Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3861223b by security tracker role at 2026-06-02T19:15:51+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,244 @@
-CVE-2026-41115
+CVE-2026-9844 (Use of default credentials vulnerability in Roche Diagnostics
navify D ...)
+ TODO: check
+CVE-2026-9730 (The Remove NoFollow Commenter URL plugin for WordPress is
vulnerable t ...)
+ TODO: check
+CVE-2026-9723 (The Google Plus One Bottom plugin for WordPress is vulnerable
to Cross ...)
+ TODO: check
+CVE-2026-9722 (The Laiser Tag plugin for WordPress is vulnerable to Cross-Site
Reques ...)
+ TODO: check
+CVE-2026-9599 (The Tectite Forms plugin for WordPress is vulnerable to
Cross-Site Req ...)
+ TODO: check
+CVE-2026-9590 (Improper access control in the permission validation component
in Devo ...)
+ TODO: check
+CVE-2026-9522 (Improper access control in the PAM account discovery feature in
Devolu ...)
+ TODO: check
+CVE-2026-9234 (The JTL-Connector for WooCommerce plugin for WordPress is
vulnerable t ...)
+ TODO: check
+CVE-2026-8993 (D.Launcher 2 component of Slovak eID client ecosystem contains
Imprope ...)
+ TODO: check
+CVE-2026-8885 (The DeMomentSomTres Shortcodes plugin for WordPress is
vulnerable to S ...)
+ TODO: check
+CVE-2026-8422 (The Remove meta boxes per user role plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2026-7313 (CWE\u2011522: Insufficiently Protected Credentials in web
services in ...)
+ TODO: check
+CVE-2026-7312 (CWE\u2011522: Insufficiently Protected Credentials in web
services in ...)
+ TODO: check
+CVE-2026-7299 (Appsmith\u2019s SQL query editor\u2019s autocomplete
functionality fai ...)
+ TODO: check
+CVE-2026-7201 (CWE-639: Authorization Bypass Through User-Controlled Key in
web servi ...)
+ TODO: check
+CVE-2026-7198 (CWE-284: Improper Access Control in web services in Progress
Sitefinit ...)
+ TODO: check
+CVE-2026-7195 (CWE-20: Improper Input Validation in web services in Progress
Sitefini ...)
+ TODO: check
+CVE-2026-5422 (A path traversal vulnerability exists in jupyter-server version
2.17.0 ...)
+ TODO: check
+CVE-2026-5191 (The Tiled Gallery Carousel Without JetPack plugin for WordPress
is vul ...)
+ TODO: check
+CVE-2026-4081 (The ZeM STL plugin for WordPress is vulnerable to Stored
Cross-Site Sc ...)
+ TODO: check
+CVE-2026-4080 (The Easy Cart plugin for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2026-4071 (The BirdSeed plugin for WordPress is vulnerable to Cross-Site
Request ...)
+ TODO: check
+CVE-2026-49943 (CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a
stack-ba ...)
+ TODO: check
+CVE-2026-49782 (Missing Authorization vulnerability in Elementor Elementor
Website Bui ...)
+ TODO: check
+CVE-2026-49754 (Allocation of Resources Without Limits or Throttling
vulnerability in ...)
+ TODO: check
+CVE-2026-49753 (Inconsistent Interpretation of HTTP Requests ('HTTP
Request/Response S ...)
+ TODO: check
+CVE-2026-48862 (Allocation of Resources Without Limits or Throttling
vulnerability in ...)
+ TODO: check
+CVE-2026-48861 (Improper Neutralization of CRLF Sequences ('CRLF Injection')
vulnerabi ...)
+ TODO: check
+CVE-2026-47117 (OpenMed before 1.5.2 contains a remote code execution
vulnerability in ...)
+ TODO: check
+CVE-2026-46718 (Use of Externally-Controlled Input to Select Classes or Code
('Unsafe ...)
+ TODO: check
+CVE-2026-45686 (OpenTelemetry eBPF Instrumentation provides eBPF
instrumentation based ...)
