Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
92e6c954 by security tracker role at 2026-03-26T20:15:49+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,13 +1,325 @@
-CVE-2026-23398 [icmp: fix NULL pointer dereference in icmp_tag_validation()]
+CVE-2026-4926 (Impact: A bad regular expression is generated any time you
have multi ...)
+ TODO: check
+CVE-2026-4923 (Impact: When using multiple wildcards, combined with at least
one par ...)
+ TODO: check
+CVE-2026-4897 (A flaw was found in polkit. A local user can exploit this by
providing ...)
+ TODO: check
+CVE-2026-4887 (A flaw was found in GIMP. This issue is a heap buffer over-read
in GIM ...)
+ TODO: check
+CVE-2026-4877 (A security flaw has been discovered in itsourcecode Payroll
Management ...)
+ TODO: check
+CVE-2026-4876 (A vulnerability was identified in itsourcecode Free Hotel
Reservation ...)
+ TODO: check
+CVE-2026-4875 (A vulnerability was determined in itsourcecode Free Hotel
Reservation ...)
+ TODO: check
+CVE-2026-4867 (Impact: A bad regular expression is generated any time you
have three ...)
+ TODO: check
+CVE-2026-4862 (A security vulnerability has been detected in UTT HiPER 1250GW
up to 3 ...)
+ TODO: check
+CVE-2026-4861 (A weakness has been identified in Wavlink WL-NU516U1 260227.
This vuln ...)
+ TODO: check
+CVE-2026-4860 (A security flaw has been discovered in 648540858
wvp-GB28181-pro up to ...)
+ TODO: check
+CVE-2026-4809 (plank/laravel-mediable through version 6.4.0 can allow upload
of a dan ...)
+ TODO: check
+CVE-2026-4274 (Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10,
11.4.x <= 1 ...)
+ TODO: check
+CVE-2026-4263 (Vulnerability of incorrect authorization inHiJiffy Chatbot
allows an a ...)
+ TODO: check
+CVE-2026-4262 (Vulnerability of incorrect authorization inHiJiffy Chatbot
allows an a ...)
+ TODO: check
+CVE-2026-3116 (Mattermost Plugins versions <=11.4 11.0.4 11.1.3 11.3.2
10.11.11.0 fai ...)
+ TODO: check
+CVE-2026-3115 (Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10,
11.4.x <= 1 ...)
+ TODO: check
+CVE-2026-3114 (Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x
<= 11.2 ...)
+ TODO: check
+CVE-2026-3113 (Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x
<= 11.2 ...)
+ TODO: check
+CVE-2026-3112 (Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x
<= 11.2 ...)
+ TODO: check
+CVE-2026-3109 (Mattermost Plugins versions <=11.4 10.11.11.0 fail to validate
webhook ...)
+ TODO: check
+CVE-2026-3108 (Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10,
11.4.x <= 1 ...)
+ TODO: check
+CVE-2026-34071 (Stirling-PDF is a locally hosted web application that allows
you to pe ...)
+ TODO: check
+CVE-2026-33732 (srvx is a universal server based on web standards. Prior to
version 0. ...)
+ TODO: check
+CVE-2026-33632 (ClearanceKit intercepts file-system access events on macOS and
enforce ...)
+ TODO: check
+CVE-2026-33631 (ClearanceKit intercepts file-system access events on macOS and
enforce ...)
+ TODO: check
+CVE-2026-33536 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2026-33535 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
+CVE-2026-33532 (`yaml` is a YAML parser and serialiser for JavaScript. Parsing
a YAML ...)
+ TODO: check
+CVE-2026-33531 (InvenTree is an Open Source Inventory Management System. Prior
to vers ...)
+ TODO: check
+CVE-2026-33530 (InvenTree is an Open Source Inventory Management System. Prior
to vers ...)
+ TODO: check
+CVE-2026-33529 (Zoraxy is a general purpose HTTP reverse proxy and forwarding
tool. Pr ...)
+ TODO: check
+CVE-2026-33528 (GoDoxy is a reverse proxy and container orchestrator for
self-hosters. ...)
+ TODO: check
+CVE-2026-33525 (Authelia is an open-source authentication and authorization
server pro ...)
+ TODO: check
+CVE-2026-33506 (Ory Polis, formerly known as BoxyHQ Jackson, bridges or
proxies a SAML ...)
+ TODO: check
+CVE-2026-33505 (Ory Keto is am open source authorization server for managing
permissio ...)
+ TODO: check
+CVE-2026-33504 (Ory Hydra is an OAuth 2.0 Server and OpenID Connect Provider.
Prior to ...)
+ TODO: check
+CVE-2026-33503 (Ory Kratos is an identity, user management and authentication
system f ...)
