Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2bd0ce35 by security tracker role at 2026-05-26T19:12:47+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,12 +1,350 @@
-CVE-2026-45836 [Bluetooth: L2CAP: Fix null-ptr-deref in
l2cap_sock_get_sndtimeo_cb()]
+CVE-2026-9572 (A security vulnerability has been detected in GPAC up to 2.4.0.
Affect ...)
+ TODO: check
+CVE-2026-9568 (A weakness has been identified in ThingsBoard up to 4.3.1.1.
Affected ...)
+ TODO: check
+CVE-2026-9567 (A security flaw has been discovered in GPAC up to 2.4.0.
Affected is t ...)
+ TODO: check
+CVE-2026-9566 (A vulnerability was identified in teableio teable up to 1.9.x.
This im ...)
+ TODO: check
+CVE-2026-9565 (A vulnerability was determined in haojing8312 WorkClaw up to
0.6.4. Th ...)
+ TODO: check
+CVE-2026-9564 (A vulnerability was found in SourceCodester/oretnom23 Hospitals
Patien ...)
+ TODO: check
+CVE-2026-9562 (A vulnerability has been found in sambitraj
STUDENT-MANAGEMENT-SYSTEM ...)
+ TODO: check
+CVE-2026-9560 (Privilege escalation via background service of OpenVPN Connect
3.5.1 t ...)
+ TODO: check
+CVE-2026-9552 (A security flaw has been discovered in Das Parking Management
System \ ...)
+ TODO: check
+CVE-2026-9551 (A vulnerability was identified in Das Parking Management System
\u505c ...)
+ TODO: check
+CVE-2026-9550 (A vulnerability was determined in Acrel Electrical EEMS
Enterprise Pow ...)
+ TODO: check
+CVE-2026-9544 (A vulnerability was found in Shenzhen Sixun Software Sixun
Shanghui Gr ...)
+ TODO: check
+CVE-2026-9543 (A vulnerability has been found in Totolink N300RH
6.1c.1353_B20190305. ...)
+ TODO: check
+CVE-2026-9542 (A weakness has been identified in CodeAstro Leave Management
System 1. ...)
+ TODO: check
+CVE-2026-9541 (A security flaw has been discovered in Squirrel up to 3.2.
Impacted is ...)
+ TODO: check
+CVE-2026-9540 (A vulnerability was identified in vllm-project vllm 0.19.0.
This issue ...)
+ TODO: check
+CVE-2026-9170 (IBM Web Server Plug-ins for WebSphere Application Server and
WebSphere ...)
+ TODO: check
+CVE-2026-8890 (code100x contains an authentication bypass vulnerability in the
Mobile ...)
+ TODO: check
+CVE-2026-8856 (IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service
in con ...)
+ TODO: check
+CVE-2026-8855 (IBM HTTP Server 8.5, and 9.0 is vulnerable to remote code
execution an ...)
+ TODO: check
+CVE-2026-8854 (IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service
via th ...)
+ TODO: check
+CVE-2026-8852 (IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service
via th ...)
+ TODO: check
+CVE-2026-8850 (IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service
via th ...)
+ TODO: check
+CVE-2026-8835 (IBM HTTP Server 8.5, and 9.0 is vulnerable to invalid pointer
derefere ...)
+ TODO: check
+CVE-2026-8834 (IBM HTTP Server 8.5, and 9.0 contains a buffer overflow
vulnerability. ...)
+ TODO: check
+CVE-2026-8633 (IBM Web Server Plug-ins for WebSphere Application Server and
WebSphere ...)
+ TODO: check
+CVE-2026-8620 (IBM Web Server Plug-ins for WebSphere Application Server and
WebSphere ...)
+ TODO: check
+CVE-2026-8479 (IEC 60870-5-104 used in bidirectional mode in RTU500 is
vulnerable for ...)
+ TODO: check
+CVE-2026-8174 (Zohocorp Zoho Mail wordpress plugin is vulnerable toCross-Site
request ...)
+ TODO: check
+CVE-2026-8047 (The affected products perform improper length checking when
parsing in ...)
+ TODO: check
+CVE-2026-8046 (The affected products insufficiently verify authorization when
deletin ...)
+ TODO: check
+CVE-2026-7454 (A maliciously crafted WRL file, when parsed through Autodesk
3ds Max, ...)
+ TODO: check
+CVE-2026-7453 (A maliciously crafted WRL file, when parsed through Autodesk
3ds Max, ...)
+ TODO: check
+CVE-2026-7452 (A maliciously crafted WRL file, when parsed through Autodesk
3ds Max, ...)
+ TODO: check
+CVE-2026-7451 (A maliciously crafted TIF file, when parsed through Autodesk
3ds Max, ...)
+ TODO: check
+CVE-2026-7450 (A maliciously crafted PAR file, when parsed through Autodesk
3ds Max, ...)
+ TODO: check
+CVE-2026-7374 (A flaw was found in KubeVirt's virt-handler component. This
vulnerabil ...)
+ TODO: check
+CVE-2026-7310 (A heap-based buffer overflow vulnerability exists in XML parser
functi ...)
+ TODO: check
+CVE-2026-7251 (Eppendorf BioFlo 320is vulnerable to due to VNC server using a
hard-co ...)
+ TODO: check
+CVE-2026-4051 (IBM Engineering Lifecycle Management 7.0.3 ( through ) Interim
Fix 021 ...)
+ TODO: check
+CVE-2026-48905 (Lack of input filtering leads to an XSS vector in the HTML
filter code ...)
+ TODO: check
+CVE-2026-48904 (An improper access check allows privelege escalation through
the com_u ...)
+ TODO: check
+CVE-2026-48903 (Inadequate content filtering within the checkAttribute methods
leads t ...)
+ TODO: check
+CVE-2026-48902 (The password and username reset features created plain http
links for ...)
+ TODO: check
+CVE-2026-48901 (The InputFilter::getInstance() method omitted a security
sensitive par ...)
+ TODO: check
+CVE-2026-48900 (An improper access check allowed low privileged users to edit
the task ...)
+ TODO: check
+CVE-2026-48899 (An improper access check allows privilege escalation through
the com_u ...)
+ TODO: check
+CVE-2026-48898 (An improper access check allows privilege escalation through
the com_u ...)
