Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a79457f3 by security tracker role at 2026-05-06T07:13:37+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,6 +1,104 @@
-CVE-2026-39852
+CVE-2026-7857 (A vulnerability has been found in D-Link DI-8100 16.07.26A1.
This vuln ...)
+ TODO: check
+CVE-2026-7856 (A flaw has been found in D-Link DI-8100 16.07.26A1. This
affects an un ...)
+ TODO: check
+CVE-2026-7573 (An authorization bypass (CWE-639) in the GetUserRoles gRPC API
endpoin ...)
+ TODO: check
+CVE-2026-7572 (An off-by-one error (CWE-193) in the ConsumeUnit16Array and
ConsumeUni ...)
+ TODO: check
+CVE-2026-5753 (The All-in-One WP Migration Unlimited Extension plugin for
WordPress i ...)
+ TODO: check
+CVE-2026-44405 (In Paramiko through 4.0.0 before a448945, rsakey.py allows the
SHA-1 a ...)
+ TODO: check
+CVE-2026-44331 (In ProFTPD through 1.3.9a before 7666224, a SQL injection
vulnerabilit ...)
+ TODO: check
+CVE-2026-41950 (Dify before version 1.14.0 contains an authorization bypass
vulnerabil ...)
+ TODO: check
+CVE-2026-40934 (Jupyter Server is the backend for Jupyter web applications. In
version ...)
+ TODO: check
+CVE-2026-40331 (Masa CMS is an open source content management system. In
versions 7.2. ...)
+ TODO: check
+CVE-2026-40330 (Masa CMS is an open source content management system. In
versions 7.2. ...)
+ TODO: check
+CVE-2026-40329 (Masa CMS is an open source content management system. In
versions 7.5. ...)
+ TODO: check
+CVE-2026-40280 (Gotenberg is an API-based document conversion tool. In
versions 8.30.1 ...)
+ TODO: check
+CVE-2026-40110 (Jupyter Server is the backend for Jupyter web applications. In
version ...)
+ TODO: check
+CVE-2026-40075 (OpenMRS Core is an open source electronic medical record
system platfo ...)
+ TODO: check
+CVE-2026-40068 (In versions 2.1.63 through 2.1.83 of Claude Code, the folder
trust det ...)
+ TODO: check
+CVE-2026-3208 (The Mercado Pago payments for WooCommerce plugin for WordPress
is vuln ...)
+ TODO: check
+CVE-2026-39849 (Pi-hole FTL is the core engine of the Pi-hole network-level
advertisem ...)
+ TODO: check
+CVE-2026-39383 (Gotenberg is an API-based document conversion tool. In version
8.29.1, ...)
+ TODO: check
+CVE-2026-38947 (FluentCMS 1.2.3 is vulnerable to Cross Site Scripting (XSS) in
TextHTM ...)
+ TODO: check
+CVE-2026-35579 (CoreDNS is a DNS server written in Go. In versions prior to
1.14.3, th ...)
+ TODO: check
+CVE-2026-35453 (PhpSpreadsheet is a library for reading and writing
spreadsheet files. ...)
+ TODO: check
+CVE-2026-35397 (Jupyter Server is the backend for Jupyter web applications. In
version ...)
+ TODO: check
+CVE-2026-34596 (Sandboxie-Plus is an open source sandbox-based isolation
software for ...)
+ TODO: check
+CVE-2026-34527 (Sandboxie-Plus is an open source sandbox-based isolation
software for ...)
+ TODO: check
+CVE-2026-34464 (Sandboxie-Plus is an open source sandbox-based isolation
software for ...)
+ TODO: check
+CVE-2026-34462 (Sandboxie-Plus is an open source sandbox-based isolation
software for ...)
+ TODO: check
+CVE-2026-34461 (Sandboxie-Plus is an open source sandbox-based isolation
software for ...)
+ TODO: check
+CVE-2026-34459 (Sandboxie-Plus is an open source sandbox-based isolation
software for ...)
+ TODO: check
+CVE-2026-34458 (Sandboxie-Plus is an open source sandbox-based isolation
software for ...)
+ TODO: check
+CVE-2026-34084 (PhpSpreadsheet is a library for reading and writing
spreadsheet files. ...)
