Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8e2647fe by security tracker role at 2026-06-01T19:19:50+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,454 @@
-CVE-2026-46243 [smb: client: reject userspace cifs.spnego descriptions]
+CVE-2026-9614 (An Improper Access Control vulnerability in IvantiNeurons
forITSM(clou ...)
+ TODO: check
+CVE-2026-9330 (IBM WebSphere Application Server 9.0, and 8.5 is affected by an
improp ...)
+ TODO: check
+CVE-2026-9319 (IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to
potenti ...)
+ TODO: check
+CVE-2026-9311 (IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to
remote ...)
+ TODO: check
+CVE-2026-9309 (Firefox for iOS Reader View did not properly escape HTML tags
in JSON- ...)
+ TODO: check
+CVE-2026-9308 (Firefox for iOS Reader View replaced page content in its HTML
template ...)
+ TODO: check
+CVE-2026-9024 (A Stored Cross-site Scripting (XSS) vulnerability affecting
Process Ex ...)
+ TODO: check
+CVE-2026-8931 (A critical Remote Code Execution (RCE) vulnerability exists in
Disig W ...)
+ TODO: check
+CVE-2026-8644 (IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to
identit ...)
+ TODO: check
+CVE-2026-8501 (Improper access control in the PCTCore64.sys Windows kernel
driver fro ...)
+ TODO: check
+CVE-2026-8474 (A vulnerability was discovered on Stormshield Network Security
...)
+ TODO: check
+CVE-2026-7858 (A Deserialization of Untrusted Data vulnerability affecting
Teamwork C ...)
+ TODO: check
+CVE-2026-7770 (IBM i Access Family 1.1.5.0 through 1.1.9.12 IBM i Access
Client Solut ...)
+ TODO: check
+CVE-2026-49361 (Apache Fluss versions prior to 0.9.1 configure the Netty
LengthFieldBa ...)
+ TODO: check
+CVE-2026-49270 (Exposure of Sensitive Information Through Metadata
vulnerability in Ap ...)
+ TODO: check
+CVE-2026-49157 (Incorrect Default Permissions vulnerability in Apache
ActiveMQ. This ...)
+ TODO: check
+CVE-2026-49121 (AI Tensor Engine for ROCm (AITER) through 0.1.14 contains an
unauthent ...)
+ TODO: check
+CVE-2026-48879 (Incorrect Privilege Assignment vulnerability in Sergey AIWU
allows Pri ...)
+ TODO: check
+CVE-2026-48866 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2026-48865 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-48839 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-48559 (Lightweight Music Server (LMS) though 3.76.0 contains a stored
cross-s ...)
+ TODO: check
+CVE-2026-48210 (An improper default configuration in OTRS 2026.3.1 causes
ticket artic ...)
+ TODO: check
+CVE-2026-48209 (An improper neutralization of user-controllable input in OTRS
or ((OTR ...)
+ TODO: check
+CVE-2026-48208 (An improper neutralization of active SVG content in OTRS or
((OTRS)) C ...)
+ TODO: check
+CVE-2026-48191 (An incorrect handling of permissions in STORM powered by OTRS
and in O ...)
+ TODO: check
+CVE-2026-48190 (An incorrect handling of permissions in OTRS External
Interface and th ...)
+ TODO: check
+CVE-2026-48189 (An improper Input Validation vulnerability in OTRS Customer
Backend mo ...)
+ TODO: check
+CVE-2026-48188 (An improper Input Validation vulnerability in OTRS or ((OTRS))
Communi ...)
+ TODO: check
+CVE-2026-48187 (An uncontrolled allocation of resources without limits or
throttling i ...)
+ TODO: check
+CVE-2026-47294 (Deserialization of untrusted data in Microsoft Office
SharePoint allow ...)
+ TODO: check
+CVE-2026-46605 (Incomplete authorization by Apache ActiveMQ server before
versions v6. ...)
+ TODO: check
+CVE-2026-45810 (Nextcloud is an open source content collaboration platform. In
Nextclo ...)
+ TODO: check
+CVE-2026-45729 (Thor Vector Graphics (ThorVG) is a production-ready vector
graphics en ...)
+ TODO: check
+CVE-2026-45727 (CloakBrowser is a tool to bypass bot detection tests. Prior to
version ...)
+ TODO: check
+CVE-2026-45722 (Nextcloud is an open source content collaboration platform.
From versi ...)
+ TODO: check
+CVE-2026-45701 (Sulu is an open-source PHP content management system based on
the Symf ...)
+ TODO: check
+CVE-2026-45691 (Nextcloud is an open source content collaboration platform. In
Nextclo ...)
+ TODO: check
+CVE-2026-45690 (Nextcloud is an open source content collaboration platform. In
Nextclo ...)
+ TODO: check
+CVE-2026-45545 (Nextcloud is an open source content collaboration platform.
From versi ...)
+ TODO: check
+CVE-2026-45544 (Nextcloud is an open source content collaboration platform.
From versi ...)
+ TODO: check
+CVE-2026-45543 (Nextcloud is an open source content collaboration platform.
From versi ...)
+ TODO: check
+CVE-2026-45505 (Improper Input Validation, Improper Control of Generation of
Code ('Co ...)
+ TODO: check
+CVE-2026-45302 (parse-nested-form-data is a tiny node module for parsing
FormData by n ...)
+ TODO: check
+CVE-2026-45286 (Nextcloud is an open source content collaboration platform.
From versi ...)
+ TODO: check
+CVE-2026-45285 (Nextcloud is an open source content collaboration platform.
From versi ...)
+ TODO: check
+CVE-2026-45284 (Nextcloud is an open source content collaboration platform.
From versi ...)
+ TODO: check
+CVE-2026-45283 (Nextcloud is an open source content collaboration platform. In
Nextclo ...)
+ TODO: check
+CVE-2026-45282 (Nextcloud is an open source content collaboration platform. In
Nextclo ...)
+ TODO: check
+CVE-2026-45281 (Nextcloud is an open source content collaboration platform. In
Nextclo ...)
+ TODO: check
+CVE-2026-45279 (Nextcloud is an open source content collaboration platform. In
Nextclo ...)
+ TODO: check
+CVE-2026-45278 (Nextcloud is an open source content collaboration platform.
From versi ...)
+ TODO: check
+CVE-2026-45277 (Nextcloud is an open source content collaboration platform.
Prior to v ...)
+ TODO: check
+CVE-2026-45275 (Nextcloud is an open source content collaboration platform.
Prior to v ...)
+ TODO: check
+CVE-2026-45267 (Nextcloud is an open source content collaboration platform.
Prior to v ...)
+ TODO: check
+CVE-2026-45266 (Nextcloud is an open source content collaboration platform.
Prior to v ...)
+ TODO: check
+CVE-2026-45264 (Nextcloud is an open source content collaboration platform.
From versi ...)
+ TODO: check
+CVE-2026-45159 (Nextcloud is an open source content collaboration platform.
From versi ...)
+ TODO: check
+CVE-2026-45157 (Nextcloud is an open source content collaboration platform. In
Nextclo ...)
+ TODO: check
+CVE-2026-45156 (Nextcloud is an open source content collaboration platform.
From versi ...)
+ TODO: check
+CVE-2026-45155 (Nextcloud is an open source content collaboration platform. In
Nextclo ...)
+ TODO: check
+CVE-2026-45154 (Nextcloud is an open source content collaboration platform.
From versi ...)
+ TODO: check
+CVE-2026-45153 (Nextcloud is an open source content collaboration platform.
From versi ...)
+ TODO: check
+CVE-2026-45132 (CloudPirates Open Source Helm Charts is a collection of Helm
charts. P ...)
+ TODO: check
+CVE-2026-45131 (CloudPirates Open Source Helm Charts is a collection of Helm
charts. P ...)
+ TODO: check
+CVE-2026-44740 (Billy is an interface filesystem abstraction for Go. Prior to
versions ...)
+ TODO: check
+CVE-2026-44211 (Cline is an autonomous coding agent as an SDK, IDE extension,
or CLI a ...)
+ TODO: check
+CVE-2026-43958 (A flaw was found in rrdcached, a component of rrdtool. A local
attacke ...)
+ TODO: check
+CVE-2026-43625 (CodexBar prior to 0.32.0 contains a session cookie leakage
vulnerabili ...)
+ TODO: check
+CVE-2026-43624 (F5-TTS through version 1.1.20 contains a path traversal
vulnerability ...)
+ TODO: check
+CVE-2026-43623 (microtar through 0.1.0 contains a stack-based buffer overflow
vulnerab ...)
+ TODO: check
+CVE-2026-42683 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-42682 (Missing Authorization vulnerability in Tomdever wpForo Forum
allows Ex ...)
+ TODO: check
+CVE-2026-42681 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-42680 (Incorrect Privilege Assignment vulnerability in Wasiliy
Strecker / Con ...)
+ TODO: check
+CVE-2026-42679 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2026-42678 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-42677 (Missing Authorization vulnerability in Ben Balter WP Document
Revision ...)
+ TODO: check
+CVE-2026-42676 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-42675 (Missing Authorization vulnerability in Themefic Hydra Booking
allows E ...)
+ TODO: check
+CVE-2026-42674 (Authentication Bypass by Spoofing vulnerability in AAM Plugin
Advanced ...)
+ TODO: check
+CVE-2026-42673 (Insertion of Sensitive Information Into Sent Data
vulnerability in Log ...)
+ TODO: check
+CVE-2026-42672 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2026-42671 (Missing Authorization vulnerability in Paolo GeoDirectory
allows Explo ...)
+ TODO: check
+CVE-2026-42588 (Improper Input Validation, Improper Control of Generation of
Code ('Co ...)
+ TODO: check
+CVE-2026-42253 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-42251 (Use of hard-coded credentials in KS-SOMED allowed an
unauthorized atta ...)
+ TODO: check
+CVE-2026-41013 (Input validation bypass in SMB volume mount handling in
CloudFoundry F ...)
+ TODO: check
+CVE-2026-40990 (OOM error is possible while attempting to add infinite amount
of funct ...)
+ TODO: check
+CVE-2026-40989 (Under infinite recursion in the routing layer,
request-handling can ca ...)
+ TODO: check
+CVE-2026-40549 (SOPlanning is vulnerable to Cross\u2011Site Request Forgery
(CSRF) in ...)
+ TODO: check
+CVE-2026-40548 (SOPlanning does not verify uploaded file extension. An
authenticated a ...)
+ TODO: check
+CVE-2026-40547 (SOPlanning is vulnerable to Path Traversal in backup
endpoints. Authe ...)
+ TODO: check
+CVE-2026-40546 (SOPlanning is vulnerable to SQL Injection across multiple
endpoints an ...)
+ TODO: check
+CVE-2026-40545 (SOPlanning is vulnerable to Reflected XSS via the taches
parameter. An ...)
+ TODO: check
+CVE-2026-40544 (SOPlanning is vulnerable to Stored Cross-Site Scripting (XSS)
via /pro ...)
+ TODO: check
+CVE-2026-40543 (SOPlanning does not enforce authorization for backup
functionalities.A ...)
+ TODO: check
+CVE-2026-38950 (An issue in ESA AnomalyMatch before 1.3.1 allow attackers to
execute a ...)
+ TODO: check
+CVE-2026-37235 (FlexRIC v2.0.0 trusts the xapp_id field from E42 message
payloads with ...)
+ TODO: check
+CVE-2026-37233 (FlexRIC v2.0.0 contains an authorization bypass in the iApp's
xApp iso ...)
