Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3e269398 by security tracker role at 2026-05-27T07:13:10+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,37 +1,325 @@
+CVE-2026-9642 (There is a mitigation bypass / (incomplete fix) for
CVE-2025-62582 (Un ...)
+ TODO: check
+CVE-2026-9632 (A flaw has been found in UTT HiPER 1250GW up to
3.2.7-210907-180535. A ...)
+ TODO: check
+CVE-2026-9631 (A vulnerability was detected in UTT HiPER 1250GW up to
3.2.7-210907-18 ...)
+ TODO: check
+CVE-2026-9628 (A weakness has been identified in UTT HiPER 1200GW up to
2.5.3-170306. ...)
+ TODO: check
+CVE-2026-9627 (A security flaw has been discovered in UTT HiPER 1200GW up to
2.5.3-17 ...)
+ TODO: check
+CVE-2026-9609 (A vulnerability was identified in QianFox FoxCMS up to 1.2.6.
This aff ...)
+ TODO: check
+CVE-2026-9608 (A vulnerability was determined in QianFox FoxCMS up to 1.2.6.
The impa ...)
+ TODO: check
+CVE-2026-9607 (A vulnerability was found in itsourcecode Courier Management
System 1. ...)
+ TODO: check
+CVE-2026-9606 (A vulnerability has been found in itsourcecode Courier
Management Syst ...)
+ TODO: check
+CVE-2026-9605 (A flaw has been found in GNU libredwg up to 0.13.4.8160. This
issue af ...)
+ TODO: check
+CVE-2026-9604 (A vulnerability was detected in JeecgBoot up to 3.9.1. This
vulnerabil ...)
+ TODO: check
+CVE-2026-9603 (A security vulnerability has been detected in SourceCodester
eDoc Doct ...)
+ TODO: check
+CVE-2026-9584 (A security vulnerability has been detected in code-projects
Project Ma ...)
+ TODO: check
+CVE-2026-9583 (A weakness has been identified in SourceCodester CET Automated
Grading ...)
+ TODO: check
+CVE-2026-9582 (A security flaw has been discovered in SourceCodester CET
Automated Gr ...)
+ TODO: check
+CVE-2026-9581 (A vulnerability was identified in JeecgBoot up to 3.9.1. The
impacted ...)
+ TODO: check
+CVE-2026-9580 (A vulnerability was determined in JeecgBoot up to 3.9.1. The
affected ...)
+ TODO: check
+CVE-2026-9579 (A vulnerability was found in JeecgBoot up to 3.9.1. Impacted is
the fu ...)
+ TODO: check
+CVE-2026-9575 (A vulnerability has been found in itsourcecode Student
Transcript Proc ...)
+ TODO: check
+CVE-2026-9574 (A flaw has been found in itsourcecode Student Transcript
Processing Sy ...)
+ TODO: check
+CVE-2026-9573 (A vulnerability was detected in itsourcecode Student Transcript
Proces ...)
+ TODO: check
+CVE-2026-9312 (A server-side request forgery (SSRF) vulnerability was
identified in G ...)
+ TODO: check
+CVE-2026-9236 (The CM Ad Changer \u2013 A simple tool to control and optimize
your si ...)
+ TODO: check
+CVE-2026-9207 (Tanium addressed an unauthorized code execution vulnerability
in Conne ...)
+ TODO: check
+CVE-2026-9200 (The Query Shortcode plugin for WordPress is vulnerable to Local
File I ...)
+ TODO: check
+CVE-2026-9156 (Tanium addressed a denial of service vulnerability in Tanium
Server.)
+ TODO: check
+CVE-2026-9022 (The Splide Carousel Block plugin for WordPress is vulnerable to
Stored ...)
+ TODO: check
+CVE-2026-9014 (The WP Promoter plugin for WordPress is vulnerable to
unauthorized mod ...)
+ TODO: check
+CVE-2026-8994 (The Login with NEAR plugin for WordPress is vulnerable to
Authenticati ...)
+ TODO: check
+CVE-2026-8943 (The GoStats for WordPress plugin for WordPress is vulnerable to
Cross- ...)
+ TODO: check
+CVE-2026-8941 (The CDN Linker lite plugin for WordPress is vulnerable to
Cross-Site R ...)
+ TODO: check
+CVE-2026-8939 (The Search Simple Fields plugin for WordPress is vulnerable to
Cross-S ...)
+ TODO: check
+CVE-2026-8938 (The auto making JSON-LD plugin for WordPress is vulnerable to
Cross-Si ...)
