Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b0965ac8 by security tracker role at 2026-06-06T07:13:01+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,145 @@
+CVE-2026-9851 (The Booking Package plugin for WordPress is vulnerable to
Privilege Es ...)
+ TODO: check
+CVE-2026-9829 (The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery
plugin ...)
+ TODO: check
+CVE-2026-9719 (The LatePoint \u2013 Calendar Booking Plugin for Appointments
and Even ...)
+ TODO: check
+CVE-2026-9594 (The WP Maps \u2013 Google Maps,OpenStreetMap,Mapbox,Store
Locator,List ...)
+ TODO: check
+CVE-2026-9290 (The WP User Manager \u2013 User Profile Builder & Membership
plugin fo ...)
+ TODO: check
+CVE-2026-9281 (The Master Addons For Elementor \u2013 Widgets, Extensions,
Theme Buil ...)
+ TODO: check
+CVE-2026-9280 (The Ad Inserter \u2013 Ad Manager & AdSense Ads plugin for
WordPress i ...)
+ TODO: check
+CVE-2026-9197 (The Smart Slider 3 plugin for WordPress is vulnerable to
Directory Tra ...)
+ TODO: check
+CVE-2026-9016 (The Debug Log Manager \u2013 Conveniently Monitor and Inspect
Errors p ...)
+ TODO: check
+CVE-2026-9008 (The Page-list plugin for WordPress is vulnerable to Missing
Authorizat ...)
+ TODO: check
+CVE-2026-8991 (The Drag and Drop Multiple File Upload for Contact Form 7
plugin for W ...)
+ TODO: check
+CVE-2026-8978 (The OptinCraft \u2013 Drag & Drop Optins & Popup Builder for
WordPress ...)
+ TODO: check
+CVE-2026-8976 (The RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging,
News & ...)
+ TODO: check
+CVE-2026-8901 (The Integration for Freshsales \u2013 Contact Form 7, WPForms,
Element ...)
+ TODO: check
+CVE-2026-8900 (The Simple SEO Slideshow plugin for WordPress is vulnerable to
Stored ...)
+ TODO: check
+CVE-2026-8893 (The Express Payment For Stripe plugin for WordPress is
vulnerable to S ...)
+ TODO: check
+CVE-2026-8839 (The MapPress Maps for WordPress plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2026-8611 (The Klamra Paycal for Aspaclaria plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2026-8608 (The Event Monster \u2013 Event Management, Events Calendar,
Tickets pl ...)
+ TODO: check
+CVE-2026-8502 (The LearnPress \u2013 WordPress LMS Plugin for Create and Sell
Online ...)
+ TODO: check
+CVE-2026-8438 (The All-In-One Security (AIOS) \u2013 Security and Firewall
plugin for ...)
+ TODO: check
+CVE-2026-7796 (The EmbedPress \u2013 PDF Embedder, Embed PDF viewer, YouTube
Videos, ...)
+ TODO: check
+CVE-2026-7795 (The Click to Chat \u2013 WA Widget plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2026-7792 (The WPForms \u2013 Easy Form Builder for WordPress \u2013
Contact Form ...)
+ TODO: check
+CVE-2026-7665 (The Essential Addons for Elementor \u2013 Popular Elementor
Templates ...)
+ TODO: check
+CVE-2026-7654 (The Admin Columns plugin for WordPress is vulnerable to PHP
Object Inj ...)
+ TODO: check
+CVE-2026-7624 (The SEO Plugin by Squirrly SEO plugin for WordPress is
vulnerable to a ...)
+ TODO: check
+CVE-2026-7566 (The LearnPress \u2013 Backup & Migration Tool plugin for
WordPress is ...)
+ TODO: check
+CVE-2026-7565 (The LearnPress \u2013 Backup & Migration Tool plugin for
WordPress is ...)
+ TODO: check
+CVE-2026-7537 (The MDJM Event Management plugin for WordPress is vulnerable to
Arbitr ...)
+ TODO: check
+CVE-2026-7523 (The Alba Board plugin for WordPress is vulnerable to
authorization byp ...)
+ TODO: check
+CVE-2026-7047 (The Frontend User Notes plugin for WordPress is vulnerable to
Cross-Si ...)
+ TODO: check
+CVE-2026-6448 (The Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey
Maker plu ...)
+ TODO: check
+CVE-2026-6242 (An authenticated format string vulnerability exists in the
ONVIF Subsc ...)
+ TODO: check
+CVE-2026-6241 (An authenticated format string vulnerability is present in the
ONVIF A ...)
+ TODO: check
+CVE-2026-6240 (A stack-based buffer overflow vulnerability exists in Tapo
C520WS v2 i ...)
+ TODO: check
+CVE-2026-6239 (A stack\u2011based buffer overflow vulnerability exists in Tapo
C520WS ...)
+ TODO: check
+CVE-2026-46493 (HAX CMS helps manage microsite universe with PHP or NodeJs
backends. V ...)
+ TODO: check
+CVE-2026-46401 (HAX CMS helps manage microsite universe with PHP or NodeJs
backends. V ...)
+ TODO: check
+CVE-2026-46400 (HAX CMS helps manage microsite universe with PHP or NodeJs
backends. S ...)