+ TODO: check
+CVE-2026-37232 (An issue was discovered in OpenAirInterface5G 2.4.0
(nr-softmodem) in ...)
+ TODO: check
+CVE-2026-37231 (FlexRIC v2.0.0 uses a uint16_t counter for xapp_id assignment
but stor ...)
+ TODO: check
+CVE-2026-37230 (FlexRIC v2.0.0 crashes when the near-RT RIC receives a
RIC_INDICATION ...)
+ TODO: check
+CVE-2026-37229 (FlexRIC v2.0.0 contains a reachable assertion in
e2ap_create_pdu() tri ...)
+ TODO: check
+CVE-2026-37228 (FlexRIC v2.0.0 contains a reachable assertion in
e2ap_recv_sctp_msg() ...)
+ TODO: check
+CVE-2026-37227 (FlexRIC v2.0.0 contains reachable assert(0) calls in stub
message hand ...)
+ TODO: check
+CVE-2026-37226 (FlexRIC v2.0.0 crashes when the iApp receives an
E42_RIC_SUBSCRIPTION_ ...)
+ TODO: check
+CVE-2026-37225 (FlexRIC v2.0.0 crashes when the iApp receives an
E42_RIC_SUBSCRIPTION_ ...)
+ TODO: check
+CVE-2026-37224 (FlexRIC v2.0.0 crashes when receiving a duplicate
E2_SETUP_REQUEST fro ...)
+ TODO: check
+CVE-2026-37223 (FlexRIC v2.0.0 contains a reachable assertion in the iApp
message disp ...)
+ TODO: check
+CVE-2026-37222 (FlexRIC v2.0.0 uses hardcoded assertions to validate
Information Eleme ...)
+ TODO: check
+CVE-2026-37221 (FlexRIC v2.0.0 crashes when receiving a
RIC_SUBSCRIPTION_RESPONSE with ...)
+ TODO: check
+CVE-2026-37220 (FlexRIC v2.0.0 crashes when an SCTP association is closed
before an E2 ...)
+ TODO: check
+CVE-2026-34193 (Kernel software installed and running inside a Guest/Host VM
may post ...)
+ TODO: check
+CVE-2026-32325 (Privilege chaining issue exists in ServerView Agents for
Windows V11.6 ...)
+ TODO: check
+CVE-2026-30963 (Capsule is a multi-tenancy and policy-based framework for
Kubernetes. ...)
+ TODO: check
+CVE-2026-27788 (Incorrect permission assignment for critical resource issue
exists in ...)
+ TODO: check
+CVE-2026-25600 (The PDBM application relies on a static, hard\u2011coded
secret embedd ...)
+ TODO: check
+CVE-2026-25599 (Missing authentication and clear\u2011text transmission of
data from t ...)
+ TODO: check
+CVE-2026-23638 (Kiteworks is a private data network (PDN). Prior to version
9.3.0, an ...)
+ TODO: check
+CVE-2026-22872 (Capsule is a multi-tenancy and policy-based framework for
Kubernetes. ...)
+ TODO: check
+CVE-2026-20456 (In wlan STA driver, there is a possible system crash due to a
missing ...)
+ TODO: check
+CVE-2026-20455 (In geniezone, there is a possible out of bounds write due to a
missing ...)
+ TODO: check
+CVE-2026-20454 (In geniezone, there is a possible out of bounds write due to a
race co ...)
+ TODO: check
+CVE-2026-20453 (In geniezone, there is a possible out of bounds write due to a
missing ...)
+ TODO: check
+CVE-2026-20452 (In wlan AP driver, there is a possible memory corruption due
to a heap ...)
+ TODO: check
+CVE-2026-10533 (A flaw was found in OpenShift Container Platform. Completed
pods with ...)
+ TODO: check
+CVE-2026-10532 (Deserialization of untrusted data vulnerability in QOS.CH Sarl
logback ...)
+ TODO: check
+CVE-2026-10517 (A flaw was found in Clair. The fetcher component makes
outbound HTTP r ...)
+ TODO: check
+CVE-2026-10283 (A vulnerability was detected in Bottelet DaybydayCRM up to
2.2.1. Affe ...)
+ TODO: check
+CVE-2026-10282 (A security vulnerability has been detected in Bottelet
DaybydayCRM up ...)
+ TODO: check
+CVE-2026-10281 (A weakness has been identified in Enderfga claw-orchestrator
up to 3.5 ...)
+ TODO: check
+CVE-2026-10280 (A security flaw has been discovered in horizon921 mcpilot
0.1.0. The i ...)
+ TODO: check
+CVE-2026-10279 (A vulnerability was identified in hiraishikentaro wezterm-mcp
0.1.0. T ...)
+ TODO: check
+CVE-2026-10278 (A vulnerability was determined in ishayoyo excel-mcp up to
1.0.2. Impa ...)
+ TODO: check
+CVE-2026-10277 (A vulnerability was found in j3k0 mcp-google-workspace up to
831790e7d ...)
+ TODO: check
+CVE-2026-10276 (A vulnerability has been found in hekmon8 Jenkins-server-mcp
0.1.0. Th ...)
+ TODO: check
+CVE-2026-10275 (A flaw has been found in OpenSC up to 0.26.1. This affects the
functio ...)
+ TODO: check
+CVE-2026-10274 (A vulnerability was determined in indrasishbanerjee
aem-mcp-server up ...)
+ TODO: check
+CVE-2026-10273 (A vulnerability was found in php-censor up to 2.1.6. This
affects an u ...)
+ TODO: check
+CVE-2026-10272 (A vulnerability has been found in a4m4
Student-Management-System up to ...)
+ TODO: check
+CVE-2026-10271 (A flaw has been found in a4m4 Student-Management-System up to
f0c5f684 ...)
+ TODO: check
+CVE-2026-10270 (A vulnerability was detected in D-Link DI-7001 MINI up to
19.09.19A1. ...)
+ TODO: check
+CVE-2026-10269 (A security vulnerability has been detected in decolua 9router
up to 0. ...)
+ TODO: check
+CVE-2026-10268 (A weakness has been identified in janet-lang janet up to
1.41.0. This ...)
+ TODO: check
+CVE-2026-10267 (A security flaw has been discovered in janet-lang janet up to
1.41.0. ...)
+ TODO: check
+CVE-2026-10265 (A vulnerability was identified in itsourcecode Content
Management Syst ...)
+ TODO: check
+CVE-2026-10264 (A vulnerability was determined in lharries whatsapp-mcp 0.0.1.
Affecte ...)
+ TODO: check
+CVE-2026-10263 (A vulnerability was found in SourceCodester Computer Repair
Shop Manag ...)
+ TODO: check
+CVE-2026-10262 (A vulnerability has been found in code-projects Real State
Services 1. ...)
+ TODO: check
+CVE-2026-10261 (A flaw has been found in CodeAstro Online Job Portal 1.0. This
affects ...)
+ TODO: check
+CVE-2026-10260 (A vulnerability was detected in CodeAstro Online Job Portal
1.0. The i ...)
+ TODO: check
+CVE-2026-10259 (A security vulnerability has been detected in H3C Magic B0 up
to 100R0 ...)
+ TODO: check
+CVE-2026-10258 (A weakness has been identified in itsourcecode Content
Management Syst ...)
+ TODO: check
+CVE-2026-10257 (A security flaw has been discovered in itsourcecode Content
Management ...)
+ TODO: check
+CVE-2026-10256 (A vulnerability was identified in itsourcecode Content
Management Syst ...)
+ TODO: check
+CVE-2026-10255 (A vulnerability has been found in SourceCodester Pharmacy
Sales and In ...)
+ TODO: check
+CVE-2026-10254 (A flaw has been found in SourceCodester Pet Grooming
Management Softwa ...)
+ TODO: check
+CVE-2026-10253 (A vulnerability was detected in itsourcecode Online House
Rental Syste ...)
+ TODO: check
+CVE-2026-10252 (A security vulnerability has been detected in itsourcecode
Online Hous ...)
+ TODO: check
+CVE-2026-10251 (A weakness has been identified in itsourcecode Online House
Rental Sys ...)
+ TODO: check
+CVE-2026-10250 (A security flaw has been discovered in itsourcecode Online
Blood Bank ...)
+ TODO: check
+CVE-2026-10249 (A vulnerability was identified in itsourcecode Online Blood
Bank Manag ...)
+ TODO: check
+CVE-2026-10248 (A vulnerability was determined in SourceCodester Pharmacy
Sales and In ...)
+ TODO: check
+CVE-2026-10247 (A vulnerability was found in SourceCodester Pharmacy Sales and
Invento ...)
+ TODO: check
+CVE-2026-10246 (A vulnerability has been found in SourceCodester Pharmacy
Sales and In ...)
+ TODO: check
+CVE-2026-10245 (A flaw has been found in SourceCodester Pharmacy Sales and
Inventory S ...)
+ TODO: check
+CVE-2026-10244 (A vulnerability was detected in SourceCodester Pharmacy Sales
and Inve ...)
+ TODO: check
+CVE-2026-10243 (A security vulnerability has been detected in code-projects
Smart Park ...)
+ TODO: check
+CVE-2026-10242 (A weakness has been identified in itsourcecode Content
Management Syst ...)
+ TODO: check
+CVE-2026-10241 (A security flaw has been discovered in jeecgboot The server
processes ...)
+ TODO: check
+CVE-2026-10240 (A vulnerability was identified in JeecgBoot up to 3.9.2. The
impacted ...)
+ TODO: check
+CVE-2026-10239 (A vulnerability was determined in JeecgBoot up to 3.9.2. The
affected ...)
+ TODO: check
+CVE-2026-10237 (A vulnerability was found in SourceCodester Water Billing
Management S ...)
+ TODO: check
+CVE-2026-10236 (A vulnerability has been found in SourceCodester Water Billing
Managem ...)
+ TODO: check
+CVE-2026-10235 (A flaw has been found in CodeAstro Ingredients Stock
Management System ...)
+ TODO: check
+CVE-2026-10234 (A vulnerability was detected in Mettle sendportal up to 3.0.1.
This af ...)
+ TODO: check
+CVE-2026-10233 (A security vulnerability has been detected in Assimp up to
6.0.4. Affe ...)
+ TODO: check
+CVE-2026-10232 (A weakness has been identified in Assimp up to 6.0.4. Affected
by this ...)
+ TODO: check
+CVE-2026-10231 (A security flaw has been discovered in Assimp up to 6.0.4.
Affected is ...)
+ TODO: check
+CVE-2026-10230 (A vulnerability was identified in Assimp up to 6.0.4. This
impacts the ...)
+ TODO: check
+CVE-2026-10229 (A vulnerability was determined in Assimp up to 6.0.4. This
affects the ...)
+ TODO: check
+CVE-2026-10228 (A vulnerability was found in raisulislamg4
student_management_system_b ...)
+ TODO: check
+CVE-2026-10227 (A vulnerability has been found in raisulislamg4
student_management_sys ...)
+ TODO: check
+CVE-2026-10226 (A flaw has been found in raisulislamg4
student_management_system_by_ph ...)
+ TODO: check
+CVE-2026-10225 (A vulnerability was detected in raisulislamg4
student_management_syste ...)
+ TODO: check
+CVE-2026-10224 (A security vulnerability has been detected in NousResearch
hermes-agen ...)
+ TODO: check
+CVE-2026-10223 (A weakness has been identified in NousResearch hermes-agent up
to 2026 ...)
+ TODO: check
+CVE-2026-10222 (A security flaw has been discovered in NousResearch
hermes-agent up to ...)
+ TODO: check
+CVE-2026-10221 (A vulnerability was identified in NousResearch hermes-agent up
to 0.12 ...)