+ TODO: check
+CVE-2026-8911 (The WP AutoBuzz plugin for WordPress is vulnerable to
Cross-Site Reque ...)
+ TODO: check
+CVE-2026-8903 (The Two-factor authentication (formerly IP Vault) plugin for
WordPress ...)
+ TODO: check
+CVE-2026-8899 (The Auto Thumbnail plugin for WordPress is vulnerable to Stored
Cross- ...)
+ TODO: check
+CVE-2026-8898 (The Events In City plugin for WordPress is vulnerable to Stored
Cross- ...)
+ TODO: check
+CVE-2026-8897 (The Shortcode Buddy plugin for WordPress is vulnerable to
Stored Cross ...)
+ TODO: check
+CVE-2026-8894 (The iWR Tooltip plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
+ TODO: check
+CVE-2026-8891 (The BitForm plugin for WordPress is vulnerable to Stored
Cross-Site Sc ...)
+ TODO: check
+CVE-2026-8887 (The Listen Shortcode plugin for WordPress is vulnerable to
Stored Cros ...)
+ TODO: check
+CVE-2026-8886 (The hk_shortcode plugin for WordPress is vulnerable to Stored
Cross-Si ...)
+ TODO: check
+CVE-2026-8884 (The Instant-Quote.co Quotation Page plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2026-8877 (The Responsive Video Embedder plugin for WordPress is
vulnerable to St ...)
+ TODO: check
+CVE-2026-8875 (The Easy Prism Syntax Highlighter plugin for WordPress is
vulnerable t ...)
+ TODO: check
+CVE-2026-8873 (The Content Slideshow plugin for WordPress is vulnerable to
Stored Cro ...)
+ TODO: check
+CVE-2026-8872 (The Animate Your Content plugin for WordPress is vulnerable to
Stored ...)
+ TODO: check
+CVE-2026-8871 (The Formidable Kinetic plugin for WordPress is vulnerable to
Stored Cr ...)
+ TODO: check
+CVE-2026-8870 (The Team Master \u2013 A Modern WordPress Team Showcase plugin
for Wor ...)
+ TODO: check
+CVE-2026-8869 (The Mutual Funds Data plugin for WordPress is vulnerable to
Stored Cro ...)
+ TODO: check
+CVE-2026-8868 (The Single Mailchimp plugin for WordPress is vulnerable to
Stored Cros ...)
+ TODO: check
+CVE-2026-8867 (The Post Category Gallery plugin for WordPress is vulnerable to
Stored ...)
+ TODO: check
+CVE-2026-8866 (The jQuery googleslides plugin for WordPress is vulnerable to
Stored C ...)
+ TODO: check
+CVE-2026-8847 (The Dideo plugin for WordPress is vulnerable to Stored
Cross-Site Scri ...)
+ TODO: check
+CVE-2026-8846 (The Tuxquote plugin for WordPress is vulnerable to Stored
Cross-Site S ...)
+ TODO: check
+CVE-2026-8845 (The Islamic Database plugin for WordPress is vulnerable to
Stored Cros ...)
+ TODO: check
+CVE-2026-8844 (The Responsive Check plugin for WordPress is vulnerable to
Stored Cros ...)
+ TODO: check
+CVE-2026-8842 (The Google+ Link Name plugin for WordPress is vulnerable to
Stored Cro ...)
+ TODO: check
+CVE-2026-8837 (The WP Iframe Geo Style for Amazon affiliates plugin for
WordPress is ...)
+ TODO: check
+CVE-2026-8787 (The Firebase Support & Chat Management plugin for WordPress is
vulnera ...)
+ TODO: check
+CVE-2026-8760 (The Login with OTP plugin for WordPress is vulnerable to
authenticatio ...)
+ TODO: check
+CVE-2026-8708 (The Genzel breadcrumbs plugin for WordPress is vulnerable to
Cross-Sit ...)
+ TODO: check
+CVE-2026-8707 (The NS Product icon badge plugin for WordPress is vulnerable to
Reflec ...)
+ TODO: check
+CVE-2026-8703 (The Endless Scroll plugin for WordPress is vulnerable to Stored
Cross- ...)
+ TODO: check
+CVE-2026-8702 (The GBI To Print plugin for WordPress is vulnerable to Stored
Cross-Si ...)
+ TODO: check
+CVE-2026-8701 (The GNTT Post Title Ticker plugin for WordPress is vulnerable
to Store ...)
