Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ec7c6815 by security tracker role at 2026-05-08T07:13:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,263 @@
+CVE-2026-8149 (A vulnerability in Legion of the Bouncy Castle Inc. BC-FJA
BC-FIPS on ...)
+ TODO: check
+CVE-2026-8148 (NAVER MYBOX Explorer for Windows before 3.0.11.160 allows a
local atta ...)
+ TODO: check
+CVE-2026-8142 (VINCE versions 3.0.38 and earlier do not properly verify the
From addr ...)
+ TODO: check
+CVE-2026-8138 (A vulnerability was found in Tenda CX12L 16.03.53.12. This
issue affec ...)
+ TODO: check
+CVE-2026-8137 (A vulnerability has been found in Totolink X5000R
9.1.0u.6369_B2023011 ...)
+ TODO: check
+CVE-2026-8136 (A flaw has been found in SourceCodester Pharmacy Sales and
Inventory S ...)
+ TODO: check
+CVE-2026-8133 (A security vulnerability has been detected in zyx0814 FilePress
up to ...)
+ TODO: check
+CVE-2026-8132 (A weakness has been identified in CodeAstro Leave Management
System 1. ...)
+ TODO: check
+CVE-2026-8131 (A security flaw has been discovered in SourceCodester SUP
Online Shopp ...)
+ TODO: check
+CVE-2026-8130 (A vulnerability was identified in SourceCodester SUP Online
Shopping 1 ...)
+ TODO: check
+CVE-2026-8129 (A vulnerability was determined in SourceCodester SUP Online
Shopping 1 ...)
+ TODO: check
+CVE-2026-8128 (A vulnerability was found in SourceCodester SUP Online Shopping
1.0. T ...)
+ TODO: check
+CVE-2026-8127 (A vulnerability has been found in eladmin up to 2.7. Impacted
is the f ...)
+ TODO: check
+CVE-2026-8126 (A flaw has been found in SourceCodester Comment System 1.0.
This issue ...)
+ TODO: check
+CVE-2026-8125 (A vulnerability was detected in code-projects Simple Chat
System 1.0. ...)
+ TODO: check
+CVE-2026-8124 (A security vulnerability has been detected in GPAC up to
26.02.0. This ...)
+ TODO: check
+CVE-2026-8123 (A vulnerability was determined in Open5GS up to 2.7.7. This
impacts th ...)
+ TODO: check
+CVE-2026-8122 (A vulnerability was found in Open5GS up to 2.7.7. This affects
the fun ...)
+ TODO: check
+CVE-2026-8121 (A vulnerability has been found in Open5GS up to 2.7.7. The
impacted el ...)
+ TODO: check
+CVE-2026-8120 (A flaw has been found in Open5GS up to 2.7.7. The affected
element is ...)
+ TODO: check
+CVE-2026-8119 (A vulnerability was detected in Open5GS up to 2.7.7. Impacted
is the f ...)
+ TODO: check
+CVE-2026-8117 (A security vulnerability has been detected in SourceCodester
Pizzafy E ...)
+ TODO: check
+CVE-2026-8116 (A weakness has been identified in huangjunsen0406
xiaozhi-mcphub up to ...)
+ TODO: check
+CVE-2026-8115 (A security flaw has been discovered in gyoridavid
short-video-maker up ...)
+ TODO: check
+CVE-2026-8114 (A vulnerability was identified in JeecgBoot up to 3.9.1.
Affected by t ...)
+ TODO: check
+CVE-2026-8113 (A vulnerability was determined in 8421bit MiniClaw up to
43905b934cf76 ...)
+ TODO: check
+CVE-2026-8112 (A vulnerability was found in 8421bit MiniClaw up to
223c16a1088e138838 ...)
+ TODO: check
+CVE-2026-8106 (A reflected HTML injection vulnerability was identified in the
GitHub ...)
+ TODO: check
+CVE-2026-8098 (A security vulnerability has been detected in code-projects
Feedback S ...)
+ TODO: check
+CVE-2026-8097 (A security flaw has been discovered in CodeAstro Online
Classroom 1.0. ...)