+ TODO: check
+CVE-2026-45685 (OpenTelemetry eBPF Instrumentation provides eBPF
instrumentation based ...)
+ TODO: check
+CVE-2026-45684 (OpenTelemetry eBPF Instrumentation provides eBPF
instrumentation based ...)
+ TODO: check
+CVE-2026-45683 (OpenTelemetry eBPF Instrumentation provides eBPF
instrumentation based ...)
+ TODO: check
+CVE-2026-45682 (OpenTelemetry eBPF Instrumentation provides eBPF
instrumentation based ...)
+ TODO: check
+CVE-2026-45681 (OpenTelemetry eBPF Instrumentation provides eBPF
instrumentation based ...)
+ TODO: check
+CVE-2026-45680 (OpenTelemetry eBPF Instrumentation provides eBPF
instrumentation based ...)
+ TODO: check
+CVE-2026-45679 (OpenTelemetry eBPF Instrumentation provides eBPF
instrumentation based ...)
+ TODO: check
+CVE-2026-45678 (OpenTelemetry eBPF Instrumentation provides eBPF
instrumentation based ...)
+ TODO: check
+CVE-2026-45676 (OpenTelemetry eBPF Instrumentation provides eBPF
instrumentation based ...)
+ TODO: check
+CVE-2026-45554 (NiceGUI is a Python-based UI framework. Prior to version
3.12.0, two F ...)
+ TODO: check
+CVE-2026-45553 (NiceGUI is a Python-based UI framework. Prior to version
3.12.0, ui.re ...)
+ TODO: check
+CVE-2026-45080 (Klaw is a self-service Apache Kafka Topic
Management/Governance tool/p ...)
+ TODO: check
+CVE-2026-44367 (Klaw is a self-service Apache Kafka Topic
Management/Governance tool/p ...)
+ TODO: check
+CVE-2026-43965 (Path traversal vulnerability in Gleam's dependency management
allows a ...)
+ TODO: check
+CVE-2026-42795 (Symlink following vulnerability in Gleam's Hex package export
allows f ...)
+ TODO: check
+CVE-2026-42685 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-42684 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2026-42670 (Missing Authorization vulnerability in Etoile Web Design
Incorporated ...)
+ TODO: check
+CVE-2026-42669 (Missing Authorization vulnerability in EventPrime allows
Exploiting In ...)
+ TODO: check
+CVE-2026-42654 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
+ TODO: check
+CVE-2026-42074 (OpenClaude is an open-source coding-agent command line
interface for c ...)
+ TODO: check
+CVE-2026-42073 (OpenClaude is an open-source coding-agent command line
interface for c ...)
+ TODO: check
+CVE-2026-41918 (A vulnerability has been identified in RUGGEDCOM RST2428P
(6GK6242-6PA ...)
+ TODO: check
+CVE-2026-40780 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
+ TODO: check
+CVE-2026-40715 (Dell ThinOS 10, versions prior to ThinOS10 2602_10.0765,
contain an Im ...)
+ TODO: check
+CVE-2026-40713 (Dell ThinOS 10, versions prior to ThinOS10 2602_10.0765,
contain an Im ...)
+ TODO: check
+CVE-2026-40619 (A high security vulnerability affecting Security Center main
server in ...)
+ TODO: check
+CVE-2026-40571 (NamelessMC is website software for Minecraft servers. In
version 2.2.4 ...)
+ TODO: check
+CVE-2026-40314 (NamelessMC is website software for Minecraft servers. In
version 2.2.4 ...)
+ TODO: check
+CVE-2026-3620 (The Word Replacer plugin for WordPress is vulnerable to Stored
Cross-S ...)
+ TODO: check
+CVE-2026-3514 (In version 3.6.19 of prefecthq/prefect, an authentication
bypass vulne ...)
+ TODO: check
+CVE-2026-39555 (Deserialization of Untrusted Data vulnerability in
Elated-Themes Askka ...)