+ TODO: check
+CVE-2026-8698 (The Cryptocurrency Prijsvergelijking Widget plugin for
WordPress is vu ...)
+ TODO: check
+CVE-2026-8680
+ REJECTED
+CVE-2026-8676 (An attacker is able to downgrade the security of a Bluetooth LE
connec ...)
+ TODO: check
+CVE-2026-8606 (A Server-Side Request Forgery (SSRF) vulnerability was
identified in G ...)
+ TODO: check
+CVE-2026-8453
+ REJECTED
+CVE-2026-8048 (The My Email Shortcode plugin for WordPress is vulnerable to
Stored Cr ...)
+ TODO: check
+CVE-2026-8040 (The faq shortocde plugin for WordPress is vulnerable to Stored
Cross-S ...)
+ TODO: check
+CVE-2026-7614 (The Old Posts Highlighter plugin for WordPress is vulnerable to
Cross- ...)
+ TODO: check
+CVE-2026-7493 (The Appointment Booking Calendar \u2014 Simply Schedule
Appointments B ...)
+ TODO: check
+CVE-2026-6565 (The Style Kits \u2013 Advanced Theme Styles for Elementor,
Elementor K ...)
+ TODO: check
+CVE-2026-6287 (The ShopLentor - WooCommerce Builder for Elementor & Gutenberg
plugin ...)
+ TODO: check
+CVE-2026-6268 (The EventPress WordPress theme before 22.2 does not sanitize or
escape ...)
+ TODO: check
+CVE-2026-49017 (In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware
enters a ...)
+ TODO: check
+CVE-2026-49014 (In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the
netCDF ...)
+ TODO: check
+CVE-2026-49000 (An insecure password scheme refers to vulnerabilities arising
from imp ...)
+ TODO: check
+CVE-2026-48999 (Attackers carefully craft malicious scripts, such as
JavaScript, and i ...)
+ TODO: check
+CVE-2026-48593 (Uncontrolled Resource Consumption vulnerability in oban-bg
oban_web (' ...)
+ TODO: check
+CVE-2026-48592 (Missing Authorization vulnerability in oban-bg oban_web
('Elixir.Oban. ...)
+ TODO: check
+CVE-2026-47672 (epa4all-client is the Java Client for epa4all / ePA 3.0 in the
Telemat ...)
+ TODO: check
+CVE-2026-45575 (epa4all-client is the Java Client for epa4all / ePA 3.0 in the
Telemat ...)
+ TODO: check
+CVE-2026-45574 (epa4all-client is the Java Client for epa4all / ePA 3.0 in the
Telemat ...)
+ TODO: check
+CVE-2026-45413 (MaxKB is an open-source AI assistant for enterprise. Prior to
2.9.1, u ...)
+ TODO: check
+CVE-2026-45412 (MaxKB is an open-source AI assistant for enterprise. Prior to
2.9.1, S ...)
+ TODO: check
+CVE-2026-45298 (Dozzle is a realtime log viewer for docker containers. Prior
to 10.5.2 ...)
+ TODO: check
+CVE-2026-44985 (Dozzle is a realtime log viewer for docker containers. Prior
to 10.5.2 ...)
+ TODO: check
+CVE-2026-44983 (smallbitvec is a growable bit-vector for Rust, optimized for
size. Fro ...)
+ TODO: check
+CVE-2026-44966 (Velocity.js is a JavaScript implementation of the Apache
Velocity temp ...)
+ TODO: check
+CVE-2026-44905 (Vanetza is an open-source implementation of the ETSI C-ITS
protocol su ...)
+ TODO: check
+CVE-2026-44903 (Prometheus is an open-source monitoring system and time series
databas ...)
+ TODO: check
+CVE-2026-44900 (epa4all-client is the Java Client for epa4all / ePA 3.0 in the
Telemat ...)
+ TODO: check
+CVE-2026-44899 (Mistune is a Python Markdown parser with renderers and
plugins. Prior ...)
+ TODO: check
+CVE-2026-44898 (Mistune is a Python Markdown parser with renderers and
plugins. Prior ...)
+ TODO: check
+CVE-2026-44897 (Mistune is a Python Markdown parser with renderers and
plugins. Prior ...)
+ TODO: check
+CVE-2026-44896 (Mistune is a Python Markdown parser with renderers and
plugins. In 3.2 ...)
+ TODO: check
+CVE-2026-44895 (GitLab MCP Server lets an AI agent talk directly to GitLab.
Prior to 0 ...)