+ TODO: check
+CVE-2026-8088 (A weakness has been identified in OSGeo gdal up to 3.13.0dev-4.
The af ...)
+ TODO: check
+CVE-2026-8087 (A security flaw has been discovered in OSGeo gdal up to
3.13.0dev-4. I ...)
+ TODO: check
+CVE-2026-8069 (PredatorSense version 3.00.3136 to 3.00.3196 contain Local
Privilege E ...)
+ TODO: check
+CVE-2026-8034 (A server-side request forgery (SSRF) vulnerability was
identified in t ...)
+ TODO: check
+CVE-2026-7891 (The VerySecureApp made by DIVD using Mendix Studio Pro 11.8.0
Beta all ...)
+ TODO: check
+CVE-2026-7541 (A denial of service vulnerability was identified in GitHub
Enterprise ...)
+ TODO: check
+CVE-2026-6737 (An Exposed IOCTL with Insufficient Access Control vulnerability
in Asu ...)
+ TODO: check
+CVE-2026-6736 (An authentication bypass vulnerability was identified in GitHub
Enterp ...)
+ TODO: check
+CVE-2026-6411 (This vulnerability, in the MAXHUB Pivot client application
versions p ...)
+ TODO: check
+CVE-2026-4935 (The OttoKit: All-in-One Automation Platform WordPress plugin
before 1. ...)
+ TODO: check
+CVE-2026-44916 (In OpenStack Ironic through 35.x, instance_info['ks_template']
is rend ...)
+ TODO: check
+CVE-2026-44365
+ REJECTED
+CVE-2026-44298 (Kimai is an open-source time tracking application. From
version 2.32.0 ...)
+ TODO: check
+CVE-2026-43944 (electerm is an open-sourced
terminal/ssh/sftp/telnet/serialport/RDP/VN ...)
+ TODO: check
+CVE-2026-43943 (electerm is an open-sourced
terminal/ssh/sftp/telnet/serialport/RDP/VN ...)
+ TODO: check
+CVE-2026-43942 (electerm is an open-sourced
terminal/ssh/sftp/telnet/serialport/RDP/VN ...)
+ TODO: check
+CVE-2026-43941 (electerm is an open-sourced
terminal/ssh/sftp/telnet/serialport/RDP/VN ...)
+ TODO: check
+CVE-2026-43940 (electerm is an open-sourced
terminal/ssh/sftp/telnet/serialport/RDP/VN ...)
+ TODO: check
+CVE-2026-43510 (manage.get.gov is the .gov TLD registrar maintained by CISA.
manage.ge ...)
+ TODO: check
+CVE-2026-42880 (Argo CD is a declarative, GitOps continuous delivery tool for
Kubernet ...)
+ TODO: check
+CVE-2026-42826 (Exposure of sensitive information to an unauthorized actor in
Azure De ...)
+ TODO: check
+CVE-2026-42501 (A malicious module proxy can exploit a flaw in the go
command's valida ...)
+ TODO: check
+CVE-2026-42499 (Pathological inputs could cause DoS through consumePhrase when
parsing ...)
+ TODO: check
+CVE-2026-42449 (n8n-MCP is an MCP server that provides AI assistants access to
n8n nod ...)
+ TODO: check
+CVE-2026-42279 (solidtime is an open-source time-tracking app. In version
0.12.0, the ...)
+ TODO: check
+CVE-2026-42278 (UltraDAG is a minimal DAG-BFT blockchain in Rust. Prior to
commit fb6e ...)
+ TODO: check
+CVE-2026-42277 (Onyx is an open-source AI platform. Prior to versions 3.0.9,
3.1.6, an ...)
+ TODO: check
+CVE-2026-42276 (Onyx is an open-source AI platform. Prior to versions 3.0.9,
3.1.6, an ...)
+ TODO: check
+CVE-2026-42275 (zrok is software for sharing web services, files, and network
resource ...)
+ TODO: check
+CVE-2026-42274 (Heimdall is a cloud native Identity Aware Proxy and Access
Control Dec ...)
+ TODO: check
+CVE-2026-42273 (Heimdall is a cloud native Identity Aware Proxy and Access
Control Dec ...)