+ TODO: check
+CVE-2026-33496 (ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access
Control ...)
+ TODO: check
+CVE-2026-33495 (ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access
Control ...)
+ TODO: check
+CVE-2026-33494 (ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access
Control ...)
+ TODO: check
+CVE-2026-33491 (Zen C is a systems programming language that compiles to
human-readabl ...)
+ TODO: check
+CVE-2026-33490 (H3 is a minimal H(TTP) framework. In versions 2.0.0-0 through
2.0.1-rc ...)
+ TODO: check
+CVE-2026-33487 (goxmlsig provides XML Digital Signatures implemented in Go.
Prior to v ...)
+ TODO: check
+CVE-2026-33486 (Roadiz is a polymorphic content management system based on a
node syst ...)
+ TODO: check
+CVE-2026-33481 (Syft is a a CLI tool and Go library for generating a Software
Bill of ...)
+ TODO: check
+CVE-2026-33477 (FileRise is a self-hosted web-based file manager with
multi-file uploa ...)
+ TODO: check
+CVE-2026-33470 (Frigate is a network video recorder (NVR) with realtime local
object d ...)
+ TODO: check
+CVE-2026-33469 (Frigate is a network video recorder (NVR) with realtime local
object d ...)
+ TODO: check
+CVE-2026-33468 (Kysely is a type-safe TypeScript SQL query builder. Prior to
version 0 ...)
+ TODO: check
+CVE-2026-33442 (Kysely is a type-safe TypeScript SQL query builder. In
versions 0.28.1 ...)
+ TODO: check
+CVE-2026-33438 (Stirling-PDF is a locally hosted web application that allows
you to pe ...)
+ TODO: check
+CVE-2026-33430 (Briefcase is a tool for converting a Python project into a
standalone ...)
+ TODO: check
+CVE-2026-33413 (etcd is a distributed key-value store for the data of a
distributed sy ...)
+ TODO: check
+CVE-2026-33402 (Sakai is a Collaboration and Learning Environment (CLE). In
versions 2 ...)
+ TODO: check
+CVE-2026-33397 (The Angular SSR is a server-rise rendering tool for Angular
applicatio ...)
+ TODO: check
+CVE-2026-33396 (OneUptime is an open-source monitoring and observability
platform. Pri ...)
+ TODO: check
+CVE-2026-33343 (etcd is a distributed key-value store for the data of a
distributed sy ...)
+ TODO: check
+CVE-2026-33153 (Tandoor Recipes is an application for managing recipes,
planning meals ...)
+ TODO: check
+CVE-2026-33152 (Tandoor Recipes is an application for managing recipes,
planning meals ...)
+ TODO: check
+CVE-2026-33149 (Tandoor Recipes is an application for managing recipes,
planning meals ...)
+ TODO: check
+CVE-2026-33148 (Tandoor Recipes is an application for managing recipes,
planning meals ...)
+ TODO: check
+CVE-2026-33015 (EVerest is an EV charging software stack. Prior to version
2026.02.0, ...)
+ TODO: check
+CVE-2026-33014 (EVerest is an EV charging software stack. Prior to version
2026.02.0, ...)
+ TODO: check
+CVE-2026-33009 (EVerest is an EV charging software stack. Versions prior to
2026.02.0 ...)
+ TODO: check
+CVE-2026-32857 (Firecrawl version 2.8.0 and prior contain a server-side
request forger ...)
+ TODO: check
+CVE-2026-32846 (OpenClaw through 2026.3.23 (fixed in commit 4797bbc) contains
a path t ...)
+ TODO: check
+CVE-2026-32287 (Boolean XPath expressions that evaluate to true can cause an
infinite ...)
+ TODO: check
+CVE-2026-32286 (The DataRow.Decode function fails to properly validate field
lengths. ...)
+ TODO: check
+CVE-2026-32285 (The Delete function fails to properly validate offsets when
processing ...)
+ TODO: check
+CVE-2026-32284 (The msgpack decoder fails to properly validate the input
buffer length ...)
+ TODO: check
+CVE-2026-30463 (Daylight Studio FuelCMS v1.5.2 was discovered to contain a SQL
injecti ...)
+ TODO: check
+CVE-2026-30458 (An issue in Daylight Studio FuelCMS v1.5.2 allows attackers to
exfiltr ...)
+ TODO: check
+CVE-2026-30457 (An issue in the /parser/dwoo component of Daylight Studio
FuelCMS v1.5 ...)
+ TODO: check
+CVE-2026-30162 (Cross Site Scripting (xss) vulnerability in Timo 2.0.3 via
crafted lin ...)
+ TODO: check
+CVE-2026-2511 (The JS Help Desk \u2013 AI-Powered Support & Ticketing System
plugin f ...)