+ TODO: check
+CVE-2026-48897 (Insufficient state checks lead to a vector that allows to
bypass 2FA c ...)
+ TODO: check
+CVE-2026-48896 (Insufficient state checks lead to a vector that allows to
bypass 2FA c ...)
+ TODO: check
+CVE-2026-48864 (A flaw was found in libsolv. This heap buffer overflow occurs
during t ...)
+ TODO: check
+CVE-2026-48697 (FastNetMon Community Edition through 1.2.9 does not verify TLS
certifi ...)
+ TODO: check
+CVE-2026-48696 (FastNetMon Community Edition through 1.2.9 has a buffer
overflow, a di ...)
+ TODO: check
+CVE-2026-48695 (FastNetMon Community Edition through 1.2.9 contains an OS
command inje ...)
+ TODO: check
+CVE-2026-48694 (FastNetMon Community Edition through 1.2.9 contains a
configuration in ...)
+ TODO: check
+CVE-2026-48693 (FastNetMon Community Edition through 1.2.9 is vulnerable to a
local sy ...)
+ TODO: check
+CVE-2026-48692 (FastNetMon Community Edition through 1.2.9 exposes a gRPC API
server o ...)
+ TODO: check
+CVE-2026-48691 (FastNetMon Community Edition through 1.2.9 contains an integer
overflo ...)
+ TODO: check
+CVE-2026-48690 (FastNetMon Community Edition through 1.2.9 contains an integer
overflo ...)
+ TODO: check
+CVE-2026-48689 (FastNetMon Community Edition through 1.2.9 contains an
off-by-one heap ...)
+ TODO: check
+CVE-2026-48688 (FastNetMon Community Edition through 1.2.9 contains multiple
out-of-bo ...)
+ TODO: check
+CVE-2026-48687 (FastNetMon Community Edition through 1.2.9 contains an OS
command inje ...)
+ TODO: check
+CVE-2026-48686 (FastNetMon Community Edition through 1.2.9 contains a
stack-based buff ...)
+ TODO: check
+CVE-2026-48685 (FastNetMon Community Edition through 1.2.9 has out-of-bounds
memory ac ...)
+ TODO: check
+CVE-2026-48684 (FastNetMon Community Edition through 1.2.9 contains an
out-of-bounds r ...)
+ TODO: check
+CVE-2026-48683 (FastNetMon Community Edition through 1.2.9 contains an
out-of-bounds r ...)
+ TODO: check
+CVE-2026-48136 (When Compliance is enabled on Check Point Multi-Domain
Management, an ...)
+ TODO: check
+CVE-2026-48135 (A Check Point HTTP-based service can incorrectly handle
malformed HTTP ...)
+ TODO: check
+CVE-2026-48134 (When the DLP is active, the UserCheck Web Portal contains an
input-han ...)
+ TODO: check
+CVE-2026-48133 (When the Identity Awareness blade is enabled with
Browser-Based Authen ...)
+ TODO: check
+CVE-2026-48132 (The Security Gateway does not correctly validate a length
value in cer ...)
+ TODO: check
+CVE-2026-48131 (The VPN service may mishandle an unexpected IKE fragment value
receive ...)
+ TODO: check
+CVE-2026-48126 (Algernon is a small self-contained pure-Go web server. Prior
to 1.17.8 ...)
+ TODO: check
+CVE-2026-48091
+ REJECTED
+CVE-2026-47728 (Bugsink is a self-hosted error tracking tool. Prior to 2.2.0,
Bugsink ...)
+ TODO: check
+CVE-2026-47716 (Bugsink is a self-hosted error tracking tool. Prior to 2.2.0,
In affec ...)
+ TODO: check
+CVE-2026-47715 (Bugsink is a self-hosted error tracking tool. Prior to 2.2.0,
Bugsink ...)
+ TODO: check
+CVE-2026-47202 (Kavita is a cross platform reading server. Prior to 0.9.0.2,
an Improp ...)
+ TODO: check
+CVE-2026-46624 (Twenty is an open source CRM. From 1.7.7 through 1.16.7, a
critical Re ...)
+ TODO: check
+CVE-2026-46620 (e107 is a content management system (CMS). Prior to 2.3.5,
e107 CMS do ...)
+ TODO: check
+CVE-2026-46431 (Algernon is a small self-contained pure-Go web server. Prior
to 1.17.7 ...)
+ TODO: check
+CVE-2026-46430 (Algernon is a small self-contained pure-Go web server. Prior
to 1.17.7 ...)
+ TODO: check
+CVE-2026-46368 (luci-app-https-dns-proxy through 2025.12.29-5 \u2014 an
optional LuCI ...)
+ TODO: check
+CVE-2026-45728 (Algernon is a small self-contained pure-Go web server. Prior
to 1.17.7 ...)
+ TODO: check
+CVE-2026-45721 (Algernon is a small self-contained pure-Go web server. Prior
to 1.17.7 ...)
+ TODO: check
+CVE-2026-45247 (Mirasvit Full Page Cache Warmer for Magento 2 before version
1.11.12 c ...)
+ TODO: check
+CVE-2026-45082 (Karakeep is a elf-hostable bookmark-everything app. A
Server-Side Requ ...)
+ TODO: check
+CVE-2026-44776 (Kavita is a cross platform reading server. Prior to 0.9.0, the
downloa ...)
+ TODO: check
+CVE-2026-44775 (Kavita is a cross platform reading server. Prior to 0.9.0, the
ReaderC ...)
+ TODO: check
+CVE-2026-44749 (The SAP Gateway allows attackers to inject content into error
messages ...)
+ TODO: check
+CVE-2026-44730 (OpenCTI is an open source platform for managing cyber threat
intellige ...)
+ TODO: check
+CVE-2026-44729 (Twenty is an open source CRM. In 1.18.0 and earlier, the file
serving ...)
+ TODO: check
+CVE-2026-44728 (Babel is a compiler for writing next generation JavaScript.
From 7.12. ...)
+ TODO: check
+CVE-2026-44723 (Vowpal Wabbit is a machine learning system. The workflow
.github/workf ...)
+ TODO: check
+CVE-2026-44707 (Chatwoot is a customer engagement suite. From 2.14.0 to before
4.13.0, ...)