+ TODO: check
+CVE-2026-44847 (MaxKB is an open-source AI assistant for enterprise. Prior to
2.9.0, M ...)
+ TODO: check
+CVE-2026-44844 (eml_parser serves as a python module for parsing eml files and
returni ...)
+ TODO: check
+CVE-2026-44843 (LangChain is a framework for building agents and LLM-powered
applicati ...)
+ TODO: check
+CVE-2026-44837 (view_component is a framework for building reusable, testable,
and enc ...)
+ TODO: check
+CVE-2026-44836 (view_component is a framework for building reusable, testable,
and enc ...)
+ TODO: check
+CVE-2026-44833 (Snipe-IT is an IT asset/license management system. Prior to
8.4.1, an ...)
+ TODO: check
+CVE-2026-44832 (Snipe-IT is an IT asset/license management system. Prior to
8.4.1, aAn ...)
+ TODO: check
+CVE-2026-44831 (Snipe-IT is an IT asset/license management system. Prior to
8.4.1, use ...)
+ TODO: check
+CVE-2026-44788 (SharpCompress is a fully managed C# library to deal with many
compress ...)
+ TODO: check
+CVE-2026-44708 (Mistune is a Python Markdown parser with renderers and
plugins. Prior ...)
+ TODO: check
+CVE-2026-44451 (Lumiverse is a full-featured AI chat application. Prior to
0.9.7, the ...)
+ TODO: check
+CVE-2026-44450 (Lumiverse is a full-featured AI chat application. Prior to
0.9.7, the ...)
+ TODO: check
+CVE-2026-44449 (Lumiverse is a full-featured AI chat application. Prior to
0.9.7, when ...)
+ TODO: check
+CVE-2026-44444 (Lumiverse is a full-featured AI chat application. Prior to
0.9.7, the ...)
+ TODO: check
+CVE-2026-44443 (Lumiverse is a full-featured AI chat application. Prior to
0.9.7, cons ...)
+ TODO: check
+CVE-2026-44214 (eventsource-encoder encodes events as well-formed
EventSource/Server S ...)
+ TODO: check
+CVE-2026-44213 (The OpenTelemetry.Exporter.Instana exports telemetry to
Instana backen ...)
+ TODO: check
+CVE-2026-44209 (Banks generates meaningful LLM prompts using a template
language that ...)
+ TODO: check
+CVE-2026-43988 (Vanetza is an open-source implementation of the ETSI C-ITS
protocol su ...)
+ TODO: check
+CVE-2026-42337 (MaxKB is an open-source AI assistant for enterprise. MaxKB
2.8.0 and p ...)
+ TODO: check
+CVE-2026-42336 (MaxKB is an open-source AI assistant for enterprise. MaxKB
2.8.0 and p ...)
+ TODO: check
+CVE-2026-42335 (MaxKB is an open-source AI assistant for enterprise. Prior to
2.8.1, M ...)
+ TODO: check
+CVE-2026-36239 (PbootCMS v.3.2.11 contains a code injection vulnerability in
its site ...)
+ TODO: check
+CVE-2026-2255 (Hitachi Vantara Pentaho Data Integration & Analytics versions
before 1 ...)
+ TODO: check
+CVE-2026-2254 (Hitachi Vantara Pentaho Data Integration & Analytics versions
before 1 ...)
+ TODO: check
+CVE-2026-2253 (Hitachi Vantara Pentaho Data Integration & Analytics versions
before 1 ...)
+ TODO: check
+CVE-2026-27331 (Missing Authorization vulnerability in Magepeople inc.
WpTravelly allo ...)
+ TODO: check
+CVE-2026-25444 (Missing Authorization vulnerability in Magepeople inc.
WpBookingly all ...)
+ TODO: check
+CVE-2026-25426 (Missing Authorization vulnerability in Magepeople inc. Taxi
Booking Ma ...)
+ TODO: check
+CVE-2026-24520 (Missing Authorization vulnerability in bPlugins Tiktok Feed
allows Exp ...)
+ TODO: check
+CVE-2025-68711 (AppLockZ App Lock and Fingerprint Lock
(applock.passwordfingerprint.ap ...)
+ TODO: check
+CVE-2025-68710 (Easyelife App lock (aka Fingerprint,Applock or
locker.app.safe.applock ...)
+ TODO: check
+CVE-2025-68709 (SailingLab AppLock (aka com.alpha.applock) 4.3.8 for Android
allows a ...)
+ TODO: check
+CVE-2025-68708 (SailingLab AppLock (aka com.alpha.applock) 4.3.8 for Android
allows a ...)
