Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d3c74b37 by security tracker role at 2026-05-22T07:12:46+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,168 @@
-CVE-2026-5091
+CVE-2026-9264 (A cross-site scripting (XSS) vulnerability in SketchUp 2026's
Dynamic ...)
+ TODO: check
+CVE-2026-9104 (The Draft List plugin for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2026-9054 (An attacker sending tcp, il, rudp, rudp, or gre packets with a
length ...)
+ TODO: check
+CVE-2026-9053 (Mothra would respect a default value given by a website for
HTML file ...)
+ TODO: check
+CVE-2026-9018 (The Easy Elements for Elementor \u2013 Addons & Website
Templates plug ...)
+ TODO: check
+CVE-2026-8435 (Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request
Forger ...)
+ TODO: check
+CVE-2026-8434 (Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request
Forger ...)
+ TODO: check
+CVE-2026-8433 (Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request
Forger ...)
+ TODO: check
+CVE-2026-8432 (Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request
Forger ...)
+ TODO: check
+CVE-2026-8428 (Concrete CMS 9.5.0 and below emits a CSRF token in the
local_available ...)
+ TODO: check
+CVE-2026-8427 (Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request
Forger ...)
+ TODO: check
+CVE-2026-8426 (Concrete CMS 9.5.0 and below does not validate a CSRF token
before pro ...)
+ TODO: check
+CVE-2026-8421 (Concrete CMS 9.5.0 and below contains a CSRF vulnerability in
the inst ...)
+ TODO: check
+CVE-2026-8417 (Concrete CMS 9.5.0 and below does not validate a CSRF token
before pro ...)
+ TODO: check
+CVE-2026-8416 (Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request
Forger ...)
+ TODO: check
+CVE-2026-8415 (Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request
Forger ...)
+ TODO: check
+CVE-2026-8414 (Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request
Forger ...)
+ TODO: check
+CVE-2026-8413 (Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request
Forger ...)
+ TODO: check
+CVE-2026-8412 (Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request
Forger ...)
+ TODO: check
+CVE-2026-8411 (Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request
Forger ...)
+ TODO: check
+CVE-2026-8410 (Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request
Forger ...)
+ TODO: check
+CVE-2026-8409 (Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request
Forger ...)
+ TODO: check
+CVE-2026-8352
+ REJECTED
+CVE-2026-8350 (Concrete CMS 9.5.0 and below is vulnerable to missing
authorization in ...)
+ TODO: check
+CVE-2026-8337 (Concrete CMS 9.5.0 and below is vulnerable to IDOR in
surveys.To be vu ...)
+ TODO: check
+CVE-2026-8327 (Concrete CMS below 9.5.0 and below is vulnerable to password
change wi ...)
+ TODO: check
+CVE-2026-8245 (Concrete CMS 9.5.0 and below is vulnerable to Reflected XSS in
Legacy ...)
+ TODO: check
+CVE-2026-8240 (Concrete CMS 9.5.0 and below isvulnerable to unauthenticated
page meta ...)
+ TODO: check
+CVE-2026-8239 (Concrete CMS 9.5.0 and below is vulnerable to
IDOR.The'/ccm/frontend/c ...)
+ TODO: check
+CVE-2026-8238 (Concrete CMS 9.5.0 and below is vulnerable to
IDOR.The'/ccm/frontend/c ...)
+ TODO: check
+CVE-2026-8237 (Concrete CMS 9.5.0 and below is vulnerable to IDOR.The
`/ccm/frontend/ ...)
+ TODO: check
+CVE-2026-8236 (Concrete CMS 9.5.0 and below is vulnerable to IDOR combined
with a mis ...)
+ TODO: check
+CVE-2026-8205 (Concrete CMS 9.5.0 and below is vulnerable to authorization
bypass in ...)
+ TODO: check
+CVE-2026-8204 (Concrete CMS 9.5.0 and below is vulnerable to authorization
Bypass in ...)
+ TODO: check
+CVE-2026-8203 (Concrete CMS 9.5.0 and below has Stored XSS on the height
parameter.Th ...)
+ TODO: check
+CVE-2026-8197 (Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via
OAuth int ...)
+ TODO: check
+CVE-2026-8140 (Concrete CMS 9.5.0 and below does not validate a CSRF token
before pro ...)
+ TODO: check
+CVE-2026-8139 (Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via
external- ...)
+ TODO: check
+CVE-2026-8135 (Concrete CMS 9.5.0 and below is vulnerable to Remote Code
Execution d ...)
+ TODO: check
+CVE-2026-8134 (Concrete CMS 9.5.0 and below fails to sanitize path traversal
sequence ...)