+ TODO: check
+CVE-2026-10220 (A vulnerability was determined in NousResearch hermes-agent up
to 2026 ...)
+ TODO: check
+CVE-2026-10219 (A vulnerability was found in nextlevelbuilder GoClaw up to
3.11.3. Thi ...)
+ TODO: check
+CVE-2026-10218 (A vulnerability has been found in nextlevelbuilder GoClaw up
to 3.11.3 ...)
+ TODO: check
+CVE-2026-10217 (A flaw has been found in nextlevelbuilder GoClaw up to 3.11.3.
The imp ...)
+ TODO: check
+CVE-2026-10216 (A vulnerability was detected in unitedbyai droidclaw up to
0.5.3. The ...)
+ TODO: check
+CVE-2026-10215 (A security vulnerability has been detected in Dolibarr ERP CRM
up to 2 ...)
+ TODO: check
+CVE-2026-10214 (A weakness has been identified in zhayujie chatgpt-on-wechat
up to 2.0 ...)
+ TODO: check
+CVE-2026-10213 (A security flaw has been discovered in AstrBotDevs AstrBot
4.23.6. Thi ...)
+ TODO: check
+CVE-2026-10212 (A vulnerability was identified in AstrBotDevs AstrBot 4.24.2.
This aff ...)
+ TODO: check
+CVE-2026-10211 (A vulnerability was determined in AstrBotDevs AstrBot 4.23.6.
Affected ...)
+ TODO: check
+CVE-2026-10210 (A vulnerability was found in AstrBotDevs AstrBot 4.23.6.
Affected by t ...)
+ TODO: check
+CVE-2026-10209 (A vulnerability has been found in code-projects Online
Hospital Manage ...)
+ TODO: check
+CVE-2026-10208 (A flaw has been found in code-projects Online Hospital
Management Syst ...)
+ TODO: check
+CVE-2026-10206 (A vulnerability was detected in D-Link DI-8400 up to
16.07.26A1. This ...)
+ TODO: check
+CVE-2026-10205 (A security vulnerability has been detected in Metasoft
\u7f8e\u7279\u8 ...)
+ TODO: check
+CVE-2026-10204 (A weakness has been identified in OFCMS 1.1.3. The affected
element is ...)
+ TODO: check
+CVE-2026-10203 (A security flaw has been discovered in OFCMS 1.1.3. Impacted
is the fu ...)
+ TODO: check
+CVE-2026-10202 (A vulnerability was identified in OFCMS 1.1.3. This issue
affects the ...)
+ TODO: check
+CVE-2026-10201 (A vulnerability was determined in Assimp up to 6.0.4. This
vulnerabili ...)
+ TODO: check
+CVE-2026-10200 (A vulnerability was found in Assimp up to 6.0.4. This affects
the func ...)
+ TODO: check
+CVE-2026-10199 (A vulnerability has been found in Assimp up to 6.0.4. Affected
by this ...)
+ TODO: check
+CVE-2026-10198 (A flaw has been found in Assimp up to 6.0.4. Affected by this
vulnerab ...)
+ TODO: check
+CVE-2026-10197 (A vulnerability was detected in Assimp up to 6.0.4. Affected
is the fu ...)
+ TODO: check
+CVE-2026-10118 (A flaw was found in Poppler's Splash backend. A remote
attacker could ...)
+ TODO: check
+CVE-2026-0826 (In certain scenarios when the admin has enabled Interactive
Connectivi ...)
+ TODO: check
+CVE-2026-0072 (In addInputMethodListener of
com.android.server.inputmethod.InputMetho ...)
+ TODO: check
+CVE-2025-60495 (A segmentation violation in the gf_media_get_color_info
function (/med ...)
+ TODO: check
+CVE-2025-60486 (A heap use-after-free in the dasher_process function
(/filters/dasher. ...)
+ TODO: check
+CVE-2025-60485 (A segmentation violation in the gf_isom_apple_set_tag_ex
function (/is ...)
+ TODO: check
+CVE-2025-60483 (A NULL pointer dereference in the
gf_ac4_pres_b_4_back_channels_presen ...)
+ TODO: check
+CVE-2025-60481 (A NULL pointer dereference in the gf_odf_ac4_cfg_dsi_v1
function (/odf ...)
+ TODO: check
+CVE-2025-55664 (A heap buffer overflow in the m2tsdmx_send_packet function
(filters/dm ...)
+ TODO: check
+CVE-2024-52011 (launch-editor allows users to open files with line numbers in
editor f ...)
+ TODO: check
+CVE-2024-40646 (Vertex is a management tool for PT (Private Tracker) users to
manage s ...)
+ TODO: check
+CVE-2022-4991 (Tychon includes an OpenSSL component that specifies an
OPENSSLDIR vari ...)
+ TODO: check
+CVE-2026-46243 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
- linux 7.0.10-1
[trixie] - linux 6.12.90-2
[bookworm] - linux 6.1.174-1
@@ -58,20 +508,20 @@ CVE-2026-41440
[bullseye] - qemu <not-affected> (Vulnerable code not present)
NOTE: Introduced with:
https://gitlab.com/qemu-project/qemu/-/commit/f1488fac0584cc095865e4d4d987f01f4e97fbe5
(v10.0.0-rc0)
NOTE: Fixed by:
https://gitlab.com/qemu-project/qemu/-/commit/4139cf452f546b95172b3bad93714d380cd0f4ef
(v11.0.1)
-CVE-2026-35563
+CVE-2026-35563 (It was identified that the LDAP client implementation in
version 2.1.7 ...)
- apache-directory-api <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2026/06/01/2
-CVE-2026-48827
+CVE-2026-48827 (Path traversal vulnerability in Apache MINA SSHD bundle
sshd-git. Lack ...)
- mina2 <unfixed> (bug #1138634)
[trixie] - mina2 <no-dsa> (Minor issue)
[bookworm] - mina2 <no-dsa> (Minor issue)
- mina <removed>
[bookworm] - mina <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/30/1
-CVE-2026-44825
+CVE-2026-44825 (Hardcoded credentials in the Basic Authentication setup tool
(bin/solr ...)
- lucene-solr <not-affected> (Only affects 9.4.0 and later)
NOTE: https://issues.apache.org/jira/browse/SOLR-18233
-CVE-2026-8796
+CVE-2026-8796 (Sereal::Decoder versions before 5.005 for Perl allow heap
out-of-bound ...)
- libsereal-decoder-perl 5.006+ds-1 (bug #1138633)
[trixie] - libsereal-decoder-perl <no-dsa> (Minor issue)
[bookworm] - libsereal-decoder-perl <no-dsa> (Minor issue)
@@ -170,37 +620,37 @@ CVE-2026-10153 (A flaw has been found in westboy
CicadasCMS up to 2431154dac8d07
NOT-FOR-US: CicadasCMS
CVE-2026-10152 (A vulnerability was detected in TaleLin lin-cms-spring-boot up
to 0.2. ...)
NOT-FOR-US: lin-cms-spring-boot
-CVE-2026-42359
+CVE-2026-42359 (A bug in Apache Airflow's XCom PATCH endpoint `PATCH
/api/v2/xcomEntri ...)
- airflow <itp> (bug #819700)
-CVE-2026-45360
+CVE-2026-45360 (Apache Airflow's scheduler-side deadline-reference decoder
(`Serialize ...)
- airflow <itp> (bug #819700)
-CVE-2026-45426
+CVE-2026-45426 (Exploitation requires the attacker to already be an
authenticated Airf ...)
- airflow <itp> (bug #819700)
-CVE-2026-46764
+CVE-2026-46764 (The Event Log detail endpoint `GET
/api/v2/eventLogs/{event_log_id}` i ...)
- airflow <itp> (bug #819700)
-CVE-2026-48726
+CVE-2026-48726 (A bug in Apache Airflow's auth manager logout handling left
previously ...)
- airflow <itp> (bug #819700)
-CVE-2026-49298
+CVE-2026-49298 (A bug in Apache Airflow's KubernetesExecutor caused JWT tokens
used by ...)
- airflow <itp> (bug #819700)
-CVE-2026-42358
+CVE-2026-42358 (A bug in Apache Airflow's Variable response masker caused
nested-key r ...)
- airflow <itp> (bug #819700)
-CVE-2026-42360
+CVE-2026-42360 (A bug in Apache Airflow's rendered-template field handling
caused nest ...)
- airflow <itp> (bug #819700)
-CVE-2026-40861
+CVE-2026-40861 (A Dag author could either (a) create a symlink under their
task's log ...)
- airflow <itp> (bug #819700)
-CVE-2026-40961
+CVE-2026-40961 (A bug in the login redirect route in Apache Airflow allowed
authentica ...)
- airflow <itp> (bug #819700)
-CVE-2026-40963
+CVE-2026-40963 (The structure_data endpoint in the Airflow UI returned
external depend ...)
- airflow <itp> (bug #819700)
-CVE-2026-41014
+CVE-2026-41014 (The partitioned_dag_runs endpoints in the Airflow UI enforced
only ass ...)
- airflow <itp> (bug #819700)
-CVE-2026-49267
+CVE-2026-49267 (Apache Airflow's EmailOperator and the underlying
`airflow.utils.email ...)
- airflow <itp> (bug #819700)
-CVE-2026-41017
+CVE-2026-41017 (Apache Airflow's `JWTRefreshMiddleware` set the JWT auth
cookie withou ...)
- airflow <itp> (bug #819700)
-CVE-2026-41084
+CVE-2026-41084 (A bug in Apache Airflow's bulk Task Instances API
(`PATCH/DELETE /api/ ...)
- airflow <itp> (bug #819700)
-CVE-2026-42252
+CVE-2026-42252 (Apache Airflow's official documentation at
`core-concepts/dag-run.html ...)
- airflow <itp> (bug #819700)
CVE-2026-49390
- netatalk <unfixed>
@@ -507,7 +957,7 @@ CVE-2026-49367 (In JetBrains IntelliJ IDEA before 2026.1.1
command execution was
- intellij-idea <itp> (bug #747616)
CVE-2026-49366 (In JetBrains IntelliJ IDEA before 2026.1.1 command injection
was possi ...)
- intellij-idea <itp> (bug #747616)
-CVE-2026-49328
+CVE-2026-49328 (Server-Side Request Forgery (SSRF) in the UrlImageConverter
component ...)
NOT-FOR-US: Apache Fesod
CVE-2026-49325 (Improper handling of physical conditions in the bike-shutdown
control ...)