+ TODO: check
+CVE-2026-44706 (Chatwoot is a customer engagement suite. From 2.2.0 to before
4.11.2, ...)
+ TODO: check
+CVE-2026-44680 (MikroORM is a TypeScript ORM for Node.js based on Data Mapper,
Unit of ...)
+ TODO: check
+CVE-2026-44669 (FACTION is a PenTesting Report Generation and Collaboration
Framework. ...)
+ TODO: check
+CVE-2026-44668 (FACTION is a PenTesting Report Generation and Collaboration
Framework. ...)
+ TODO: check
+CVE-2026-44667 (FACTION is a PenTesting Report Generation and Collaboration
Framework. ...)
+ TODO: check
+CVE-2026-44502 (Bugsink is a self-hosted error tracking tool. Prior to 2.1.3,
Bugsink\ ...)
+ TODO: check
+CVE-2026-44469 (The affected product extracts installation files to a
temporary direct ...)
+ TODO: check
+CVE-2026-44468 (The affected product creates a directory with insecure default
permiss ...)
+ TODO: check
+CVE-2026-44410 (This vulnerability stems from a business logic flaw.Attackers
can expl ...)
+ TODO: check
+CVE-2026-44314 (Traccar is an open source GPS tracking system. Prior to
6.13.0, Device ...)
+ TODO: check
+CVE-2026-43982 (Algernon is a small self-contained pure-Go web server. Prior
to 1.17.6 ...)
+ TODO: check
+CVE-2026-43981 (Algernon is a small self-contained pure-Go web server. Prior
to 1.17.6 ...)
+ TODO: check
+CVE-2026-43936 (e107 is a content management system (CMS). Prior to 2.3.4, you
can acc ...)
+ TODO: check
+CVE-2026-43935 (e107 is a content management system (CMS). Prior to 2.3.4, a
Host Head ...)
+ TODO: check
+CVE-2026-43934 (e107 is a content management system (CMS). Prior to 2.3.4, a
Broken Ac ...)
+ TODO: check
+CVE-2026-43919
+ REJECTED
+CVE-2026-42785 (OpenKM 6.3.12 contains a remote code execution vulnerability
that allo ...)
+ TODO: check
+CVE-2026-42448 (Magic Wormhole makes it possible to get arbitrary-sized files
and dire ...)
+ TODO: check
+CVE-2026-42425 (OpenKM 6.3.12 contains an unrestricted SQL execution
vulnerability tha ...)
+ TODO: check
+CVE-2026-42347
+ REJECTED
+CVE-2026-41917 (OpenKM 6.3.12 contains a local file inclusion vulnerability in
the adm ...)
+ TODO: check
+CVE-2026-41401 (libyang before 5.2.6 contains a heap use-after-free write
vulnerabilit ...)
+ TODO: check
+CVE-2026-41164 (nuts-node is the reference implementation of the Nuts
specification. P ...)
+ TODO: check
+CVE-2026-40564 (Files or Directories Accessible to External Parties,
Server-Side Reque ...)
+ TODO: check
+CVE-2026-40384 (An improper validation of the search parameter of the
com_media files ...)
+ TODO: check
+CVE-2026-40383 (An improper validation of user-supplied input leads to a local
file in ...)
+ TODO: check
+CVE-2026-40034 (gix-submodule before 0.82.0 incorrectly validates the update
field in ...)
+ TODO: check
+CVE-2026-40033 (FreeRDP before 3.26.0 contains a heap-buffer-overflow
vulnerability in ...)
+ TODO: check
+CVE-2026-3660 (IBM Engineering Lifecycle Management 7.0.3 ( through ) Interim
Fix 021 ...)
+ TODO: check
+CVE-2026-3603 (IBM Engineering Lifecycle Management 7.0.3 Interim Fix 001
through Int ...)
+ TODO: check
+CVE-2026-39661 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2026-39655 (Missing Authorization vulnerability in TeconceTheme Mayosis
Core allow ...)
+ TODO: check
+CVE-2026-39642 (Improper Neutralization of Script-Related HTML Tags in a Web
Page (Bas ...)
+ TODO: check
+CVE-2026-38587 (An Insecure Direct Object Reference (IDOR) vulnerability was
discovere ...)
+ TODO: check
+CVE-2026-35223 (An improper access check allows unauthorized access to
com_config webs ...)
+ TODO: check
+CVE-2026-35222 (Improperly validated order clauses lead to a SQL injection
vulnerabili ...)
+ TODO: check
+CVE-2026-35221 (Improperly built filter clauses lead to a SQL injection
vulnerability ...)
+ TODO: check
+CVE-2026-35220 (Lack of CSRF token validation lead to a CSRF attack vector in
the admi ...)
+ TODO: check
+CVE-2026-30895 (Lack of output escaping leads to a XSS vector in the readmore
links fo ...)
+ TODO: check
+CVE-2026-30894 (Lack of output escaping leads to a XSS vector in the content
history c ...)
+ TODO: check
+CVE-2026-2264 (A vulnerability in the Google Cloud
ApigeeSetIntegrationRequestpolicy ...)
+ TODO: check
+CVE-2026-27427 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-25901 (Lack of output escaping leads to a XSS vector in the
multilingual asso ...)
+ TODO: check
+CVE-2026-25900 (Lack of output escaping leads to a XSS vector in the feed
modules.)
+ TODO: check
+CVE-2026-25713 (MediaArea MediaInfoLib ID3v2 parsing heap buffer overflow
vulnerabilit ...)
+ TODO: check
+CVE-2026-25112 (A high-severity vulnerability in the deployment of Genetec
RabbitMQ th ...)
+ TODO: check
+CVE-2026-25104 (MediaArea MediaInfoLib LXF parsing heap-based buffer overflow
vulnerab ...)
+ TODO: check
+CVE-2026-24638 (Missing Authorization vulnerability in Webful Creations
RepairBuddy al ...)
+ TODO: check
+CVE-2026-24590 (Missing Authorization vulnerability in VideoWhisper.Com Paid
Videochat ...)
+ TODO: check
+CVE-2026-24212 (NVIDIA Isaac Launchable for Linux contains a vulnerability
where sensi ...)