+ TODO: check
+CVE-2026-2389 (The Complianz \u2013 GDPR/CCPA Cookie Consent plugin for
WordPress is ...)
+ TODO: check
+CVE-2026-2231 (The Fluent Booking plugin for WordPress is vulnerable to Stored
Cross- ...)
+ TODO: check
+CVE-2026-29976 (Buffer Overflow vulnerability in ZerBea hcxpcapngtool v.
7.0.1-43-g2ee ...)
+ TODO: check
+CVE-2026-29969 (A cross-site scripting (XSS) vulnerability in the
wff_cols_pref.css.as ...)
+ TODO: check
+CVE-2026-29934 (A reflected cross-site scripting (XSS) vulnerability in the
/admin/men ...)
+ TODO: check
+CVE-2026-29933 (A reflected cross-site scripting (XSS) vulnerability in the
/index/log ...)
+ TODO: check
+CVE-2026-29905 (Kirby CMS through 5.1.4 allows an authenticated user with
'Editor' per ...)
+ TODO: check
+CVE-2026-29055 (Tandoor Recipes is an application for managing recipes,
planning meals ...)
+ TODO: check
+CVE-2026-29044 (EVerest is an EV charging software stack. Prior to version
2026.02.0, ...)
+ TODO: check
+CVE-2026-28503 (Tandoor Recipes is an application for managing recipes,
planning meals ...)
+ TODO: check
+CVE-2026-28298 (SolarWinds Observability Self-Hosted was found to be affected
by a sto ...)
+ TODO: check
+CVE-2026-28297 (SolarWinds Observability Self-Hosted was found to be affected
by a sto ...)
+ TODO: check
+CVE-2026-27828 (EVerest is an EV charging software stack. Prior to version
2026.02.0, ...)
+ TODO: check
+CVE-2026-27816 (EVerest is an EV charging software stack. Prior to versions to
2026.02 ...)
+ TODO: check
+CVE-2026-27815 (EVerest is an EV charging software stack. Prior to versions to
2026.02 ...)
+ TODO: check
+CVE-2026-27814 (EVerest is an EV charging software stack. Versions prior to
2026.02.0 ...)
+ TODO: check
+CVE-2026-27813 (EVerest is an EV charging software stack. Versions prior to
2026.02.0 ...)
+ TODO: check
+CVE-2026-27664 (A vulnerability has been identified in CPCI85 Central
Processing/Commu ...)
+ TODO: check
+CVE-2026-27663 (A vulnerability has been identified in CPCI85 Central
Processing/Commu ...)
+ TODO: check
+CVE-2026-26213 (thingino-firmware versions up to the firmware-2026-03-16
release conta ...)
+ TODO: check
+CVE-2026-26074 (EVerest is an EV charging software stack. Versions prior to
2026.02.0 ...)
+ TODO: check
+CVE-2026-26073 (EVerest is an EV charging software stack. Versions prior to
2026.02.0 ...)
+ TODO: check
+CVE-2026-26072 (EVerest is an EV charging software stack. Versions prior to
2026.02.0 ...)
+ TODO: check
+CVE-2026-26071 (EVerest is an EV charging software stack. Versions prior to
2026.02.0 ...)
+ TODO: check
+CVE-2026-26070 (EVerest is an EV charging software stack. Versions prior to
2026.02.0 ...)
+ TODO: check
+CVE-2026-26008 (EVerest is an EV charging software stack. Versions prior to
2026.02.0 ...)
+ TODO: check
+CVE-2026-24068 (The VSL privileged helper does utilize NSXPC for IPC. The
implementati ...)
+ TODO: check
+CVE-2026-23995 (EVerest is an EV charging software stack. Prior to version
2026.02.0, ...)
+ TODO: check
+CVE-2026-22790 (EVerest is an EV charging software stack. Prior to version
2026.02.0, ...)
+ TODO: check
+CVE-2026-22593 (EVerest is an EV charging software stack. Prior to version
2026.02.0, ...)
+ TODO: check
+CVE-2026-1961 (A flaw was found in Foreman. A remote attacker could exploit a
command ...)
+ TODO: check
+CVE-2026-1032 (The Conditional Menus plugin for WordPress is vulnerable to
Cross-Site ...)
+ TODO: check
+CVE-2025-55277 (HCL Aftermarket DPC is affected by Use of Vulnerable/Outdated
Versions ...)
+ TODO: check
+CVE-2025-55276 (HCL Aftermarket DPC is affected by Internal IP Disclosure
vulnerabilit ...)
+ TODO: check
+CVE-2025-55275 (HCL Aftermarket DPC is affected by Admin Session Concurrency
vulnerabi ...)