NOT-FOR-US: Indian Motorcycle Scout Bobber + Tech 2025 model year
@@ -890,394 +1340,522 @@ CVE-2026-48998
[bookworm] - php-guzzlehttp-psr7 <no-dsa> (Minor issue)
NOTE:
https://github.com/guzzle/psr7/security/advisories/GHSA-34xg-wgjx-8xph
CVE-2026-9999 (Inappropriate implementation in ANGLE in Google Chrome on Mac
prior to ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9998 (Integer overflow in Skia in Google Chrome prior to
148.0.7778.216 allo ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
- libskia 146.20260414~git.ef5f213+dfsg-5
CVE-2026-9997 (Use after free in Input in Google Chrome prior to
148.0.7778.216 allow ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9996 (Out of bounds read in WebRTC in Google Chrome on Mac prior to
148.0.77 ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9995 (Use after free in WebXR in Google Chrome prior to
148.0.7778.216 allow ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9994 (Use after free in Core in Google Chrome on Windows prior to
148.0.7778 ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9993 (Use after free in Views in Google Chrome prior to
148.0.7778.216 allow ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9992 (Use after free in Network in Google Chrome prior to
148.0.7778.216 all ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9991 (Inappropriate implementation in Media in Google Chrome on
Windows prio ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9990 (Use after free in WebAppInstalls in Google Chrome on Mac prior
to 148. ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9989 (Inappropriate implementation in Media in Google Chrome prior to
148.0. ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9988 (Use after free in WebRTC in Google Chrome on Linux prior to
148.0.7778 ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9987 (Insufficient validation of untrusted input in WebAppInstalls in
Google ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9986 (Insufficient validation of untrusted input in OptimizationGuide
in Goo ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9985 (Insufficient validation of untrusted input in Media in Google
Chrome o ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9984 (Use after free in UI in Google Chrome on Windows prior to
148.0.7778.2 ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9983 (Type Confusion in Skia in Google Chrome prior to 148.0.7778.216
allowe ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
- libskia 146.20260414~git.ef5f213+dfsg-5
CVE-2026-9982 (Insufficient validation of untrusted input in ANGLE in Google
Chrome p ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9981 (Inappropriate implementation in Skia in Google Chrome prior to
148.0.7 ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
- libskia 146.20260414~git.ef5f213+dfsg-5
CVE-2026-9980 (Insufficient validation of untrusted input in Printing in
Google Chrom ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9979 (Insufficient validation of untrusted input in Input in Google
Chrome p ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9978 (Use after free in Glic in Google Chrome prior to 148.0.7778.216
allowe ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9977 (Insufficient validation of untrusted input in WebShare in
Google Chrom ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9976 (Inappropriate implementation in USB in Google Chrome prior to
148.0.77 ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9975 (Out of bounds read and write in ANGLE in Google Chrome prior to
148.0. ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9974 (Out of bounds write in GPU in Google Chrome prior to
148.0.7778.216 al ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9973 (Out of bounds write in V8 in Google Chrome prior to
148.0.7778.216 all ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9972 (Uninitialized Use in Gamepad in Google Chrome on Mac prior to
148.0.77 ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9971 (Inappropriate implementation in iOS in Google Chrome on iOS
prior to 1 ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9970 (Use after free in WebGL in Google Chrome prior to
148.0.7778.216 allow ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9969 (Insufficient validation of untrusted input in ANGLE in Google
Chrome p ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9968 (Integer overflow in V8 in Google Chrome prior to 148.0.7778.216
allowe ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9967 (Out of bounds write in GPU in Google Chrome prior to
148.0.7778.216 al ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9966 (Integer overflow in XML in Google Chrome on Windows prior to
148.0.777 ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9965 (Out of bounds write in ANGLE in Google Chrome prior to
148.0.7778.216 ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9964 (Use after free in Bluetooth in Google Chrome on Mac prior to
148.0.777 ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9963 (Uninitialized Use in iOS in Google Chrome on iOS prior to
148.0.7778.2 ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9962 (Use after free in WebRTC in Google Chrome prior to
148.0.7778.216 allo ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9961 (Use after free in SurfaceCapture in Google Chrome prior to
148.0.7778. ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9960 (Integer overflow in PDFium in Google Chrome prior to
148.0.7778.216 al ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9959 (Race in WebRTC in Google Chrome on Windows prior to
148.0.7778.216 all ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9958 (Use after free in PDFium in Google Chrome prior to
148.0.7778.216 allo ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9957 (Use after free in PDF in Google Chrome prior to 148.0.7778.216
allowed ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9956 (Use after free in iOS in Google Chrome on iOS prior to
148.0.7778.216 ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9955 (Inappropriate implementation in iOS in Google Chrome on iOS
prior to 1 ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9954 (Use after free in TabStrip in Google Chrome prior to
148.0.7778.216 al ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9953 (Out of bounds read in ANGLE in Google Chrome prior to
148.0.7778.216 a ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9952 (Use after free in WebAudio in Google Chrome prior to
148.0.7778.216 al ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9951 (Use after free in UI in Google Chrome prior to 148.0.7778.216
allowed ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9950 (Insufficient validation of untrusted input in iOS in Google
Chrome on ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9949 (Use after free in Core in Google Chrome on Windows prior to
148.0.7778 ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9948 (Use after free in Views in Google Chrome on Mac prior to
148.0.7778.21 ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9947 (Use after free in XML in Google Chrome prior to 148.0.7778.216
allowed ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9946 (Use after free in ANGLE in Google Chrome prior to
148.0.7778.216 allow ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9945 (Use after free in Media in Google Chrome on Windows prior to
148.0.777 ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9944 (Uninitialized Use in ANGLE in Google Chrome prior to
148.0.7778.216 al ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9943 (Out of bounds read in WebGL in Google Chrome on Android prior
to 148.0 ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9942 (Uninitialized Use in ANGLE in Google Chrome prior to
148.0.7778.216 al ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9941 (Use after free in ANGLE in Google Chrome prior to
148.0.7778.216 allow ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9940 (Heap buffer overflow in ANGLE in Google Chrome prior to
148.0.7778.216 ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9939 (Heap buffer overflow in WebCodecs in Google Chrome prior to
148.0.7778 ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9938 (Inappropriate implementation in V8 in Google Chrome prior to
148.0.777 ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9937 (Use after free in UI in Google Chrome on Windows prior to
148.0.7778.2 ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9936 (Use after free in GFX in Google Chrome on Mac prior to
148.0.7778.216 ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9935 (Uninitialized Use in ANGLE in Google Chrome prior to
148.0.7778.216 al ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9934 (Use after free in Aura in Google Chrome prior to 148.0.7778.216
allowe ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9933 (Use after free in Input in Google Chrome prior to
148.0.7778.216 allow ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9932 (Use after free in ANGLE in Google Chrome on Windows prior to
148.0.777 ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9931 (Use after free in GPU in Google Chrome prior to 148.0.7778.216
allowed ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9930 (Out of bounds write in Dawn in Google Chrome on Mac prior to
148.0.777 ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9929 (Inappropriate implementation in WebGL in Google Chrome on
Android prio ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9928 (Out of bounds read in ANGLE in Google Chrome on Windows prior
to 148.0 ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9927 (Use after free in ANGLE in Google Chrome prior to
148.0.7778.216 allow ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9926 (Heap buffer overflow in ANGLE in Google Chrome prior to
148.0.7778.216 ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9925 (Use after free in ANGLE in Google Chrome prior to
148.0.7778.216 allow ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9924 (Heap buffer overflow in ANGLE in Google Chrome on Windows prior
to 148 ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9923 (Use after free in Skia in Google Chrome prior to 148.0.7778.216
allowe ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
- libskia 146.20260414~git.ef5f213+dfsg-5
CVE-2026-9922 (Use after free in GPU in Google Chrome on Mac prior to
148.0.7778.216 ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9921 (Uninitialized Use in WebGL in Google Chrome on Android prior to
148.0. ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9920 (Uninitialized Use in GPU in Google Chrome on Android prior to
148.0.77 ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9919 (Out of bounds read in WebGL in Google Chrome on Android prior
to 148.0 ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9918 (Inappropriate implementation in Tint in Google Chrome prior to
148.0.7 ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9917 (Uninitialized Use in WebGL in Google Chrome on Android prior to
148.0. ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9916 (Out of bounds write in ANGLE in Google Chrome prior to
148.0.7778.216 ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9915 (Heap buffer overflow in ANGLE in Google Chrome prior to
148.0.7778.216 ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9914 (Insufficient validation of untrusted input in ANGLE in Google
Chrome p ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9913 (Inappropriate implementation in ANGLE in Google Chrome prior to
148.0. ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9912 (Inappropriate implementation in GPU in Google Chrome on Android
prior ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9911 (Integer overflow in ANGLE in Google Chrome prior to
148.0.7778.216 all ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9910 (Out of bounds memory access in ANGLE in Google Chrome prior to
148.0.7 ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9909 (Integer overflow in Skia in Google Chrome prior to
148.0.7778.216 allo ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
- libskia 146.20260414~git.ef5f213+dfsg-5
CVE-2026-9908 (Out of bounds read in ANGLE in Google Chrome prior to
148.0.7778.216 a ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9907 (Out of bounds read in Dawn in Google Chrome on Windows prior to
148.0. ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9906 (Out of bounds write in GPU in Google Chrome prior to
148.0.7778.216 al ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9905 (Use after free in Accessibility in Google Chrome on Windows
prior to 1 ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9904 (Use after free in ANGLE in Google Chrome prior to
148.0.7778.216 allow ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9903 (Insufficient validation of untrusted input in Site Isolation in
Google ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9902 (Use after free in Accessibility in Google Chrome prior to
148.0.7778.2 ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9901 (Use after free in ANGLE in Google Chrome prior to
148.0.7778.216 allow ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9900 (Out of bounds write in ANGLE in Google Chrome prior to
148.0.7778.216 ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9899 (Use after free in ANGLE in Google Chrome prior to
148.0.7778.216 allow ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9898 (Insufficient validation of untrusted input in GPU in Google
Chrome on ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9897 (Use after free in DOM in Google Chrome prior to 148.0.7778.216
allowed ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9896 (Out of bounds write in V8 in Google Chrome prior to
148.0.7778.216 all ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9895 (Out of bounds read in GPU in Google Chrome prior to
148.0.7778.216 all ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9894 (Use after free in GPU in Google Chrome prior to 148.0.7778.216
allowed ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9893 (Use after free in Skia in Google Chrome prior to 148.0.7778.216
allowe ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
- libskia 146.20260414~git.ef5f213+dfsg-5
CVE-2026-9892 (Inappropriate implementation in Skia in Google Chrome on
Android prior ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
- libskia 146.20260414~git.ef5f213+dfsg-5
CVE-2026-9891 (Use after free in Extensions in Google Chrome prior to
148.0.7778.216 ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9890 (Use after free in XR in Google Chrome on Windows prior to
148.0.7778.2 ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9889 (Out of bounds read and write in Dawn in Google Chrome on
Android prior ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9888 (Use after free in WebView in Google Chrome on Android prior to
148.0.7 ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9887 (Use after free in Proxy in Google Chrome prior to
148.0.7778.216 allow ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9886 (Use after free in Base in Google Chrome on Mac prior to
148.0.7778.216 ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9885 (Insufficient validation of untrusted input in UI in Google
Chrome on M ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9884 (Use after free in Browser in Google Chrome on Mac prior to
148.0.7778. ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9883 (Use after free in Base in Google Chrome prior to 148.0.7778.216
allowe ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9882 (Integer overflow in ANGLE in Google Chrome prior to
148.0.7778.216 all ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9881 (Use after free in Bluetooth in Google Chrome on Mac prior to
148.0.777 ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9880 (Insufficient validation of untrusted input in WebGL in Google
Chrome p ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9879 (Out of bounds write in ANGLE in Google Chrome prior to
148.0.7778.216 ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9878 (Use after free in ANGLE in Google Chrome prior to
148.0.7778.216 allow ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9877 (Use after free in ANGLE in Google Chrome prior to
148.0.7778.216 allow ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9876 (Use after free in WebGL in Google Chrome on Android prior to
148.0.777 ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9875 (Out of bounds read in WebGL in Google Chrome on Android prior
to 148.0 ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9874 (Use after free in Dawn in Google Chrome prior to 148.0.7778.216
allowe ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9873 (Use after free in Network in Google Chrome prior to
148.0.7778.216 all ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9872 (Out of bounds write in GPU in Google Chrome on Android prior to
148.0. ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-9714 (The Simple Divi Shortcode plugin for WordPress is vulnerable to
Stored ...)