+ TODO: check
+CVE-2026-24201 (NVIDIA vGPU software contains a vulnerability in the virtual
GPU manag ...)
+ TODO: check
+CVE-2026-24200 (NVIDIA vGPU software contains a vulnerability in the virtual
GPU manag ...)
+ TODO: check
+CVE-2026-24199 (NVIDIA Display Driver for Linux contains a vulnerability in a
kernel m ...)
+ TODO: check
+CVE-2026-24198 (NVIDIA GPU Display Driver for Linux contains a vulnerability
where an ...)
+ TODO: check
+CVE-2026-24197 (NVIDIA Display Driver for Linux contains a vulnerability in
the Multi- ...)
+ TODO: check
+CVE-2026-24196 (NVIDIA Display Driver for Linux contains a vulnerability where
a user ...)
+ TODO: check
+CVE-2026-24195 (NVIDIA Display Driver for Linux contains a vulnerability in
UVM, where ...)
+ TODO: check
+CVE-2026-24194 (NVIDIA Display Driver for Linux contains a vulnerability in a
kernel m ...)
+ TODO: check
+CVE-2026-24193 (NVIDIA Display Driver for Windows and Linux contains a
vulnerability w ...)
+ TODO: check
+CVE-2026-24192 (NVIDIA Display Driver for Linux contains a vulnerability where
an atta ...)
+ TODO: check
+CVE-2026-24191 (NVIDIA Display Driver for Windows contains a vulnerability
where an at ...)
+ TODO: check
+CVE-2026-24190 (NVIDIA Display Driver for Windows and Linux contains a
vulnerability i ...)
+ TODO: check
+CVE-2026-24187 (NVIDIA Display Driver for Linux contains a vulnerability where
an atta ...)
+ TODO: check
+CVE-2026-24182 (NVIDIA Display Driver for Windows and Linux contains a
vulnerability w ...)
+ TODO: check
+CVE-2026-24162 (NVIDIA Transformers4Rec for Linux contains a vulnerability
where an at ...)
+ TODO: check
+CVE-2025-36221 (IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through
Interim Fix ...)
+ TODO: check
+CVE-2025-36220 (IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through
Interim Fix ...)
+ TODO: check
+CVE-2025-36148 (IBM Financial Transaction Manager for SWIFT Services for
Multiplatform ...)
+ TODO: check
+CVE-2025-36145 (IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not
properly res ...)
+ TODO: check
+CVE-2025-36126 (IBM Cognos Analytics 11.2.0, 12.0, and 12.1.0 and IBM Cognos
Transform ...)
+ TODO: check
+CVE-2025-33221 (NVIDIA Display Driver for Windows and Linux contains a
vulnerability i ...)
+ TODO: check
+CVE-2025-14290 (IBM webMethods Integration (on prem) -Integration Server 10.15
through ...)
+ TODO: check
+CVE-2025-13755 (IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for
Linux, UN ...)
+ TODO: check
+CVE-2025-11482 (An Allocation of Resources Without Limits or Throttling
vulnerability ...)
+ TODO: check
+CVE-2026-45836 (In the Linux kernel, the following vulnerability has been
resolved: B ...)
- linux 7.0.7-1
[trixie] - linux 6.12.90-1
NOTE:
https://git.kernel.org/linus/78a88d43dab8d23aeef934ed8ce34d40e6b3d613 (7.1-rc3)
-CVE-2026-45835 [Bluetooth: L2CAP: Fix null-ptr-deref in
l2cap_sock_new_connection_cb()]
+CVE-2026-45835 (In the Linux kernel, the following vulnerability has been
resolved: B ...)
- linux 7.0.7-1
[trixie] - linux 6.12.88-1
NOTE:
https://git.kernel.org/linus/0a120d96166301d7a95be75b52f843837dbd1219 (7.1-rc3)
-CVE-2026-45834 [Bluetooth: L2CAP: Fix null-ptr-deref in
l2cap_sock_state_change_cb()]
+CVE-2026-45834 (In the Linux kernel, the following vulnerability has been
resolved: B ...)
- linux 7.0.7-1
[trixie] - linux 6.12.88-1
NOTE:
https://git.kernel.org/linus/2ff1a41a912de8517b4482e946dd951b7d80edbf (7.1-rc3)
@@ -17,18 +355,23 @@ CVE-2026-1933 [Missing access check on reparse point
operations]
[bullseye] - samba <not-affected> (Vulnerable code introduced later)
NOTE: https://www.samba.org/samba/security/CVE-2026-1933.html
CVE-2026-2340 [vfs_worm does not block directory modification]
+ {DSA-6297-1}
- samba 2:4.24.3+dfsg-1
NOTE: https://www.samba.org/samba/security/CVE-2026-2340.html
CVE-2026-3012 [group policy certificate enrollment uses http:// without
validation]
+ {DSA-6297-1}
- samba 2:4.24.3+dfsg-1
NOTE: https://www.samba.org/samba/security/CVE-2026-3012.html
CVE-2026-3238 [unauthenticated udp packet crashes AD DC nbt server]
+ {DSA-6297-1}
- samba 2:4.24.3+dfsg-1
NOTE: https://www.samba.org/samba/security/CVE-2026-3238.html
-CVE-2026-4480 [Unauthenticated Remote Code Execution using print command]
+CVE-2026-4480 (A flaw was found in the Samba printing subsystem. Samba passes
the cli ...)
+ {DSA-6297-1}
- samba 2:4.24.3+dfsg-1
NOTE: https://www.samba.org/samba/security/CVE-2026-4480.html
CVE-2026-4408 [Remote Code Execution in SAMR when check password script
contains %u substitution placeholder]
+ {DSA-6297-1}
- samba 2:4.24.3+dfsg-1
NOTE: https://www.samba.org/samba/security/CVE-2026-4408.html
CVE-2026-9534 (A flaw has been found in Totolink CA750-PoE 6.2c.510. This
affects the ...)
@@ -668,7 +1011,7 @@ CVE-2026-9294 (A vulnerability was identified in Edimax
BR-6428NS 1.10. The impa
NOT-FOR-US: Edimax
CVE-2018-25358 (D-Link DIR601 2.02NA contains a credential disclosure
vulnerability th ...)