+ TODO: check
+CVE-2025-55274 (HCL Aftermarket DPC is affected by Cross-Origin Resource
Sharing vulne ...)
+ TODO: check
+CVE-2025-55273 (HCL Aftermarket DPC is affected by Cross Domain Script Include
vulnera ...)
+ TODO: check
+CVE-2025-55272 (HCL Aftermarket DPC is affected by Banner Disclosure
vulnerability whe ...)
+ TODO: check
+CVE-2025-55271 (HCL Aftermarket DPC is affected by HTTP Response Splitting
vulnerabili ...)
+ TODO: check
+CVE-2025-55270 (HCL Aftermarket DPC is affected by Improper Input Validation
which all ...)
+ TODO: check
+CVE-2025-55269 (HCL Aftermarket DPC is affected by Weak Password Policy
vulnerability, ...)
+ TODO: check
+CVE-2025-55268 (HCL Aftermarket DPC is affected by Spamming Vulnerability
which can al ...)
+ TODO: check
+CVE-2025-55267 (HCL Aftermarket DPC is affected by Unrestricted File Upload
vulnerabil ...)
+ TODO: check
+CVE-2025-55266 (HCL Aftermarket DPC is affected by Session Fixation which
allows attac ...)
+ TODO: check
+CVE-2025-55265 (HCL Aftermarket DPC is affected by File Discovery which allows
attacke ...)
+ TODO: check
+CVE-2025-55264 (HCL Aftermarket DPC is affected by Failure to Invalidate
Session on Pa ...)
+ TODO: check
+CVE-2025-55263 (HCL Aftermarket DPC is affected by Hardcoded Sensitive Data
which allo ...)
+ TODO: check
+CVE-2025-55262 (HCL Aftermarket DPC is affected by SQL Injection which allows
attacker ...)
+ TODO: check
+CVE-2025-55261 (HCL Aftermarket DPC is affected by Missing Functional Level
Access Con ...)
+ TODO: check
+CVE-2025-41368 (Problem in the Small HTTP Server v3.06.36 service. An
authenticated pa ...)
+ TODO: check
+CVE-2025-41359 (Vulnerability related to an unquoted service path in Small
HTTP Server ...)
+ TODO: check
+CVE-2025-41027 (Reflected Cross Site Scripting (XSS) vulnerabilities in
GDTaller. Thes ...)
+ TODO: check
+CVE-2025-41026 (Reflected Cross Site Scripting (XSS) vulnerabilities in
GDTaller. Thes ...)
+ TODO: check
+CVE-2023-7338 (Ruckus Unleashed contains a remote code execution vulnerability
in the ...)
+ TODO: check
+CVE-2021-4474 (Ruckus Access Point products contain an arbitrary file read
vulnerabil ...)
+ TODO: check
+CVE-2019-25650 (River Past CamDo 3.7.6 contains a structured exception handler
(SEH) b ...)
+ TODO: check
+CVE-2019-25649 (River Past Audio Converter 7.7.16 contains a local buffer
overflow vul ...)
+ TODO: check
+CVE-2019-25648 (MyVideoConverter Pro 3.14 contains a local buffer overflow
vulnerabili ...)
+ TODO: check
+CVE-2018-25219 (PassFab Excel Password Recovery 8.3.1 contains a structured
exception ...)
+ TODO: check
+CVE-2018-25218 (PassFab RAR Password Recovery 9.3.2 contains a structured
exception ha ...)
+ TODO: check
+CVE-2018-25217 (PDF Explorer 1.5.66.2 contains a structured exception handler
(SEH) ov ...)
+ TODO: check
+CVE-2018-25216 (AnyBurn 4.3 contains a local buffer overflow vulnerability
that allows ...)
+ TODO: check
+CVE-2018-25215 (Excel Password Recovery Professional 8.2.0.0 contains a local
buffer o ...)
+ TODO: check
+CVE-2018-25214 (MegaPing contains a local buffer overflow vulnerability that
allows lo ...)
+ TODO: check
+CVE-2018-25213 (Nsauditor 3.0.28.0 contains a structured exception handling
buffer ove ...)
+ TODO: check
+CVE-2018-25212 (Boxoft wav-wma Converter 1.0 contains a local buffer overflow
vulnerab ...)
+ TODO: check
+CVE-2018-25211 (Allok Video Splitter 3.1.1217 contains a buffer overflow
vulnerability ...)
+ TODO: check
+CVE-2018-25210 (WebOfisi E-Ticaret 4.0 contains an SQL injection vulnerability
in the ...)
+ TODO: check
+CVE-2018-25209 (OpenBiz Cubi Lite 3.0.8 contains a SQL injection vulnerability
in the ...)