+ TODO: check
+CVE-2026-42272 (Heimdall is a cloud native Identity Aware Proxy and Access
Control Dec ...)
+ TODO: check
+CVE-2026-42271 (LiteLLM is a proxy server (AI Gateway) to call LLM APIs in
OpenAI (or ...)
+ TODO: check
+CVE-2026-42267 (Kimai is an open-source time tracking application. From
version 2.27.0 ...)
+ TODO: check
+CVE-2026-42264 (Axios is a promise based HTTP client for the browser and
Node.js. From ...)
+ TODO: check
+CVE-2026-42261 (PromptHub is an all-in-one AI toolbox for prompt, skill, and
agent man ...)
+ TODO: check
+CVE-2026-42259 (Saltcorn is an extensible, open source, no-code database
application b ...)
+ TODO: check
+CVE-2026-42241 (ParquetSharp is a .NET library for reading and writing Apache
Parquet ...)
+ TODO: check
+CVE-2026-42239 (Budibase is an open-source low-code platform. Prior to version
3.35.10 ...)
+ TODO: check
+CVE-2026-42225 (PJSIP is a free and open source multimedia communication
library writt ...)
+ TODO: check
+CVE-2026-42203 (LiteLLM is a proxy server (AI Gateway) to call LLM APIs in
OpenAI (or ...)
+ TODO: check
+CVE-2026-42150 (wlc is a Weblate command-line client using Weblate's REST API.
Prior t ...)
+ TODO: check
+CVE-2026-42047 (Inngest is a platform for running event-driven and scheduled
backgroun ...)
+ TODO: check
+CVE-2026-41929 (Vvveb before 1.0.8.2 contains an unauthenticated reflected
cross-site ...)
+ TODO: check
+CVE-2026-41928 (Vvveb before 1.0.8.2 contains an information disclosure
vulnerability ...)
+ TODO: check
+CVE-2026-41900 (OpenLearnX is an open-source, decentralized learning and
assessment pl ...)
+ TODO: check
+CVE-2026-41692 (i18nextify is a JavaScript library that adds website
internationalizat ...)
+ TODO: check
+CVE-2026-41691 (Copilot said: i18nextify is a JavaScript library that adds
i18nextify ...)
+ TODO: check
+CVE-2026-41646 (Nuclei is a vulnerability scanner built on a simple YAML-based
DSL. Fr ...)
+ TODO: check
+CVE-2026-41645 (Nuclei is a vulnerability scanner built on a simple YAML-based
DSL. Fr ...)
+ TODO: check
+CVE-2026-41501 (electerm is an open-sourced
terminal/ssh/sftp/telnet/serialport/RDP/VN ...)
+ TODO: check
+CVE-2026-41500 (electerm is an open-sourced
terminal/ssh/sftp/telnet/serialport/RDP/VN ...)
+ TODO: check
+CVE-2026-41498 (Kimai is an open-source time tracking application. Prior to
version 2. ...)
+ TODO: check
+CVE-2026-41105 (Server-side request forgery (ssrf) in Azure Notification
Service allow ...)
+ TODO: check
+CVE-2026-40214 (In OpenStack Cyborg before 16.0.1, the Accelerator Request
(ARQ) API d ...)
+ TODO: check
+CVE-2026-40213 (OpenStack Cyborg before 16.0.1 uses rule:allow (check_str='@')
as the ...)
+ TODO: check
+CVE-2026-3508 (An Out-of-bounds Read vulnerability in the IOCTL handler in
ASUS Syste ...)
+ TODO: check
+CVE-2026-39836 (The Dial and LookupPort functions panic on Windows when
provided with ...)
+ TODO: check
+CVE-2026-39826 (If a trusted template author were to write a <script> tag
containing a ...)
+ TODO: check
+CVE-2026-39825 (ReverseProxy can forward queries containing parameters not
visible to ...)
+ TODO: check
+CVE-2026-39823 (CVE-2026-27142 fixed a vulnerability in which URLs were not
correctly ...)
+ TODO: check
+CVE-2026-39820 (Well-crafted inputs reaching ParseAddress, ParseAddressList,
and Parse ...)