@@ -1497,77 +2075,100 @@ CVE-2026-10028 (A flaw was found in glib-networking. A
remote attacker can explo
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2465152
NOTE: https://gitlab.gnome.org/GNOME/glib-networking/-/work_items/231
CVE-2026-10022 (Type Confusion in V8 in Google Chrome prior to 148.0.7778.216
allowed ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-10021 (Insufficient validation of untrusted input in USB in Google
Chrome pri ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-10020 (Insufficient validation of untrusted input in Skia in Google
Chrome on ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
- libskia <unfixed> (unimportant)
NOTE: Root cause for vulnerability is not in libskia (and fixed outside
of Skia source)
CVE-2026-10019 (Integer overflow in ANGLE in Google Chrome prior to
148.0.7778.216 all ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-10018 (Integer overflow in ANGLE in Google Chrome prior to
148.0.7778.216 all ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-10017 (Out of bounds read in Headless in Google Chrome prior to
148.0.7778.21 ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-10016 (Use after free in DOM in Google Chrome prior to 148.0.7778.216
allowed ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-10015 (Integer overflow in WTF in Google Chrome prior to
148.0.7778.216 allow ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-10014 (Use after free in WebMIDI in Google Chrome on Android prior to
148.0.7 ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-10013 (Use after free in WebCodecs in Google Chrome prior to
148.0.7778.216 a ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-10012 (Use after free in Skia in Google Chrome prior to
148.0.7778.216 allowe ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
- libskia 146.20260414~git.ef5f213+dfsg-5
CVE-2026-10011 (Inappropriate implementation in Skia in Google Chrome prior to
148.0.7 ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
- libskia 146.20260414~git.ef5f213+dfsg-5
CVE-2026-10010 (Inappropriate implementation in Input in Google Chrome on
Android prio ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-10009 (Integer overflow in Skia in Google Chrome prior to
148.0.7778.216 allo ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
- libskia 146.20260414~git.ef5f213+dfsg-5
CVE-2026-10008 (Uninitialized Use in GPU in Google Chrome on Android prior to
148.0.77 ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-10007 (Use after free in SVG in Google Chrome prior to 148.0.7778.216
allowed ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-10006 (Race in WebAudio in Google Chrome prior to 148.0.7778.216
allowed a re ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-10005 (Use after free in WebAppInstalls in Google Chrome on Mac prior
to 148. ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-10004 (Insufficient validation of untrusted input in Passwords in
Google Chro ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-10003 (Use after free in Views in Google Chrome prior to
148.0.7778.216 allow ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-10002 (Use after free in PDFium in Google Chrome prior to
148.0.7778.216 allo ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-10001 (Use after free in PerformanceManager in Google Chrome prior to
148.0.7 ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-10000 (Use after free in Passwords in Google Chrome on Windows prior
to 148.0 ...)
+ {DSA-6316-1}
- chromium 148.0.7778.215-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-14042 (The Automotive Car Dealership Business WordPress Theme for
WordPress i ...)
@@ -1890,6 +2491,7 @@ CVE-2026-44462 (Zed is a code editor. Prior to 0.229.0,
Zed's terminal tool perm
CVE-2026-44461 (Zed is a code editor. Prior to 0.227.1, Zed builds SSH/WSL
remote comm ...)
- zed-editor <itp> (bug #1076165)
CVE-2026-44394 (An issue was discovered in OpenStack Keystone before 29.0.2.
The Keyst ...)
+ {DLA-4611-1}
- keystone 2:29.0.1-2
NOTE: https://bugs.launchpad.net/keystone/+bug/2150379
NOTE: https://security.openstack.org/ossa/OSSA-2026-015.html
@@ -1900,14 +2502,17 @@ CVE-2026-43979 (Local Deep Research is an AI-powered
research assistant for deep
CVE-2026-43898 (SandboxJS is a JavaScript sandboxing library. Prior to 0.9.6,
sandbox- ...)
NOT-FOR-US: SandboxJS Node module
CVE-2026-43000 (An issue was discovered in OpenStack Keystone before 29.0.2.
When comb ...)
+ {DLA-4611-1}
- keystone 2:29.0.1-2
NOTE: https://bugs.launchpad.net/keystone/+bug/2148477
NOTE: https://security.openstack.org/ossa/OSSA-2026-015.html
CVE-2026-42999 (An issue was discovered in OpenStack Keystone before 29.0.2.
The Keyst ...)
+ {DLA-4611-1}
- keystone 2:29.0.1-2
NOTE: https://bugs.launchpad.net/keystone/+bug/2148398
NOTE: https://security.openstack.org/ossa/OSSA-2026-015.html
CVE-2026-42998 (An issue was discovered in OpenStack Keystone before 29.0.2.
The Keyst ...)
+ {DLA-4611-1}
- keystone 2:29.0.1-2
NOTE: https://bugs.launchpad.net/keystone/+bug/2148477
NOTE: https://security.openstack.org/ossa/OSSA-2026-015.html
@@ -2619,7 +3224,7 @@ CVE-2026-46107 (In the Linux kernel, the following
vulnerability has been resolv
- linux 7.0.7-1
[trixie] - linux 6.12.88-1
NOTE:
https://git.kernel.org/linus/09a65adc7d8bbfce06392cb6d375468e2728ead5 (7.1-rc2)
-CVE-2026-8643
+CVE-2026-8643 (pip would treat console_scripts and gui_scripts as paths
instead of fi ...)
- python-pip <unfixed> (bug #1138220)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2460927
NOTE: Fixed by:
https://github.com/pypa/pip/commit/8eb178480bd1a2b223f509fc430796b265158dfb
@@ -3434,7 +4039,7 @@ CVE-2025-70103 (Heap buffer overflow vulnerability in
libjxl 0.12.0 via crafted
NOTE: https://github.com/libjxl/libjxl/issues/4337
NOTE: https://github.com/libjxl/libjxl/pull/4380
NOTE: Fixed by:
https://github.com/libjxl/libjxl/commit/49fb89f23473e57fa1dac416adce7c7679e5d051
-CVE-2025-69600 (Command injection in Raynet rvia 12.6.4392.49-amd64.deb allows
adversa ...)
+CVE-2025-69600 (Command injection in Raynet rvia RayVentory Scan Engine 12.6
Update 8 ...)
NOT-FOR-US: Raynet rvia
CVE-2025-68712 (SpSoft AppLock (com.sp.protector.free) 7.9.40 for Android
allows a loc ...)
NOT-FOR-US: SpSoft AppLock (com.sp.protector.free)
@@ -3493,7 +4098,7 @@ CVE-2024-11399 (Files or directories accessible to
external parties vulnerabilit
CVE-2023-52945 (Uncontrolled search path element vulnerability in OpenSSL DLL
componen ...)
NOT-FOR-US: Synology
CVE-2026-48736
- {DSA-6312-1}
+ {DSA-6317-1 DSA-6312-1}
- symfony 7.4.13+dfsg-1
NOTE:
https://symfony.com/blog/cve-2026-48736-iputils-private-subnets-omits-ipv6-transition-forms-ssrf-bypass-in-noprivatenetworkhttpclient
NOTE:
https://github.com/symfony/symfony/commit/85b831555be8ea1f43bf01078afe87bc4c92f65e
(v6.4.41)
@@ -3520,12 +4125,12 @@ CVE-2026-48761
NOTE:
https://symfony.com/blog/cve-2026-48761-htmlsanitizer-misses-url-attributes-on-object-applet-iframe-img-and-meta-refresh
NOTE:
https://github.com/symfony/symfony/commit/069a70f9f26e61e9de3b7f9a864a86ed24b36bd0
(v6.4.41)
CVE-2026-48784
- {DSA-6312-1}
+ {DSA-6317-1 DSA-6312-1}
- symfony 7.4.13+dfsg-1
NOTE:
https://symfony.com/blog/cve-2026-48784-urlgenerator-encoding-skips-every-other-chained-or-generated-url-collapses-off-route
NOTE:
https://github.com/symfony/symfony/commit/4b63c3a3f7af04ecd79c89a594b0b02a01990b1d
(v5.4.53)
CVE-2026-48489
- {DSA-6312-1}
+ {DSA-6317-1 DSA-6312-1}
- symfony 7.4.13+dfsg-1
NOTE:
https://symfony.com/blog/cve-2026-48489-security-firewall-bypass-via-failure-forward-subrequest
NOTE:
https://github.com/symfony/symfony/commit/c48a4276309e11aedeeb0ce3a89dfbf0b4fe04ff
(v5.4.53)
@@ -7566,18 +8171,19 @@ CVE-2026-9759 (ROHC protocol dissector crash in
Wireshark 4.6.0 to 4.6.5 and 4.4
NOTE: https://www.wireshark.org/security/wnpa-sec-2026-51.html
NOTE: https://gitlab.com/wireshark/wireshark/-/work_items/21243
CVE-2026-46626
- {DSA-6312-1}
+ {DSA-6317-1 DSA-6312-1}
- symfony 7.4.12+dfsg-1
NOTE:
https://symfony.com/blog/cve-2026-46626-symfonyruntime-cve-2024-50340-patch-bypass-via-parse-str-sapi-argv-mismatch
CVE-2026-45070
+ {DSA-6312-1}
- symfony 7.4.12+dfsg-1
NOTE:
https://symfony.com/blog/cve-2026-45070-email-header-injection-via-non-token-characters-in-mime-parameter-names
CVE-2026-45065
- {DSA-6312-1}
+ {DSA-6317-1 DSA-6312-1}
- symfony 7.4.12+dfsg-1
NOTE:
https://symfony.com/blog/cve-2026-45065-urlgenerator-route-requirement-bypass-via-unanchored-regex-alternation-off-site-host-url-injection
CVE-2026-45071
- {DSA-6312-1}
+ {DSA-6317-1 DSA-6312-1}
- symfony 7.4.12+dfsg-1
NOTE:
https://symfony.com/blog/cve-2026-45071-xxe-local-file-disclosure-in-domcrawler-addxmlcontent-via-validateonparse-true
CVE-2026-45066
@@ -7592,15 +8198,15 @@ CVE-2026-45069
[bookworm] - symfony <not-affected> (Vulnerable code not present,
introduced in 6.3)
NOTE:
https://symfony.com/blog/cve-2026-45069-oidctokenhandler-accepts-jwts-missing-aud-iss-exp-claims
CVE-2026-45063
- {DSA-6312-1}
+ {DSA-6317-1 DSA-6312-1}
- symfony 7.4.12+dfsg-1
NOTE:
https://symfony.com/blog/cve-2026-45063-identity-spoofing-via-unanchored-dn-regex-in-x509authenticator
CVE-2026-45067
- {DSA-6312-1}
+ {DSA-6317-1 DSA-6312-1}
- symfony 7.4.12+dfsg-1
NOTE:
https://symfony.com/blog/cve-2026-45067-email-header-smtp-command-injection-via-crlf-in-symfony-component-mime-address
CVE-2026-45068
- {DSA-6312-1}
+ {DSA-6317-1 DSA-6312-1}
- symfony 7.4.12+dfsg-1
NOTE:
https://symfony.com/blog/cve-2026-45068-argument-injection-in-sendmailtransport-via-dash-prefixed-recipient-address
CVE-2026-45756
@@ -7622,7 +8228,7 @@ CVE-2026-45064
[bullseye] - symfony <not-affected> (Vulnerable code not present,
introduced in 6.1)
NOTE:
https://symfony.com/blog/cve-2026-45064-htmlsanitizer-url-attributes-pass-through-bidi-override-characters-visual-href-spoofing
CVE-2026-45077
- {DSA-6312-1}
+ {DSA-6317-1 DSA-6312-1}
- symfony 7.4.12+dfsg-1
NOTE:
https://symfony.com/blog/cve-2026-45077-unauthenticated-php-object-deserialization-in-monologbridge-server-log-listener
CVE-2026-45075
@@ -7632,7 +8238,7 @@ CVE-2026-45075
[bullseye] - symfony <not-affected> (Vulnerable code not present,
introduced in 7.4)
NOTE:
https://symfony.com/blog/cve-2026-45075-head-request-bypasses-methods-get-filter-in-isgranted-issignaturevalid-iscsrftokenvalid
CVE-2026-45133
- {DSA-6312-1}
+ {DSA-6317-1 DSA-6312-1}
- symfony 7.4.12+dfsg-1
NOTE:
https://symfony.com/blog/cve-2026-45133-yaml-parser-stack-exhaustion-via-unbounded-recursion-in-nested-blocks-sequences-and-mappings
CVE-2026-45072
@@ -7642,15 +8248,15 @@ CVE-2026-45072
[bullseye] - symfony <not-affected> (Vulnerable code not present)
NOTE:
https://symfony.com/blog/cve-2026-45072-stored-xss-in-webprofiler-codeextension-fileexcerpt-unescaped-non-php-file-rendering
CVE-2026-45073
- {DSA-6312-1}
+ {DSA-6317-1 DSA-6312-1}
- symfony 7.4.12+dfsg-1
NOTE:
https://symfony.com/blog/cve-2026-45073-sql-injection-in-pdoadapter-doclear-via-unsanitized-prefix
CVE-2026-45304
- {DSA-6312-1}
+ {DSA-6317-1 DSA-6312-1}
- symfony 7.4.12+dfsg-1
NOTE:
https://symfony.com/blog/cve-2026-45304-yaml-parser-exponential-memory-allocation-via-recursive-collection-alias-expansion-billion-laughs
CVE-2026-45305
- {DSA-6312-1}
+ {DSA-6317-1 DSA-6312-1}
- symfony 7.4.12+dfsg-1
NOTE:
https://symfony.com/blog/cve-2026-45305-yaml-parser-redos-via-catastrophic-backtracking-in-parser-cleanup-regex
CVE-2026-45074
@@ -7666,11 +8272,13 @@ CVE-2026-45754
[bullseye] - symfony <not-affected> (Vulnerable code not present,
introduced in 6.4)
NOTE:
https://symfony.com/blog/cve-2026-45754-mailjet-and-lox24-webhook-parsers-never-verify-the-configured-secret-unauthenticated-event-injection
CVE-2026-47212
+ {DSA-6312-1}
- symfony 7.4.12+dfsg-1
[bookworm] - symfony <not-affected> (Vulnerable code not present,
introduced in 6.4)
[bullseye] - symfony <not-affected> (Vulnerable code not present,
introduced in 6.4)
NOTE:
https://symfony.com/blog/cve-2026-47212-twilio-notifier-webhook-parser-never-verifies-the-x-twilio-signature-hmac-unauthenticated-webhook-event-injection
CVE-2026-45753
+ {DSA-6312-1}
- symfony 7.4.12+dfsg-1
[bookworm] - symfony <not-affected> (Vulnerable code not present,
introduced in 6.1)
[bullseye] - symfony <not-affected> (Vulnerable code not present,
introduced in 6.1)
@@ -7757,7 +8365,7 @@ CVE-2026-44924 (InfoScale VIOM 9.1.3 allows XSS.)