+ TODO: check
+CVE-2018-25208 (qdPM 9.1 contains an SQL injection vulnerability that allows
unauthent ...)
+ TODO: check
+CVE-2018-25207 (Online Quiz Maker 1.0 contains SQL injection vulnerabilities
in the ca ...)
+ TODO: check
+CVE-2018-25206 (KomSeo Cart 1.3 contains an SQL injection vulnerability that
allows at ...)
+ TODO: check
+CVE-2018-25205 (ASP.NET jVideo Kit 1.0 contains an SQL injection vulnerability
that al ...)
+ TODO: check
+CVE-2018-25204 (Library CMS 1.0 contains an SQL injection vulnerability that
allows un ...)
+ TODO: check
+CVE-2018-25203 (Online Store System CMS 1.0 contains an SQL injection
vulnerability th ...)
+ TODO: check
+CVE-2018-25202 (SAT CFDI 3.3 contains an SQL injection vulnerability that
allows attac ...)
+ TODO: check
+CVE-2018-25201 (School Management System CMS 1.0 contains an SQL injection
vulnerabili ...)
+ TODO: check
+CVE-2018-25195 (Wecodex Hotel CMS 1.0 contains an SQL injection vulnerability
in the a ...)
+ TODO: check
+CVE-2018-25185 (Wecodex Restaurant CMS 1.0 contains an SQL injection
vulnerability tha ...)
+ TODO: check
+CVE-2018-25183 (Shipping System CMS 1.0 contains an SQL injection
vulnerability that a ...)
+ TODO: check
+CVE-2026-23398 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/614aefe56af8e13331e50220c936fc0689cf5675 (7.0-rc5)
-CVE-2026-23397 [nfnetlink_osf: validate individual option lengths in
fingerprints]
+CVE-2026-23397 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/dbdfaae9609629a9569362e3b8f33d0a20fd783c (7.0-rc5)
-CVE-2026-23396 [wifi: mac80211: fix NULL deref in mesh_matches_local()]
+CVE-2026-23396 (In the Linux kernel, the following vulnerability has been
resolved: w ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/c73bb9a2d33bf81f6eecaa0f474b6c6dbe9855bd (7.0-rc5)
-CVE-2026-33416 [Use-after-free via pointer aliasing in `png_set_tRNS` and
`png_set_PLTE`]
+CVE-2026-33416 (LIBPNG is a reference library for use in applications that
read, creat ...)
- libpng1.6 <unfixed>
NOTE:
https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j
NOTE: https://github.com/pnggroup/libpng/pull/824
@@ -15,7 +327,7 @@ CVE-2026-33416 [Use-after-free via pointer aliasing in
`png_set_tRNS` and `png_s
NOTE: Fixed by:
https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25
(v1.6.56)
NOTE: Fixed by:
https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667
(v1.6.56)
NOTE: Fixed by:
https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1
(v1.6.56)
-CVE-2026-33636 [Out-of-bounds read/write in the palette expansion on ARM Neon]
+CVE-2026-33636 (LIBPNG is a reference library for use in applications that
read, creat ...)
- libpng1.6 <unfixed>
NOTE:
https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2
NOTE: Introduced with:
https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869
(v1.6.36)
@@ -1779,9 +2091,11 @@ CVE-2025-33216 (NVIDIA SNAP-4 Container contains a
vulnerability in the configur
CVE-2025-33215 (NVIDIA SNAP-4 Container contains a vulnerability in the
VIRTIO-BLK com ...)
TODO: check
CVE-2026-4371 (A malicious mail server could send malformed strings with
negative len ...)
+ {DSA-6179-1}
- thunderbird 1:140.9.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4371
CVE-2026-3889 (Spoofing issue in Thunderbird. This vulnerability affects
Thunderbird ...)
+ {DSA-6179-1}
- thunderbird 1:140.9.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-3889
CVE-2026-3836
@@ -2062,7 +2376,7 @@ CVE-2019-25627 (FlexHEX 2.71 contains a local buffer
overflow vulnerability in t
CVE-2019-25626 (River Past Cam Do 3.7.6 contains a local buffer overflow
vulnerability ...)
NOT-FOR-US: River Past Cam Do
CVE-2026-4721 (Memory safety bugs present in Firefox ESR 115.33, Firefox ESR
140.8, T ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2073,7 +2387,7 @@ CVE-2026-4729 (Memory safety bugs present in Firefox 148
and Thunderbird 148. So
- firefox 149.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4729
CVE-2026-4720 (Memory safety bugs present in Firefox ESR 140.8, Thunderbird
ESR 140.8 ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2081,7 +2395,7 @@ CVE-2026-4720 (Memory safety bugs present in Firefox ESR
140.8, Thunderbird ESR
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4720
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4720
CVE-2026-4719 (Incorrect boundary conditions in the Graphics: Text component.