+ TODO: check
+CVE-2025-46307 (A logic issue was addressed with improved restrictions. This
issue is ...)
+ TODO: check
+CVE-2025-46284 (A race condition was addressed with additional validation.
This issue ...)
+ TODO: check
+CVE-2025-46280 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
+ TODO: check
+CVE-2025-43451 (A permissions issue was addressed by removing the vulnerable
code. Thi ...)
+ TODO: check
+CVE-2025-43306 (A logic issue was addressed with improved checks. This issue
is fixed ...)
+ TODO: check
+CVE-2025-43290 (A permissions issue was addressed with additional
restrictions. This i ...)
+ TODO: check
+CVE-2025-43289 (A logic issue was addressed with improved validation. This
issue is fi ...)
+ TODO: check
+CVE-2025-14481 (The Yoast SEO plugin for WordPress is vulnerable to Insecure
Direct Ob ...)
+ TODO: check
+CVE-2025-14361 (Missing Authorization vulnerability in AA-Team Woocommerce
Envato Affi ...)
+ TODO: check
CVE-2026-46644 [insecure equivalence in symfony/polyfill-intl-idn for
ASCII-only xn-- labels]
- php-symfony-polyfill <unfixed>
[bookworm] - php-symfony-polyfill <no-dsa> (Minor issue)
NOTE:
https://symfony.com/blog/cve-2026-46644-insecure-equivalence-in-symfony-polyfill-intl-idn-for-ascii-only-xn-labels
NOTE:
https://github.com/symfony/polyfill/security/advisories/GHSA-2xf4-cg6j-vhgq
-CVE-2026-48962 [Perl can execute arbitrary code in File::GlobMapper via an
attacker-controlled output]
+CVE-2026-48962 (IO::Compress versions before 2.220 for Perl can execute
arbitrary code ...)
- libio-compress-perl <unfixed>
- perl <unfixed>
NOTE: https://lists.security.metacpan.org/cve-announce/msg/40434385/
NOTE: Fixed by:
https://github.com/pmqs/IO-Compress/commit/f2db247bf90d4cc7ee2710be384946081f3b4610
(v2.220)
-CVE-2026-48961 [zipdetails CLI tool crashes with undefined subroutine on
Info-ZIP Unix Extra Field with 8-byte UID or GID]
+CVE-2026-48961 (IO::Compress versions from 2.207 before 2.220 for Perl ship a
zipdetai ...)
- libio-compress-perl <unfixed>
- perl <unfixed>
NOTE: https://lists.security.metacpan.org/cve-announce/msg/40434383/
NOTE: Fixed by:
https://github.com/pmqs/IO-Compress/commit/33c89d03d6e746ed2ead4f2f6570d47864c61bc7
(v2.220)
-CVE-2026-48959 [CPU exhaustion via per-byte read loop in fastForward]
+CVE-2026-48959 (IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU
exhaust ...)
- libio-compress-perl <unfixed>
- perl <unfixed>
NOTE: https://lists.security.metacpan.org/cve-announce/msg/40434381/
NOTE: Fixed by:
https://github.com/pmqs/IO-Compress/commit/68db44076f4c1a86a2ffe53a958eac6cabaf72e2
(v2.220)
-CVE-2025-15649 [propagate uncaught exception when parsing zip header with
malformed DOS date]
+CVE-2025-15649 (IO::Uncompress::Unzip versions before 2.215 for Perl propagate
uncaugh ...)
- libio-compress-perl 2.217-1
- perl <unfixed>
NOTE: https://lists.security.metacpan.org/cve-announce/msg/40434380/
NOTE: https://github.com/pmqs/IO-Compress/issues/65
NOTE: Fixed by:
https://github.com/pmqs/IO-Compress/commit/fd28c1d2374eee9811f6d0c5bddc0957abdf1da8
(v2.215)
-CVE-2026-8450 [OS command injection via send_file()]
+CVE-2026-8450 (HTTP::Daemon versions before 6.17 for Perl allow OS command
injection ...)
- libhttp-daemon-perl <unfixed>
NOTE: https://lists.security.metacpan.org/cve-announce/msg/40435207/
NOTE: https://github.com/libwww-perl/HTTP-Daemon/pull/89
NOTE: Fixed by:
https://github.com/libwww-perl/HTTP-Daemon/commit/945d35141d94490f749640bd4390acd6a2193995
(v6.17)
-CVE-2026-8647
+CVE-2026-8647 (Crypt::ScryptKDF versions through 0.010 for Perl uses insecure
random ...)