NOT-FOR-US: InfoScale
CVE-2026-44923 (SQL injection in InfoScale VIOM before v9.1.3 allows remote
attackers ...)
NOT-FOR-US: InfoScale
-CVE-2026-42834 (Improper link resolution before file access ('link following')
in Azur ...)
+CVE-2026-42834 (Improper access control in Windows Admin Center allows an
authorized a ...)
NOT-FOR-US: Microsoft
CVE-2026-42383 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: WordPress plugin or theme
@@ -8390,7 +8998,8 @@ CVE-2026-24142 (NVIDIA TRT-LLM for any platform contains
a deserialization vulne
NOT-FOR-US: NVIDIA
CVE-2025-70950 (An issue in gohttp commit 34ea51 allows attackers to execute a
directo ...)
NOT-FOR-US: gohttp
-CVE-2025-61081 (In BYD Atto3, an attacker can obtain an authentication key
through Bru ...)
+CVE-2025-61081
+ REJECTED
NOT-FOR-US: BYD Atto3
CVE-2025-57798 (Joplin is an open source note-taking and to-do application
that organi ...)
- joplin <itp> (bug #931306)
@@ -10318,6 +10927,7 @@ CVE-2026-4030 (The Database Backup for WordPress plugin
for WordPress is vulnera
CVE-2026-4029 (The Database Backup for WordPress plugin for WordPress is
vulnerable t ...)
NOT-FOR-US: WordPress plugin
CVE-2026-46470 (An issue was discovered in GStreamer gst-plugins-good before
1.28.2. W ...)
+ {DSA-6318-1}
- gst-plugins-good1.0 1.28.2-1
NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0018.html
NOTE:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11243
@@ -10326,6 +10936,7 @@ CVE-2026-46470 (An issue was discovered in GStreamer
gst-plugins-good before 1.2
NOTE: Fixed by:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/34418818730bc04e41f512e65331b3f206cb5eb9
(1.28.2)
NOTE: Fixed by:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/dc7ab66ab23a054eaa942071cfb548d47fe4ca2f
(1.28.2)
CVE-2026-46469 (An issue was discovered in GStreamer gst-plugins-good before
1.28.2. W ...)
+ {DSA-6318-1}
- gst-plugins-good1.0 1.28.2-1
NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0018.html
NOTE:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11243
@@ -12194,7 +12805,7 @@ CVE-2026-42891 (User interface (ui) misrepresentation
of critical information in
NOT-FOR-US: Microsoft
CVE-2026-42838 (Improper neutralization of special elements in output used by
a downst ...)
NOT-FOR-US: Microsoft
-CVE-2026-42833 (Execution with unnecessary privileges in Microsoft Dynamics
365 (on-pr ...)
+CVE-2026-42833 (Improper control of generation of code ('code injection') in
Microsoft ...)
NOT-FOR-US: Microsoft
CVE-2026-42832 (Improper access control in Microsoft Office allows an
unauthorized att ...)
NOT-FOR-US: Microsoft
@@ -12313,19 +12924,19 @@ CVE-2026-41094 (Improper control of generation of
code ('code injection') in Mic
NOT-FOR-US: Microsoft
CVE-2026-41089 (Stack-based buffer overflow in Windows Netlogon allows an
unauthorized ...)
NOT-FOR-US: Microsoft
-CVE-2026-41088 (External control of file name or path in Windows Ancillary
Function Dr ...)
+CVE-2026-41088 (Access of resource using incompatible type ('type confusion')
in Windo ...)
NOT-FOR-US: Microsoft
CVE-2026-41086 (Improper access control in Windows Admin Center allows an
authorized a ...)
NOT-FOR-US: Microsoft
CVE-2026-40638 (Dell PowerScale InsightIQ, versions 5.0.0 through 6.2.0,
contains an e ...)
NOT-FOR-US: Dell / EMC
-CVE-2026-40421 (External control of file name or path in Microsoft Office Word
allows ...)
+CVE-2026-40421 (Files or directories accessible to external parties in
Microsoft Offic ...)
NOT-FOR-US: Microsoft
-CVE-2026-40420 (Improper access control in Microsoft Office Click-To-Run
allows an aut ...)
+CVE-2026-40420 (Use after free in Microsoft Office allows an authorized
attacker to el ...)
NOT-FOR-US: Microsoft
CVE-2026-40419 (Use after free in Microsoft Office allows an authorized
attacker to el ...)
NOT-FOR-US: Microsoft
-CVE-2026-40418 (Use after free in Microsoft Office Click-To-Run allows an
authorized a ...)
+CVE-2026-40418 (Use after free in Microsoft Office allows an authorized
attacker to el ...)
NOT-FOR-US: Microsoft
CVE-2026-40417 (Weak authentication in Dynamics Business Central allows an
authorized ...)
NOT-FOR-US: Microsoft
@@ -12333,9 +12944,9 @@ CVE-2026-40416 (User interface (ui) misrepresentation
of critical information in
NOT-FOR-US: Microsoft
CVE-2026-40415 (Use after free in Windows TCP/IP allows an unauthorized
attacker to ex ...)
NOT-FOR-US: Microsoft
-CVE-2026-40414 (Null pointer dereference in Windows TCP/IP allows an
unauthorized atta ...)
+CVE-2026-40414 (Windows TCP/IP Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2026-40413 (Null pointer dereference in Windows TCP/IP allows an
unauthorized atta ...)
+CVE-2026-40413 (Windows TCP/IP Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
CVE-2026-40410 (Use after free in Windows SMB Client allows an authorized
attacker to ...)
NOT-FOR-US: Microsoft
@@ -12351,13 +12962,13 @@ CVE-2026-40403 (Heap-based buffer overflow in Windows
Win32K - GRFX allows an au
NOT-FOR-US: Microsoft
CVE-2026-40402 (Use after free in Windows Hyper-V allows an unauthorized
attacker to e ...)
NOT-FOR-US: Microsoft
-CVE-2026-40401 (Null pointer dereference in Windows TCP/IP allows an
unauthorized atta ...)
+CVE-2026-40401 (Windows TCP/IP Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2026-40399 (Stack-based buffer overflow in Windows TCP/IP allows an
authorized att ...)
+CVE-2026-40399 (Concurrent execution using shared resource with improper
synchronizati ...)
NOT-FOR-US: Microsoft
CVE-2026-40398 (Heap-based buffer overflow in Windows Remote Desktop allows an
authori ...)
NOT-FOR-US: Microsoft
-CVE-2026-40397 (Integer underflow (wrap or wraparound) in Windows Common Log
File Syst ...)
+CVE-2026-40397 (Heap-based buffer overflow in Windows Common Log File System
Driver al ...)
NOT-FOR-US: Microsoft
CVE-2026-40382 (Use after free in Windows Telephony Service allows an
authorized attac ...)
NOT-FOR-US: Microsoft
@@ -12373,29 +12984,29 @@ CVE-2026-40374 (Exposure of sensitive information to
an unauthorized actor in Po
NOT-FOR-US: Microsoft
CVE-2026-40370 (External control of file name or path in SQL Server allows an
authoriz ...)
NOT-FOR-US: Microsoft
-CVE-2026-40369 (Untrusted pointer dereference in Windows Kernel allows an
authorized a ...)
+CVE-2026-40369 (Heap-based buffer overflow in Windows Kernel allows an
authorized atta ...)
NOT-FOR-US: Microsoft
CVE-2026-40368 (Deserialization of untrusted data in Microsoft Office
SharePoint allow ...)
NOT-FOR-US: Microsoft
-CVE-2026-40367 (Untrusted pointer dereference in Microsoft Office Word allows
an unaut ...)
+CVE-2026-40367 (Access of resource using incompatible type ('type confusion')
in Micro ...)
NOT-FOR-US: Microsoft
-CVE-2026-40366 (Use after free in Microsoft Office Word allows an unauthorized
attacke ...)
+CVE-2026-40366 (Access of resource using incompatible type ('type confusion')
in Micro ...)
NOT-FOR-US: Microsoft
-CVE-2026-40365 (Insufficient granularity of access control in Microsoft Office
SharePo ...)
+CVE-2026-40365 (Deserialization of untrusted data in Microsoft Office
SharePoint allow ...)
NOT-FOR-US: Microsoft
CVE-2026-40364 (Access of resource using incompatible type ('type confusion')
in Micro ...)