This vu ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2089,7 +2403,7 @@ CVE-2026-4719 (Incorrect boundary conditions in the
Graphics: Text component. Th
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4719
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4719
CVE-2026-4718 (Undefined behavior in the WebRTC: Signaling component. This
vulnerabil ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2106,7 +2420,7 @@ CVE-2026-4726 (Denial-of-service in the XML component.
This vulnerability affect
- firefox 149.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4726
CVE-2026-4717 (Privilege escalation in the Netmonitor component. This
vulnerability a ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2114,7 +2428,7 @@ CVE-2026-4717 (Privilege escalation in the Netmonitor
component. This vulnerabil
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4717
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4717
CVE-2026-4716 (Incorrect boundary conditions, uninitialized memory in the
JavaScript ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2122,7 +2436,7 @@ CVE-2026-4716 (Incorrect boundary conditions,
uninitialized memory in the JavaSc
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4716
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4716
CVE-2026-4715 (Uninitialized memory in the Graphics: Canvas2D component. This
vulnera ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2130,7 +2444,7 @@ CVE-2026-4715 (Uninitialized memory in the Graphics:
Canvas2D component. This vu
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4715
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4715
CVE-2026-4714 (Incorrect boundary conditions in the Audio/Video component.
This vulne ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2138,7 +2452,7 @@ CVE-2026-4714 (Incorrect boundary conditions in the
Audio/Video component. This
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4714
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4714
CVE-2026-4713 (Incorrect boundary conditions in the Graphics component. This
vulnerab ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2163,7 +2477,7 @@ CVE-2026-4711 (Use-after-free in the Widget: Cocoa
component. This vulnerability
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4711
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4711
CVE-2026-4710 (Incorrect boundary conditions in the Audio/Video component.
This vulne ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2171,7 +2485,7 @@ CVE-2026-4710 (Incorrect boundary conditions in the
Audio/Video component. This
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4710
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4710
CVE-2026-4709 (Incorrect boundary conditions in the Audio/Video: GMP
component. This ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2179,7 +2493,7 @@ CVE-2026-4709 (Incorrect boundary conditions in the
Audio/Video: GMP component.
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4709
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4709
CVE-2026-4708 (Incorrect boundary conditions in the Graphics component. This
vulnerab ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2187,7 +2501,7 @@ CVE-2026-4708 (Incorrect boundary conditions in the
Graphics component. This vul
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4708
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4708
CVE-2026-4707 (Incorrect boundary conditions in the Graphics: Canvas2D
component. Thi ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2195,7 +2509,7 @@ CVE-2026-4707 (Incorrect boundary conditions in the
Graphics: Canvas2D component
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4707
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4707
CVE-2026-4706 (Incorrect boundary conditions in the Graphics: Canvas2D
component. Thi ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2203,7 +2517,7 @@ CVE-2026-4706 (Incorrect boundary conditions in the
Graphics: Canvas2D component
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4706
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4706
CVE-2026-4705 (Undefined behavior in the WebRTC: Signaling component. This
vulnerabil ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2211,7 +2525,7 @@ CVE-2026-4705 (Undefined behavior in the WebRTC:
Signaling component. This vulne
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4705
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4705
CVE-2026-4704 (Denial-of-service in the WebRTC: Signaling component. This
vulnerabili ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2225,7 +2539,7 @@ CVE-2026-4723 (Use-after-free in the JavaScript Engine
component. This vulnerabi
- firefox 149.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4723
CVE-2026-4702 (JIT miscompilation in the JavaScript Engine component. This
vulnerabil ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2236,7 +2550,7 @@ CVE-2026-4722 (Privilege escalation in the IPC component.
This vulnerability aff
- firefox 149.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/#CVE-2026-4722
CVE-2026-4701 (Use-after-free in the JavaScript Engine component. This
vulnerability ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2244,7 +2558,7 @@ CVE-2026-4701 (Use-after-free in the JavaScript Engine
component. This vulnerabi
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4701
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4701
CVE-2026-4700 (Mitigation bypass in the Networking: HTTP component. This
vulnerabilit ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2252,7 +2566,7 @@ CVE-2026-4700 (Mitigation bypass in the Networking: HTTP
component. This vulnera
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4700
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4700
CVE-2026-4699 (Incorrect boundary conditions in the Layout: Text and Fonts
component. ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2260,7 +2574,7 @@ CVE-2026-4699 (Incorrect boundary conditions in the
Layout: Text and Fonts compo
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4699
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4699
CVE-2026-4698 (JIT miscompilation in the JavaScript Engine: JIT component.