+ TODO: check
+CVE-2026-39819 (The "go bug" command writes to two files with predictable
names in the ...)
+ TODO: check
+CVE-2026-39817 (The "go tool pack" subcommand (usually used only by the
compiler as an ...)
+ TODO: check
+CVE-2026-35435 (Improper access control in Azure AI Foundry M365 published
agents allo ...)
+ TODO: check
+CVE-2026-35428 (Improper neutralization of special elements used in a command
('comman ...)
+ TODO: check
+CVE-2026-34327 (Externally controlled reference to a resource in another
sphere in Mic ...)
+ TODO: check
+CVE-2026-33844 (Improper input validation in Azure Managed Instance for Apache
Cassand ...)
+ TODO: check
+CVE-2026-33823 (Improper authorization in Microsoft Teams allows an authorized
attacke ...)
+ TODO: check
+CVE-2026-33814 (When processing HTTP/2 SETTINGS frames, transport will enter
an infini ...)
+ TODO: check
+CVE-2026-33811 (When using LookupCNAME with the cgo DNS resolver, a very long
CNAME re ...)
+ TODO: check
+CVE-2026-33111 (Improper neutralization of special elements used in a command
('comman ...)
+ TODO: check
+CVE-2026-33109 (Improper access control in Azure Managed Instance for Apache
Cassandra ...)
+ TODO: check
+CVE-2026-32207 (Improper neutralization of input during web page generation
('cross-si ...)
+ TODO: check
+CVE-2026-2710
+ REJECTED
+CVE-2026-26164 (Improper neutralization of special elements in output used by
a downst ...)
+ TODO: check
+CVE-2026-26129 (Improper neutralization of special elements in M365 Copilot
allows an ...)
+ TODO: check
+CVE-2025-69691 (Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC
API via p ...)
+ TODO: check
+CVE-2025-69690 (Netgate pfSense CE 2.7.2 allows code execution by using the
module ins ...)
+ TODO: check
+CVE-2025-69599 (RayVentory Scan Engine through 12.6 Update 8 allows attackers
to gain ...)
+ TODO: check
+CVE-2025-67888 (An issue was discovered in Control Web Panel (CWP) before
0.9.8.1209. ...)
+ TODO: check
+CVE-2025-67887 (1C-Bitrix through 25.100.500 allows Remote Code Execution
because an a ...)
+ TODO: check
+CVE-2025-67886 (Bitrix24 through 25.100.300 allows Remote Code Execution
because an ac ...)
+ TODO: check
+CVE-2025-55449 (AstrBotDevs AstrBot 3.5.15 has
Advanced_System_for_Text_Response_and_B ...)
+ TODO: check
+CVE-2024-53326 (LINQPad before 5.52.01 Pro edition is vulnerable to Unsafe
Deserializa ...)
+ TODO: check
+CVE-2024-51092 (LibreNMS before 24.10.0 allows a remote attacker to execute
arbitrary ...)
+ TODO: check
+CVE-2024-46508 (yeti-platform yeti before 2.1.12 allows attackers to generate
valid JW ...)
+ TODO: check
+CVE-2024-46507 (A SSTI (server side template injection) vulnerability in the
custom te ...)
+ TODO: check
+CVE-2024-45257 (A Command Injection issue in the payload build page in BYOB
(Build You ...)
+ TODO: check
+CVE-2024-33724 (SOPlanning 1.52.00 is vulnerable to Cross Site Scripting (XSS)
via the ...)
+ TODO: check
+CVE-2024-33722 (SOPlanning 1.52.00 is vulnerable to SQL Injection by an
authenticated ...)
+ TODO: check
+CVE-2024-33288 (Prison Management System Using PHP v1.0 was discovered to
contain a SQ ...)
+ TODO: check
+CVE-2024-30167 (/cgi-bin/time.cgi in Atlona AT-OME-MS42 Matrix Switcher 1.1.2
allow re ...)
+ TODO: check
+CVE-2024-27686 (Mikrotik RouterOS (x86) 6.40.5 through 6.49.10 (fixed in 7)
allows a r ...)