NOT-FOR-US: D-Link
-CVE-2018-25357 (Dolibarr ERP CRM 7.0.3 contains a remote code evaluation
vulnerability ...)
+CVE-2018-25357 (Dolibarr ERP CRM 7.0.3 contains a remote code execution
vulnerability ...)
- dolibarr <removed>
CVE-2018-25356 (SIPp 3.6 and earlier contains a local buffer overflow
vulnerability in ...)
NOT-FOR-US: SIPp
@@ -2263,9 +2606,11 @@ CVE-2026-4883 (The Piotnet Forms plugin for WordPress is
vulnerable to arbitrary
CVE-2026-4630 (A flaw was found in Keycloak. An authenticated client could
exploit an ...)
- keycloak <itp> (bug #1088287)
CVE-2026-47784 (In memcached before 1.6.42, password data for SASL password
database a ...)
+ {DLA-4601-1}
- memcached 1.6.42-1 (bug #1137214)
NOTE: Fixed by:
https://github.com/memcached/memcached/commit/d13f282b4bce33a9c33b8a1bbf07f12114160fed
(1.6.42)
CVE-2026-47783 (In memcached before 1.6.42, username data for SASL password
database a ...)
+ {DLA-4601-1}
- memcached 1.6.42-1 (bug #1137214)
NOTE: Fixed by:
https://github.com/memcached/memcached/commit/d13f282b4bce33a9c33b8a1bbf07f12114160fed
(1.6.42)
CVE-2026-47358 (Terrascan v1.18.3 and prior are vulnerable to Server-Side
Request Forg ...)
@@ -2599,7 +2944,7 @@ CVE-2026-46529
NOTE: Fixed by:
https://github.com/mate-desktop/atril/commit/b989b7922a454ed81f8bb14786a958828513f576
(1.28.4)
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/papers/-/commit/1b82bf627b4d8b414a57b55a9095e6d361799d6c
NOTE: No security impact in evince-gtk3 since affected code not built
in binary package.
-CVE-2026-8975 (Memory safety bugs present in Thunderbird 140.10 and
Thunderbird 150. ...)
+CVE-2026-8975 (Memory safety bugs present in Firefox ESR 115.35, Firefox ESR
140.10 a ...)
{DSA-6288-1 DSA-6283-1 DLA-4594-1 DLA-4592-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
@@ -2607,7 +2952,7 @@ CVE-2026-8975 (Memory safety bugs present in Thunderbird
140.10 and Thunderbird
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8975
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8975
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8975
-CVE-2026-8974 (Memory safety bugs present in Thunderbird 140.10 and
Thunderbird 150. ...)
+CVE-2026-8974 (Memory safety bugs present in Firefox ESR 140.10 and Firefox
150. Some ...)
{DSA-6288-1 DSA-6283-1 DLA-4594-1 DLA-4592-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
@@ -2615,7 +2960,7 @@ CVE-2026-8974 (Memory safety bugs present in Thunderbird
140.10 and Thunderbird
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8974
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8974
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8974
-CVE-2026-8973 (Memory safety bugs present in Thunderbird 150. Some of these
bugs show ...)
+CVE-2026-8973 (Memory safety bugs present in Firefox 150. Some of these bugs
showed e ...)
- firefox 151.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8973
CVE-2026-8972 (Privilege escalation in the WebRTC: Audio/Video component. This
vulner ...)
@@ -2977,11 +3322,11 @@ CVE-2026-45230 (DumbAssets through 1.0.11 contains a
path traversal vulnerabilit
NOT-FOR-US: DumbAssets
CVE-2026-42822 (Improper authentication in Azure Local Disconnected Operations
allows ...)
NOT-FOR-US: Microsoft
-CVE-2026-41949 (Dify version 1.14.1 and prior contain an authorization bypass
vulnerab ...)
+CVE-2026-41949 (Dify before version 1.14.2 contains an authorization bypass
vulnerabil ...)
NOT-FOR-US: Dify
CVE-2026-41948 (Dify version 1.14.1 and prior contain a path traversal
vulnerability t ...)
NOT-FOR-US: Dify
-CVE-2026-41947 (Dify version 1.14.1 and prior contains an authorization bypass
vulnera ...)
+CVE-2026-41947 (Dify before version 1.14.2 contains an authorization bypass
vulnerabil ...)
NOT-FOR-US: Dify
CVE-2026-41119 (Dell Live Optics Windows and Personal Edition collectors
contain an im ...)
NOT-FOR-US: Dell / EMC
@@ -3663,7 +4008,7 @@ CVE-2025-67437 (Medical Management System
a81df1ce700a9662cb136b27af47f4cbde6415
NOT-FOR-US: Medical Management System
CVE-2025-14972 (* Countermeasures for DPA within SYMCRYPTO engine on
SixG301xxx devic ...)
NOT-FOR-US: Silicon Labs
-CVE-2021-47968 (Podcast Generator 3.1 contains a persistent cross-site
scripting vulne ...)
+CVE-2021-47968 (Podcast Generator 3.1 is vulnerable to persistent cross-site
scripting ...)
NOT-FOR-US: Podcast Generator
CVE-2021-47967 (PHP Timeclock 1.04 contains multiple cross-site scripting
vulnerabilit ...)
NOT-FOR-US: PHP Timeclock
@@ -5349,7 +5694,7 @@ CVE-2026-25107 (ELECOM wireless LAN access point devices
use a hard-coded crypto
NOT-FOR-US: ELECOM
CVE-2026-24464 (When running in Appliance mode, a directory traversal
vulnerability ex ...)
NOT-FOR-US: F5
-CVE-2026-22677 (Hermes WebUI prior to 0.51.44 - Release T contains a path
traversal vu ...)
+CVE-2026-22677 (Hermes WebUI prior to 0.51.44 contains a path traversal
vulnerability ...)
NOT-FOR-US: Hermes WebUI
CVE-2026-21821 (The HCL BigFix SCM Reporting site contains an outdated and
unsupported ...)
NOT-FOR-US: HCL
@@ -7863,7 +8208,7 @@ CVE-2022-50962 (uBidAuction 2.0.1 contains a reflected
cross-site scripting vuln
NOT-FOR-US: uBidAuction
CVE-2022-50961 (WordPress Plugin IP2Location Country Blocker 2.26.7 contains a
stored ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-50960 (WordPress International Sms For Contact Form 7 Integration
version 1.2 ...)