This vulne ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2268,7 +2582,7 @@ CVE-2026-4698 (JIT miscompilation in the JavaScript
Engine: JIT component. This
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4698
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4698
CVE-2026-4697 (Incorrect boundary conditions in the Audio/Video: Web Codecs
component ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2276,7 +2590,7 @@ CVE-2026-4697 (Incorrect boundary conditions in the
Audio/Video: Web Codecs comp
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4697
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4697
CVE-2026-4696 (Use-after-free in the Layout: Text and Fonts component. This
vulnerabi ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2284,7 +2598,7 @@ CVE-2026-4696 (Use-after-free in the Layout: Text and
Fonts component. This vuln
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4696
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4696
CVE-2026-4695 (Incorrect boundary conditions in the Audio/Video: Web Codecs
component ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2292,7 +2606,7 @@ CVE-2026-4695 (Incorrect boundary conditions in the
Audio/Video: Web Codecs comp
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4695
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4695
CVE-2026-4694 (Incorrect boundary conditions, integer overflow in the Graphics
compon ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2300,7 +2614,7 @@ CVE-2026-4694 (Incorrect boundary conditions, integer
overflow in the Graphics c
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4694
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4694
CVE-2026-4693 (Incorrect boundary conditions in the Audio/Video: Playback
component. ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2308,7 +2622,7 @@ CVE-2026-4693 (Incorrect boundary conditions in the
Audio/Video: Playback compon
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4693
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4693
CVE-2026-4692 (Sandbox escape in the Responsive Design Mode component. This
vulnerabi ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2316,7 +2630,7 @@ CVE-2026-4692 (Sandbox escape in the Responsive Design
Mode component. This vuln
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4692
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4692
CVE-2026-4691 (Use-after-free in the CSS Parsing and Computation component.
This vuln ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2324,7 +2638,7 @@ CVE-2026-4691 (Use-after-free in the CSS Parsing and
Computation component. This
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4691
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4691
CVE-2026-4690 (Sandbox escape due to incorrect boundary conditions, integer
overflow ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2332,7 +2646,7 @@ CVE-2026-4690 (Sandbox escape due to incorrect boundary
conditions, integer over
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4690
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4690
CVE-2026-4689 (Sandbox escape due to incorrect boundary conditions, integer
overflow ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2340,7 +2654,7 @@ CVE-2026-4689 (Sandbox escape due to incorrect boundary
conditions, integer over
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4689
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4689
CVE-2026-4688 (Sandbox escape due to use-after-free in the Disability Access
APIs com ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2348,7 +2662,7 @@ CVE-2026-4688 (Sandbox escape due to use-after-free in
the Disability Access API
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4688
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4688
CVE-2026-4687 (Sandbox escape due to incorrect boundary conditions in the
Telemetry c ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2356,7 +2670,7 @@ CVE-2026-4687 (Sandbox escape due to incorrect boundary
conditions in the Teleme
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4687
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4687
CVE-2026-4686 (Incorrect boundary conditions in the Graphics: Canvas2D
component. Thi ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2364,7 +2678,7 @@ CVE-2026-4686 (Incorrect boundary conditions in the
Graphics: Canvas2D component
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4686
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4686
CVE-2026-4685 (Incorrect boundary conditions in the Graphics: Canvas2D
component. Thi ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2372,7 +2686,7 @@ CVE-2026-4685 (Incorrect boundary conditions in the
Graphics: Canvas2D component
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/#CVE-2026-4685
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/#CVE-2026-4685
CVE-2026-4684 (Race condition, use-after-free in the Graphics: WebRender
component. T ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
@@ -2875,11 +3189,11 @@ CVE-2026-31850 (Nexxt Solutions Nebula 300+ firmware
through version 12.01.01.37
NOT-FOR-US: Nexxt Solutions Nebula 300+ firmware
CVE-2026-31849 (Nexxt Solutions Nebula 300+ firmware through version
12.01.01.37 does ...)
NOT-FOR-US: Nexxt Solutions Nebula 300+ firmware
-CVE-2026-31848 (Nexxt Solutions Nebula 300+ firmware through version
12.01.01.37 store ...)
+CVE-2026-31848 (Nexxt Solutions Nebula 300+ firmware through version
12.01.01.37 uses ...)
NOT-FOR-US: Nexxt Solutions Nebula 300+ firmware
CVE-2026-31847 (Hidden functionality in the /goform/setSysTools endpoint in
Nexxt Solu ...)
NOT-FOR-US: Nexxt Solutions Nebula 300+ firmware
-CVE-2026-31846 (An unauthenticated credential disclosure vulnerability in the
/goform/ ...)
+CVE-2026-31846 (Missing authentication in the /goform/ate endpoint in Nexxt
Solutions ...)