+ TODO: check
+CVE-2026-7890 (In Concrete CMS 9.5.0 and below, the RSS Displayer block
accepts a fee ...)
+ TODO: check
+CVE-2026-7887 (For Concrete CMS 9.5.0 and below, OAuth 2.0 Authorization-Code
Handler ...)
+ TODO: check
+CVE-2026-7886 (Concrete CMS 9.5.0 and below is vulnerable toIDOR in
AddMessage/Update ...)
+ TODO: check
+CVE-2026-7882 (Concrete CMS 9.5.0 and below is vulnerable to unauthorized
file delet ...)
+ TODO: check
+CVE-2026-7881 (Concrete CMS 9.5.0 and below is subject toInsecure Direct
Object Refer ...)
+ TODO: check
+CVE-2026-7879 (In Concrete CMS 9.5.0 and below, the submit_password() method
in concr ...)
+ TODO: check
+CVE-2026-7509 (The KIA Subtitle plugin for WordPress is vulnerable to Stored
Cross-Si ...)
+ TODO: check
+CVE-2026-7249 (The Location Weather plugin for WordPress is vulnerable to
unauthorize ...)
+ TODO: check
+CVE-2026-6960 (The BookingPress Pro plugin for WordPress is vulnerable to
arbitrary f ...)
+ TODO: check
+CVE-2026-6864 (The CBX 5 Star Rating & Review plugin for WordPress is
vulnerable to R ...)
+ TODO: check
+CVE-2026-6826 (Concrete CMS 9.5.0 and below is vulnerable tounauthenticated
file usag ...)
+ TODO: check
+CVE-2026-5297
+ REJECTED
+CVE-2026-4929 (Simple Hierarchical Select (SHS) for Drupal 7 contains
cross-site scri ...)
+ TODO: check
+CVE-2026-4843 (The GSheet For Woo Importer plugin for WordPress is vulnerable
to unau ...)
+ TODO: check
+CVE-2026-4834 (The WP ERP Pro plugin for WordPress is vulnerable to SQL
Injection via ...)
+ TODO: check
+CVE-2026-4093 (In the Drupal 7 Term Reference Tree module, two stored XSS
vectors exi ...)
+ TODO: check
+CVE-2026-4070 (The Alfie \u2013 Feed Plugin plugin for WordPress is vulnerable
to Cro ...)
+ TODO: check
+CVE-2026-47114 (IINA before 1.4.3 contains a user-assisted command execution
vulnerabi ...)
+ TODO: check
+CVE-2026-47102 (LiteLLM prior to 1.83.10 allows a user to modify their own
user_role v ...)
+ TODO: check
+CVE-2026-47101 (LiteLLM prior to 1.83.14 allows an authenticated internal_user
to crea ...)
+ TODO: check
+CVE-2026-46598 (For certain crafted inputs, a 'ed25519.PrivateKey' was created
by cast ...)
+ TODO: check
+CVE-2026-46597 (An incorrectly placed cast from bytes to int allowed for
server-side p ...)
+ TODO: check
+CVE-2026-46595 (Previously, CVE-2024-45337 fixed an authorization bypass for
misused s ...)
+ TODO: check
+CVE-2026-44409 (There is an an information disclosure vulnerability in ZTE
MU5250. Due ...)
+ TODO: check
+CVE-2026-42508 (Previously, a revoked 'SignatureKey' belonging to a CA was not
correct ...)
+ TODO: check
+CVE-2026-3481 (The WP Blockade plugin for WordPress is vulnerable to Reflected
Cross- ...)
+ TODO: check
+CVE-2026-39835 (SSH servers which use CertChecker as a public key callback
without set ...)
+ TODO: check
+CVE-2026-39834 (When writing data larger than 4GB in a single Write call on an
SSH cha ...)
+ TODO: check
+CVE-2026-39833 (The in-memory keyring returned by NewKeyring() silently
accepted keys ...)
+ TODO: check
+CVE-2026-39832 (When adding a key to a remote agent constraint extensions such
as rest ...)
+ TODO: check
+CVE-2026-39831 (The Verify() method for FIDO/U2F security key types
(sk-ecdsa-sha2-nis ...)
+ TODO: check
+CVE-2026-39830 (A malicious SSH peer could send unsolicited global request
responses t ...)
+ TODO: check
+CVE-2026-39829 (The RSA and DSA public key parsers did not enforce size limits
on key ...)
+ TODO: check
+CVE-2026-39828 (When an SSH server authentication callback returned
PartialSuccessErro ...)