+CVE-2022-50960 (WordPress International SMS for Contact Form 7 Integration
version 1.2 ...)
NOT-FOR-US: WordPress plugin
CVE-2022-50959 (WordPress Contact Form Builder 1.6.1 contains a reflected
cross-site s ...)
NOT-FOR-US: WordPress plugin
@@ -7885,7 +8230,7 @@ CVE-2022-50947 (WordPress Plugin Testimonial Slider and
Showcase 2.2.6 contains
NOT-FOR-US: WordPress plugin
CVE-2022-50946 (WordPress Plugin Netroics Blog Posts Grid 1.0 contains a
stored cross- ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-50945 (WordPress 3dady real-time web stats plugin 1.0 contains a
stored cross ...)
+CVE-2022-50945 (WordPress 3dady Real-Time Web Stats plugin 1.0 contains a
stored cross ...)
NOT-FOR-US: WordPress plugin
CVE-2022-50944 (Aero CMS 0.0.1 contains a PHP code injection vulnerability
that allows ...)
NOT-FOR-US: Aero CMS
@@ -13152,7 +13497,7 @@ CVE-2026-41572 (Note Mark is an open-source note-taking
application. Prior to ve
NOT-FOR-US: Note Mark
CVE-2026-41571 (Note Mark is an open-source note-taking application. In
version 0.19.2 ...)
NOT-FOR-US: Note Mark
-CVE-2026-41471 (Easy PayPal Events & Tickets plugin for WordPress before
version 1.4 c ...)
+CVE-2026-41471 (The Easy PayPal Events & Tickets plugin for WordPress before
version 1 ...)
NOT-FOR-US: WordPress plugin
CVE-2026-40797 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: WordPress plugin or theme
@@ -15501,7 +15846,7 @@ CVE-2018-25306 (PDFunite 0.41.0 contains a buffer
overflow vulnerability that al
TODO: check
CVE-2018-25305 (librsvg2-bin 2.40.13 contains a buffer overflow vulnerability
that all ...)
TODO: check
-CVE-2018-25304 (Free Download Manager 2.0 Built 417 contains a local buffer
overflow v ...)
+CVE-2018-25304 (Free Download Manager 2.0 Build 417 contains a local buffer
overflow v ...)
NOT-FOR-US: Free Download Manager
CVE-2018-25303 (Allok Video to DVD Burner 2.6.1217 contains a stack-based
buffer overf ...)
NOT-FOR-US: Alloksoft
@@ -16817,7 +17162,7 @@ CVE-2026-41467 (ProjeQtor versions 7.0 through 12.4.3
contain a stored cross-sit
NOT-FOR-US: ProjeQtor
CVE-2026-41466 (ProjeQtor versions 7.0 through 12.4.3 contain a stored
cross-site scri ...)
NOT-FOR-US: ProjeQtor
-CVE-2026-41465 (ProjeQtor versions 7.0 through 12.4.3 contains a path
traversal vulner ...)
+CVE-2026-41465 (ProjeQtor versions 7.0 through 12.4.3 contain a path traversal
vulnera ...)
NOT-FOR-US: ProjeQtor
CVE-2026-41464 (ProjeQtor versions 7.0 through 12.4.3 contain a missing
authorization ...)
NOT-FOR-US: ProjeQtor
@@ -29515,7 +29860,7 @@ CVE-2026-25726 (Cloudreve is a self-hosted file
management and sharing system. P
NOT-FOR-US: Cloudreve
CVE-2026-25197 (A specific endpoint allows authenticated users to pivot to
other user ...)
NOT-FOR-US: Gardyn
-CVE-2026-22665 (prompts.chat prior to commit 1464475 contains an identity
confusion vu ...)
+CVE-2026-22665 (prompts.chat prior to commit 1464475, contains an identity
confusion v ...)
NOT-FOR-US: prompts.chat
CVE-2026-22664 (prompts.chat prior to commit 30a8f04 contains a server-side
request fo ...)
NOT-FOR-US: prompts.chat
@@ -37903,7 +38248,7 @@ CVE-2026-32898 (OpenClaw versions prior to 2026.2.23
contain an authorization by
NOT-FOR-US: OpenClaw
CVE-2026-32897 (OpenClaw versions prior to 2026.2.22 reuse gateway.auth.token
as a fal ...)
NOT-FOR-US: OpenClaw
-CVE-2026-32896 (OpenClaw versions prior to 2026.2.21 BlueBubbles webhook
handler conta ...)
+CVE-2026-32896 (The BlueBubbles webhook handler in OpenClaw versions prior to
2026.2.2 ...)
NOT-FOR-US: OpenClaw
CVE-2026-32895 (OpenClaw versions prior to 2026.2.26 fail to enforce sender
authorizat ...)
NOT-FOR-US: OpenClaw
@@ -37917,7 +38262,7 @@ CVE-2026-32666 (WebCTRL systems that communicate over
BACnet inherit the protoco
NOT-FOR-US: WebCTRL
CVE-2026-32663 (The WebSocket backend uses charging station identifiers to
uniquely as ...)
NOT-FOR-US: WebCTRL
-CVE-2026-32067 (OpenClaw versions prior to 2026.2.26 contains an authorization
bypass ...)
+CVE-2026-32067 (OpenClaw versions prior to 2026.2.26 contain an authorization
bypass v ...)
NOT-FOR-US: OpenClaw
CVE-2026-32065 (OpenClaw versions prior to 2026.2.25 contain an
approval-integrity byp ...)
NOT-FOR-US: OpenClaw
@@ -39915,7 +40260,7 @@ CVE-2026-33058 (Kanboard is project management software
focused on Kanban method
NOTE:
https://github.com/kanboard/kanboard/security/advisories/GHSA-f62r-m4mr-2xhh
CVE-2026-32842 (Edimax GS-5008PL firmware version 1.00.54 and prior contain an
insecur ...)
NOT-FOR-US: Edimax
-CVE-2026-32841 (Edimax GS-5008PL firmware version 1.00.54 and prior contain an
authent ...)
+CVE-2026-32841 (Edimax GS-5008PL firmware versions 1.00.54 and prior contain
an authen ...)