NOT-FOR-US: Microsoft
CVE-2026-40363 (Heap-based buffer overflow in Microsoft Office allows an
unauthorized ...)
NOT-FOR-US: Microsoft
-CVE-2026-40362 (Heap-based buffer overflow in Microsoft Office Excel allows an
unautho ...)
+CVE-2026-40362 (Use after free in Microsoft Office Excel allows an
unauthorized attack ...)
NOT-FOR-US: Microsoft
-CVE-2026-40361 (Use after free in Microsoft Office Word allows an unauthorized
attacke ...)
+CVE-2026-40361 (Access of resource using incompatible type ('type confusion')
in Micro ...)
NOT-FOR-US: Microsoft
CVE-2026-40360 (Out-of-bounds read in Microsoft Office Excel allows an
unauthorized at ...)
NOT-FOR-US: Microsoft
CVE-2026-40359 (Use after free in Microsoft Office Excel allows an
unauthorized attack ...)
NOT-FOR-US: Microsoft
-CVE-2026-40358 (Use after free in Microsoft Office allows an unauthorized
attacker to ...)
+CVE-2026-40358 (Heap-based buffer overflow in Microsoft Office allows an
unauthorized ...)
NOT-FOR-US: Microsoft
CVE-2026-40357 (Deserialization of untrusted data in Microsoft Office
SharePoint allow ...)
NOT-FOR-US: Microsoft
@@ -12423,9 +13034,9 @@ CVE-2026-35439 (Deserialization of untrusted data in
Microsoft Office SharePoint
NOT-FOR-US: Microsoft
CVE-2026-35438 (Missing authorization in Windows Admin Center allows an
authorized att ...)
NOT-FOR-US: Microsoft
-CVE-2026-35436 (Insufficient granularity of access control in Microsoft Office
Click-T ...)
+CVE-2026-35436 (Use after free in Microsoft Office allows an authorized
attacker to el ...)
NOT-FOR-US: Microsoft
-CVE-2026-35433 (Improper input validation in .NET allows an unauthorized
attacker to e ...)
+CVE-2026-35433 (Heap-based buffer overflow in .NET allows an unauthorized
attacker to ...)
NOT-FOR-US: Microsoft
CVE-2026-35429 (User interface (ui) misrepresentation of critical information
in Micro ...)
NOT-FOR-US: Microsoft
@@ -12443,9 +13054,9 @@ CVE-2026-35419 (Out-of-bounds read in Windows DWM Core
Library allows an authori
NOT-FOR-US: Microsoft
CVE-2026-35418 (Use after free in Windows Cloud Files Mini Filter Driver
allows an aut ...)
NOT-FOR-US: Microsoft
-CVE-2026-35417 (Access of resource using incompatible type ('type confusion')
in Windo ...)
+CVE-2026-35417 (Use after free in Windows Win32K - GRFX allows an authorized
attacker ...)
NOT-FOR-US: Microsoft
-CVE-2026-35416 (Use after free in Windows Ancillary Function Driver for
WinSock allows ...)
+CVE-2026-35416 (Access of resource using incompatible type ('type confusion')
in Windo ...)
NOT-FOR-US: Microsoft
CVE-2026-35415 (Integer overflow or wraparound in Windows Storage Spaces
Controller al ...)
NOT-FOR-US: Microsoft
@@ -12501,7 +13112,7 @@ CVE-2026-34350 (Null pointer dereference in Windows
Storport Miniport Driver all
NOT-FOR-US: Microsoft
CVE-2026-34347 (Use after free in Windows Win32K - GRFX allows an authorized
attacker ...)
NOT-FOR-US: Microsoft
-CVE-2026-34345 (Concurrent execution using shared resource with improper
synchronizati ...)
+CVE-2026-34345 (Access of resource using incompatible type ('type confusion')
in Windo ...)
NOT-FOR-US: Microsoft
CVE-2026-34344 (Access of resource using incompatible type ('type confusion')
in Windo ...)
NOT-FOR-US: Microsoft
@@ -12519,7 +13130,7 @@ CVE-2026-34338 (Use after free in Windows Telephony
Service allows an authorized
NOT-FOR-US: Microsoft
CVE-2026-34337 (Use after free in Windows Cloud Files Mini Filter Driver
allows an aut ...)
NOT-FOR-US: Microsoft
-CVE-2026-34336 (Buffer over-read in Windows DWM Core Library allows an
authorized atta ...)
+CVE-2026-34336 (Integer overflow or wraparound in Windows DWM Core Library
allows an a ...)
NOT-FOR-US: Microsoft
CVE-2026-34334 (Concurrent execution using shared resource with improper
synchronizati ...)
NOT-FOR-US: Microsoft
@@ -12529,7 +13140,7 @@ CVE-2026-34332 (Use after free in Windows Kernel-Mode
Drivers allows an authoriz
NOT-FOR-US: Microsoft
CVE-2026-34331 (Concurrent execution using shared resource with improper
synchronizati ...)
NOT-FOR-US: Microsoft
-CVE-2026-34330 (Integer overflow or wraparound in Windows Win32K - GRFX allows
an auth ...)
+CVE-2026-34330 (Concurrent execution using shared resource with improper
synchronizati ...)
NOT-FOR-US: Microsoft
CVE-2026-34329 (Heap-based buffer overflow in Windows Message Queuing allows
an unauth ...)
NOT-FOR-US: Microsoft
@@ -12541,7 +13152,7 @@ CVE-2026-33862 (A vulnerability has been identified in
Teamcenter V2312 (All ver
NOT-FOR-US: Siemens
CVE-2026-33841 (Heap-based buffer overflow in Windows Kernel allows an
authorized atta ...)
NOT-FOR-US: Microsoft
-CVE-2026-33840 (Use after free in Windows Win32K - ICOMP allows an authorized
attacker ...)
+CVE-2026-33840 (Concurrent execution using shared resource with improper
synchronizati ...)
NOT-FOR-US: Microsoft
CVE-2026-33839 (Concurrent execution using shared resource with improper
synchronizati ...)
NOT-FOR-US: Microsoft
@@ -12582,7 +13193,7 @@ CVE-2026-32177 (Heap-based buffer overflow in .NET
allows an unauthorized attack
NOT-FOR-US: Microsoft
CVE-2026-32175 (A tampering vulnerability exists when .NET Core improperly
handles spe ...)
NOT-FOR-US: Microsoft
-CVE-2026-32170 (Double free in Windows Rich Text Edit Control allows an
authorized att ...)
+CVE-2026-32170 (Double free in Windows Rich Text Edit allows an authorized
attacker to ...)
NOT-FOR-US: Microsoft
CVE-2026-32161 (Concurrent execution using shared resource with improper
synchronizati ...)
NOT-FOR-US: Microsoft
@@ -13721,7 +14332,7 @@ CVE-2026-8177 (XML::LibXML versions through 2.0210 for
Perl read out-of-bounds h
NOTE: Fixed by:
https://github.com/cpan-authors/XML-LibXML/commit/059abf5f9336e2213794b5b545c707394cca3ac7
(XML-LibXML-2.0210_11)
CVE-2026-6433 (The Custom css-js-php WordPress plugin through 2.0.7 does not
properly ...)
NOT-FOR-US: WordPress plugin
-CVE-2026-45192
+CVE-2026-45192 (A bug in the GET `/api/v2/connections/{connection_id}` REST
API endpoi ...)
- airflow <itp> (bug #819700)
CVE-2026-45191 (Net::CIDR::Lite versions before 0.24 for Perl does not
properly consid ...)
- libnet-cidr-lite-perl 0.24-1
@@ -15939,7 +16550,7 @@ CVE-2026-35428 (Improper neutralization of special
elements used in a command ('
NOT-FOR-US: Microsoft
CVE-2026-34327 (Externally controlled reference to a resource in another
sphere in Mic ...)
NOT-FOR-US: Microsoft
-CVE-2026-33844 (Improper input validation in Azure Managed Instance for Apache
Cassand ...)
+CVE-2026-33844 (Improper access control in Azure Managed Instance for Apache
Cassandra ...)
NOT-FOR-US: Microsoft
CVE-2026-33823 (Improper authorization in Microsoft Teams allows an authorized
attacke ...)
NOT-FOR-US: Microsoft
@@ -15971,9 +16582,9 @@ CVE-2026-32207 (Improper neutralization of input during
web page generation ('cr
NOT-FOR-US: Microsoft
CVE-2026-2710
REJECTED
-CVE-2026-26164 (Improper neutralization of special elements in output used by
a downst ...)
+CVE-2026-26164 (Improper neutralization of special elements used in a command
('comman ...)
NOT-FOR-US: Microsoft
-CVE-2026-26129 (Improper neutralization of special elements in M365 Copilot
allows an ...)
+CVE-2026-26129 (Improper neutralization of special elements used in a command
('comman ...)
NOT-FOR-US: Microsoft
CVE-2025-69691 (Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC
API via p ...)
NOT-FOR-US: Netgate pfSene
@@ -19886,6 +20497,7 @@ CVE-2026-43003 (An issue was discovered in OpenStack
ironic-python-agent 1.0.0 t
- ironic-python-agent <unfixed> (bug #1135646)
NOTE: https://bugs.launchpad.net/ironic-python-agent/+bug/2148310
CVE-2026-43001 (An issue was discovered in OpenStack Keystone before 29.0.2.
POST /v3/ ...)
+ {DLA-4611-1}
- keystone 2:29.0.1-2 (bug #1135645)
NOTE: https://bugs.launchpad.net/keystone/+bug/2149775
NOTE: https://review.opendev.org/c/openstack/keystone/+/985804
@@ -20875,6 +21487,7 @@ CVE-2026-31694 (In the Linux kernel, the following
vulnerability has been resolv
[trixie] - linux 6.12.85-1
NOTE:
https://git.kernel.org/linus/51a8de6c50bf947c8f534cd73da4c8f0a13e7bed (7.1-rc1)
CVE-2026-5056 [Integer overflows and out-of-bounds access in MOV/MP4 demuxer]
+ {DSA-6318-1}
- gst-plugins-good1.0 1.28.2-1
[bookworm] - gst-plugins-good1.0 <not-affected> (Vulnerable code not
present)
[bullseye] - gst-plugins-good1.0 <not-affected> (Vulnerable code not
present)
@@ -29202,6 +29815,7 @@ CVE-2026-40719 (Deadwood in MaraDNS 3.5.0036 allows
attackers to exhaust connect
CVE-2026-40688 (An out-of-bounds write vulnerability [CWE-787] vulnerability
in Fortin ...)
NOT-FOR-US: Fortinet
CVE-2026-40683 (In OpenStack Keystone before 28.0.1, the LDAP identity backend
does no ...)
+ {DLA-4611-1}
- keystone 2:29.0.0~rc1-2 (bug #1133884)
[trixie] - keystone <no-dsa> (Minor issue; can be fixed via point
release)
[bookworm] - keystone <no-dsa> (Minor issue; can be fixed via point
release)
@@ -33424,6 +34038,7 @@ CVE-2026-39881 (Vim is an open source, command line
text editor. Prior to 9.2.03
NOTE: https://github.com/vim/vim/security/advisories/GHSA-mr87-rhgv-7pw6
NOTE: Fixed by:
https://github.com/vim/vim/commit/7ab76a86048ed492374ac6b19c6cb52f89a365b4
(v9.2.0316)
CVE-2026-33551 (An issue was discovered in OpenStack Keystone 14 through 26
before 26. ...)