+ TODO: check
+CVE-2026-39553 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2026-39552 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2026-39551 (Deserialization of Untrusted Data vulnerability in
Elated-Themes T\xf6 ...)
+ TODO: check
+CVE-2026-39550 (Deserialization of Untrusted Data vulnerability in
Elated-Themes Aperi ...)
+ TODO: check
+CVE-2026-38978 (transmission through 4.1.1 was found to have a clickjacking
weakness i ...)
+ TODO: check
+CVE-2026-35718 (A path traversal vulnerability in the
/admin/downloadMedias.cgi endpoi ...)
+ TODO: check
+CVE-2026-35717 (A stack-based buffer overflow in the export_language.cgi
binary in VIV ...)
+ TODO: check
+CVE-2026-35716 (A stack-based buffer overflow in the motion_privacy.cgi binary
in VIVO ...)
+ TODO: check
+CVE-2026-35447 (NamelessMC is website software for Minecraft servers. In
version 2.2.4 ...)
+ TODO: check
+CVE-2026-35443 (NamelessMC is website software for Minecraft servers. In
version 2.2.4 ...)
+ TODO: check
+CVE-2026-34907 (Wirtualna Uczelnia is vulnerable to Reflected Cross\u2011Site
Scriptin ...)
+ TODO: check
+CVE-2026-34906 (Server-Side Template Injection (SSTI) in Wirtualna Uczelnia
allows an ...)
+ TODO: check
+CVE-2026-34460 (NamelessMC is website software for Minecraft servers. In
versions 2.2. ...)
+ TODO: check
+CVE-2026-33398 (NamelessMC is website software for Minecraft servers. In
version 2.2.4 ...)
+ TODO: check
+CVE-2026-33244 (React Router is a router for React. In versions 7.5.1 through
7.13.1, ...)
+ TODO: check
+CVE-2026-32685 (Path traversal vulnerability in Gleam's handling of custom
documentati ...)
+ TODO: check
+CVE-2026-32250 (NamelessMC is website software for Minecraft servers. A
Reflected Cros ...)
+ TODO: check
+CVE-2026-30652 (A remote buffer overflow vulnerability exists in the
/cgi-bin/dido/set ...)
+ TODO: check
+CVE-2026-30650 (A post-authentication remote buffer overflow vulnerability
exists in t ...)
+ TODO: check
+CVE-2026-30649 (Buffer Overflow vulnerability in VIVOTEK INC FD8136-VVTK-0300a
allows ...)
+ TODO: check
+CVE-2026-2425 (The hiWeb Migration Simple plugin for WordPress is vulnerable
to Refle ...)
+ TODO: check
+CVE-2026-2382 (The FPW Category Thumbnails plugin for WordPress is vulnerable
to Stor ...)
+ TODO: check
+CVE-2026-28116 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2026-27351 (Missing Authorization vulnerability in Sekander Badsha Crew
HRM allows ...)
+ TODO: check
+CVE-2026-24237 (NVIDIA NVTabular contains a vulnerability where an attacker
could caus ...)
+ TODO: check
+CVE-2026-24221 (NVIDIA NVTabular contains a vulnerability where an attacker
could caus ...)
+ TODO: check
+CVE-2026-1871 (TP-Link Tapo C200 v5 contains a stack-based buffer overflow
flaw in RT ...)
+ TODO: check
+CVE-2026-1784 (The Route OpenShift resource allows to define routes to make
pods reac ...)
+ TODO: check
+CVE-2026-1451 (The rognone plugin for WordPress is vulnerable to Reflected
Cross-Site ...)
+ TODO: check
+CVE-2026-1450 (The rognone plugin for WordPress is vulnerable to Reflected
Cross-Site ...)
+ TODO: check
+CVE-2026-10629 (SIP signaling stack in Verizon IMS (unspecified version)
implements SI ...)
+ TODO: check
+CVE-2026-10622 (Improper Authentication in REST API in Collibra Agent, allows
a remote ...)
+ TODO: check
+CVE-2026-10621 (Path traversal in restore handler in Collibra Agent, allows an
attacke ...)