NOT-FOR-US: Edimax
CVE-2026-32840 (Edimax GS-5008PL firmware version 1.00.54 and prior contain a
stored c ...)
NOT-FOR-US: Edimax
@@ -40052,7 +40397,7 @@ CVE-2026-22317 (A command injection vulnerability in
the device\u2019s Root CA c
NOT-FOR-US: Phoenix Contact
CVE-2026-22316 (A remote attacker with user privileges for the webUI can use
the setti ...)
NOT-FOR-US: Phoenix Contact
-CVE-2026-22217 (OpenClaw version 2026.2.22 prior to 2026.2.23 contain an
arbitrary cod ...)
+CVE-2026-22217 (OpenClaw version 2026.2.22 prior to 2026.2.23 contains an
arbitrary co ...)
NOT-FOR-US: OpenClaw
CVE-2026-22181 (OpenClaw versions prior to 2026.3.2 contain a DNS pinning
bypass vulne ...)
NOT-FOR-US: OpenClaw
@@ -42409,7 +42754,7 @@ CVE-2026-32094 (Shescape is a simple shell escape
library for JavaScript. Prior
NOT-FOR-US: Shescape
CVE-2026-32063 (OpenClaw version 2026.2.19-2 prior to 2026.2.21 contains a
command inj ...)
NOT-FOR-US: OpenClaw
-CVE-2026-32062 (OpenClaw versions 2026.2.21-2 prior to 2026.2.22 and
@openclaw/voice-c ...)
+CVE-2026-32062 (OpenClaw versions 2026.2.21-2 up to, but not including,
2026.2.22, and ...)
NOT-FOR-US: OpenClaw
CVE-2026-32061 (OpenClaw versions prior to 2026.2.17 contain a path traversal
vulnerab ...)
NOT-FOR-US: OpenClaw
@@ -45245,7 +45590,7 @@ CVE-2026-28410 (The Graph is an indexing protocol for
querying networks like Eth
NOT-FOR-US: graphprotocol contracts
CVE-2026-28405 (MarkUs is a web application for the submission and grading of
student ...)
NOT-FOR-US: MarkUs
-CVE-2026-28395 (OpenClaw version 2026.1.14-1 prior to 2026.2.12 contain an
improper ne ...)
+CVE-2026-28395 (OpenClaw version 2026.1.14-1 prior to 2026.2.12 contains an
improper n ...)
NOT-FOR-US: OpenClaw
CVE-2026-28394 (OpenClaw versions prior to 2026.2.15 contain a denial of
service vulne ...)
NOT-FOR-US: OpenClaw
@@ -48169,7 +48514,7 @@ CVE-2026-28083 (Improper Neutralization of Input During
Web Page Generation ('Cr
NOT-FOR-US: WordPress plugin or theme
CVE-2026-27510 (Unitree Go2 firmware versions 1.1.7 through 1.1.11, when used
with the ...)
NOT-FOR-US: Unitree Go2 firmware
-CVE-2026-27509 (Unitree Go2 firmware versions V1.1.7 through V1.1.9 and
V1.1.11 (EDU) ...)
+CVE-2026-27509 (Unitree Go2 firmware versions V1.1.7 through V1.1.9, and
V1.1.11 (EDU) ...)
NOT-FOR-US: Unitree Go2 firmware
CVE-2026-27141 (Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will
cause a ...)
- golang-golang-x-net <not-affected> (Vulnerable code introduced later)
@@ -49200,7 +49545,7 @@ CVE-2026-22766 (Dell Wyse Management Suite, versions
prior to WMS 5.5, contain a
NOT-FOR-US: Dell / EMC
CVE-2026-22765 (Dell Wyse Management Suite, versions prior to WMS 5.5, contain
a Missi ...)
NOT-FOR-US: Dell / EMC
-CVE-2026-1773 (IEC 60870-5-104: Potential Denial of Service impact on
reception of in ...)
+CVE-2026-1773 (IEC 60870-5-104 used in RTU500: Potential Denial of Service
impact on ...)
NOT-FOR-US: Hitachi Energy
CVE-2026-1772 (RTU500 web interface: An unprivileged user can read user
management in ...)
NOT-FOR-US: Hitachi Energy
@@ -60105,7 +60450,7 @@ CVE-2020-37017 (CodeMeter 6.60 contains an unquoted
service path vulnerability t
NOT-FOR-US: CodeMeter
CVE-2020-37016 (BarcodeOCR 19.3.6 contains an unquoted service path
vulnerability that ...)
NOT-FOR-US: BarcodeOCR
-CVE-2020-37015 (Ruijie Networks Switch eWeb S29_RGOS 11.4 contains a directory
travers ...)
+CVE-2020-37015 (The Ruijie Networks Switch eWeb S29_RGOS version 11.4 contains
a direc ...)
NOT-FOR-US: Ruijie Networks Switch eWeb S29_RGOS
CVE-2020-37013 (Audio Playback Recorder 3.2.2 contains a local buffer overflow
vulnera ...)
NOT-FOR-US: Audio Playback Recorder
@@ -60125,7 +60470,7 @@ CVE-2020-37006 (berliCRM 1.0.24 contains a SQL
injection vulnerability in the 's
NOT-FOR-US: berliCRM
CVE-2020-37005 (TimeClock Software 1.01 contains an authenticated time-based
SQL injec ...)
NOT-FOR-US: TimeClock Software
-CVE-2020-37004 (Ultimate Project Manager CRM PRO 2.0.5 contains a blind SQL
injection ...)
+CVE-2020-37004 (The Ultimate Project Manager CRM PRO version 2.0.5 contains a
blind SQ ...)
NOT-FOR-US: Ultimate Project Manager CRM PRO
CVE-2020-37002 (Ajenti 2.1.36 contains a post-authenticated remote command
execution v ...)
- ajenti <itp> (bug #792019)
@@ -68764,11 +69109,11 @@ CVE-2026-22578
REJECTED
CVE-2026-22577
REJECTED
-CVE-2026-22190 (Panda3D versions up to and including 1.10.16 egg-mkfont
contains an un ...)
+CVE-2026-22190 (The egg-mkfont utility in Panda3D versions up to and including
1.10.16 ...)