NOT-FOR-US: Nexxt Solutions Nebula 300+ firmware
CVE-2026-30886 (New API is a large language mode (LLM) gateway and artificial
intellig ...)
NOT-FOR-US: New API
@@ -4736,7 +5050,7 @@ CVE-2025-71258 (BMC FootPrints ITSM versions 20.20.02
through 20.24.01.001 conta
NOT-FOR-US: BMC FootPrints ITSM
CVE-2025-71257 (BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001
contain an ...)
NOT-FOR-US: BMC FootPrints ITSM
-CVE-2025-69720 (ncurses v6.5 and v6.4 are vulnerable to Buffer Overflow in
progs/infoc ...)
+CVE-2025-69720 (The infocmp command-line tool in ncurses before 6.5-20251213
has a sta ...)
- ncurses <unfixed>
NOTE: https://github.com/Cao-Wuhui/CVE-2025-69720
TODO: check upstream status
@@ -6997,7 +7311,7 @@ CVE-2026-22215 (wpDiscuz before 7.6.47 contains a
cross-site request forgery vul
NOT-FOR-US: wpDiscuz
CVE-2026-22210 (wpDiscuz before 7.6.47 contains a cross-site scripting
vulnerability t ...)
NOT-FOR-US: wpDiscuz
-CVE-2026-22209 (thingino-firmware up to commit e3f6a41 (published on
2026-03-15) conta ...)
+CVE-2026-22209 (wpDiscuz before 7.6.47 contains a cross-site scripting
vulnerability i ...)
NOT-FOR-US: wpDiscuz
CVE-2026-22204 (wpDiscuz before 7.6.47 contains an email header injection
vulnerabilit ...)
NOT-FOR-US: wpDiscuz
@@ -7671,7 +7985,7 @@ CVE-2023-43010 (The issue was addressed with improved
memory handling. This issu
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
[bullseye] - wpewebkit <end-of-life> (see #1035997)
NOTE: https://webkitgtk.org/security/WSA-2026-0001.html
-CVE-2026-2436
+CVE-2026-2436 (A flaw was found in libsoup's SoupServer. A remote attacker
could expl ...)
- libsoup3 <unfixed> (bug #1130498)
[trixie] - libsoup3 <no-dsa> (Minor issue)
[bookworm] - libsoup3 <no-dsa> (Minor issue)
@@ -13699,7 +14013,7 @@ CVE-2026-1311 (The Worry Proof Backup plugin for
WordPress is vulnerable to Path
NOT-FOR-US: WordPress plugin
CVE-2026-0542 (ServiceNow has addressed a remote code execution vulnerability
that wa ...)
NOT-FOR-US: ServiceNow
-CVE-2026-3190
+CVE-2026-3190 (A flaw was found in Keycloak. The User-Managed Access (UMA) 2.0
Protec ...)
- keycloak <itp> (bug #1088287)
CVE-2026-3184 [Access control bypass due to improper hostname canonicalization]
[experimental] - util-linux 2.42~rc1-1
@@ -14225,7 +14539,7 @@ CVE-2026-27624 (Coturn is a free open source
implementation of TURN and STUN Ser
- coturn <unfixed> (bug #1129267)
NOTE:
https://github.com/coturn/coturn/security/advisories/GHSA-j8mm-mpf8-gvjg
NOTE:
https://github.com/coturn/coturn/commit/b80eb898ba26552600770162c26a8ae7f3661b0b
(4.9.0)
-CVE-2026-3121
+CVE-2026-3121 (A flaw was found in Keycloak. An administrator with
`manage-clients` p ...)
- keycloak <itp> (bug #1088287)
CVE-2026-3099 (A flaw was found in Libsoup. The server-side digest
authentication imp ...)
- libsoup3 <unfixed> (bug #1129316)
@@ -78900,7 +79214,7 @@ CVE-2025-59378 (In guix-daemon in GNU Guix before
1618ca7, a content-addressed-m
NOTE: Fixed by:
https://codeberg.org/guix/guix/commit/f607aaaaaafe19257ef09ca519d325df6ae97e05
NOTE: Fixed by:
https://codeberg.org/guix/guix/commit/9202921e812708b23788b2209cdb576d456f56db
CVE-2025-59375 (libexpat in Expat before 2.7.2 allows attackers to trigger
large dynam ...)
- {DSA-6178-1}
+ {DSA-6179-1 DSA-6178-1}
- firefox 149.0-1
- firefox-esr 140.9.0esr-1
- thunderbird 1:140.9.0esr-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92e6c9544893ae54291dc22a577c0be96d72af05
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92e6c9544893ae54291dc22a577c0be96d72af05
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