+ TODO: check
+CVE-2026-39827 (An authenticated SSH client that repeatedly opened channels
which were ...)
+ TODO: check
+CVE-2026-34911 (A malicious actor with access to the network and low
privileges could ...)
+ TODO: check
+CVE-2026-34910 (A malicious actor with access to the network could exploit an
Improper ...)
+ TODO: check
+CVE-2026-34909 (A malicious actor with access to the network could exploit a
Path Trav ...)
+ TODO: check
+CVE-2026-34908 (A malicious actor with access to the network could exploit an
Improper ...)
+ TODO: check
+CVE-2026-33000 (A malicious actor with access to the network and high
privileges could ...)
+ TODO: check
+CVE-2026-2518 (The FastX theme for WordPress is vulnerable to unauthorized
limited pl ...)
+ TODO: check
+CVE-2026-22678 (Webmin before 2.641 contains a stored cross-site scripting
vulnerabili ...)
+ TODO: check
+CVE-2026-5091 (Catalyst::Plugin::Authentication versions through 0.10024 for
Perl is ...)
- libcatalyst-plugin-authentication-perl <unfixed>
NOTE: https://lists.security.metacpan.org/cve-announce/msg/40281889/
NOTE:
https://github.com/perl-catalyst/Catalyst-Plugin-Authentication/commit/b0515f492257438cf07082acf1e10d06e8088a5e
(v0.10_025)
@@ -17603,10 +17767,12 @@ CVE-2025-36074 (IBM Security Verify Directory
(Container) 10.0.0 through 10.0.0.
CVE-2025-10549 (EfficientLab Controlio before v1.3.95 contains a DLL hijacking
vulnera ...)
NOT-FOR-US: EfficientLab Controlio
CVE-2026-40215
+ {DSA-6289-1}
- openvpn 2.7.2-1
NOTE:
https://community.openvpn.net/Security%20Announcements/CVE-2026-40215
NOTE: Fixed by:
https://github.com/OpenVPN/openvpn/commit/4a2c827c2536aa03a1d6c7cc916689a46c067187
(v2.7.2)
CVE-2026-35058
+ {DSA-6289-1}
- openvpn 2.7.2-1
NOTE:
https://community.openvpn.net/Security%20Announcements/CVE-2026-35058
NOTE: Fixed by:
https://github.com/OpenVPN/openvpn/commit/607e2fcb9cbcff785abfa372c7a59029767b5ed9
(v2.7.2)
@@ -19834,7 +20000,7 @@ CVE-2026-6773 (Denial-of-service due to integer
overflow in the Graphics: WebGPU
- firefox 150.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6773
CVE-2026-6772 (Incorrect boundary conditions in the Libraries component in
NSS. This ...)
- {DSA-6229-1 DSA-6225-1 DLA-4549-1 DLA-4546-1}
+ {DSA-6290-1 DSA-6229-1 DSA-6225-1 DLA-4549-1 DLA-4546-1}
- firefox 150.0-1
- firefox-esr 140.10.0esr-1
- thunderbird 1:140.10.0esr-1
@@ -19871,7 +20037,7 @@ CVE-2026-6768 (Mitigation bypass in the Networking:
Cookies component. This vuln
- firefox 150.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6768
CVE-2026-6767 (Other issue in the Libraries component in NSS. This
vulnerability was ...)
- {DSA-6229-1 DSA-6225-1 DLA-4549-1 DLA-4546-1}
+ {DSA-6290-1 DSA-6229-1 DSA-6225-1 DLA-4549-1 DLA-4546-1}
- firefox 150.0-1
- firefox-esr 140.10.0esr-1
- thunderbird 1:140.10.0esr-1
@@ -19881,7 +20047,7 @@ CVE-2026-6767 (Other issue in the Libraries component
in NSS. This vulnerability
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-34/#CVE-2026-6767
NOTE: https://hg.mozilla.org/projects/nss/rev/4e693e8b5c0d
CVE-2026-6766 (Incorrect boundary conditions in the Libraries component in
NSS. This ...)
- {DSA-6229-1 DSA-6225-1 DLA-4549-1 DLA-4546-1}
+ {DSA-6290-1 DSA-6229-1 DSA-6225-1 DLA-4549-1 DLA-4546-1}
- firefox 150.0-1
- firefox-esr 140.10.0esr-1
- thunderbird 1:140.10.0esr-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3c74b37e031a27cad2bac6a3b621ea6bed18157
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3c74b37e031a27cad2bac6a3b621ea6bed18157
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
