025-41007 (SQL Injection in Cuantis. This vulnerability allows an
attacker to ret ...)
+ TODO: check
+CVE-2025-15606 (A Denial-of-Service (DoS) vulnerability in the httpd component
of TP-L ...)
+ TODO: check
+CVE-2025-15605 (A hardcoded cryptographic key within the configuration
mechanism on TP ...)
+ TODO: check
+CVE-2025-15519 (Improper input handling in a modem-management administrative
CLI comma ...)
+ TODO: check
+CVE-2025-15518 (Improper input handling in a wireless-control administrative
CLI comma ...)
+ TODO: check
+CVE-2025-15517 (A missing authentication check in the HTTP server on TP-Link
Archer NX ...)
+ TODO: check
+CVE-2024-51226 (A stored cross-site scripting (XSS) vulnerability in the
component /ad ...)
+ TODO: check
+CVE-2024-51225 (A stored cross-site scripting (XSS) vulnerability in the
component /ad ...)
+ TODO: check
+CVE-2024-51224 (Multiple cross-site scripting (XSS) vulnerabilities in the
component / ...)
+ TODO: check
+CVE-2024-51223 (A stored cross-site scripting (XSS) vulnerability in the
component /ad ...)
+ TODO: check
+CVE-2024-51222 (A stored cross-site scripting (XSS) vulnerability in the
component /ad ...)
+ TODO: check
+CVE-2024-46879 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in
the POS ...)
+ TODO: check
+CVE-2024-46878 (A Cross-Site Scripting (XSS) vulnerability exists in the page
paramete ...)
+ TODO: check
+CVE-2019-25625 (Blob Studio 2.17 contains a denial of service vulnerability
that allow ...)
+ TODO: check
+CVE-2019-25624 (Liquid Studio 2.17 contains a denial of service vulnerability
that all ...)
+ TODO: check
+CVE-2019-25623 (Luminance Studio 2.17 contains a denial of service
vulnerability that ...)
+ TODO: check
+CVE-2019-25622 (Paint Studio 2.17 contains a denial of service vulnerability
that allo ...)
+ TODO: check
+CVE-2019-25621 (Pixel Studio 2.17 contains a denial of service vulnerability
that allo ...)
+ TODO: check
+CVE-2019-25620 (Tree Studio 2.17 contains a denial of service vulnerability
that allow ...)
+ TODO: check
CVE-2026-33347
- php-league-commonmark 2.8.2-1
NOTE:
https://github.com/thephpleague/commonmark/security/advisories/GHSA-hh8v-hgvp-g3f5
@@ -8,7 +220,8 @@ CVE-2026-33699
NOTE:
https://github.com/py-pdf/pypdf/security/advisories/GHSA-87mj-5ggw-8qc3
NOTE: https://github.com/py-pdf/pypdf/pull/3693
NOTE: Fixed by:
https://github.com/py-pdf/pypdf/commit/02b1345f77fdbc006faccc301507df4fb1855413
(6.9.2)
-CVE-2026-25075
+CVE-2026-25075 (strongSwan versions 4.5.0 prior to 6.0.5 contain an integer
underflow ...)
+ {DSA-6176-1}
- strongswan <unfixed>
NOTE:
https://www.strongswan.org/blog/2026/03/23/strongswan-vulnerability-(cve-2026-25075).html
NOTE: Patch: https://download.strongswan.org/security/CVE-2026-25075/
@@ -2637,9 +2850,9 @@ CVE-2026-32293 (The GL-iNet Comet (GL-RM1) KVM connects
to a GL-iNet site during
NOT-FOR-US: GL-iNet Comet (GL-RM1) KVM
CVE-2026-32292 (The GL-iNet Comet (GL-RM1) KVM web interface does not limit
login requ ...)
NOT-FOR-US: GL-iNet Comet (GL-RM1) KVM
-CVE-2026-32291 (The GL-iNet Comet (GL-RM1) KVM does not require authentication
on the ...)
+CVE-2026-32291 (The GL-iNet Comet (GL-RM1) KVM before 1.8.2 does not require
authentic ...)
NOT-FOR-US: GL-iNet Comet (GL-RM1) KVM
-CVE-2026-32290 (The GL-iNet Comet (GL-RM1) KVM does not sufficiently verify
the authen ...)
+CVE-2026-32290 (The GL-iNet Comet (GL-RM1) KVM before version 1.8.2 does not
sufficien ...)
NOT-FOR-US: GL-iNet Comet (GL-RM1) KVM
CVE-2026-30911 (Apache Airflow versions 3.1.0 through 3.1.7 missing
authorization vuln ...)
- airflow <itp> (bug #819700)
@@ -30362,7 +30575,7 @@ CVE-2020-36875 (AccessAlly WordPress plugin versions
prior to3.3.2 contain an un
CVE-2025-14459 (A flaw was found in KubeVirt Containerized Data Importer
(CDI). This v ...)
NOT-FOR-US: Red Hat virt-cdi-controller
CVE-2025-51602 (mmstu.c in VideoLAN VLC media player before 3.0.22 allows an
out-of-bo ...)
- {DSA-6082-1}
+ {DSA-6082-1 DLA-4507-1}
- vlc 3.0.22-1
NOTE: https://www.videolan.org/security/sb-vlc3022.html
CVE-2026-22714 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc8147957681305b11c41bf260f37eb768ab04cf
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc8147957681305b11c41bf260f37eb768ab04cf
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