NOT-FOR-US: Crypt::ScryptKDF Perl module
-CVE-2026-46740
+CVE-2026-46740 (Mojolicious::Plugin::Statsd versions through 0.04 for Perl
allowed met ...)
NOT-FOR-US: Mojolicious::Plugin::Statsd Perl module
CVE-2026-9572 (A security vulnerability has been detected in GPAC up to 2.4.0.
Affect ...)
- gpac <removed>
@@ -116,7 +404,7 @@ CVE-2026-7310 (A heap-based buffer overflow vulnerability
exists in XML parser f
NOT-FOR-US: Hitachi Energy
CVE-2026-7251 (Eppendorf BioFlo 320is vulnerable to due to VNC server using a
hard-co ...)
NOT-FOR-US: Eppendorf
-CVE-2026-4051 (IBM Engineering Lifecycle Management 7.0.3 ( through ) Interim
Fix 021 ...)
+CVE-2026-4051 (IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0
could all ...)
NOT-FOR-US: IBM
CVE-2026-48905 (Lack of input filtering leads to an XSS vector in the HTML
filter code ...)
NOT-FOR-US: Joomla
@@ -286,9 +574,9 @@ CVE-2026-40034 (gix-submodule before 0.82.0 incorrectly
validates the update fie
TODO: check
CVE-2026-40033 (FreeRDP before 3.26.0 contains a heap-buffer-overflow
vulnerability in ...)
TODO: check
-CVE-2026-3660 (IBM Engineering Lifecycle Management 7.0.3 ( through ) Interim
Fix 021 ...)
+CVE-2026-3660 (IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0
could all ...)
NOT-FOR-US: IBM
-CVE-2026-3603 (IBM Engineering Lifecycle Management 7.0.3 Interim Fix 001
through Int ...)
+CVE-2026-3603 (IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 is
vulner ...)
NOT-FOR-US: IBM
CVE-2026-39661 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
@@ -1187,6 +1475,7 @@ CVE-2026-23652 (Improper neutralization of special
elements used in a command ('
CVE-2026-9291 (Insecure deserialization in the job results processing
component in Am ...)
NOT-FOR-US: Amazon
CVE-2026-9277 (shell-quote's `quote()` function did not validate object-token
inputs ...)
+ {DSA-6300-1}
- node-shell-quote 1.8.4+~1.7.5-1 (bug #1137372)
NOTE:
https://github.com/ljharb/shell-quote/security/advisories/GHSA-w7jw-789q-3m8p
CVE-2026-9256 (NGINX Plus and NGINX Open Source have a vulnerability in the
ngx_http_ ...)
@@ -1373,7 +1662,7 @@ CVE-2025-32745 (Dell PowerFlex Manager, version(s)
<=4.6.2, contain(s) an Improp
NOT-FOR-US: Dell / EMC
CVE-2025-26483 (Dell PowerFlex Manager, versions 4.6.2 and prior, contains an
Open Red ...)
NOT-FOR-US: Dell / EMC
-CVE-2026-48710 [starlette Ignore malformed Host header when constructing
request.url]
+CVE-2026-48710 (Starlette is a lightweight ASGI framework/toolkit. Prior to
version 1. ...)