+ TODO: check
+CVE-2026-10611 (An authentication bypass vulnerability exists in MISP when
LDAP mixed ...)
+ TODO: check
+CVE-2026-10606 (A vulnerability was determined in DedeCMS 5.7.88. The affected
element ...)
+ TODO: check
+CVE-2026-10591 (Insufficient access control restrictions in the file write
tool in Ama ...)
+ TODO: check
+CVE-2026-10549 (LDAP filter injection vulnerability in Yandex Database prior
to 25.3.1 ...)
+ TODO: check
+CVE-2026-10047 (The Bitdefender Napoca bare-metal hypervisor contains an
out-of-bounds ...)
+ TODO: check
+CVE-2026-10046 (Bitdefender Napoca bare-metal hypervisor contains an
out-of-bounds wri ...)
+ TODO: check
+CVE-2026-0611 (Spacelabs Healthcare Sentinel versions 10.5.x and higher and
11.x.x be ...)
+ TODO: check
+CVE-2025-69369 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-68886 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-5085 (The WP Nano AD plugin for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2025-58897 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-58707 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-58705 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-58024 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-53440 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-53346 (Missing Authorization vulnerability in ThimPress Thim Core
allows Expl ...)
+ TODO: check
+CVE-2025-53345 (Missing Authorization vulnerability leading to code execution
after in ...)
+ TODO: check
+CVE-2025-53302 (Missing Authorization vulnerability in Anton Shevchuk
Constructor allo ...)
+ TODO: check
+CVE-2025-53209 (Incorrect Privilege Assignment vulnerability in Themeisle
Masteriyo LM ...)
+ TODO: check
+CVE-2025-52766 (Missing Authorization vulnerability in Printeers Printeers
Print & Shi ...)
+ TODO: check
+CVE-2025-52759 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-42206 (HCL iReflection Third party vulnerable and outdated components
issue w ...)
+ TODO: check
+CVE-2019-25719 (Dr\xe4ger Infinity Acute Care System and Standalone Infinity
M540 pati ...)
+ TODO: check
+CVE-2019-25717 (Dr\xe4ger Infinity Delta, Delta XL, and Kappa patient monitors
contain ...)
+ TODO: check
+CVE-2026-41115 (An improper authorization vulnerability has been identified in
Apache ...)
- kafka <itp> (bug #786460)
NOTE: https://www.openwall.com/lists/oss-security/2026/06/02/5
CVE-2026-9050 (The Slider Revolution plugin for WordPress in versions
6.0.0-6.7.55 an ...)
@@ -8086,9 +8326,11 @@ CVE-2026-9157 (Improper input validation, Unrestricted
upload of file with dange
NOT-FOR-US: Gmission
CVE-2026-9089 (The ConnectWise Automate\u2122 Agent does not fully verify the
authent ...)
NOT-FOR-US: ConnectWise
-CVE-2026-5434 (Honeywell Control Network Module (CNM)contains insertion of
sensitive ...)
+CVE-2026-5434
+ REJECTED
NOT-FOR-US: Honeywell
-CVE-2026-5433 (Honeywell Control Network Module (CNM)contains command
injection vulne ...)
+CVE-2026-5433
+ REJECTED
NOT-FOR-US: Honeywell
CVE-2026-5118 (The Divi Form Builder plugin for WordPress is vulnerable to
privilege ...)