+ TODO: check
+CVE-2026-33975 (Twenty is an open source CRM built with NestJS (Node.js). In
versions ...)
+ TODO: check
+CVE-2026-33489 (CoreDNS is a DNS server that chains plugins. In versions prior
to 1.14 ...)
+ TODO: check
+CVE-2026-33420 (Vaultwarden is a Bitwarden-compatible server written in Rust.
In versi ...)
+ TODO: check
+CVE-2026-33324 (SQLBot is an intelligent Text-to-SQL system based on large
language mo ...)
+ TODO: check
+CVE-2026-33190 (CoreDNS is a DNS server that chains plugins. In versions prior
to 1.14 ...)
+ TODO: check
+CVE-2026-32936 (CoreDNS is a DNS server that chains plugins. In versions prior
to 1.14 ...)
+ TODO: check
+CVE-2026-32934 (CoreDNS is a DNS server that chains plugins. In versions prior
to 1.14 ...)
+ TODO: check
+CVE-2026-32699 (FacturaScripts is an open source accounting and invoicing
software. In ...)
+ TODO: check
+CVE-2026-32603 (Sandboxie is an open source sandbox-based isolation software
for Windo ...)
+ TODO: check
+CVE-2026-31893 (Tunnelblick is an open source graphic user interface for
OpenVPN on ma ...)
+ TODO: check
+CVE-2026-2306 (The Ninja Tables \u2013 Easy Data Table Builder plugin for
WordPress i ...)
+ TODO: check
+CVE-2025-71256 (In nr modem, there is a possible improper input validation.
This could ...)
+ TODO: check
+CVE-2025-71255 (In Modem IMS, there is a possible improper input validation.
This coul ...)
+ TODO: check
+CVE-2025-71254 (In Modem IMS, there is a possible improper input validation.
This coul ...)
+ TODO: check
+CVE-2025-71253 (In Modem IMS, there is a possible improper input validation.
This coul ...)
+ TODO: check
+CVE-2025-71252 (In Modem IMS, there is a possible improper input validation.
This coul ...)
+ TODO: check
+CVE-2025-71251 (In IMS, there is a possible system crash due to improper input
validat ...)
+ TODO: check
+CVE-2024-52911 (Bitcoin Core through 28.x has a security issue, the details of
which a ...)
+ TODO: check
+CVE-2026-39852 (Quarkus is a Java framework for building cloud-native
applications. In ...)
NOT-FOR-US: Quarkus
-CVE-2026-28780
+CVE-2026-28780 (Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of
Apache HT ...)
- apache2 2.4.67-1
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-28780
CVE-2026-7865 (A hidden console command is vulnerable to command injection
flaw when ...)
@@ -1408,7 +1506,7 @@ CVE-2026-40197
- lxd <removed>
NOTE:
https://github.com/lxc/incus/security/advisories/GHSA-r7w7-mmxr-47r9
NOTE: https://github.com/lxc/incus/pull/3273
-CVE-2026-35527
+CVE-2026-35527 (Incus is an open source container and virtual machine manager.
In vers ...)
- incus <unfixed>
[trixie] - incus <not-affected> (Vulnerable code not present,
introduced in 6.22/6.0.6)
NOTE:
https://github.com/lxc/incus/security/advisories/GHSA-8gw4-p4wq-4hcv
@@ -2485,7 +2583,7 @@ CVE-2022-50993 (Weaver (Fanwei) E-office versions prior
to 10.0_20221201 contain
NOT-FOR-US: Weaver (Fanwei) E-office
CVE-2022-50992 (Weaver (Fanwei) E-cology 9.5 versions prior to 10.52 contain
an arbitr ...)
NOT-FOR-US: Weaver (Fanwei) E-cology
-CVE-2026-39402
+CVE-2026-39402 (lxc is a Linux container runtime. In the setuid helper
lxc-user-nic, t ...)
- lxc 1:7.0.0-1
[trixie] - lxc <no-dsa> (Minor issue)
[bookworm] - lxc <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a79457f32a1574bf1c20f0725b8d5e5f76a7d7f0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a79457f32a1574bf1c20f0725b8d5e5f76a7d7f0
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