- starlette <unfixed> (bug #1137375)
NOTE: https://x41-dsec.de/lab/advisories/x41-2026-002-starlette/
NOTE:
https://github.com/Kludex/starlette/security/advisories/GHSA-86qp-5c8j-p5mr
@@ -1808,31 +2097,37 @@ CVE-2026-42538
CVE-2026-42329
NOT-FOR-US: DFIR-IRIS
CVE-2026-42326
+ {DSA-6298-1}
- imagemagick 8:7.1.2.23+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7wff-wpr6-vmhm
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/06301590988fc62e17b4ae6e937d411cc1089ef1
(7.1.2-22)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/4bbc9cf334ec0c136d4aa8c28afab17120cc954c
(6.9.13-47)
CVE-2026-45031
+ {DSA-6298-1}
- imagemagick 8:7.1.2.23+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cwpj-h54c-xjpx
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/a96763d717e27d6d136aa734d1cf4b33a91555d0
(7.1.2-23)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/de0f3f1ee15c783d139135e93cff212ee37e89af
(6.9.13-48)
CVE-2026-45359
+ {DSA-6298-1}
- imagemagick 8:7.1.2.23+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vhrh-72hq-w8m7
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/9f18e2890088705c9a3dc867a7f2e31be50b8f41
(7.1.2-23)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/c590530d406e7628e6f1a8d0e7429b592bfadce8
(6.9.13-49)
CVE-2026-45358
+ {DSA-6298-1}
- imagemagick 8:7.1.2.23+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cr6r-hmj8-pr7r
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/2cf3b5750bd7c96fbb92c3f02823ecd63f8dd232
(7.1.2-23)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/1b962d30cc7ad94d18c5f24c8dbc6d48f534b99d
(6.9.13-48)
CVE-2026-45624
+ {DSA-6298-1}
- imagemagick 8:7.1.2.23+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pfvh-m9xv-8966
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/a66ab7bc559f041b1434606496b5b4b0906ff9a2
(7.1.2-23)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/7736b7c458d0c694e26023ad4bd3436fc2f951ff
(6.9.13-48)
CVE-2026-45664
+ {DSA-6298-1}
- imagemagick 8:7.1.2.23+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-g5mf-wqq5-vwg6
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/10a1a2285659fe1f8978f338319727dfda19500d
(7.1.2-23)
@@ -1840,21 +2135,25 @@ CVE-2026-45664
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/3d57d37907857d19b026760c47f1ac9c8c091c0d
(6.9.13-48)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/11ac03e5485a94a8c1ef06e79e8d77ded1d18d46
(6.9.13-48)
CVE-2026-46692
+ {DSA-6298-1}
- imagemagick 8:7.1.2.23+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p93h-f2jc-477j
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/75bcc76eac8b26ce0d6900117c9b308b0aed5719
(7.1.2-23)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/6efd2e9277e6e6f5a8171d6c67bc93f1ff1f3eb8
(6.9.13-48)
CVE-2026-46521
+ {DSA-6298-1}
- imagemagick 8:7.1.2.23+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-jcqp-6r6f-3mfx
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/188fcf538f58a60109ebd008e2c40d29cf3966d7
(7.1.2-23)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/61adf32771284186f2fbaea220062226123ac394
(6.9.13-48)
CVE-2026-46520
+ {DSA-6298-1}
- imagemagick 8:7.1.2.23+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-36wm-hprc-mcf5
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/3aa35741316909f9e384d13cee197334dc3296d7
(7.1.2-23)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/4095aa6144646ec6f04d254f050d7cbb04af293f
(6.9.13-48)
CVE-2026-46693
+ {DSA-6298-1}
- imagemagick 8:7.1.2.23+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-4g75-9r48-jf92
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/adb4b8d7e1e4014892b71837842326c96c2a625b
(7.1.2-23)
@@ -1863,21 +2162,25 @@ CVE-2026-46693
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/6b1e965f94eaf73f9ed459f86d87254e72c87156
(6.9.13-48)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/0cde9421b635a66a42a6f23f995fbd9a325965cb
(6.9.13-48)
CVE-2026-46522
+ {DSA-6298-1}
- imagemagick 8:7.1.2.23+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7gg8-qqx7-92g5
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/e8431d4a282013851cb698fdf29b1d7ad80ad7cb
(7.1.2-23)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/466237e1116b46abde8af0f1794b42f1110e04b5
(6.9.13-48)
CVE-2026-46523
+ {DSA-6298-1}
- imagemagick 8:7.1.2.23+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5r4x-w6p5-222q
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/4d92249c84536a20e9723376ec016b4950dcb454
(7.1.2-23)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/5ad5fdcc45871bdeeca414a883acb880532accce
(6.9.13-48)
CVE-2026-46559
+ {DSA-6298-1}
- imagemagick 8:7.1.2.23+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-533m-3wf6-c33v
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/ff2f155f2874737380a80195c5849a2f06cb6ff7
(7.1.2-23)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/7d68aec1d02aaaeb513a1778e9702fa0d9ba9dcd
(6.9.13-48)
CVE-2026-46557
+ {DSA-6298-1}
- imagemagick 8:7.1.2.23+dfsg1-1
[bookworm] - imagemagick <not-affected> (vulnerable code introduced
later)
[bullseye] - imagemagick <not-affected> (vulnerable code introduced
later)
@@ -1885,11 +2188,13 @@ CVE-2026-46557
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/06fb1aa7589f4eec363b33c2bbda5986a92bb259
(7.1.2-23)
NOTE: ImageMagick6 not affected:
https://github.com/ImageMagick/ImageMagick6/issues/430
CVE-2026-47166
+ {DSA-6298-1}
- imagemagick 8:7.1.2.23+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6gxq-f64p-5w6f
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/bb79e91155127dd6c3c18a01c8761e9c2ea82d70
(7.1.2-23)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/2ca87784a434899067b8408e5f8a7f0165a8f884
(6.9.13-48)
CVE-2026-47165
+ {DSA-6298-1}
- imagemagick 8:7.1.2.23+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-2rgj-gx5x-f62w
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/bb79e91155127dd6c3c18a01c8761e9c2ea82d70
(7.1.2-23)
@@ -8406,6 +8711,7 @@ CVE-2026-45186 (In libexpat before 2.8.1, the
computational complexity of attrib
NOTE: https://github.com/libexpat/libexpat/pull/1216
NOTE: https://blog.hartwork.org/posts/expat-2-8-1-released/
CVE-2026-45184 (Kdenlive before 26.04.1 allows dangerous proxy parameters when
an atta ...)