NOT-FOR-US: Panda3D
-CVE-2026-22189 (Panda3D versions up to and including 1.10.16 egg-mkfont
contains a sta ...)
+CVE-2026-22189 (The egg-mkfont utility in Panda3D versions up to and including
1.10.16 ...)
NOT-FOR-US: Panda3D
-CVE-2026-22188 (Panda3D versions up to and including 1.10.16 deploy-stub
contains a de ...)
+CVE-2026-22188 (The deploy-stub component in Panda3D versions up to and
including 1.10 ...)
NOT-FOR-US: Panda3D
CVE-2026-22187 (Bio-Formats versions up to and including 8.3.0 perform unsafe
Java des ...)
NOT-FOR-US: Bio-Formats
@@ -108230,7 +108575,7 @@ CVE-2025-10438 (Path Traversal: 'dir/../../filename'
vulnerability in Yordam Inf
NOT-FOR-US: Yordam Katalog
CVE-2024-48014 (Dell BSAFE Micro Edition Suite, versions prior to 5.0.2.3
contain an O ...)
NOT-FOR-US: Dell / EMC
-CVE-2020-36851 (Rob -- W / cors-anywhere instances configured as an open proxy
allow u ...)
+CVE-2020-36851 (Rob--W cors-anywhere instances configured as an open proxy
allow unaut ...)
NOT-FOR-US: Rob -- W / cors-anywhere
CVE-2025-59833 (Flag Forge is a Capture The Flag (CTF) platform. In versions
from 2.1. ...)
NOT-FOR-US: Flag Forge
@@ -119384,7 +119729,7 @@ CVE-2025-39496 (Improper Neutralization of Special
Elements used in an SQL Comma
NOT-FOR-US: WordPress plugin or theme
CVE-2025-36003 (IBM Security Verify Governance Identity Manager 10.0.2 could
allow a r ...)
NOT-FOR-US: IBM
-CVE-2025-34523 (A heap-based buffer overflow vulnerability exists in the
exists in the ...)
+CVE-2025-34523 (A heap-based buffer overflow vulnerability exists in the
network-facin ...)
NOT-FOR-US: Arcserve
CVE-2025-34522 (A heap-based buffer overflow vulnerability exists in the input
parsing ...)
NOT-FOR-US: Arcserve
@@ -121652,7 +121997,7 @@ CVE-2011-10025 (Subtitle Processor 7.7.1 contains a
buffer overflow vulnerabilit
NOT-FOR-US: Subtitle Processor
CVE-2011-10024 (MJM Core Player (likely now referred to as MJM Player) 2011 is
vulnera ...)
NOT-FOR-US: MJM Core Player
-CVE-2011-10023 (MJM QuickPlayer (likely now referred to as MJM Player) version
2010 co ...)
+CVE-2011-10023 (MJM QuickPlayer (also known as MJM Player) version 2010
contains a sta ...)
NOT-FOR-US: MJM QuickPlayer
CVE-2011-10022 (SPlayer version 3.7 and earlier is vulnerable to a stack-based
buffer ...)
NOT-FOR-US: SPlayer
@@ -124072,7 +124417,7 @@ CVE-2025-0309 (An insufficient validation on the
server connection endpoint in N
NOT-FOR-US: Netskope
CVE-2024-7402 (Netskope has identified a potential gap in its agent (Netskope
Client) ...)
NOT-FOR-US: Netskope
-CVE-2012-10060 (Sysax Multi Server versions prior to 5.55 contains a
stack-based buffe ...)
+CVE-2012-10060 (Sysax Multi Server versions prior to 5.55 contain a
stack-based buffer ...)
NOT-FOR-US: Sysax Multi Server
CVE-2012-10059 (Dolibarr ERP/CRM versions <= 3.1.1 and <= 3.2.0 contain a
post-authent ...)
- dolibarr <removed>
@@ -125724,7 +126069,7 @@ CVE-2012-10049 (WebPageTest version 2.6 and earlier
contains an arbitrary file u
NOT-FOR-US: WebPageTest
CVE-2012-10048 (Zenoss Core 3.x contains a command injection vulnerability in
the show ...)
- zenoss <itp> (bug #361253)
-CVE-2012-10047 (Cyclope Employee Surveillance Solution versions 6.x is
vulnerable to a ...)
+CVE-2012-10047 (Cyclope Employee Surveillance Solution versions 6.x are
vulnerable to ...)
NOT-FOR-US: Cyclope Employee Surveillance Solution
CVE-2012-10046 (The E-Mail Security Virtual Appliance (ESVA) (tested on
version ESVA_2 ...)
NOT-FOR-US: E-Mail Security Virtual Appliance (ESVA)
@@ -126556,7 +126901,7 @@ CVE-2012-10029 (Nagios XI Network Monitor prior to
Graph Explorer component vers
NOT-FOR-US: Nagios XI
CVE-2012-10028 (Netwin SurgeFTP version 23c8 and prior contains a
vulnerability in its ...)
NOT-FOR-US: Netwin SurgeFTP
-CVE-2012-10027 (WP-Property plugin for WordPress through version 1.35.0
contains an un ...)
+CVE-2012-10027 (WP-Property plugin for WordPress up to and including version
1.35.0 co ...)
NOT-FOR-US: WordPress plugin
CVE-2012-10026 (The WordPress plugin Asset-Manager version 2.0 and below
contains an u ...)
NOT-FOR-US: WordPress plugin
@@ -161918,8 +162263,8 @@ CVE-2025-22372 (Insufficiently Protected Credentials
vulnerability in SicommNet
NOT-FOR-US: SicommNet BASEC
CVE-2025-22371 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: SicommNet BASEC
-CVE-2025-1782
- REJECTED
+CVE-2025-1782 (In HylaFAX Enterprise Web Interface and AvantFAX, the language
form el ...)
+ TODO: check
CVE-2024-49825 (IBM Robotic Process Automation and Robotic Process Automation
for Clou ...)
NOT-FOR-US: IBM
CVE-2024-49709 (Internet Starter, one of SoftCOM iKSORIS system modules,allows
for set ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2bd0ce357b6c6baf7ddcc45d3e4ad27fe5b9f7a0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2bd0ce357b6c6baf7ddcc45d3e4ad27fe5b9f7a0
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