NOT-FOR-US: WordPress plugin
@@ -8426,24 +8668,24 @@ CVE-2026-46635
NOTE:
https://github.com/twigphp/Twig/security/advisories/GHSA-vcc8-phrv-43wj
NOTE: Variant of CVE-2024-51755
CVE-2026-46628
- {DSA-6311-1}
+ {DSA-6320-1 DSA-6311-1}
- php-twig 3.26.0-1
NOTE:
https://symfony.com/blog/cve-2026-46628-the-spaceless-filter-implicitly-marks-its-output-as-safe
CVE-2026-46629
- {DSA-6311-1}
+ {DSA-6320-1 DSA-6311-1}
- php-twig 3.26.0-1
NOTE:
https://symfony.com/blog/cve-2026-46629-unbounded-formatter-memoisation-in-twig-intl-extra-keyed-on-template-controlled-arguments
CVE-2026-46633
- {DSA-6311-1}
+ {DSA-6320-1 DSA-6311-1}
- php-twig 3.26.0-1
NOTE:
https://symfony.com/blog/cve-2026-46633-php-code-injection-via-use-template-name
CVE-2026-47730
- {DSA-6311-1}
+ {DSA-6320-1 DSA-6311-1}
- php-twig 3.26.0-1
[bullseye] - php-twig <not-affected> (Vulnerable code not present,
introduced in 3.0.0)
NOTE:
https://symfony.com/blog/cve-2026-47730-xss-in-profiler-htmldumper-via-unescaped-template-and-profile-names
CVE-2026-46637
- {DSA-6311-1}
+ {DSA-6320-1 DSA-6311-1}
- php-twig 3.26.0-1
NOTE:
https://symfony.com/blog/cve-2026-46637-html-output-filters-in-twig-extras-incorrectly-declared-is-safe-all
CVE-2026-46638
@@ -8657,7 +8899,7 @@ CVE-2026-46626
- symfony 7.4.12+dfsg-1
NOTE:
https://symfony.com/blog/cve-2026-46626-symfonyruntime-cve-2024-50340-patch-bypass-via-parse-str-sapi-argv-mismatch
CVE-2026-45070
- {DSA-6312-1}
+ {DSA-6317-1 DSA-6312-1}
- symfony 7.4.12+dfsg-1
NOTE:
https://symfony.com/blog/cve-2026-45070-email-header-injection-via-non-token-characters-in-mime-parameter-names
CVE-2026-45065
@@ -13952,11 +14194,11 @@ CVE-2026-7255 (** UNSUPPORTED WHEN ASSIGNED ** An
improper restriction of excess
NOT-FOR-US: Zyxel
CVE-2026-45430 (The Salesforce module before 1.x-1.0.1 for Backdrop CMS does
not prope ...)
NOT-FOR-US: Salesforce module for Backdrop CMS
-CVE-2026-45393 (Reserved. Details will be published at disclosure.)
+CVE-2026-45393 (A vulnerability chain in Cribl Edge for Windows before 4.17.1
allows a ...)
NOT-FOR-US: Cribl
-CVE-2026-45392 (Reserved. Details will be published at disclosure.)
+CVE-2026-45392 (DOM-based cross-site scripting (XSS) in Cribl Stream before
4.17.1 all ...)
NOT-FOR-US: Cribl
-CVE-2026-45391 (Reserved. Details will be published at disclosure.)
+CVE-2026-45391 (A command injection vulnerability in Cribl Edge for Linux
versions 3.2 ...)
NOT-FOR-US: Cribl
CVE-2026-45362 (Sangoma Switchvox before 8.4 places cleartext SIP
authentication crede ...)
NOT-FOR-US: Sangoma Switchvox
@@ -219933,7 +220175,7 @@ CVE-2024-51755 (Twig is a template language for PHP.
In a sandbox, an attacker c
NOTE:
https://github.com/twigphp/Twig/security/advisories/GHSA-jjxq-ff2g-95vh
NOTE: Fixed by:
https://github.com/twigphp/Twig/commit/831c148e786178e5f2fde9db67266be3bf241c21
(v3.14.1)
CVE-2024-51754 (Twig is a template language for PHP. In a sandbox, an attacker
can cal ...)
- {DLA-4186-1}
+ {DSA-6320-1 DLA-4186-1}
- php-twig 3.14.2-1 (bug #1086884)
- twig <removed>
NOTE:
https://github.com/twigphp/Twig/security/advisories/GHSA-6377-hfv9-hqf6
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3861223bba32b5f8c056c156ff63807a65fcba0d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3861223bba32b5f8c056c156ff63807a65fcba0d
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