+ TODO: check
+CVE-2026-46398 (HAX CMS helps manage microsite universe with PHP or NodeJs
backends. S ...)
+ TODO: check
+CVE-2026-46397 (HAX CMS helps manage microsite universe with PHP or NodeJs
backends. P ...)
+ TODO: check
+CVE-2026-46357 (HAX CMS helps manage microsite universe with PHP or NodeJs
backends. P ...)
+ TODO: check
+CVE-2026-45779 (OpenXDMoD is an open framework for collecting and analyzing
HPC metric ...)
+ TODO: check
+CVE-2026-45778 (OpenXDMoD is an open framework for collecting and analyzing
HPC metric ...)
+ TODO: check
+CVE-2026-45777 (OpenXDMoD is an open framework for collecting and analyzing
HPC metric ...)
+ TODO: check
+CVE-2026-45776 (OpenXDMoD is an open framework for collecting and analyzing
HPC metric ...)
+ TODO: check
+CVE-2026-45758 (Guardrails AI is a Python framework that helps build AI
applications. ...)
+ TODO: check
+CVE-2026-45409 (Internationalized Domain Names in Applications (IDNA) for
Python provi ...)
+ TODO: check
+CVE-2026-45300 (The AsyncHttpClient (AHC) library allows Java applications to
easily e ...)
+ TODO: check
+CVE-2026-36785 (Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was
discovered ...)
+ TODO: check
+CVE-2026-34123 (On Tapo C520WS v2, restricted accounts (for example, hub
users) are in ...)
+ TODO: check
+CVE-2026-2500 (The Quick Playground plugin for WordPress is vulnerable to Path
Traver ...)
+ TODO: check
+CVE-2026-25624 (An administrative cross-site scripting (XSS) vulnerability
exists in t ...)
+ TODO: check
+CVE-2026-25623 (An input validation command execution vulnerability exists in
the brow ...)
+ TODO: check
+CVE-2026-25622 (A Captive Portal Custom Handler command injection
vulnerability exists ...)
+ TODO: check
+CVE-2026-25621 (A Reports application infrastructure vulnerability exists in
Arista Ed ...)
+ TODO: check
+CVE-2026-25620 (An encrypted password command injection vulnerability exists
in the Ca ...)
+ TODO: check
+CVE-2026-11431 (A path traversal vulnerability exists in the Projects Service
download ...)
+ TODO: check
+CVE-2026-11429 (A path traversal vulnerability exists in the Git Service
component sha ...)
+ TODO: check
+CVE-2026-11424 (A server-side request forgery (SSRF) vulnerability exists in a
GraphQL ...)
+ TODO: check
+CVE-2026-11423 (A path traversal vulnerability exists in the Altium Enterprise
Server ...)
+ TODO: check
+CVE-2026-11422 (Markdown Preview Enhanced 0.8.x with crossnote engine 0.9.28
contains ...)
+ TODO: check
+CVE-2026-11420 (Two path traversal vulnerabilities in the Network Installation
Service ...)
+ TODO: check
+CVE-2026-11419 (A path traversal vulnerability exists in the Altium Enterprise
Server ...)
+ TODO: check
+CVE-2026-11416 (MoviePilot contains a path traversal vulnerability in the
AliPan, U115 ...)
+ TODO: check
+CVE-2026-11414 (A hard-coded cryptographic key is used by Altium Enterprise
Server to ...)
+ TODO: check
+CVE-2026-11401 (An untrusted search path issue in the GlobalDatabasePlugin in
the AWS ...)
+ TODO: check
+CVE-2026-11400 (An untrusted search path issue in the GlobalDatabasePlugin in
the AWS ...)
+ TODO: check
+CVE-2026-10038 (The Charitable \u2013 Donation Plugin for WordPress \u2013
Fundraising ...)
+ TODO: check
+CVE-2025-12656 (The Migration, Backup, Staging \u2013 WPvivid Backup &
Migration plugi ...)
+ TODO: check
CVE-2026-9270 (DataDog::DogStatsd versions through 0.07 for Perl allow metric
injecti ...)
NOT-FOR-US: DataDog::DogStatsd Perl module
CVE-2026-9088 (A flaw was found in org.keycloak.services. An administrator
with deleg ...)
@@ -32,7 +174,7 @@ CVE-2026-50733 (Markdown Preview Enhanced before 0.8.28
parses WaveDrom diagrams
NOT-FOR-US: Markdown Preview Enhanced
CVE-2026-50590 (In Mimecast Incydr before 2.6.0, arbitrary file access can
occur.)
NOT-FOR-US: Mimecast Incydr
-CVE-2026-50589 (In OpenStack Ironic 32 through 35.0.1, an unauthenticated
malicious us ...)
+CVE-2026-50589 (In OpenStack Ironic 32 before 37.0.0, an unauthenticated
malicious use ...)
- ironic <unfixed> (bug #1138908)
NOTE: https://bugs.launchpad.net/ironic/+bug/2154288
CVE-2026-50265 (A flaw was found in libinput. A local attacker with access to
/dev/uin ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b0965ac87b62b02d8056e15950fce744d916bab4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b0965ac87b62b02d8056e15950fce744d916bab4
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