+ {DSA-6299-1}
- kdenlive 26.04.1-1 (bug #1136172)
[trixie] - kdenlive <no-dsa> (Minor issue)
[bookworm] - kdenlive <no-dsa> (Minor issue)
@@ -14169,6 +14475,7 @@ CVE-2025-14726 (The Widgets for Social Photo Feed
plugin for WordPress is vulner
CVE-2025-12993
REJECTED
CVE-2026-42050 (ImageMagick is free and open-source software used for editing
and mani ...)
+ {DSA-6298-1}
- imagemagick 8:7.1.2.21+dfsg1-1
[bookworm] - imagemagick <postponed> (Minor issue, fix along with
future update)
[bullseye] - imagemagick <postponed> (Minor issue; can be fixed in next
update)
@@ -15923,13 +16230,13 @@ CVE-2026-3832 (A flaw was found in gnutls. A remote
attacker could exploit this
NOTE: Introduced with:
https://gitlab.com/gnutls/gnutls/-/commit/ae404fe8488dee424876b5963c00d7e041672415
(3.8.8)
NOTE: Fixed by:
https://gitlab.com/gnutls/gnutls/-/commit/731861b9de8dccaf7d3b0c1446833051e48670c2
(3.8.13)
NOTE: Test:
https://gitlab.com/gnutls/gnutls/-/commit/d52d5f4f383e8c5d8e9a03334f2421ff35d37d2e
(3.8.13)
-CVE-2026-42015
+CVE-2026-42015 (A flaw was found in gnutls. An off-by-one error exists in the
PKCS#12 ...)
{DSA-6281-1 DLA-4595-1}
- gnutls28 3.8.13-1 (bug #1135319)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-11
NOTE: https://gitlab.com/gnutls/gnutls/-/work_items/1840
NOTE: Fixed by:
https://gitlab.com/gnutls/gnutls/-/commit/a3e7c50d3e1761e5ef1d4b225507cab8f2b2c3ca
(3.8.13)
-CVE-2026-5260
+CVE-2026-5260 (A flaw was found in libgnutls. A remote attacker, by sending an
extrem ...)
{DSA-6281-1 DLA-4595-1}
- gnutls28 3.8.13-1 (bug #1135319)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-10
@@ -15944,14 +16251,14 @@ CVE-2026-42014
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1766
NOTE: Fixed by:
https://gitlab.com/gnutls/gnutls/-/commit/3957f136e2ed23caf176a594b54b3827f5cef701
(3.8.13)
NOTE: Introduced with:
https://gitlab.com/gnutls/gnutls/-/commit/f68a86202bd1aaeb3988566def4374359b211875
(gnutls_3_6_5)
-CVE-2026-42013
+CVE-2026-42013 (A flaw was found in gnutls. When validating certificates, an
oversized ...)
{DSA-6281-1 DLA-4595-1}
- gnutls28 3.8.13-1 (bug #1135319)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-8
NOTE: https://gitlab.com/gnutls/gnutls/-/work_items/1825
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1849
NOTE: Fixed by:
https://gitlab.com/gnutls/gnutls/-/commit/29801bef00ecc0f23c0bac4cd333b269cd2c1af4
(3.8.13)
-CVE-2026-42012
+CVE-2026-42012 (A flaw was found in gnutls. A remote attacker could exploit
this vulne ...)
{DSA-6281-1 DLA-4595-1}
- gnutls28 3.8.13-1 (bug #1135319)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-7
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e26939809cd214d13729d0b98bcb84e27e14cad
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e26939809cd214d13729d0b98bcb84e27e14cad
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