+ TODO: check
+CVE-2023-47268 (In libslic3r/GCode/PostProcessor.cpp in Prusa PrusaSlicer
through 2.6. ...)
+ TODO: check
+CVE-2023-46453 (Certain GL.iNet devices with 4.x firmware allow authentication
bypass ...)
+ TODO: check
+CVE-2023-42346 (Alkacon OpenCms before 16 allows XXE when the <!DOCTYPE>
refers to an ...)
+ TODO: check
+CVE-2023-42345 (A Cross Site Scripting vulnerability in Alkacon OpenCms before
16 exis ...)
+ TODO: check
+CVE-2023-42344 (Alkacon OpenCms before 10.5.1 allows remote unauthenticated
attackers ...)
+ TODO: check
+CVE-2023-42343 (A Cross Site Scripting vulnerability in Alkacon OpenCms before
10.5.1 ...)
+ TODO: check
CVE-2026-8094 (Other issue in the WebRTC component. This vulnerability was
fixed in F ...)
- firefox-esr 140.10.2esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-41/#CVE-2026-8094
@@ -10,7 +270,7 @@ CVE-2026-8092 (Memory safety bugs present in Firefox ESR
115.35.1, Firefox ESR 1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-40/#CVE-2026-8092
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-41/#CVE-2026-8092
CVE-2026-8091 (Incorrect boundary conditions in the Audio/Video: Playback
component. ...)
- {DSA-6242-1 DSA-6236-1 DLA-4562-1 DLA-4555-1}
+ {DSA-6242-1 DSA-6236-1}
- firefox 150.0-1
- firefox-esr 140.10.1esr-1
- thunderbird 1:140.10.1esr-1
@@ -4935,7 +5195,7 @@ CVE-2026-39402 (lxc is a Linux container runtime. In the
setuid helper lxc-user-
CVE-2026-31692 (In the Linux kernel, the following vulnerability has been
resolved: r ...)
- linux 6.19.14-1
NOTE:
https://git.kernel.org/linus/7b735ef81286007794a227ce2539419479c02a5f (7.0)
-CVE-2026-42208
+CVE-2026-42208 (LiteLLM is a proxy server (AI Gateway) to call LLM APIs in
OpenAI (or ...)
NOT-FOR-US: LiteLLM
CVE-2026-7470 (A flaw has been found in Tenda 4G300
US_4G300V1.0Mt_V1.01.42_CN_TDC01. ...)
NOT-FOR-US: Tenda
@@ -359941,8 +360201,8 @@ CVE-2022-45901
RESERVED
CVE-2022-45900
RESERVED
-CVE-2022-45899
- RESERVED
+CVE-2022-45899 (Nokia Broadcast Message Center (BMC) before 13.1 allows an
unauthentic ...)
+ TODO: check
CVE-2022-45898
RESERVED
CVE-2022-4144 (An out-of-bounds read flaw was found in the QXL display device
emulati ...)
@@ -417789,10 +418049,10 @@ CVE-2022-26525
RESERVED
CVE-2022-26524
RESERVED
-CVE-2022-26523
- RESERVED
-CVE-2022-26522
- RESERVED
+CVE-2022-26523 (The socket connection handler in aswArPot.sys in the Avast and
AVG Win ...)
+ TODO: check
+CVE-2022-26522 (The socket connection handler in aswArPot.sys in the Avast and
AVG Win ...)
+ TODO: check
CVE-2022-26521 (Abantecart through 1.3.2 allows remote authenticated
administrators to ...)
NOT-FOR-US: Abantecart
CVE-2022-0872
@@ -425953,8 +426213,8 @@ CVE-2022-23963
RESERVED
CVE-2022-23962
RESERVED
-CVE-2022-23961
- RESERVED
+CVE-2022-23961 (In Thruk Monitoring through 2.46.3, the login field of the
login form ...)
+ TODO: check
CVE-2022-23960 (Certain Arm Cortex and Neoverse processors through 2022-03-08
do not p ...)
{DSA-5173-1 DLA-3065-1}
- linux 5.16.14-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec7c6815e0a226a8f2ce27e12d27bf75439ed649
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec7c6815e0a226a8f2ce27e12d27bf75439ed649
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