+ {DLA-4611-1}
- keystone 2:29.0.0-2 (bug #1133118)
[trixie] - keystone <no-dsa> (Minor issue)
[bookworm] - keystone <no-dsa> (Minor issue)
@@ -37001,6 +37616,7 @@ CVE-2026-34529 (File Browser is a file managing
interface for uploading, deletin
CVE-2026-34528 (File Browser is a file managing interface for uploading,
deleting, pre ...)
NOT-FOR-US: File Browser
CVE-2026-34525 (AIOHTTP is an asynchronous HTTP client/server framework for
asyncio an ...)
+ {DLA-4613-1}
- python-aiohttp 3.13.5-1 (bug #1132582)
[trixie] - python-aiohttp <no-dsa> (Minor issue)
[bookworm] - python-aiohttp <no-dsa> (Minor issue)
@@ -37008,24 +37624,29 @@ CVE-2026-34525 (AIOHTTP is an asynchronous HTTP
client/server framework for asyn
NOTE: Fixed by:
https://github.com/aio-libs/aiohttp/commit/e00ca3cca92c465c7913c4beb763a72da9ed8349
(v3.13.4)
NOTE: Fixed by:
https://github.com/aio-libs/aiohttp/commit/53e2e6fc58b89c6185be7820bd2c9f40216b3000
(v3.13.5)
CVE-2026-34520 (AIOHTTP is an asynchronous HTTP client/server framework for
asyncio an ...)
+ {DLA-4613-1}
- python-aiohttp 3.13.5-1 (bug #1132582)
NOTE:
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-63hf-3vf5-4wqf
NOTE: Fixed by:
https://github.com/aio-libs/aiohttp/commit/9370b9714a7a56003cacd31a9b4ae16eab109ba4
(v3.13.4)
CVE-2026-34519 (AIOHTTP is an asynchronous HTTP client/server framework for
asyncio an ...)
+ {DLA-4613-1}
- python-aiohttp 3.13.5-1 (bug #1132582)
NOTE:
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-mwh4-6h8g-pg8w
NOTE: Fixed by:
https://github.com/aio-libs/aiohttp/commit/53b35a2f8869c37a133e60bf1a82a1c01642ba2b
(v3.13.4)
CVE-2026-34518 (AIOHTTP is an asynchronous HTTP client/server framework for
asyncio an ...)
+ {DLA-4613-1}
- python-aiohttp 3.13.5-1 (bug #1132582)
[trixie] - python-aiohttp <no-dsa> (Minor issue)
[bookworm] - python-aiohttp <no-dsa> (Minor issue)
NOTE:
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-966j-vmvw-g2g9
NOTE: Fixed by:
https://github.com/aio-libs/aiohttp/commit/5351c980dcec7ad385730efdf4e1f4338b24fdb6
(v3.13.4)
CVE-2026-34517 (AIOHTTP is an asynchronous HTTP client/server framework for
asyncio an ...)
+ {DLA-4613-1}
- python-aiohttp 3.13.5-1 (bug #1132582)
NOTE:
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-3wq7-rqq7-wx6j
NOTE: Fixed by:
https://github.com/aio-libs/aiohttp/commit/cbb774f38330563422ca0c413a71021d7b944145
(v3.13.4)
CVE-2026-34516 (AIOHTTP is an asynchronous HTTP client/server framework for
asyncio an ...)
+ {DLA-4613-1}
- python-aiohttp 3.13.5-1 (bug #1132582)
[trixie] - python-aiohttp <no-dsa> (Minor issue)
[bookworm] - python-aiohttp <no-dsa> (Minor issue)
@@ -37036,12 +37657,14 @@ CVE-2026-34515 (AIOHTTP is an asynchronous HTTP
client/server framework for asyn
NOTE:
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-p998-jp59-783m
NOTE: Fixed by:
https://github.com/aio-libs/aiohttp/commit/0ae2aa076c84573df83fc1fdc39eec0f5862fe3d
(v3.13.4)
CVE-2026-34514 (AIOHTTP is an asynchronous HTTP client/server framework for
asyncio an ...)
+ {DLA-4613-1}
- python-aiohttp 3.13.5-1 (bug #1132582)
[trixie] - python-aiohttp <no-dsa> (Minor issue)
[bookworm] - python-aiohttp <no-dsa> (Minor issue)
NOTE:
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-2vrm-gr82-f7m5
NOTE: Fixed by:
https://github.com/aio-libs/aiohttp/commit/9a6ada97e2c6cf1ce31727c6c9fcea17c21f6f06
(v3.13.4)
CVE-2026-34513 (AIOHTTP is an asynchronous HTTP client/server framework for
asyncio an ...)
+ {DLA-4613-1}
- python-aiohttp 3.13.5-1 (bug #1132582)
[trixie] - python-aiohttp <no-dsa> (Minor issue)
[bookworm] - python-aiohttp <no-dsa> (Minor issue)
@@ -37066,6 +37689,7 @@ CVE-2026-2862 (IBM Verify Identity Access Container
11.0 through 11.0.2 and IBM
CVE-2026-2475 (IBM Verify Identity Access Container 11.0 through 11.0.2 and
IBM Secur ...)
NOT-FOR-US: IBM
CVE-2026-22815 (AIOHTTP is an asynchronous HTTP client/server framework for
asyncio an ...)
+ {DLA-4613-1}
- python-aiohttp 3.13.5-1 (bug #1132582)
NOTE:
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-w2fm-2cpv-w7v5
NOTE: Fixed by:
https://github.com/aio-libs/aiohttp/commit/0c2e9da51126238a421568eb7c5b53e5b5d17b36
(v3.13.4)
@@ -75915,17 +76539,17 @@ CVE-2025-11723 (The Appointment Booking Calendar
\u2014 Simply Schedule Appointm
CVE-2025-11370 (The Popup and Slider Builder by Depicter \u2013 Add Email
collecting P ...)
NOT-FOR-US: WordPress plugin
CVE-2025-69225 (AIOHTTP is an asynchronous HTTP client/server framework for
asyncio an ...)
- {DSA-6241-1}
+ {DSA-6241-1 DLA-4613-1}
- python-aiohttp 3.13.3-1
NOTE:
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-mqqc-3gqh-h2x8
NOTE: Fixed by:
https://github.com/aio-libs/aiohttp/commit/c7b7a044f88c71cefda95ec75cdcfaa4792b3b96
(v3.13.3)
CVE-2025-69224 (AIOHTTP is an asynchronous HTTP client/server framework for
asyncio an ...)
- {DSA-6241-1}
+ {DSA-6241-1 DLA-4613-1}
- python-aiohttp 3.13.3-1
NOTE:
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-69f9-5gxw-wvc2
NOTE: Fixed by:
https://github.com/aio-libs/aiohttp/commit/32677f2adfd907420c078dda6b79225c6f4ebce0
(v3.13.3)
CVE-2025-69226 (AIOHTTP is an asynchronous HTTP client/server framework for
asyncio an ...)
- {DSA-6241-1}
+ {DSA-6241-1 DLA-4613-1}
- python-aiohttp 3.13.3-1
NOTE:
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-54jq-c3m8-4m76
NOTE: Fixed by:
https://github.com/aio-libs/aiohttp/commit/f2a86fd5ac0383000d1715afddfa704413f0711e
(v3.13.3)
@@ -75938,18 +76562,18 @@ CVE-2025-69230 (AIOHTTP is an asynchronous HTTP
client/server framework for asyn
NOTE: Introduced with:
https://github.com/aio-libs/aiohttp/commit/24e030b7125d84d016e2e2ad05803102973c7dbf
(v3.13.0)
NOTE: Fixed by:
https://github.com/aio-libs/aiohttp/commit/64629a0834f94e46d9881f4e99c41a137e1f3326
(v3.13.3)
CVE-2025-69229 (AIOHTTP is an asynchronous HTTP client/server framework for
asyncio an ...)
- {DSA-6241-1}
+ {DSA-6241-1 DLA-4613-1}
- python-aiohttp 3.13.3-1
NOTE:
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-g84x-mcqj-x9qq
NOTE: Fixed by:
https://github.com/aio-libs/aiohttp/commit/dc3170b56904bdf814228fae70a5501a42a6c712
(v3.13.3)
NOTE: Fixed by:
https://github.com/aio-libs/aiohttp/commit/4ed97a4e46eaf61bd0f05063245f613469700229
(v3.13.3)
CVE-2025-69227 (AIOHTTP is an asynchronous HTTP client/server framework for
asyncio an ...)
- {DSA-6241-1}
+ {DSA-6241-1 DLA-4613-1}
- python-aiohttp 3.13.3-1
NOTE:
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-jj3x-wxrx-4x23
NOTE: Fixed by:
https://github.com/aio-libs/aiohttp/commit/bc1319ec3cbff9438a758951a30907b072561259
(v3.13.3)
CVE-2025-69228 (AIOHTTP is an asynchronous HTTP client/server framework for
asyncio an ...)
- {DSA-6241-1}
+ {DSA-6241-1 DLA-4613-1}
- python-aiohttp 3.13.3-1
NOTE:
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-6jhg-hg63-jvvf
NOTE: Fixed by:
https://github.com/aio-libs/aiohttp/commit/b7dbd35375aedbcd712cbae8ad513d56d11cce60
(v3.13.3)
@@ -138521,6 +139145,7 @@ CVE-2025-53640 (Indico is an event management system
that uses Flask-Multipass,
CVE-2025-3621 (Vulnerabilities* in ActADUR local server product, developed and
mainta ...)
NOT-FOR-US: ActADUR
CVE-2025-53643 (AIOHTTP is an asynchronous HTTP client/server framework for
asyncio an ...)
+ {DLA-4613-1}
- python-aiohttp 3.12.15-1 (bug #1109336)
[trixie] - python-aiohttp <no-dsa> (Minor issue)
[bookworm] - python-aiohttp <no-dsa> (Minor issue)
@@ -218747,7 +219372,7 @@ CVE-2024-50341 (symfony/security-bundle is a module
for the Symphony PHP framewo
NOTE:
https://github.com/symfony/symfony/security/advisories/GHSA-jxgr-3v7q-3w9v
NOTE: Fixed by:
https://github.com/symfony/symfony/commit/22a0789a0085c3ee96f4ef715ecad8255cf0e105
(v6.4.10, v7.0.10, v7.1.3)
CVE-2024-50340 (symfony/runtime is a module for the Symphony PHP framework
which enabl ...)
- {DSA-6312-1 DSA-5809-1}
+ {DSA-6317-1 DSA-6312-1 DSA-5809-1}
- symfony 6.4.14+dfsg-1
[bullseye] - symfony <not-affected> (Vulnerable code not present,
introduced in 5.3)
NOTE:
https://github.com/symfony/symfony/security/advisories/GHSA-x8vp-gf4q-mw5j
@@ -246318,6 +246943,7 @@ CVE-2024-5321 (A security issue was discovered in
Kubernetes clusters with Windo
CVE-2024-40648 (matrix-rust-sdk is an implementation of a Matrix client-server
library ...)
NOT-FOR-US: matrix-rust-sdk
CVE-2024-40647 (sentry-sdk is the official Python SDK for Sentry.io. A bug in
Sentry's ...)
+ {DLA-4612-1}
- sentry-python 2.16.0-1 (bug #1083189)
[bookworm] - sentry-python <no-dsa> (Minor issue)
NOTE:
https://github.com/getsentry/sentry-python/security/advisories/GHSA-g92j-qhmh-64v2
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e2647fe313e4bb2f3b0e251e49ebed8771ac150
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e2647fe313e4bb2f3b0e251e49ebed8771ac150
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
